diff --git a/src/dede/erraddsave.php b/src/dede/erraddsave.php
index a7ad8bd..0b59fe7 100755
--- a/src/dede/erraddsave.php
+++ b/src/dede/erraddsave.php
@@ -102,7 +102,7 @@ if($dopost == "delete")
     exit();
 }
 
-$sql = "SELECT * FROM `#@__erradd`";
+$sql = "SELECT * FROM `#@__erradd` ORDER BY id desc";
 $dlist = new DataListCP();
 $dlist->SetTemplet(DEDEADMIN."/templets/erradd.htm");
 $dlist->SetSource($sql);
diff --git a/src/include/dedeajax2.js b/src/include/dedeajax2.js
deleted file mode 100755
index a4128c9..0000000
--- a/src/include/dedeajax2.js
+++ /dev/null
@@ -1,281 +0,0 @@
-<!--
-//xmlhttp和xmldom对象
-var DedeXHTTP = null;
-var DedeXDOM = null;
-var DedeContainer = null;
-var DedeShowError = false;
-var DedeShowWait = false;
-var DedeErrCon = "";
-var DedeErrDisplay = "下载数据失败";
-var DedeWaitDisplay = "正在下载数据...";
-
-//获取指定ID的元素
-
-function $DE(id) {
-    return document.getElementById(id);
-}
-
-//gcontainer 是保存下载完成的内容的容器
-//mShowError 是否提示错误信息
-//DedeShowWait 是否提示等待信息
-//mErrCon 服务器返回什么字符串视为错误
-//mErrDisplay 发生错误时显示的信息
-//mWaitDisplay 等待时提示信息
-//默认调用 DedeAjax('divid',false,false,'','','')
-
-function DedeAjax(gcontainer,mShowError,mShowWait,mErrCon,mErrDisplay,mWaitDisplay)
-{
-
-    DedeContainer = gcontainer;
-    DedeShowError = mShowError;
-    DedeShowWait = mShowWait;
-    if(mErrCon!="") DedeErrCon = mErrCon;
-    if(mErrDisplay!="") DedeErrDisplay = mErrDisplay;
-    if(mErrDisplay=="x") DedeErrDisplay = "";
-    if(mWaitDisplay!="") DedeWaitDisplay = mWaitDisplay;
-
-
-    //post或get发送数据的键值对
-    this.keys = Array();
-    this.values = Array();
-    this.keyCount = -1;
-    this.sendlang = 'gb2312';
-
-    //请求头类型
-    this.rtype = 'text';
-
-    //初始化xmlhttp
-    //IE6、IE5
-    if(window.ActiveXObject) {
-        try { DedeXHTTP = new ActiveXObject("Msxml2.XMLHTTP");} catch (e) { }
-        if (DedeXHTTP == null) try { DedeXHTTP = new ActiveXObject("Microsoft.XMLHTTP");} catch (e) { }
-    }
-    else {
-        DedeXHTTP = new XMLHttpRequest();
-    }
-
-    //增加一个POST或GET键值对
-    this.AddKeyN = function(skey,svalue) {
-        if(this.sendlang=='utf-8') this.AddKeyUtf8(skey, svalue);
-        else this.AddKey(skey, svalue);
-    };
-    
-    this.AddKey = function(skey,svalue) {
-        this.keyCount++;
-        this.keys[this.keyCount] = skey;
-        svalue = svalue+'';
-        if(svalue != '') svalue = svalue.replace(/\+/g,'$#$');
-        this.values[this.keyCount] = escape(svalue);
-    };
-
-    //增加一个POST或GET键值对
-    this.AddKeyUtf8 = function(skey,svalue) {
-        this.keyCount++;
-        this.keys[this.keyCount] = skey;
-        svalue = svalue+'';
-        if(svalue != '') svalue = svalue.replace(/\+/g,'$#$');
-        this.values[this.keyCount] = encodeURI(svalue);
-    };
-
-    //增加一个Http请求头键值对
-    this.AddHead = function(skey,svalue) {
-        this.rkeyCount++;
-        this.rkeys[this.rkeyCount] = skey;
-        this.rvalues[this.rkeyCount] = svalue;
-    };
-
-    //清除当前对象的哈希表参数
-    this.ClearSet = function() {
-        this.keyCount = -1;
-        this.keys = Array();
-        this.values = Array();
-        this.rkeyCount = -1;
-        this.rkeys = Array();
-        this.rvalues = Array();
-    };
-
-
-    DedeXHTTP.onreadystatechange = function() {
-        //在IE6中不管阻断或异步模式都会执行这个事件的
-        if(DedeXHTTP.readyState == 4){
-            if(DedeXHTTP.status == 200)
-            {
-                if(DedeXHTTP.responseText!=DedeErrCon) {
-                    DedeContainer.innerHTML = DedeXHTTP.responseText;
-                }
-                else {
-                    if(DedeShowError) DedeContainer.innerHTML = DedeErrDisplay;
-                }
-                DedeXHTTP = null;
-            }
-            else { if(DedeShowError) DedeContainer.innerHTML = DedeErrDisplay; }
-        }
-        else { if(DedeShowWait) DedeContainer.innerHTML = DedeWaitDisplay; }
-    };
-
-    //检测阻断模式的状态
-    this.BarrageStat = function() {
-        if(DedeXHTTP==null) return;
-        if(typeof(DedeXHTTP.status)!=undefined && DedeXHTTP.status == 200)
-        {
-            if(DedeXHTTP.responseText!=DedeErrCon) {
-                DedeContainer.innerHTML = DedeXHTTP.responseText;
-            }
-            else {
-                if(DedeShowError) DedeContainer.innerHTML = DedeErrDisplay;
-            }
-        }
-    };
-
-    //发送http请求头
-    this.SendHead = function()
-    {
-        //发送用户自行设定的请求头
-        if(this.rkeyCount!=-1)
-        { 
-            for(var i = 0;i<=this.rkeyCount;i++)
-            {
-                DedeXHTTP.setRequestHeader(this.rkeys[i],this.rvalues[i]);
-            }
-        }
-        　if(this.rtype=='binary'){
-        　DedeXHTTP.setRequestHeader("Content-Type","multipart/form-data");
-    }else{
-        DedeXHTTP.setRequestHeader("Content-Type","application/x-www-form-urlencoded");
-    }
-};
-
-//用Post方式发送数据
-this.SendPost = function(purl) {
-    var pdata = "";
-    var i=0;
-    this.state = 0;
-    DedeXHTTP.open("POST", purl, true);
-    this.SendHead();
-    //post数据
-    if(this.keyCount!=-1)
-    {
-        for(;i<=this.keyCount;i++)
-        {
-            if(pdata=="") pdata = this.keys[i]+'='+this.values[i];
-            else pdata += "&"+this.keys[i]+'='+this.values[i];
-        }
-    }
-    DedeXHTTP.send(pdata);
-};
-
-//用GET方式发送数据
-this.SendGet = function(purl) {
-    var gkey = "";
-    var i=0;
-    this.state = 0;
-    //get参数
-    if(this.keyCount!=-1)
-    { 
-        for(;i<=this.keyCount;i++)
-        {
-            if(gkey=="") gkey = this.keys[i]+'='+this.values[i];
-            else gkey += "&"+this.keys[i]+'='+this.values[i];
-        }
-        if(purl.indexOf('?')==-1) purl = purl + '?' + gkey;
-        else  purl = purl + '&' + gkey;
-    }
-    DedeXHTTP.open("GET", purl, true);
-    this.SendHead();
-    DedeXHTTP.send(null);
-};
-
-//用GET方式发送数据，阻塞模式
-this.SendGet2 = function(purl) {
-    var gkey = "";
-    var i=0;
-    this.state = 0;
-    //get参数
-    if(this.keyCount!=-1)
-    { 
-        for(;i<=this.keyCount;i++)
-        {
-            if(gkey=="") gkey = this.keys[i]+'='+this.values[i];
-            else gkey += "&"+this.keys[i]+'='+this.values[i];
-        }
-        if(purl.indexOf('?')==-1) purl = purl + '?' + gkey;
-        else  purl = purl + '&' + gkey;
-    }
-    DedeXHTTP.open("GET", purl, false);
-    this.SendHead();
-    DedeXHTTP.send(null);
-    //firefox中直接检测XHTTP状态
-    this.BarrageStat();
-};
-
-//用Post方式发送数据
-this.SendPost2 = function(purl) {
-    var pdata = "";
-    var i=0;
-    this.state = 0;
-    DedeXHTTP.open("POST", purl, false);
-    this.SendHead();
-    //post数据
-    if(this.keyCount!=-1)
-    {
-        for(;i<=this.keyCount;i++)
-        {
-            if(pdata=="") pdata = this.keys[i]+'='+this.values[i];
-            else pdata += "&"+this.keys[i]+'='+this.values[i];
-        }
-    }
-    DedeXHTTP.send(pdata);
-    //firefox中直接检测XHTTP状态
-    this.BarrageStat();
-};
-
-
-} // End Class DedeAjax
-
-//初始化xmldom
-function InitXDom() {
-    if(DedeXDOM!=null) return;
-    var obj = null;
-    // Gecko、Mozilla、Firefox
-    if (typeof(DOMParser) != "undefined") { 
-        var parser = new DOMParser();
-        obj = parser.parseFromString(xmlText, "text/xml");
-    }
-    // IE
-    else { 
-        try { obj = new ActiveXObject("MSXML2.DOMDocument");} catch (e) { }
-        if (obj == null) try { obj = new ActiveXObject("Microsoft.XMLDOM"); } catch (e) { }
-    }
-    DedeXDOM = obj;
-};
-
-
-
-//读写cookie函数
-function GetCookie(c_name)
-{
-    if (document.cookie.length > 0)
-    {
-        c_start = document.cookie.indexOf(c_name + "=")
-        if (c_start != -1)
-        {
-            c_start = c_start + c_name.length + 1;
-            c_end   = document.cookie.indexOf(";",c_start);
-            if (c_end == -1)
-            {
-                c_end = document.cookie.length;
-            }
-            return unescape(document.cookie.substring(c_start,c_end));
-        }
-    }
-    return null
-}
-
-function SetCookie(c_name,value,expiredays)
-{
-    var exdate = new Date();
-    exdate.setDate(exdate.getDate() + expiredays);
-    document.cookie = c_name + "=" +escape(value) + ((expiredays == null) ? "" : ";expires=" + exdate.toGMTString()); //使设置的有效时间正确。增加toGMTString()
-}
-
--->
diff --git a/src/plus/erraddsave.php b/src/plus/erraddsave.php
index 72871ef..ee94fb0 100755
--- a/src/plus/erraddsave.php
+++ b/src/plus/erraddsave.php
@@ -12,26 +12,34 @@
 require_once(dirname(__FILE__)."/../include/common.inc.php");
 require_once(DEDEINC.'/memberlogin.class.php');
 
-$htmltitle = "错误提交";
-$aid = isset($aid) && is_numeric($aid) ? $aid : 0;
-if(empty($dopost))
-{
-    $row = $dsql->GetOne(" SELECT `title` FROM `#@__archives` WHERE `id` ='$aid'");
-    $title = $row['title'];
-    require_once(DEDEROOT."/templets/plus/erraddsave.htm");
+$dopost = isset($dopost)? $dopost : "";
+$aid = isset($aid)? intval($aid) : 0;
+if (empty($aid)) {
+    die(" Request Error! ");
 }
-elseif($dopost == "saveedit")
+if($dopost == "saveedit")
 {
     $cfg_ml = new MemberLogin();
     $title = HtmlReplace($title);
+    $format = isset($format)? $format : "";
     $type = isset($type) && is_numeric($type) ? $type : 0;
     $mid = isset($cfg_ml->M_ID) ? $cfg_ml->M_ID : 0;
-    $err = trimMsg(cn_substr($err,2000),1);
-    $oktxt = trimMsg(cn_substr($erradd,2000),1);
+    $err = trimMsg(cn_substr(RemoveXSS($err),2000),1);
+    $oktxt = trimMsg(cn_substr(RemoveXSS($erradd),2000),1);
     $time = time();
     $query = "INSERT INTO `#@__erradd`(aid,mid,title,type,errtxt,oktxt,sendtime)
                   VALUES ('$aid','$mid','$title','$type','$err','$oktxt','$time'); ";
     $dsql->ExecuteNoneQuery($query);
-    ShowMsg("谢谢您对本网站的支持，我们会尽快处理您的建议！","javascript:window.close();");
+    if (!empty($format)) {
+        echo json_encode(array(
+            "code" => 200,
+            "data" => "ok",
+        ));
+    } else {
+        ShowMsg("谢谢您对本网站的支持，我们会尽快处理您的建议！","javascript:window.close();");
+    }
+    
     exit();
+} else {
+    die(" Request undefined ");
 }
\ No newline at end of file
diff --git a/src/templets/plus/erraddsave.htm b/src/templets/plus/erraddsave.htm
deleted file mode 100755
index 787eb49..0000000
--- a/src/templets/plus/erraddsave.htm
+++ /dev/null
@@ -1,90 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-<head>
-<meta http-equiv="Content-Type" content="text/html; charset=<?php echo $cfg_soft_lang; ?>" />
-<title><?php echo $cfg_webname;?>_挑错</title>
-<link href="<?php echo $cfg_templets_skin; ?>/style/dedecms.css" rel="stylesheet" type="text/css" media="screen" />
-</head>
-<body class="flinkpage">
-
-<div class="header">
-	<div class="top w960 center">
-		<div class="title">
-            <h1><a href="<?php echo $cfg_basehost;?>"><img src="<?php echo $cfg_templets_skin; ?>/images/logo.gif" height="40" width="233" alt="{dede:global.cfg_webname/}"/></a> </h1>
-		</div><!-- /title -->
-	</div><!-- /top -->
-</div><!-- /header -->
-
-<div class="w960 clear center mt1 cmt-box">
-	<div class="sp-title">
-		<h2>挑错</h2>
-		<span class="more">
-			<a href="<?php echo $cfg_basehost;?>">返回首页</a>
-		</span>
-	</div>
-  <div class="formbox">
-<form action="erraddsave.php"  method="post" name="feedback">
-     <input type='hidden' name='dopost' value='saveedit'>
-     <input type="hidden" name="title" value="<?php echo $title?>" />
-     <input type="hidden" name="aid" value="<?php echo $aid?>" />
-<table width="100%" align="center" cellpadding="0" cellspacing="0" bgcolor="#cccccc">
-	<tr>
-		<td width="100" height="30" align="right" bgcolor="#FFFFFF">标题：</td>
-        <td bgcolor="#FFFFFF"><?php echo $title;?></td>
-	</tr>
-    <tr>
-    	<td height="30" align="right" bgcolor="#FFFFFF">错误类型：</td>
-        <td bgcolor="#FFFFFF">
-        	<select name="type">
-            	<option value="1">错别字(除的、地、得)</option>
-                <option value="2">成语运用不当</option>
-				<option value="3">专业术语写法不规则</option>
-				<option value="4">产品与图片不符</option>
-				<option value="5">事实年代以及内容错误</option>
-				<option value="6">技术参数错误</option>
-				<option value="7">其他</option>
-   	    </select>        </td>
-    </tr>
-    <tr>
-    	<td align="right" bgcolor="#FFFFFF">
-        	错误内容：        </td>
-        <td bgcolor="#FFFFFF"><textarea name="err" cols="40" rows="4" class="ipt-txt"></textarea></td>
-    </tr>
-    <tr>
-    	<td align="right" bgcolor="#FFFFFF">
-        	修正建议：       </td>
-        <td bgcolor="#FFFFFF">
-        	<textarea name="erradd" cols="40" rows="4" class="ipt-txt"></textarea>        </td>
-    </tr>
-    <tr>
-    	<td height="35" align="center" bgcolor="#FFFFFF">&nbsp;</td>
-    	<td bgcolor="#FFFFFF"><input name="提交" type="submit" value="提交" class="btn-2"/>
-          <input name="重置" type="reset" value="重置" class="btn-2"/></td>
-      </tr>
-</table>
-</form>
-<br />
-    </div>
-
-</div>
-
-
-
-<!-- //底部模板 -->
-<div class="footer w960 center mt1 clear">
-	<!-- 
-		为了支持织梦团队的发展,请您保留织梦内容管理系统的链接信息.
-		我们对支持织梦团队发展的朋友表示真心的感谢!织梦因您更精彩!
-	-->
-    <div class="footer_left"></div>
-    <div class="footer_body">
-    <span class="gotop"><a href="javascript:scroll(0,0)"><img src="<?php echo $cfg_templets_skin; ?>/images/top.gif" height="11" width="61" alt="返回顶部"/></a></span>
-	<p class="powered">    
-		Powered by <a href="http://www.dedecms.com" title="织梦内容管理系统(DedeCMS)--国内最专业的PHP网站管理系统，轻松建站的首选利器。" target="_blank"><strong>DedeCMS<?php echo $cfg_version; ?></strong></a> &copy; 2004-2020 <a href="http://www.desdev.cn/" target="_blank">DesDev</a> Inc.<br /><div class="copyright"><?php echo $cfg_powerby; ?>&nbsp;&nbsp;<?php echo $cfg_beian; ?></div></p>        
-<!-- /powered -->
-   </div>
-   <div class="footer_right"></div>
-</div>
-
-</body>
-</html>