diff --git a/src/member/inc/archives_check_edit.php b/src/member/inc/archives_check_edit.php
index b5b83ec..95ae9e6 100755
--- a/src/member/inc/archives_check_edit.php
+++ b/src/member/inc/archives_check_edit.php
@@ -4,7 +4,7 @@
  * 
  * @version        $Id: archives_check_edit.php 1 13:52 2010年7月9日Z tianya $
  * @package        DedeCMS.Member
- * @copyright      Copyright (c) 2007 - 2020, DesDev, Inc.
+ * @copyright      Copyright (c) 2007 - 2010, DesDev, Inc.
  * @license        http://help.dedecms.com/usersguide/license.html
  * @link           http://www.dedecms.com
  */
@@ -89,5 +89,5 @@ if($litpic != '')
 }
 else
 {
-    $litpic =$oldlitpic;
+    $litpic =$oldlitpic; if (strpos( $litpic, '..') !== false || strpos( $litpic, $cfg_user_dir."/{$userid}/" ) === false) exit('not allowed path!');
 }
\ No newline at end of file
diff --git a/src/member/inc/inc_archives_functions.php b/src/member/inc/inc_archives_functions.php
index 3ad4207..70175e7 100755
--- a/src/member/inc/inc_archives_functions.php
+++ b/src/member/inc/inc_archives_functions.php
@@ -4,7 +4,7 @@
  * 
  * @version        $Id: inc_archives_functions.php 1 13:52 2010年7月9日Z tianya $
  * @package        DedeCMS.Member
- * @copyright      Copyright (c) 2007 - 2020, DesDev, Inc.
+ * @copyright      Copyright (c) 2007 - 2010, DesDev, Inc.
  * @license        http://help.dedecms.com/usersguide/license.html
  * @link           http://www.dedecms.com
  */
@@ -236,7 +236,7 @@ function PrintAutoFieldsAdd(&$fieldset, $loadtype='all', $isprint=TRUE)
         }
     }
     if ($isprint) echo "<input type='hidden' name='dede_addonfields' value=\"".$dede_addonfields."\">\r\n";
-    echo "<input type=\"hidden\" name=\"dede_fieldshash\" value=\"".md5($dede_addonfields.$cfg_cookie_encode)."\" />";
+	echo "<input type=\"hidden\" name=\"dede_fieldshash\" value=\"".md5($dede_addonfields . 'anythingelse' .$cfg_cookie_encode) ."\" />";
     // 增加一个返回
     return $addonfieldsname;
 }