diff --git a/src/admin/diy_list.php b/src/admin/diy_list.php
index 53fa76f3..c363e456 100644
--- a/src/admin/diy_list.php
+++ b/src/admin/diy_list.php
@@ -157,6 +157,7 @@ if ($action == 'post') {
 } elseif ($action == 'delete') {
     if (empty($do)) {
         if (is_array($id)) {
+            $ids = array_map('intval', $id);
             $ids = implode(',', $id);
         } else {
             showmsg('未选中要操作的表单', '-1');
diff --git a/src/static/web/img/login_bg.jpg b/src/static/web/img/login_bg.jpg
index f05a2da1..1e8f3a7c 100644
Binary files a/src/static/web/img/login_bg.jpg and b/src/static/web/img/login_bg.jpg differ
diff --git a/src/system/uploadsafe.inc.php b/src/system/uploadsafe.inc.php
index 4b818a47..71ed2751 100755
--- a/src/system/uploadsafe.inc.php
+++ b/src/system/uploadsafe.inc.php
@@ -38,7 +38,7 @@ foreach ($_FILES as $_key => $_value) {
     if (is_array(${$_key.'_name'}) && count(${$_key.'_name'}) > 0) {
         foreach (${$_key.'_name'} as $key => $value) {
             $value = trim($value);
-            if (!empty($value) && (preg_match("#\.(".$cfg_not_allowall.")$#i", $value) || !preg_match("#\.#", $value))) {
+            if (!empty($value) && (preg_match("#\.(".$cfg_not_allowall.")$#i", $value) || !preg_match("#\.#", $value) || preg_match('#\.[\x00-\x1F\x7F]*$#', trim($value)))) {
                 if (!defined('DEDEADMIN')) {
                     echo DedeAlert('禁止上传当前格式的文件', ALERT_DANGER);
                     exit;
@@ -47,7 +47,7 @@ foreach ($_FILES as $_key => $_value) {
         }
     } else {
         $fname = trim(${$_key.'_name'});
-        if (!empty($fname) && (preg_match("#\.(".$cfg_not_allowall.")$#i", $fname) || !preg_match("#\.#", $fname))) {
+        if (!empty($fname) && (preg_match("#\.(".$cfg_not_allowall.")$#i", $fname) || !preg_match("#\.#", $fname) || preg_match('#\.[\x00-\x1F\x7F]*$#', trim($value)))) {
             if (!defined('DEDEADMIN')) {
                 echo DedeAlert('禁止上传当前格式的文件', ALERT_DANGER);
                 exit;