diff --git a/dedebiz b/dedebiz
index 54f39355..e94134b2 100755
--- a/dedebiz
+++ b/dedebiz
@@ -36,6 +36,7 @@ COMMANDS:
 	help,h Shows 帮助
 	quick,q 快速开始一个开发环境
 	tdata 生成测试数据
+	pwd 更改管理员密码
 WEBSITE:
 	https://www.dedebiz.com/help/
 ";
diff --git a/src/admin/file_manage_control.php b/src/admin/file_manage_control.php
index 27ecc0ca..0723d088 100644
--- a/src/admin/file_manage_control.php
+++ b/src/admin/file_manage_control.php
@@ -21,6 +21,8 @@ else $inpath = $cfg_basedir.$activepath;
 $fmm = new FileManagement();
 $fmm->Init();
 if ($fmdo == "rename") {
+    $oldfilename = str_replace("..","",$oldfilename);
+    $newfilename = str_replace("..","",$newfilename);
     $fmm->RenameFile($oldfilename, $newfilename);
 }
 //新建目录