diff --git a/src/admin/actionsearch_class.php b/src/admin/actionsearch_class.php
index 24c42a60..ab2eb646 100644
--- a/src/admin/actionsearch_class.php
+++ b/src/admin/actionsearch_class.php
@@ -40,6 +40,9 @@ class ActionSearch
     {
         $i = 0; //数组序列索引
         foreach ($this->asarray as $key => $value) {
+            if (is_null($value)) {
+                continue;
+            }
             //对二级项目进行匹配
             if (is_array($this->asarray[$key]['soniterm'])) {
                 foreach ($this->asarray[$key]['soniterm'] as $k => $val) {
diff --git a/src/admin/file_manage_main.php b/src/admin/file_manage_main.php
index 409485bf..4d31c11d 100644
--- a/src/admin/file_manage_main.php
+++ b/src/admin/file_manage_main.php
@@ -14,6 +14,10 @@ if (!isset($activepath)) $activepath = $cfg_cmspath;
 $inpath = "";
 $activepath = str_replace("..", "", $activepath);
 $activepath = preg_replace("#^\/{1,}#", "/", $activepath);
+if (DEDEBIZ_SAFE_MODE && !preg_match("#^/static#",$activepath)) {
+    ShowMsg("安全模式下仅允许查看编辑static目录内容", -1);
+    exit;
+}
 if ($activepath == "/") $activepath = "";
 if ($activepath == "") $inpath = $cfg_basedir;
 else $inpath = $cfg_basedir.$activepath;
diff --git a/src/admin/inc/grouplist.txt b/src/admin/inc/grouplist.txt
index 6df4d93c..c64c08fd 100644
--- a/src/admin/inc/grouplist.txt
+++ b/src/admin/inc/grouplist.txt
@@ -42,16 +42,16 @@
 >a_MyCheck>审核我发布的文档
 >a_Recycling>管理回收站
 
->>模板管理
+>>模板管理>unsafe
 
->temp_All>管理所有模板
->temp_New>新建模板
->temp_Edit>修改模板
->temp_Del>删除模板
->temp_One>单页模板管理
->temp_MyTag>自定义标记
->temp_Test>测试标记
->temp_Other>模板其它管理
+>temp_All>管理所有模板>unsafe
+>temp_New>新建模板>unsafe
+>temp_Edit>修改模板>unsafe
+>temp_Del>删除模板>unsafe
+>temp_One>单页模板管理>unsafe
+>temp_MyTag>自定义标记>unsafe
+>temp_Test>测试标记>unsafe
+>temp_Other>模板其它管理>unsafe
 
 >>专题管理
 
@@ -68,7 +68,7 @@
 >sys_Edit>修改系统参数
 >sys_Log>管理日志
 >sys_plus>插件管理
->sys_Data>数据备份还原
+>sys_Data>数据备份还原>unsafe
 >sys_Att>自定义文档属性
 >sys_ArcBatch>文档批量维护
 >sys_ArcTj>文档信息统计
diff --git a/src/admin/inc/inc_action_info.php b/src/admin/inc/inc_action_info.php
index e4fd1757..96308ae7 100644
--- a/src/admin/inc/inc_action_info.php
+++ b/src/admin/inc/inc_action_info.php
@@ -307,18 +307,18 @@ $actionSearch[7] = array(
         ),
     )
 );
-$actionSearch[8] = array(
+$actionSearch[8] = DEDEBIZ_SAFE_MODE? null : array(
     'toptitle' => '模板',
     'title' => '模板管理',
     'description' => '针对主页、栏目、文档、专题等等进行更新',
     'soniterm' => array(
-        0  =>  array(
+        0  => array(
             'title' => '默认模板管理 ',
             'description' => '对网站正在采用的模板文件进行管理',
             'purview' => 'temp_All',
             'linkurl' => 'templets_main.php'
         ),
-        1  =>  array(
+        1  => array(
             'title' => '标签源码管理 ',
             'description' => '对现有的标签文件进行修改、添加',
             'purview' => 'temp_All',
@@ -409,7 +409,7 @@ $actionSearch[9] = array(
             'purview' => 'sys_data',
             'linkurl' => 'sys_data.php'
         ),
-        12  =>  array(
+        12  => DEDEBIZ_SAFE_MODE? null : array(
             'title' => 'SQL命令行工具',
             'description' => '可以在针对每张数据表执行单行或者多行的SQL语句',
             'purview' => 'sys_data',
diff --git a/src/admin/inc/inc_menu.php b/src/admin/inc/inc_menu.php
index cf2bf7a9..2ab84b4f 100644
--- a/src/admin/inc/inc_menu.php
+++ b/src/admin/inc/inc_menu.php
@@ -34,13 +34,13 @@ $gitUrl = DEDEBIZURL."/git";
 $dedebizUrl = DEDEBIZURL;
 $adminMenu1 = $adminMenu2 = '';
 if ($cuserLogin->getUserType() >= 10) {
-    $adminMenu1 = "<m:top item='7_' name='模板管理' display='block' rank='temp_One,temp_Other,temp_MyTag,temp_test,temp_All'>
+    $adminMenu1 = (DEDEBIZ_SAFE_MODE? "" : "<m:top item='7_' name='模板管理' display='block' rank='temp_One,temp_Other,temp_MyTag,temp_test,temp_All'>
     <m:item name='默认模板管理' link='templets_main.php' rank='temp_All' target='main' />
     <m:item name='标签源码管理' link='templets_tagsource.php' rank='temp_All' target='main' />
     <m:item name='自定义宏标记' link='mytag_main.php' rank='temp_MyTag' target='main' />
     <m:item name='智能标记向导' link='mytag_tag_guide.php' rank='temp_Other' target='main' />
     <m:item name='全局标记测试' link='tag_test.php' rank='temp_Test' target='main' />
-</m:top>
+</m:top>")."
 <m:top item='1_7_' name='频道模型' display='block' rank='t_List,t_AccList,c_List,temp_One'>
     <m:item name='内容模型管理' link='mychannel_main.php' rank='c_List' target='main' />
     <m:item name='单页文档管理' link='templets_one.php' rank='temp_One' target='main' />
@@ -67,8 +67,8 @@ if ($cuserLogin->getUserType() >= 10) {
     <m:item name='软件频道设置' link='soft_config.php' rank='sys_SoftConfig' target='main' />
     <m:item name='防采集串混淆' link='article_string_mix.php' rank='sys_StringMix' target='main' />
     <m:item name='随机模板设置' link='article_template_rand.php' rank='sys_StringMix' target='main' />
-    <m:item name='数据备份还原' link='sys_data.php' rank='sys_Data' target='main' />
-    <m:item name='SQL命令行工具' link='sys_sql_query.php' rank='sys_Data' target='main' />
+    ".(DEDEBIZ_SAFE_MODE? "" : "<m:item name='数据备份还原' link='sys_data.php' rank='sys_Data' target='main' />")."
+    ".(DEDEBIZ_SAFE_MODE? "" : "<m:item name='SQL命令行工具' link='sys_sql_query.php' rank='sys_Data' target='main' />")."
     <m:item name='病毒文件扫描' link='sys_safetest.php' rank='sys_verify' target='main' />
     <m:item name='系统错误修复' link='sys_repair.php' rank='sys_verify' target='main' />
 </m:top>";
@@ -98,7 +98,7 @@ $adminMenu1
     <m:item name='重复文档检测' link='article_test_same.php' rank='sys_ArcBatch' target='main' />
     <m:item name='自动摘要分页' link='article_description_main.php' rank='sys_Keyword' target='main' />
     <m:item name='Tag标签管理' link='tags_main.php' rank='sys_Keyword' target='main' />
-    <m:item name='数据库内容替换' link='sys_data_replace.php' rank='sys_ArcBatch' target='main' />
+    ".(DEDEBIZ_SAFE_MODE? "" : "<m:item name='数据库内容替换' link='sys_data_replace.php' rank='sys_ArcBatch' target='main' />")."
 </m:top>
 <m:top item='5_' name='更新任务' display='block' notshowall='1' rank='sys_MakeHtml'>
     <m:item name='更新整站' link='makehtml_all.php' rank='sys_MakeHtml' target='main' />
diff --git a/src/admin/inc/inc_menu_map.php b/src/admin/inc/inc_menu_map.php
index f7d648c6..4ec9e064 100644
--- a/src/admin/inc/inc_menu_map.php
+++ b/src/admin/inc/inc_menu_map.php
@@ -55,7 +55,7 @@ $menusMain = "<m:top mapitem='1' item='1_' name='常用操作' display='block'>
     <m:item name='文档关键词维护' link='article_keywords_main.php' rank='sys_Keyword' target='main' />
     <m:item name='自动摘要分页' link='article_description_main.php' rank='sys_Keyword' target='main' />
     <m:item name='Tag标签管理' link='tags_main.php' rank='sys_Keyword' target='main' />
-    <m:item name='数据库内容替换' link='sys_data_replace.php' rank='sys_ArcBatch' target='main' />
+    ".(DEDEBIZ_SAFE_MODE? "" :"<m:item name='数据库内容替换' link='sys_data_replace.php' rank='sys_ArcBatch' target='main' />")."
 </m:top>
 <m:top mapitem='3' item='1_' name='附件管理' display='none' rank='sys_Upload,sys_MyUpload,plus_文件管理器'>
     <m:item name='上传新文件' link='media_add.php' rank='' target='main' />
@@ -86,13 +86,13 @@ $menusMain = "<m:top mapitem='1' item='1_' name='常用操作' display='block'>
     <m:item name='支付接口设置' link='sys_payment.php' .php' rank='sys_Data' target='main' />
     <m:item name='配货方式设置' link='shops_delivery.php' rank='sys_Data' target='main' />
 </m:top>
-<m:top mapitem='4' item='7_' name='模板管理' display='block' rank='temp_One,temp_Other,temp_MyTag,temp_test,temp_All'>
+".(DEDEBIZ_SAFE_MODE? "" : "<m:top mapitem='4' item='7_' name='模板管理' display='block' rank='temp_One,temp_Other,temp_MyTag,temp_test,temp_All'>
     <m:item name='默认模板管理' link='templets_main.php' rank='temp_All' target='main' />
     <m:item name='标签源码管理' link='templets_tagsource.php' rank='temp_All' target='main' />
     <m:item name='自定义宏标记' link='mytag_main.php' rank='temp_MyTag' target='main' />
     <m:item name='智能标记向导' link='mytag_tag_guide.php' rank='temp_Other' target='main' />
     <m:item name='全局标记测试' link='tag_test.php' rank='temp_Test' target='main' />
-</m:top>
+</m:top>")."
 <m:top mapitem='2' item='10_' name='系统设置' display='block' rank='sys_User,sys_Group,sys_Edit,sys_Log,sys_Data'>
     <m:item name='系统配置变量' link='sys_info.php' rank='sys_Edit' target='main' />
     <m:item name='系统用户管理' link='sys_admin_user.php' rank='sys_User' target='main' />
@@ -103,8 +103,8 @@ $menusMain = "<m:top mapitem='1' item='1_' name='常用操作' display='block'>
     <m:item name='软件频道设置' link='soft_config.php' rank='sys_SoftConfig' target='main' />
     <m:item name='防采集串混淆' link='article_string_mix.php' rank='sys_StringMix' target='main' />
     <m:item name='随机模板设置' link='article_template_rand.php' rank='sys_StringMix' target='main' />
-    <m:item name='数据库备份还原' link='sys_data.php' rank='sys_Data' target='main' />
-    <m:item name='SQL命令行工具' link='sys_sql_query.php' rank='sys_Data' target='main' />
+    ".(DEDEBIZ_SAFE_MODE? "" :"<m:item name='数据库备份还原' link='sys_data.php' rank='sys_Data' target='main' />")."
+    ".(DEDEBIZ_SAFE_MODE? "" :"<m:item name='SQL命令行工具' link='sys_sql_query.php' rank='sys_Data' target='main' />")."
     <m:item name='病毒文件扫描' link='sys_safetest.php' rank='sys_verify' target='main' />
     <m:item name='系统错误修复' link='sys_repair.php' rank='sys_verify' target='main' />
 </m:top>";
@@ -115,12 +115,11 @@ $dsql->Execute();
 while ($row = $dsql->GetObject()) {
   $plusset .= $row->menustring."";
 }
-$menusMain .= "
-<m:top mapitem='6' name='模块管理' c='6,' display='block'>
+$menusMain .= (DEDEBIZ_SAFE_MODE? "" :"<m:top mapitem='6' name='模块管理' c='6,' display='block'>
     <m:item name='模块管理' link='module_main.php' rank='sys_module' target='main' />
     <m:item name='上传新模块' link='module_upload.php' rank='sys_module' target='main' />
     <m:item name='模块打包' link='module_make.php' rank='sys_module' target='main' />
-</m:top>
+</m:top>")."
 <m:top mapitem='6' item='7' name='辅助插件' display='block'>
     <m:item name='插件管理器' link='plus_main.php' rank='10' target='main' />
     $plusset
diff --git a/src/admin/inc/inc_menu_module.php b/src/admin/inc/inc_menu_module.php
index c8501826..b9b36097 100644
--- a/src/admin/inc/inc_menu_module.php
+++ b/src/admin/inc/inc_menu_module.php
@@ -35,7 +35,7 @@ while ($row = $dsql->GetObject()) {
 }
 $adminMenu = '';
 if ($cuserLogin->getUserType() >= 10) {
-    $adminMenu = "<m:top name='模块管理' c='6,' display='block'>
+    $adminMenu = DEDEBIZ_SAFE_MODE? "" : "<m:top name='模块管理' c='6,' display='block'>
     <m:item name='模块管理' link='module_main.php' rank='sys_module' target='main' />
     <m:item name='上传新模块' link='module_upload.php' rank='sys_module' target='main' />
     <m:item name='模块打包' link='module_make.php' rank='sys_module' target='main' />
diff --git a/src/admin/index_body.php b/src/admin/index_body.php
index a3f9474e..9f2a7360 100644
--- a/src/admin/index_body.php
+++ b/src/admin/index_body.php
@@ -131,5 +131,11 @@ else if ($dopost == 'setskin') {
         "result" => $rs,
     ));
     exit;
-} 
+} elseif ($dopost == 'safe_mode') {
+    $safemsg = "当前系统环境运行模式为【安全模式】，安全模式下将无法使用后台“模板管理”、“标签管理”、“数据库管理”、“模块管理”等功能，如果您需要使用上述功能，可在`/system/common.inc.php`中，将`DEDEBIZ_SAFE_MODE`值更改为`FALSE`";
+    $unsafemsg = "当前系统环境运行模式为【非安全模式】，系统中“模板管理”、“标签管理”、“数据库管理”、“模块管理”等功能使用不当会存在一定的安全风险，建议您在`/system/common.inc.php`中，将`DEDEBIZ_SAFE_MODE`值更改为`TRUE`";
+    $modeStr = DEDEBIZ_SAFE_MODE? $safemsg : $unsafemsg;
+    ShowMsg($modeStr, "javascript:;");
+    exit;
+}
 ?>
\ No newline at end of file
diff --git a/src/admin/index_testenv.php b/src/admin/index_testenv.php
index a447f4cc..39122d7e 100644
--- a/src/admin/index_testenv.php
+++ b/src/admin/index_testenv.php
@@ -132,7 +132,10 @@ if (!IsSSL()) {
 	$safeMsg[] = '当前站点尚未启用https，强烈建议您启用';
 }
 if (version_compare(PHP_VERSION, '5.3.0', '<')) {
-	$safeMsg[] = "PHP请升级到5.3及以上版本，低版本PHP环境将无法正常使用本系统";
+	$safeMsg[] = 'PHP请升级到5.3及以上版本，低版本PHP环境将无法正常使用本系统';
+}
+if (!DEDEBIZ_SAFE_MODE) {
+	$safeMsg[] = '当前系统运行环境为【非安全模式】，强烈建议启用安全模式 <a href="index_body.php?dopost=safe_mode" class="btn btn-success btn-sm">查看</a>';
 }
 $rs = TestAdminPWD();
 if ($rs < 0) {
diff --git a/src/admin/module_main.php b/src/admin/module_main.php
index 5cbd0fe0..dc14a2b0 100644
--- a/src/admin/module_main.php
+++ b/src/admin/module_main.php
@@ -9,6 +9,9 @@
  * @link           https://www.dedebiz.com
  */
 require_once(dirname(__FILE__)."/config.php");
+if (DEDEBIZ_SAFE_MODE) {
+  die(DedeAlert("系统已启用安全模式，无法使用当前功能",ALERT_DANGER));
+}
 CheckPurview('sys_module');
 require_once(DEDEINC."/dedemodule.class.php");
 require_once(DEDEINC."/libraries/oxwindow.class.php");
diff --git a/src/admin/module_make.php b/src/admin/module_make.php
index 7cefac8e..ac8edfc3 100644
--- a/src/admin/module_make.php
+++ b/src/admin/module_make.php
@@ -11,6 +11,9 @@
 @set_time_limit(0);
 require_once(dirname(__FILE__)."/config.php");
 require_once(DEDEINC."/dedemodule.class.php");
+if (DEDEBIZ_SAFE_MODE) {
+    die(DedeAlert("系统已启用安全模式，无法使用当前功能",ALERT_DANGER));
+}
 CheckPurview('sys_module');
 if (empty($action)) $action = '';
 if ($action == '') {
diff --git a/src/admin/module_upload.php b/src/admin/module_upload.php
index 0f03611d..7f524cde 100644
--- a/src/admin/module_upload.php
+++ b/src/admin/module_upload.php
@@ -9,6 +9,9 @@
  * @link           https://www.dedebiz.com
  */
 require_once(dirname(__FILE__)."/config.php");
+if (DEDEBIZ_SAFE_MODE) {
+    die(DedeAlert("系统已启用安全模式，无法使用当前功能",ALERT_DANGER));
+}
 CheckPurview('sys_module');
 require_once(DEDEINC."/dedemodule.class.php");
 require_once(DEDEINC."/libraries/oxwindow.class.php");
diff --git a/src/admin/mytag_add.php b/src/admin/mytag_add.php
index 93f2df35..3ac160a9 100644
--- a/src/admin/mytag_add.php
+++ b/src/admin/mytag_add.php
@@ -9,6 +9,9 @@
  * @link           https://www.dedebiz.com
  */
 require(dirname(__FILE__)."/config.php");
+if (DEDEBIZ_SAFE_MODE) {
+    die(DedeAlert("系统已启用安全模式，无法使用当前功能",ALERT_DANGER));
+}
 CheckPurview('temp_Other');
 require_once(DEDEINC."/typelink/typelink.class.php");
 if (empty($dopost)) $dopost = "";
diff --git a/src/admin/mytag_edit.php b/src/admin/mytag_edit.php
index 228c19ef..e5936573 100644
--- a/src/admin/mytag_edit.php
+++ b/src/admin/mytag_edit.php
@@ -9,6 +9,9 @@
  * @link           https://www.dedebiz.com
  */
 require(dirname(__FILE__)."/config.php");
+if (DEDEBIZ_SAFE_MODE) {
+    die(DedeAlert("系统已启用安全模式，无法使用当前功能",ALERT_DANGER));
+}
 CheckPurview('temp_Other');
 require_once(DEDEINC."/typelink/typelink.class.php");
 if (empty($dopost)) $dopost = '';
diff --git a/src/admin/mytag_main.php b/src/admin/mytag_main.php
index 8eacaa3c..efb7564c 100644
--- a/src/admin/mytag_main.php
+++ b/src/admin/mytag_main.php
@@ -9,6 +9,9 @@
  * @link           https://www.dedebiz.com
  */
 require_once(dirname(__FILE__).'/config.php');
+if (DEDEBIZ_SAFE_MODE) {
+    die(DedeAlert("系统已启用安全模式，无法使用当前功能",ALERT_DANGER));
+}
 CheckPurview('temp_Other');
 require_once(DEDEINC.'/datalistcp.class.php');
 setcookie("ENV_GOBACK_URL", $dedeNowurl, time() + 3600, '/');
diff --git a/src/admin/mytag_tag_guide.php b/src/admin/mytag_tag_guide.php
index 39f439f6..24e12d54 100644
--- a/src/admin/mytag_tag_guide.php
+++ b/src/admin/mytag_tag_guide.php
@@ -9,5 +9,8 @@
  * @link           https://www.dedebiz.com
  */
 require_once(dirname(__FILE__)."/config.php");
+if (DEDEBIZ_SAFE_MODE) {
+    die(DedeAlert("系统已启用安全模式，无法使用当前功能",ALERT_DANGER));
+}
 require_once(DEDEINC."/typelink/typelink.class.php");
 include DedeInclude('templets/mytag_tag_guide.htm');
\ No newline at end of file
diff --git a/src/admin/mytag_tag_guide_ok.php b/src/admin/mytag_tag_guide_ok.php
index b0c3c65f..837cefd4 100644
--- a/src/admin/mytag_tag_guide_ok.php
+++ b/src/admin/mytag_tag_guide_ok.php
@@ -9,6 +9,9 @@
  * @link           https://www.dedebiz.com
  */
 require_once(dirname(__FILE__)."/config.php");
+if (DEDEBIZ_SAFE_MODE) {
+    die(DedeAlert("系统已启用安全模式，无法使用当前功能",ALERT_DANGER));
+}
 CheckPurview('temp_Other');
 //根据条件生成标记
 $attlist = "";
diff --git a/src/admin/sys_data.php b/src/admin/sys_data.php
index 55e865a2..6c241012 100644
--- a/src/admin/sys_data.php
+++ b/src/admin/sys_data.php
@@ -9,6 +9,9 @@
  * @link           https://www.dedebiz.com
  */
 require_once(dirname(__FILE__)."/config.php");
+if (DEDEBIZ_SAFE_MODE) {
+    die(DedeAlert("系统已启用安全模式，无法使用当前功能",ALERT_DANGER));
+  }
 CheckPurview('sys_Data');
 if (empty($dopost)) $dopost = '';
 if ($cfg_dbtype == 'sqlite') {
diff --git a/src/admin/sys_data_done.php b/src/admin/sys_data_done.php
index 11a66946..a40e822e 100644
--- a/src/admin/sys_data_done.php
+++ b/src/admin/sys_data_done.php
@@ -12,6 +12,9 @@
 @set_time_limit(0);
 ini_set('memory_limit', '-1');
 require_once(dirname(__FILE__).'/config.php');
+if (DEDEBIZ_SAFE_MODE) {
+    die(DedeAlert("系统已启用安全模式，无法使用当前功能",ALERT_DANGER));
+  }
 CheckPurview('sys_Data');
 if (empty($dopost)) $dopost = '';
 $bkdir = DEDEDATA.'/'.$cfg_backup_dir;
diff --git a/src/admin/sys_data_replace.php b/src/admin/sys_data_replace.php
index 8827bcae..519313f8 100644
--- a/src/admin/sys_data_replace.php
+++ b/src/admin/sys_data_replace.php
@@ -9,6 +9,9 @@
  * @link           https://www.dedebiz.com
  */
 require_once(dirname(__FILE__).'/config.php');
+if (DEDEBIZ_SAFE_MODE) {
+    die(DedeAlert("系统已启用安全模式，无法使用当前功能",ALERT_DANGER));
+  }
 CheckPurview('sys_Data');
 if (empty($action)) $action = '';
 if (empty($action)) {
diff --git a/src/admin/sys_data_revert.php b/src/admin/sys_data_revert.php
index df426f24..29b2252e 100644
--- a/src/admin/sys_data_revert.php
+++ b/src/admin/sys_data_revert.php
@@ -7,6 +7,9 @@
  * @link           https://www.dedebiz.com
  */
 require_once(dirname(__FILE__)."/config.php");
+if (DEDEBIZ_SAFE_MODE) {
+    die(DedeAlert("系统已启用安全模式，无法使用当前功能",ALERT_DANGER));
+  }
 CheckPurview('sys_Data');
 $bkdir = DEDEDATA."/".$cfg_backup_dir;
 $filelists = array();
diff --git a/src/admin/sys_safetest.php b/src/admin/sys_safetest.php
index 425f29b4..764afbab 100644
--- a/src/admin/sys_safetest.php
+++ b/src/admin/sys_safetest.php
@@ -25,7 +25,7 @@ foreach ($filelist as $key => $ff) {
 }
 $alter = "";
 if (count($offFiles) == 0) {
-    $alter = '<div class="alert alert-danger maintable" style="margin:12px auto">无法同官方网站文件服务器通信，校验时候无法保证本地文件是否同官方服务器文件是否一致</div>';
+    $alter = DedeAlert('无法同官方网站文件服务器通信，校验时候无法保证本地文件是否同官方服务器文件是否一致', ALERT_DANGER);
 }
 function TestOneFile($f)
 {
diff --git a/src/admin/sys_sql_query.php b/src/admin/sys_sql_query.php
index e5c4fa0d..99043a1f 100644
--- a/src/admin/sys_sql_query.php
+++ b/src/admin/sys_sql_query.php
@@ -9,6 +9,9 @@
  * @link           https://www.dedebiz.com
  */
 require(dirname(__FILE__)."/config.php");
+if (DEDEBIZ_SAFE_MODE) {
+    die(DedeAlert("系统已启用安全模式，无法使用当前功能",ALERT_DANGER));
+}
 CheckPurview('sys_Data');
 if (empty($dopost)) $dopost = "";
 //查看表结构
diff --git a/src/admin/tag_test.php b/src/admin/tag_test.php
index fdcd7ae3..ef96fb42 100644
--- a/src/admin/tag_test.php
+++ b/src/admin/tag_test.php
@@ -9,6 +9,9 @@
  * @link           https://www.dedebiz.com
  */
 require_once(dirname(__FILE__)."/config.php");
+if (DEDEBIZ_SAFE_MODE) {
+    die(DedeAlert("系统已启用安全模式，无法使用当前功能",ALERT_DANGER));
+}
 CheckPurview('temp_Other');
 require_once(DEDEINC."/typelink/typelink.class.php");
 include DedeInclude('templets/tag_test.htm');
\ No newline at end of file
diff --git a/src/admin/tag_test_action.php b/src/admin/tag_test_action.php
index bd4efc12..1bc4f211 100644
--- a/src/admin/tag_test_action.php
+++ b/src/admin/tag_test_action.php
@@ -9,6 +9,9 @@
  * @link           https://www.dedebiz.com
  */
 require_once(dirname(__FILE__)."/config.php");
+if (DEDEBIZ_SAFE_MODE) {
+    die(DedeAlert("系统已启用安全模式，无法使用当前功能",ALERT_DANGER));
+}
 CheckPurview('temp_Test');
 require_once(DEDEINC."/archive/partview.class.php");
 CheckCSRF();
diff --git a/src/admin/templets/file_manage_main.htm b/src/admin/templets/file_manage_main.htm
index 84bd2f46..acfe7281 100644
--- a/src/admin/templets/file_manage_main.htm
+++ b/src/admin/templets/file_manage_main.htm
@@ -309,7 +309,7 @@ foreach ($dh as $file)
   ?>
     <tr>
       <td colspan="4" bgcolor="#f8f8f8">
-        <a href="file_manage_main.php" class="btn btn-success btn-sm">根目录</a>
+        <?php if(!DEDEBIZ_SAFE_MODE) { ?><a href="file_manage_main.php" class="btn btn-success btn-sm">根目录</a><?php } ?>
         <a href="file_manage_view.php?fmdo=newfile&activepath=<?php echo urlencode($activepath)?>" class="btn btn-success btn-sm">新建文件</a>
         <a href="file_manage_view.php?fmdo=newdir&activepath=<?php echo urlencode($activepath)?>" class="btn btn-success btn-sm">新建目录</a>
         <a href="file_manage_view.php?fmdo=upload&activepath=<?php echo urlencode($activepath)?>" class="btn btn-success btn-sm">文件上传</a>
diff --git a/src/admin/templets/index.htm b/src/admin/templets/index.htm
index dede314c..cfe1e892 100644
--- a/src/admin/templets/index.htm
+++ b/src/admin/templets/index.htm
@@ -12,6 +12,10 @@
 		<script src="../static/web/js/jquery.min.js"></script>
 		<script src="js/frame.js"></script>
 		<style>
+			.safemode {
+				padding: 2px 5px!important;
+				transform:scale(0.8);
+			}
 			#skinlist {
 				display: block;
 				height: 10px;
@@ -87,8 +91,11 @@
 				<div class="top_logo">
 					<span class="top_dedebiz"><a target="main" href="index_body.php"><?php echo $cfg_webname; ?>系统</a></span>
 					<span class="top_version">V<?php echo $cfg_version_detail; ?></span>
-					<span class="btn btn-primary btn-sm">安全</span>
-					<!-- <span class="btn btn-warning btn-sm">非安全</span> -->
+					<?php if(DEDEBIZ_SAFE_MODE) {?>
+					<a target="main" class="btn btn-primary btn-sm safemode" href="index_body.php?dopost=safe_mode">安全</a>
+					<?php } else {?>
+					<a target="main" class="btn btn-warning btn-sm safemode" href="index_body.php?dopost=safe_mode">非安全</a>
+					<?php }?>
 				</div>
 				<div class="top_link">
 					<ul class="mb-0">
@@ -101,8 +108,8 @@
 						?>
 						<li><a target="main" href="sys_info.php">系统配置</a></li>
 						<li><a target="main" href="catalog_main.php">栏目管理</a></li>
-						<li><a target="main" href="file_manage_main.php">文件管理</a></li>
-						<li><a target="main" href="templets_main.php">模板管理</a></li>
+						<li><a target="main" href="file_manage_main.php<?php echo DEDEBIZ_SAFE_MODE? '?activepath='.$cfg_medias_dir : '';?>">文件管理</a></li>
+						<?php if(!DEDEBIZ_SAFE_MODE) { ?><li><a target="main" href="templets_main.php">模板管理</a></li><?php } ?>
 						<?php
 						}
 						?>
diff --git a/src/admin/templets/sys_group_edit.htm b/src/admin/templets/sys_group_edit.htm
index e7f3e87f..df583200 100644
--- a/src/admin/templets/sys_group_edit.htm
+++ b/src/admin/templets/sys_group_edit.htm
@@ -41,17 +41,25 @@
               	if(preg_match("#^>>#", $line))
               	{
               		if($start>0) echo "</td></tr>";
+                  $line = str_replace('>>','',$line);
+                  $ls = explode('>',$line);
+                  if(DEDEBIZ_SAFE_MODE && $ls[1]==="unsafe") {
+                    continue;
+                  }
               		$start++;
               		$lhead = "
               	 <tr> 
-                 <td colspan='2'>{$start}、".str_replace('>>','',$line)."</td></tr>
+                 <td colspan='2'>{$start}、".$ls[0]."</td></tr>
                  <tr><td colspan='2'>
-              		"; 
-              		echo $lhead;
+              		";
+              		echo  $lhead;
               	}
               	else if(preg_match("#^>#", $line))
               	{
               		$ls = explode('>',$line);
+                  if(DEDEBIZ_SAFE_MODE && $ls[3]==="unsafe") {
+                    continue;
+                  }
               		$tag = $ls[1];
               		$tagname = str_replace('[br]','<br>',$ls[2]);
               		if(!preg_match("#<br>#", $tagname) ) $tagname .= "<span>($tag)</span>";
diff --git a/src/admin/templets/templets_one_add.htm b/src/admin/templets/templets_one_add.htm
index 00c7cf83..38176fbe 100644
--- a/src/admin/templets/templets_one_add.htm
+++ b/src/admin/templets/templets_one_add.htm
@@ -77,7 +77,7 @@
             <tr>
               <td>是否编译内容：</td>
               <td>
-                <label><input name="ismake" type="radio" value="1"> 含模板标记，要编译</label>
+                <?php if(!DEDEBIZ_SAFE_MODE) { ?> <label><input name="ismake" type="radio" value="1"> 含模板标记，要编译</label> <?php } ?>
                 <label><input name="ismake" type="radio" value="0" checked> 不含模板标记，不需要编译</label>
               </td>
             </tr>
diff --git a/src/admin/templets/templets_one_edit.htm b/src/admin/templets/templets_one_edit.htm
index 679ddc15..95aa6758 100644
--- a/src/admin/templets/templets_one_edit.htm
+++ b/src/admin/templets/templets_one_edit.htm
@@ -82,8 +82,8 @@
           <tr> 
             <td>是否编译内容：</td>
             <td>
-            	<label><input name="ismake" type="radio" value="1"<?php if($row['ismake']==1) echo " checked"; ?>> 含模板标记，要编译 </label>
-              <label><input type="radio" name="ismake" value="0"<?php if($row['ismake']==0) echo " checked"; ?>> 不含模板标记，不需要编译</label>
+            	<?php if(!DEDEBIZ_SAFE_MODE) { ?> <label><input name="ismake" type="radio" value="1"<?php if($row['ismake']==1) echo " checked"; ?>> 含模板标记，要编译 </label> <?php } ?>
+              <label><input type="radio" name="ismake" value="0"<?php if($row['ismake']==0  || DEDEBIZ_SAFE_MODE) echo " checked"; ?>> 不含模板标记，不需要编译</label>
             </td>
           </tr>
           <tr> 
diff --git a/src/admin/templets_main.php b/src/admin/templets_main.php
index 695f9c70..c5cd68cd 100644
--- a/src/admin/templets_main.php
+++ b/src/admin/templets_main.php
@@ -9,6 +9,9 @@
  * @link           https://www.dedebiz.com
  */
 require_once(dirname(__FILE__).'/config.php');
+if (DEDEBIZ_SAFE_MODE) {
+    die(DedeAlert("系统已启用安全模式，无法使用当前功能",ALERT_DANGER));
+}
 CheckPurview('plus_文件管理器');
 if (empty($acdir)) $acdir = $cfg_df_style;
 $templetdir = $cfg_basedir.$cfg_templets_dir;
diff --git a/src/admin/templets_one_add.php b/src/admin/templets_one_add.php
index c3dd0bba..72f2ea80 100644
--- a/src/admin/templets_one_add.php
+++ b/src/admin/templets_one_add.php
@@ -16,6 +16,7 @@ if ($dopost == "save") {
     $uptime = time();
     $body = str_replace('&quot;', '\\"', $body);
     $filename = preg_replace("#^\/#", "", $nfilename);
+    if (DEDEBIZ_SAFE_MODE) $ismake = 0; // 安全模式不允许编译
     if (!preg_match('#\.htm$#i', trim($template))) {
         ShowMsg("您指定的文件名被系统禁止", "javascript:;");
         exit();
diff --git a/src/admin/templets_one_edit.php b/src/admin/templets_one_edit.php
index 96371029..513ed5f1 100644
--- a/src/admin/templets_one_edit.php
+++ b/src/admin/templets_one_edit.php
@@ -17,6 +17,7 @@ if ($dopost == "saveedit") {
     $uptime = time();
     $body = str_replace('&quot;', '\\"', $body);
     $filename = preg_replace("#^\/#", "", $nfilename);
+    if (DEDEBIZ_SAFE_MODE) $ismake = 0; // 安全模式不允许编译
     if (!preg_match('#\.htm$#i', trim($template))) {
         ShowMsg("您指定的文件名被系统禁止", "javascript:;");
         exit();
diff --git a/src/admin/templets_tagsource.php b/src/admin/templets_tagsource.php
index 5675b660..1788ab6a 100644
--- a/src/admin/templets_tagsource.php
+++ b/src/admin/templets_tagsource.php
@@ -9,6 +9,9 @@
  * @link           https://www.dedebiz.com
  */
 require_once(dirname(__FILE__).'/config.php');
+if (DEDEBIZ_SAFE_MODE) {
+    die(DedeAlert("系统已启用安全模式，无法使用当前功能",ALERT_DANGER));
+}
 CheckPurview('plus_文件管理器');
 $libdir = DEDEINC.'/taglib';
 $helpdir = DEDEINC.'/taglib/help';
diff --git a/src/admin/tpl.php b/src/admin/tpl.php
index e25d2839..d3540c02 100644
--- a/src/admin/tpl.php
+++ b/src/admin/tpl.php
@@ -9,6 +9,9 @@
  * @link           https://www.dedebiz.com
  */
 require_once(dirname(__FILE__)."/config.php");
+if (DEDEBIZ_SAFE_MODE) {
+    die(DedeAlert("系统已启用安全模式，无法使用当前功能",ALERT_DANGER));
+}
 CheckPurview('plus_文件管理器');
 $action = isset($action) ? trim($action) : '';
 if (empty($acdir)) $acdir = $cfg_df_style;
diff --git a/src/system/common.inc.php b/src/system/common.inc.php
index 0dedc006..0d8fdc0b 100755
--- a/src/system/common.inc.php
+++ b/src/system/common.inc.php
@@ -6,6 +6,8 @@
  * @license        https://www.dedebiz.com/license
  * @link           https://www.dedebiz.com
  */
+// V6安全模式，如果启用安全模式，后台将禁用例如：模板管理、标签管理、数据库管理等存在较高安全风险的功能
+define('DEDEBIZ_SAFE_MODE', TRUE);
 //生产环境使用`production`，如果采用`dev`模式，会有一些php的报错信息提示，便于开发调试
 if (!defined('DEDE_ENVIRONMENT')) {
     define('DEDE_ENVIRONMENT', 'production');
diff --git a/src/system/dedetag.class.php b/src/system/dedetag.class.php
index 089d158d..6b10dd4d 100755
--- a/src/system/dedetag.class.php
+++ b/src/system/dedetag.class.php
@@ -567,14 +567,6 @@ class DedeTagParse
             $phpcode = $refObj->GetInnerText();
         }
         $phpcode = preg_replace("/'@me'|\"@me\"|@me/i", '$DedeMeValue', $phpcode);
-        // 校验代码安全
-        // $error = checkCode($phpcode);
-        // if ($error) {
-        //     if (DEBUG_LEVEL) {
-        //         echo htmlErrors($error);
-        //     }
-        //     return;
-        // }
         try {
             @eval($phpcode); 
             $this->CTags[$i]->TagValue = $DedeMeValue;
@@ -815,13 +807,6 @@ class DedeTagParse
         $functionname = str_replace("\"}", "\"]", $functionname);
         $functionname = preg_replace("/'@me'|\"@me\"|@me/i", '$DedeFieldValue', $functionname);
         $functionname = "\$DedeFieldValue = ".$functionname;
-        // $error = checkCode($functionname);
-        // if ($error) {
-        //     if (DEBUG_LEVEL) {
-        //         echo htmlErrors($error);
-        //     }
-        //     return "";
-        // }
         try {
             @eval($functionname.";"); 
             if (empty($DedeFieldValue)) {
diff --git a/src/system/taglib/php.lib.php b/src/system/taglib/php.lib.php
index be683690..4c10397c 100755
--- a/src/system/taglib/php.lib.php
+++ b/src/system/taglib/php.lib.php
@@ -15,13 +15,6 @@ function lib_php(&$ctag, &$refObj)
     $phpcode = trim($ctag->GetInnerText());
     if ($phpcode == '')
     return '';
-    // $error = checkCode($phpcode);
-    // if ($error) {
-    //     if (DEBUG_LEVEL) {
-    //         echo htmlErrors($error);
-    //     }
-    //     return "";
-    // }
     ob_start();
     extract($GLOBALS, EXTR_SKIP);
     @eval($phpcode);