diff --git a/application/service/PluginsAdminService.php b/application/service/PluginsAdminService.php
index 20ebd611cd364f9648d2f683cfa6cfff02353f10..0a4b375f613d25288985d4f969eefef90f9ff83b 100755
--- a/application/service/PluginsAdminService.php
+++ b/application/service/PluginsAdminService.php
@@ -1115,9 +1115,21 @@ php;
         {
             return DataReturn('请先开启开发者模式', -1); 
         }
-        
+
         // 获取应用标记
-        $plugins = $params['id'];
+        // 防止路径回溯
+        $plugins = htmlentities(str_replace(array('.', '/', '\\', ':'), '', strip_tags($params['id'])));
+        if(empty($plugins))
+        {
+            return DataReturn('插件标识有误', -1);
+        }
+
+        // 配置信息
+        $config = self::GetPluginsConfig($plugins);
+        if($config === false)
+        {
+            return DataReturn('插件配置有误', -10);
+        }
 
         // 目录不存在则创建
         $new_dir = ROOT.'runtime'.DS.'data'.DS.'plugins_package'.DS.$plugins;
@@ -1214,7 +1226,7 @@ php;
         \base\FileUtil::UnlinkDir($new_dir);
 
         // 开始下载
-        if(\base\FileUtil::DownloadFile($new_dir.'.zip', $plugins.'.zip'))
+        if(\base\FileUtil::DownloadFile($new_dir.'.zip', $config['base']['name'].'.zip'))
         {
             @unlink($new_dir.'.zip');
         } else {
diff --git a/application/service/ThemeService.php b/application/service/ThemeService.php
index 458d5e52f045609955e6277fb224a3afc803792a..64af286fae233134c3abc7084d1fcee80c4285d6 100755
--- a/application/service/ThemeService.php
+++ b/application/service/ThemeService.php
@@ -261,6 +261,18 @@ class ThemeService
             return DataReturn('主题名称有误', -1);
         }
 
+        // 获取配置信息
+        $config_file = ROOT.self::$html_path.$theme.DS.'config.json';
+        if(!file_exists($config_file))
+        {
+            return DataReturn('主题配置文件不存在', -1);
+        }
+        $config = json_decode(file_get_contents($config_file), true);
+        if(empty($config))
+        {
+            return DataReturn('主题配置信息有误', -1);
+        }
+
         // 目录不存在则创建
         $new_dir = ROOT.'runtime'.DS.'data'.DS.'theme_package'.DS.$theme;
         \base\FileUtil::CreateDir($new_dir);
@@ -296,7 +308,7 @@ class ThemeService
         \base\FileUtil::UnlinkDir($new_dir);
 
         // 开始下载
-        if(\base\FileUtil::DownloadFile($new_dir.'.zip', $theme.'.zip'))
+        if(\base\FileUtil::DownloadFile($new_dir.'.zip', $config['name'].'.zip'))
         {
             @unlink($new_dir.'.zip');
         } else {