diff --git a/application/service/AppMiniService.php b/application/service/AppMiniService.php
index 69b670d50efd1ad3ecb9c96f1834e8d5ee619e5d..97842d9ebfc331c91ee677bad366ef84a055307a 100755
--- a/application/service/AppMiniService.php
+++ b/application/service/AppMiniService.php
@@ -198,7 +198,7 @@ class AppMiniService
         }
 
         // 防止路径回溯
-        $path = self::$new_path.DS.htmlentities(str_replace(array('.', '/', '\\'), '', strip_tags($name))).$suffix;
+        $path = self::$new_path.DS.htmlentities(str_replace(array('.', '/', '\\', ':'), '', strip_tags($name))).$suffix;
 
         // 删除压缩包
         if($suffix == '.zip')
diff --git a/application/service/PaymentService.php b/application/service/PaymentService.php
index 65012a714ff0d738d00aea4ea04e8b7a95d32756..7f5efc4bec4cd9f977495a3246a06c385effab2a 100755
--- a/application/service/PaymentService.php
+++ b/application/service/PaymentService.php
@@ -437,18 +437,22 @@ class PaymentService
             return DataReturn('已存在相同插件', -3);
         }
 
+        // 文件名称过滤
+        $name = substr($_FILES['file']['name'], 0, strlen($_FILES['file']['name'])-4);
+        $payment = str_replace(array('.', '/', '\\', ':'), '', $name);
+
         // 存储文件
-        if(!move_uploaded_file($_FILES['file']['tmp_name'], self::$payment_dir.$_FILES['file']['name']))
+        $file = self::$payment_dir.$payment.'.php';
+        if(!move_uploaded_file($_FILES['file']['tmp_name'], $file))
         {
             return DataReturn('上传失败', -100);
         }
 
         // 文件校验
-        $payment = htmlentities(str_replace('.php', '', $_FILES['file']['name']));
         $config = self::GetPaymentConfig($payment);
         if($config === false)
         {
-            @unlink(self::$payment_dir.$_FILES['file']['name']);
+            @unlink($file);
             return DataReturn('插件编写有误，请参考文档编写', -10);
         }
         return DataReturn('上传成功');
diff --git a/application/service/ThemeService.php b/application/service/ThemeService.php
index 6f6bf8cffbd6f55d7c97e110f0d09a7106eb1123..b5bb970612761aca6aeba12c1d6dffdbee1260c3 100755
--- a/application/service/ThemeService.php
+++ b/application/service/ThemeService.php
@@ -175,7 +175,7 @@ class ThemeService
             return DataReturn('模板id有误', -1);
         }
         // 防止路径回溯
-        $id = htmlentities(str_replace(array('.', '/', '\\'), '', strip_tags($params['id'])));
+        $id = htmlentities(str_replace(array('.', '/', '\\', ':'), '', strip_tags($params['id'])));
         if(empty($id))
         {
             return DataReturn('主题名称有误', -1);