diff --git a/.gitignore b/.gitignore
index 6b1048ff..9e623288 100644
--- a/.gitignore
+++ b/.gitignore
@@ -52,3 +52,4 @@ src/static/rss/*.xml
 src/a/baidunews.xml
 src/data/backupfile*
 src/data/updatefile*
+src/data/checksql_*
diff --git a/src/admin/api.php b/src/admin/api.php
index 623db525..8183a2d1 100644
--- a/src/admin/api.php
+++ b/src/admin/api.php
@@ -121,6 +121,7 @@ if ($action === 'is_need_check_code') {
     echo $data;
     exit;
 } else if ($action === 'update') {
+    require_once(DEDEINC.'/libraries/dedehttpdown.class.php');
     $row = GetCache('update', 'vers');
     if (count($row) === 0) {
         echo json_encode(array(
diff --git a/src/admin/article_template_rand.php b/src/admin/article_template_rand.php
deleted file mode 100644
index 0cacfd89..00000000
--- a/src/admin/article_template_rand.php
+++ /dev/null
@@ -1,112 +0,0 @@
-<?php
-/**
- * 文档随机模板
- *
- * @version        $id:article_template_rand.php 14:31 2010年7月12日 tianya $
- * @package        DedeBIZ.Administrator
- * @copyright      Copyright (c) 2022 DedeBIZ.COM
- * @license        https://www.dedebiz.com/license
- * @link           https://www.dedebiz.com
- */
-require_once(dirname(__FILE__).'/config.php');
-require_once(DEDEINC.'/libraries/oxwindow.class.php');
-CheckPurview('sys_StringMix');
-if (empty($dopost)) $dopost = '';
-$templates = empty($templates) ? '' : stripslashes($templates);
-$m_file = DEDEDATA.'/template.rand.php';
-$okmsg = '';
-//保存配置
-if ($dopost == 'save') {
-    CheckCSRF();
-    $fp = fopen($m_file, 'w');
-    flock($fp, 3);
-    fwrite($fp, $templates);
-    fclose($fp);
-    $okmsg = '成功保存配置信息 AT:('.MyDate('H:i:s', time()).')';
-}
-//对旧文档进行随机模板处理
-else if ($dopost == 'makeold') {
-    CheckCSRF();
-    set_time_limit(3600);
-    if (!file_exists($m_file)) {
-        AjaxHead();
-        echo "配置文件不存在";
-        exit();
-    }
-    require_once($m_file);
-    if ($cfg_tamplate_rand == 0) {
-        AjaxHead();
-        echo "系统没开启允许随机模板的选项";
-        exit();
-    }
-    $totalTmp = count($cfg_tamplate_arr) - 1;
-    if ($totalTmp < 1) {
-        AjaxHead();
-        echo "随机模板的数量必须为2个或以上";
-        exit();
-    }
-    for ($i = 0; $i < 10; $i++) {
-        $temp = $cfg_tamplate_arr[mt_rand(0, $totalTmp)];
-        $dsql->ExecuteNoneQuery("UPDATE `#@__addonarticle` SET templet='$temp' where RIGHT(aid, 1)='$i' ");
-    }
-    AjaxHead();
-    echo "全部随机操作成功";
-    exit();
-}
-//清除全部的指定模板
-else if ($dopost == 'clearold') {
-    CheckCSRF();
-    $dsql->ExecuteNoneQuery("UPDATE `#@__addonarticle` SET templet='' ");
-    $dsql->ExecuteNoneQuery(" OPTIMIZE TABLE `#@__addonarticle` ");
-    AjaxHead();
-    echo "全部清除操作成功";
-    exit();
-}
-//读出
-if (empty($templates) && filesize($m_file) > 0) {
-    $fp = fopen($m_file, 'r');
-    $templates = fread($fp, filesize($m_file));
-    fclose($fp);
-}
-$wintitle = "随机模板设置";
-$wecome_info = "随机模板设置";
-make_hash();
-$msg = "
-<link rel='stylesheet' href='../static/web/css/admin.css'>
-<script src='../static/web/js/webajax.js'></script>
-<script src='js/main.js'></script>
-<script>
-function DoRand(jobname)
-{
-    ChangeFullDiv('show');
-    \$DE('loading').style.display = 'block';
-    fetch('article_template_rand.php?dopost='+jobname+'&token={$_SESSION['token']}').then(resp=>resp.text()).then((d)=>{
-        \$DE('tmpct').innerHTML = d;
-        \$DE('loading').style.display = 'none';
-        ChangeFullDiv('hide');
-    });
-}
-</script>
-<div id='loaddiv' class='text-center py-2' style='display:none'><img src='../static/web/img/loadinglit.gif'></div>
-<table width='100%' align='center'>
-<tr>
-    <td>
-    如果您想对旧的文档应用随机模板设置，请点击此对旧文档进行处理（必须设置好模板项）
-    <a href='javascript:;' onclick='DoRand(\"makeold\")' class='btn btn-success btn-sm'>设置全部</a>
-    <a href='javascript:;' onclick='DoRand(\"clearold\")' class='btn btn-success btn-sm'>取消全部</a>
-    <span id='tmpct'>$okmsg</span>
-    </td>
-</tr>
-<tr>
-    <td><textarea name='templates' id='templates' class='admin-textarea-xl'>$templates</textarea></td>
-</tr>
-</table>";
-$win = new OxWindow();
-$win->Init('article_template_rand.php', 'js/blank.js', 'POST');
-$win->AddHidden('dopost', 'save');
-$win->AddHidden('token', $_SESSION['token']);
-$win->AddTitle("<div class='alert alert-info mb-0'>本设置仅适用于系统默认的文档模型，设置后发布文档时会自动按指定的模板随机获取一个，如果不想使用此功能，把它设置为空即可</div");
-$win->AddMsgItem($msg);
-$winform = $win->GetWindow('ok');
-$win->Display();
-?>
\ No newline at end of file
diff --git a/src/admin/inc/inc_action_info.php b/src/admin/inc/inc_action_info.php
index 2313d181..192b3369 100644
--- a/src/admin/inc/inc_action_info.php
+++ b/src/admin/inc/inc_action_info.php
@@ -369,12 +369,6 @@ $actionSearch[9] = array(
             'purview' => 'sys_StringMix',
             'linkurl' => 'article_string_mix.php'
         ),
-        9  =>  array(
-            'title' => '随机模板设置',
-            'description' => '本设置仅适用于系统默认的文档模型，设置后发布文档时会自动按指定的模板随机获取一个，如果不想使用此功能，把它设置为空即可',
-            'purview' => 'sys_StringMix',
-            'linkurl' => 'article_template_rand.php'
-        ),
         11  =>  array(
             'title' => '数据库备份还原',
             'description' => '对数据库进行备份和还原',
diff --git a/src/admin/inc/inc_menu.php b/src/admin/inc/inc_menu.php
index ed6fbab2..7f4d0a54 100644
--- a/src/admin/inc/inc_menu.php
+++ b/src/admin/inc/inc_menu.php
@@ -65,7 +65,6 @@ if ($cuserLogin->getUserType() >= 10) {
     <m:item name='自定义文档属性' link='content_att.php' rank='sys_Att' target='main' />
     <m:item name='软件栏目设置' link='soft_config.php' rank='sys_SoftConfig' target='main' />
     <m:item name='防采集串混淆' link='article_string_mix.php' rank='sys_StringMix' target='main' />
-    <m:item name='随机模板设置' link='article_template_rand.php' rank='sys_StringMix' target='main' />
     ".(DEDEBIZ_SAFE_MODE? "" : "<m:item name='数据备份还原' link='sys_data.php' rank='sys_Data' target='main' />")."
     ".(DEDEBIZ_SAFE_MODE? "" : "<m:item name='SQL命令行工具' link='sys_sql_query.php' rank='sys_Data' target='main' />")."
     <m:item name='病毒文件扫描' link='sys_safetest.php' rank='sys_verify' target='main' />
diff --git a/src/admin/sys_info.php b/src/admin/sys_info.php
index f2b43f22..c52e6288 100644
--- a/src/admin/sys_info.php
+++ b/src/admin/sys_info.php
@@ -27,6 +27,7 @@ function ReWriteConfig()
     $dsql->Execute();
     while ($row = $dsql->GetArray()) {
         if ($row['type'] == 'number') {
+            $row['value'] = preg_replace("#[^0-9.]#","", $row['value']);
             if ($row['value'] == '') $row['value'] = 0;
             fwrite($fp, "\${$row['varname']} = ".$row['value'].";\r\n");
         } else {
@@ -63,6 +64,9 @@ else if ($dopost == 'add') {
         ShowMsg("布尔变量值必须为'Y'或'N'", "-1");
         exit();
     }
+    if ($valtype == 'number') {
+        $nvarvalue = preg_replace("[^0-9.]","", $nvarvalue);
+    }
     if (trim($nvarname) == '' || preg_match("#[^a-z_]#i", $nvarname)) {
         ShowMsg("变量名不能为空并且必须为[a-z_]组成", "-1");
         exit();
@@ -73,7 +77,8 @@ else if ($dopost == 'add') {
         exit();
     }
     $row = $dsql->GetOne("SELECT aid FROM `#@__sysconfig` ORDER BY aid DESC");
-    $aid = $row['aid'] + 1;
+    $aid = intval($row['aid']) + 1;
+    $varmsg = HtmlReplace($varmsg);
     $inquery = "INSERT INTO `#@__sysconfig` (`aid`,`varname`,`info`,`value`,`type`,`groupid`) VALUES ('$aid','$nvarname','$varmsg','$nvarvalue','$vartype','$vargroup')";
     $rs = $dsql->ExecuteNoneQuery($inquery);
     if (!$rs) {
diff --git a/src/admin/templets/article_add.htm b/src/admin/templets/article_add.htm
index 2ee2f1de..a985bf59 100644
--- a/src/admin/templets/article_add.htm
+++ b/src/admin/templets/article_add.htm
@@ -310,23 +310,7 @@
 								<td><input type="text" name="filename" id="filename" class="admin-input-sm">（不包括后缀名如.html等）</td>
 								<td>
 									<?php
-									if (isset($cfg_tamplate_rand) && $cfg_tamplate_rand==1) {
-									?>
-									随机选择模板：
-									<select name="templet" id="templet" class="admin-input-sm">
-										<?php
-										$rndsel = mt_rand(1, count($cfg_tamplate_arr)) - 1;
-										foreach($cfg_tamplate_arr as $k=>$v)
-										{
-											$v = trim($v);
-											echo ($k==$rndsel ? "<option value='$v' selected>$v</option>" : "<option value='$v'>$v</option>");
-										}
-										?>
-									</select>
-									<?php
-									} else {
-										echo "<input type='hidden' name='templet'>";
-									}
+									echo "<input type='hidden' name='templet'>";
 									?>
 								</td>
 							</tr>
diff --git a/src/admin/templets/article_edit.htm b/src/admin/templets/article_edit.htm
index 3be349e6..0bd947a1 100644
--- a/src/admin/templets/article_edit.htm
+++ b/src/admin/templets/article_edit.htm
@@ -290,21 +290,8 @@
 								<td width="90">文件名称：</td>
 								<td><input type="text" name="filename" id="filename" value="<?php echo $arcRow['filename']?>" class="admin-input-sm">（不包括后缀名如.html等）</td>
 								<td>
-									<?php if (isset($cfg_tamplate_rand) && $cfg_tamplate_rand==1) {?>
-									模板选择：
-									<select name="templet" id="templet" class="admin-input-sm">
-										<?php
-										foreach($cfg_tamplate_arr as $k=>$v)
-										{
-											$v = trim($v);
-											echo ($v==$addRow['templet'] ? "<option value='$v' selected>$v</option>":"<option value='$v'>$v</option>");
-										}
-										?>
-									</select>
 									<?php
-									} else {
-									  echo "<input type='hidden' name='templet' value='{$addRow['templet']}'>";
-									}
+										echo "<input type='hidden' name='templet' value='{$addRow['templet']}'>";
 									?>
 								</td>
 							</tr>
diff --git a/src/data/template.rand.php b/src/data/template.rand.php
deleted file mode 100755
index 452e398d..00000000
--- a/src/data/template.rand.php
+++ /dev/null
@@ -1,8 +0,0 @@
-<?php
-//这个值为 0 表示关闭此设置，为 1 表示开启
-$cfg_tamplate_rand = 0;
-//模板数组，如果需要增加，按这个格式增加或修改即可，必须确保这些模板是存在，并且数量必须为2个或以上
-$cfg_tamplate_arr[] = 'article_article.htm';
-$cfg_tamplate_arr[] = 'article_article1.htm';
-$cfg_tamplate_arr[] = 'article_article2.htm';
-?>
\ No newline at end of file