diff --git a/class/core/files_api.py b/class/core/files_api.py
index 3ae98156a..e01876e88 100755
--- a/class/core/files_api.py
+++ b/class/core/files_api.py
@@ -606,8 +606,5 @@ done
 
         data['DIR'] = sorted(dirnames)
         data['FILES'] = sorted(filenames)
-        if path[0:2] == '//':
-            data['PATH'] = path[1:]
-        else:
-            data['PATH'] = path
+        data['PATH'] = path.replace('//', '/')
         return public.getJson(data)
diff --git a/class/core/site_api.py b/class/core/site_api.py
index 0ec168bd9..ce1306062 100755
--- a/class/core/site_api.py
+++ b/class/core/site_api.py
@@ -751,6 +751,68 @@ class site_api:
             data['filename'] = filename
         return public.getJson(data)
 
+     # 修改物理路径
+    def setPathApi(self):
+        mid = request.form.get('id', '').encode('utf-8')
+        path = request.form.get('path', '').encode('utf-8')
+
+        path = self.getPath(path)
+        print path
+        if path == "" or mid == '0':
+            return public.returnJson(False,  "目录不能为空!")
+
+        import files_api
+        if not files_api.files_api().checkDir(path):
+            return public.returnJson(False,  "不能以系统关键目录作为站点目录")
+
+        siteFind = public.M("sites").where(
+            "id=?", (mid,)).field('path,name').find()
+        if siteFind["path"] == path:
+            return public.returnJson(False,  "与原路径一致，无需修改!")
+        file = self.getHostConf(siteFind['name'])
+        conf = public.readFile(file)
+        if conf:
+            conf = conf.replace(siteFind['path'], path)
+            public.writeFile(file, conf)
+
+        # 创建basedir
+        userIni = path + '/.user.ini'
+        if os.path.exists(userIni):
+            public.execShell("chattr -i " + userIni)
+        public.writeFile(userIni, 'open_basedir=' + path + '/:/tmp/:/proc/')
+        public.execShell('chmod 644 ' + userIni)
+        public.execShell('chown root:root ' + userIni)
+        public.execShell('chattr +i ' + userIni)
+
+        public.restartWeb()
+        public.M("sites").where("id=?", (mid,)).setField('path', path)
+        msg = public.getInfo('修改网站[{1}]物理路径成功!', (siteFind['name'],))
+        public.writeLog('网站管理', msg)
+        return public.returnJson(True,  "设置成功!")
+
+    # 设置当前站点运行目录
+    def setSiteRunPathApi(self):
+        mid = request.form.get('id', '').encode('utf-8')
+        runPath = request.form.get('runPath', '').encode('utf-8')
+        siteName = public.M('sites').where('id=?', (mid,)).getField('name')
+        sitePath = public.M('sites').where('id=?', (mid,)).getField('path')
+
+        newPath = sitePath + runPath
+        # 处理Nginx
+        filename = self.getHostConf(siteName)
+        if os.path.exists(filename):
+            conf = public.readFile(filename)
+            rep = '\s*root\s*(.+);'
+            path = re.search(rep, conf).groups()[0]
+            conf = conf.replace(path, newPath)
+            public.writeFile(filename, conf)
+
+        self.delUserInI(sitePath)
+        self.setDirUserINI(newPath)
+
+        public.restartWeb()
+        return public.returnJson(True, '设置成功!')
+
     def delDomainApi(self):
         domain = request.form.get('domain', '').encode('utf-8')
         webname = request.form.get('webname', '').encode('utf-8')
@@ -1369,6 +1431,21 @@ location /{
                 continue
         return True
 
+    # 设置目录防御
+    def setDirUserINI(self, newPath):
+        filename = newPath + '/.user.ini'
+        if os.path.exists(filename):
+            public.execShell("chattr -i " + filename)
+            os.remove(filename)
+            return public.returnJson(True, '已清除防跨站设置!')
+
+        self.delUserInI(newPath)
+        public.writeFile(filename, 'open_basedir=' +
+                         newPath + '/:/tmp/:/proc/')
+        public.execShell("chattr +i " + filename)
+
+        return public.returnJson(True, '已打开防跨站设置!')
+
     # 转换时间
     def strfToTime(self, sdate):
         import time
diff --git a/route/static/app/public.js b/route/static/app/public.js
index 5f41641b8..a4c0ef415 100755
--- a/route/static/app/public.js
+++ b/route/static/app/public.js
@@ -149,16 +149,25 @@ function getLocalTime(a) {
 
 
 function changePath(d) {
-	setCookie("SetId", d);
-	setCookie("SetName", "");
+	setCookie('SetId', d);
+	setCookie('SetName', '');
 	var c = layer.open({
 		type: 1,
 		area: "650px",
-		title: lan.bt.dir,
+		title: '选择目录',
 		closeBtn: 2,
 		shift: 5,
 		shadeClose: false,
-		content: "<div class='changepath'><div class='path-top'><button type='button' class='btn btn-default btn-sm' onclick='BackFile()'><span class='glyphicon glyphicon-share-alt'></span> "+lan.public.return+"</button><div class='place' id='PathPlace'>"+lan.bt.path+"：<span></span></div></div><div class='path-con'><div class='path-con-left'><dl><dt id='changecomlist' onclick='backMyComputer()'>"+lan.bt.comp+"</dt></dl></div><div class='path-con-right'><ul class='default' id='computerDefautl'></ul><div class='file-list divtable'><table class='table table-hover' style='border:0 none'><thead><tr class='file-list-head'><th width='40%'>"+lan.bt.filename+"</th><th width='20%'>"+lan.bt.etime+"</th><th width='10%'>"+lan.bt.access+"</th><th width='10%'>"+lan.bt.own+"</th><th width='10%'></th></tr></thead><tbody id='tbody' class='list-list'></tbody></table></div></div></div></div><div class='getfile-btn' style='margin-top:0'><button type='button' class='btn btn-default btn-sm pull-left' onclick='CreateFolder()'>"+lan.bt.adddir+"</button><button type='button' class='btn btn-danger btn-sm mr5' onclick=\"layer.close(getCookie('ChangePath'))\">"+lan.public.close+"</button> <button type='button' class='btn btn-success btn-sm' onclick='GetfilePath()'>"+lan.bt.path_ok+"</button></div>"
+		content: "<div class='changepath'><div class='path-top'><button type='button' class='btn btn-default btn-sm' onclick='backFile()'><span class='glyphicon glyphicon-share-alt'></span>返回</button>\
+		<div class='place' id='PathPlace'>当前路径：<span></span></div></div><div class='path-con'><div class='path-con-left'><dl><dt id='changecomlist' onclick='backMyComputer()'>计算机</dt></dl></div>\
+		<div class='path-con-right'><ul class='default' id='computerDefautl'></ul><div class='file-list divtable'>\
+			<table class='table table-hover' style='border:0 none'>\
+				<thead><tr class='file-list-head'><th width='40%'>文件名</th><th width='20%'>修改时间</th><th width='10%'>权限</th><th width='10%'>所有者</th><th width='10%'></th></tr></thead>\
+				<tbody id='tbody' class='list-list'></tbody></table></div></div></div></div><div class='getfile-btn' style='margin-top:0'>\
+				<button type='button' class='btn btn-default btn-sm pull-left' onclick='createFolder()'>新建文件夹</button>\
+				<button type='button' class='btn btn-danger btn-sm mr5' onclick=\"layer.close(getCookie('ChangePath'))\">关闭</button>\
+				<button type='button' class='btn btn-success btn-sm' onclick='getfilePath()'>选择</button>\
+		</div>"
 	});
 	setCookie("ChangePath", c);
 	var b = $("#" + d).val();
@@ -223,11 +232,11 @@ function getDiskList(b) {
 		}
 		$("#PathPlace").find("span").html(h.PATH);
 		activeDisk();
-		return
+		return;
 	},'json');
 }
 
-function CreateFolder() {
+function createFolder() {
 	var a = "<tr><td colspan='2'><span class='glyphicon glyphicon-folder-open'></span> <input id='newFolderName' class='newFolderName' type='text' value=''></td><td colspan='3'><button id='nameOk' type='button' class='btn btn-success btn-sm'>"+lan.public.ok+"</button>&nbsp;&nbsp;<button id='nameNOk' type='button' class='btn btn-default btn-sm'>"+lan.public.cancel+"</button></td></tr>";
 	if($("#tbody tr").length == 0) {
 		$("#tbody").append(a)
@@ -272,7 +281,7 @@ function NewDelFile(c) {
 				icon: 2
 			})
 		}
-		getDiskList(a)
+		getDiskList(a);
 	})
 }
 
@@ -306,10 +315,10 @@ function backMyComputer() {
 	$(".default").show();
 	$(".file-list").hide();
 	$("#PathPlace").find("span").html("");
-	activeDisk()
+	activeDisk();
 }
 
-function BackFile() {
+function backFile() {
 	var c = $("#PathPlace").find("span").text();
 	if(c.substr(c.length - 1, 1) == "/") {
 		c = c.substr(0, c.length - 1)
@@ -328,7 +337,7 @@ function BackFile() {
 	if(d.length == 1) {}
 }
 
-function GetfilePath() {
+function getfilePath() {
 	var a = $("#PathPlace").find("span").text();
 	a = a.replace(new RegExp(/(\\)/g), "/");
 	$("#" + getCookie("SetId")).val(a + getCookie("SetName"));
@@ -1199,6 +1208,40 @@ function tasklist(a){
 	},'json');
 }
 
+function activeDisk() {
+	var a = $("#PathPlace").find("span").text().substring(0, 1);
+	switch(a) {
+		case "C":
+			$(".path-con-left dd:nth-of-type(1)").css("background", "#eee").siblings().removeAttr("style");
+			break;
+		case "D":
+			$(".path-con-left dd:nth-of-type(2)").css("background", "#eee").siblings().removeAttr("style");
+			break;
+		case "E":
+			$(".path-con-left dd:nth-of-type(3)").css("background", "#eee").siblings().removeAttr("style");
+			break;
+		case "F":
+			$(".path-con-left dd:nth-of-type(4)").css("background", "#eee").siblings().removeAttr("style");
+			break;
+		case "G":
+			$(".path-con-left dd:nth-of-type(5)").css("background", "#eee").siblings().removeAttr("style");
+			break;
+		case "H":
+			$(".path-con-left dd:nth-of-type(6)").css("background", "#eee").siblings().removeAttr("style");
+			break;
+		default:
+			$(".path-con-left dd").removeAttr("style");
+	}
+}
+
+
+function backMyComputer() {
+	$(".default").show();
+	$(".file-list").hide();
+	$("#PathPlace").find("span").html("");
+	activeDisk();
+}
+
 //检查登陆状态
 function check_login(){
 	$.post('/check_login',{},function(rdata){
diff --git a/route/static/app/site.js b/route/static/app/site.js
index e6b6f578f..141ea30c5 100755
--- a/route/static/app/site.js
+++ b/route/static/app/site.js
@@ -306,12 +306,12 @@ function webPathEdit(id){
 						<span class='mr5'>网站目录</span>\
 						<input class='bt-input-text mr5' type='text' style='width:50%' placeholder='网站根目录' value='"+webpath+"' name='webdir' id='inputPath'>\
 						<span onclick='changePath(&quot;inputPath&quot;)' class='glyphicon glyphicon-folder-open cursor mr20'></span>\
-						<button class='btn btn-success btn-sm' onclick='SetSitePath("+id+")'>保存</button>\
+						<button class='btn btn-success btn-sm' onclick='setSitePath("+id+")'>保存</button>\
 					</div>\
 					<div class='line mtb15'>\
 						<span class='mr5'>运行目录</span>\
 						<select class='bt-input-text' type='text' style='width:50%; margin-right:41px' name='runPath' id='runPath'>"+opt+"</select>\
-						<button class='btn btn-success btn-sm' onclick='SetSiteRunPath("+id+")' style='margin-top: -1px;'>保存</button>\
+						<button class='btn btn-success btn-sm' onclick='setSiteRunPath("+id+")' style='margin-top: -1px;'>保存</button>\
 					</div>\
 					<ul class='help-info-text c7 ptb10'>\
 						<li>部分程序需要指定二级目录作为运行目录，如ThinkPHP5，Laravel</li>\
@@ -381,25 +381,24 @@ function SetPathSafe(id){
 }
 
 //提交运行目录
-function SetSiteRunPath(id){
+function setSiteRunPath(id){
 	var NewPath = $("#runPath").val();
 	var loadT = layer.msg(lan.public.the,{icon:16,time:10000,shade: [0.3, '#000']});
-	$.post('/site?action=SetSiteRunPath','id='+id+'&runPath='+NewPath,function(rdata){
+	$.post('/site/set_site_run_path','id='+id+'&runPath='+NewPath,function(rdata){
 		layer.close(loadT);
 		var ico = rdata.status?1:2;
 		layer.msg(rdata.msg,{icon:ico});
-	});
+	},'json');
 }
 
 //提交网站目录
-function SetSitePath(id){
+function setSitePath(id){
 	var NewPath = $("#inputPath").val();
-	var loadT = layer.msg(lan.public.the,{icon:16,time:10000,shade: [0.3, '#000']});
-	$.post('/site?action=SetPath','id='+id+'&path='+NewPath,function(rdata){
+	var loadT = layer.msg('正在处理,请稍候...',{icon:16,time:10000,shade: [0.3, '#000']});
+	$.post('/site/set_path','id='+id+'&path='+NewPath,function(rdata){
 		layer.close(loadT);
-		var ico = rdata.status?1:2;
-		layer.msg(rdata.msg,{icon:ico});
-	});
+		layer.msg(rdata.msg,{icon:rdata.status?1:2});
+	},'json');
 }
 
 //修改网站备注
@@ -410,10 +409,10 @@ function webBakEdit(id){
 					<label><span>"+lan.site.note_ph+"</span></label>\
 					<div class='info-r'>\
 					<textarea name='beizhu' id='webbeizhu' col='5' style='width:96%'>"+rdata+"</textarea>\
-					<br><br><button class='btn btn-success btn-sm' onclick='SetSitePs("+id+")'>"+lan.public.save+"</button>\
+					<br><br><button class='btn btn-success btn-sm' onclick='SetSitePs("+id+")'>保存</button>\
 					</div>\
 					</div>";
-		$("#webedit-con").html(webBakHtml)
+		$("#webedit-con").html(webBakHtml);
 	});
 }