diff --git a/src/admin/templets_one_add.php b/src/admin/templets_one_add.php
index fc6b442e..c3dd0bba 100644
--- a/src/admin/templets_one_add.php
+++ b/src/admin/templets_one_add.php
@@ -16,6 +16,10 @@ if ($dopost == "save") {
     $uptime = time();
     $body = str_replace('"', '\\"', $body);
     $filename = preg_replace("#^\/#", "", $nfilename);
+    if (!preg_match('#\.htm$#i', trim($template))) {
+        ShowMsg("您指定的文件名被系统禁止", "javascript:;");
+        exit();
+    }
     if ($likeid == '') {
         $likeid = $likeidsel;
     }
diff --git a/src/admin/templets_one_edit.php b/src/admin/templets_one_edit.php
index a935ee82..96371029 100644
--- a/src/admin/templets_one_edit.php
+++ b/src/admin/templets_one_edit.php
@@ -17,6 +17,10 @@ if ($dopost == "saveedit") {
     $uptime = time();
     $body = str_replace('"', '\\"', $body);
     $filename = preg_replace("#^\/#", "", $nfilename);
+    if (!preg_match('#\.htm$#i', trim($template))) {
+        ShowMsg("您指定的文件名被系统禁止", "javascript:;");
+        exit();
+    }
     //如果修改了文件名，删除旧文件
     if ($oldfilename != $filename) {
         $oldfilename = $cfg_basedir.$cfg_cmspath."/".$oldfilename;