diff --git a/src/dede/css/base.css b/src/dede/css/base.css
index a9925164..bca4ca95 100755
--- a/src/dede/css/base.css
+++ b/src/dede/css/base.css
@@ -658,4 +658,8 @@ vertical-align: baseline;
 }
 a.btn {
 	color: white!important;
+}
+
+span.page-link {
+	background-color: #DDD;
 }
\ No newline at end of file
diff --git a/src/dede/js/float.js b/src/dede/js/float.js
index de585223..0f83c4bc 100755
--- a/src/dede/js/float.js
+++ b/src/dede/js/float.js
@@ -6,9 +6,7 @@
  * @license        https://www.dedebiz.com/license
  * @link           https://www.dedebiz.com
  */
- 
-< !--
-	self.onError=null;
+self.onError=null;
 currentX = currentY = 0;
 whichIt = null;
 lastScrollX = 0; lastScrollY = 0;
@@ -107,5 +105,4 @@ if (IE) {
 	document.onmousemove = moveIt;
 	document.onmouseup = dropIt;
 }
-if (NS || IE) action = window.setInterval("heartBeat()", 1);
--->
\ No newline at end of file
+if (NS || IE) action = window.setInterval("heartBeat()", 1);
\ No newline at end of file
diff --git a/src/dede/js/frame.js b/src/dede/js/frame.js
index 02151cee..5c5c8a93 100755
--- a/src/dede/js/frame.js
+++ b/src/dede/js/frame.js
@@ -1,4 +1,3 @@
-< !--
 var $ = jQuery;
 var thespeed = 5;
 var navIE = document.all && navigator.userAgent.indexOf("Firefox") == -1;
@@ -146,7 +145,5 @@ function initializeIT() {
 })(jQuery);
 */
 
--->
-
 
 
diff --git a/src/dede/js/global.js b/src/dede/js/global.js
index c7d0a3f1..17ac70c6 100755
--- a/src/dede/js/global.js
+++ b/src/dede/js/global.js
@@ -1,4 +1,3 @@
-<!--
 var BROWSER = {};
 var USERAGENT = navigator.userAgent.toLowerCase();
 browserVersion({'ie':'msie','firefox':'','chrome':'','opera':'','safari':'','maxthon':'','mozilla':'','webkit':''});
@@ -22,5 +21,3 @@ function browserVersion(types) {
 	}
 	BROWSER.other = other;
 }
-
--->
\ No newline at end of file
diff --git a/src/dede/module_upload.php b/src/dede/module_upload.php
index 7a1b4a6f..86e865ce 100755
--- a/src/dede/module_upload.php
+++ b/src/dede/module_upload.php
@@ -59,6 +59,10 @@ if ($action == 'upload') {
             ShowMsg("对不起，你上传的文件可能不是织梦模块的标准格式文件！<br /><br /><a href='javascript:history.go(-1);'>&gt;&gt;返回重新上传&gt;&gt;</a>", "javascript:;");
             exit();
         }
+        if (preg_match("#[^0-9a-zA-Z]#", $infos['hash'])) {
+            exit("hash check failed!");
+        }
+        
         $okfile = $mdir . '/' . $infos['hash'] . '.xml';
         if ($dm->HasModule($infos['hash']) && empty($delhas)) {
             unlink($tmpfilename);
diff --git a/src/dede/templets/sys_info.htm b/src/dede/templets/sys_info.htm
index b0f9d1ef..9d14cc26 100755
--- a/src/dede/templets/sys_info.htm
+++ b/src/dede/templets/sys_info.htm
@@ -40,7 +40,7 @@
       searchKeywords = searchKeywords.replace(/^cfg_/, "");
       var myajax = new DedeAjax($Obj('_search'));
       myajax.SendGet('sys_info.php?dopost=search&keywords=' + searchKeywords)
-      $Obj('_searchback').innerHTML = '<input name="searchbackBtn" type="button" value="返回" id="searchbackBtn" onclick="backSearch()"/>'
+      $Obj('_searchback').innerHTML = '<button class="btn btn-secondary btn-sm" name="searchbackBtn" type="button" id="searchbackBtn" onclick="backSearch()">返回</button>'
       $Obj('_mainsearch').innerHTML = '';
       searchconfig = true;
     }
diff --git a/src/include/common.inc.php b/src/include/common.inc.php
index dcb64797..3d821035 100755
--- a/src/include/common.inc.php
+++ b/src/include/common.inc.php
@@ -236,7 +236,7 @@ $cfg_soft_dir = $cfg_medias_dir . '/soft';
 $cfg_other_medias = $cfg_medias_dir . '/media';
 
 //软件摘要信息，****请不要删除本项**** 否则系统无法正确接收系统漏洞或升级信息
-$cfg_version = 'V6_UTF8';
+$cfg_version = 'V6';
 $cfg_version_detail = '6.0.2'; // 详细版本号
 $cfg_soft_lang = 'utf-8';
 $cfg_soft_public = 'base';
diff --git a/src/include/dedetemplate.class.php b/src/include/dedetemplate.class.php
index dd50e342..334127b7 100755
--- a/src/include/dedetemplate.class.php
+++ b/src/include/dedetemplate.class.php
@@ -110,7 +110,7 @@ class Tag
     var $innerText = "";       //标记之间的文本
     var $startPos = 0;         //标记起始位置
     var $endPos = 0;           //标记结束位置
-    var $cAtt = "";            //标记属性描述,即是class TagAttribute
+    var $cAtt;            //标记属性描述,即是class TagAttribute
     var $tagValue = "";        //标记的值
     var $tagID = 0;
 
@@ -596,7 +596,6 @@ class DedeTemplate
         $t = 0;
         $preTag = '';
         $tswLen = strlen($tagStartWord);
-        @$cAtt->cAttributes->items = array();
         for ($i = 0; $i < $sourceLen; $i++) {
             $ttagName = '';
 
@@ -774,7 +773,7 @@ class DedeTemplate
      *  编译单个标记
      *
      * @access    public
-     * @param     string  $cTag  标签
+     * @param     object  $cTag  标签
      * @return    string
      */
     function CompilerOneTag(&$cTag)
@@ -1183,7 +1182,7 @@ class TagAttributeParse
 {
     var $sourceString = "";
     var $sourceMaxSize = 1024;
-    var $cAttributes = array();
+    var $cAttributes;
     var $charToLow = TRUE;
     function SetSource($str = "")
     {
diff --git a/src/templets/default/top.htm b/src/templets/default/top.htm
index 49a39572..5d30adbd 100644
--- a/src/templets/default/top.htm
+++ b/src/templets/default/top.htm
@@ -1,3 +1,11 @@
+<!--[if lte IE 10]>
+<div id="browsehappy" style="position: relative;padding: 10px 15px;margin-bottom: 1rem;border: 1px solid transparent;border-radius: .25rem;color: #856404;background-color: #fff3cd;border-color: #ffeeba;">
+    <a onclick="document.getElementById('browsehappy').style.display = 'none';" style="float: right;cursor: pointer;">
+        <span aria-hidden="true">×</span>
+    </a>
+    你正在使用一个 <strong>过时</strong> 的浏览器。请 <a href="https://www.dedebiz.com/browsehappy" target="_blank">升级您的浏览器</a>，以提高您的体验。
+</div>
+<![endif]-->
 <nav class="site-nav bg-light py-2">
     <div class="container">
         <div class="row">