diff --git a/admin/upgrade.php b/admin/upgrade.php
index a4565566..281ace2b 100644
--- a/admin/upgrade.php
+++ b/admin/upgrade.php
@@ -2,6 +2,8 @@
 include 'common.php';
 include 'header.php';
 include 'menu.php';
+
+$errors = $security->systemCheck();
 ?>
 
 <div class="main">
@@ -10,17 +12,29 @@ include 'menu.php';
         <div class="row typecho-page-main" role="main">
             <div class="col-mb-12">
                 <div id="typecho-welcome">
-                    <form action="<?php echo $security->getTokenUrl(
-                        Typecho_Router::url('do', array('action' => 'upgrade', 'widget' => 'Upgrade'),
-                        Typecho_Common::url('index.php', $options->rootUrl))); ?>" method="post">
-                    <h3><?php _e('检测到新版本!'); ?></h3>
-                    <ul>
-                        <li><?php _e('您已经更新了系统程序, 我们还需要执行一些后续步骤来完成升级'); ?></li>
-                        <li><?php _e('此程序将把您的系统从 <strong>%s</strong> 升级到 <strong>%s</strong>', $options->version, Typecho_Common::VERSION); ?></li>
-                        <li><strong class="warning"><?php _e('在升级之前强烈建议先<a href="%s">备份您的数据</a>', Typecho_Common::url('backup.php', $options->adminUrl)); ?></strong></li>
-                    </ul>
-                    <p><button class="btn primary" type="submit"><?php _e('完成升级 &raquo;'); ?></button></p>
-                    </form>
+                    <?php if (!empty($errors)): ?>
+                        <form action="<?php echo Typecho_Common::url('upgrade.php', $options->adminUrl); ?>" method="get">
+                            <h3><?php _e('发现安全问题'); ?></h3>
+                            <ul>
+                                <?php foreach ($errors as $error): ?>
+                                    <li class="warning"><?php echo $error; ?></li>
+                                <?php endforeach; ?>
+                            </ul>
+                            <p><button class="btn primary" type="submit"><?php _e('解决完毕 &raquo;'); ?></button></p>
+                        </form>
+                    <?php else: ?>
+                        <form action="<?php echo $security->getTokenUrl(
+                            Typecho_Router::url('do', array('action' => 'upgrade', 'widget' => 'Upgrade'),
+                                Typecho_Common::url('index.php', $options->rootUrl))); ?>" method="post">
+                            <h3><?php _e('检测到新版本!'); ?></h3>
+                            <ul>
+                                <li><?php _e('您已经更新了系统程序, 我们还需要执行一些后续步骤来完成升级'); ?></li>
+                                <li><?php _e('此程序将把您的系统从 <strong>%s</strong> 升级到 <strong>%s</strong>', $options->version, Typecho_Common::VERSION); ?></li>
+                                <li><strong class="warning"><?php _e('在升级之前强烈建议先<a href="%s">备份您的数据</a>', Typecho_Common::url('backup.php', $options->adminUrl)); ?></strong></li>
+                            </ul>
+                            <p><button class="btn primary" type="submit"><?php _e('完成升级 &raquo;'); ?></button></p>
+                        </form>
+                    <?php endif; ?>
                 </div>
             </div>
         </div>
diff --git a/var/Typecho/Common.php b/var/Typecho/Common.php
index 9b837cd6..b6250b18 100644
--- a/var/Typecho/Common.php
+++ b/var/Typecho/Common.php
@@ -22,7 +22,7 @@ define('__TYPECHO_MB_SUPPORTED__', function_exists('mb_get_info') && function_ex
 class Typecho_Common
 {
     /** 程序版本 */
-    const VERSION = '1.1/17.10.27';
+    const VERSION = '1.1/17.10.28';
 
     /**
      * 允许的属性
diff --git a/var/Widget/Options/General.php b/var/Widget/Options/General.php
index 50bfb1ad..22a35ff4 100644
--- a/var/Widget/Options/General.php
+++ b/var/Widget/Options/General.php
@@ -101,7 +101,7 @@ class Widget_Options_General extends Widget_Abstract_Options implements Widget_I
         _t('允许访问者注册到你的网站, 默认的注册用户不享有任何写入权限.'));
         $form->addInput($allowRegister);
  
-        /** 注册 */
+        /** XMLRPC */
         $allowXmlRpc = new Typecho_Widget_Helper_Form_Element_Radio('allowXmlRpc', array('0' => _t('关闭'), '1' => _t('仅关闭 Pingback 接口'), '2' => _t('打开')), $this->options->allowXmlRpc, _t('XMLRPC 接口'));
         $form->addInput($allowXmlRpc);
 
diff --git a/var/Widget/Security.php b/var/Widget/Security.php
index 0f3ce4a5..0df4cbea 100644
--- a/var/Widget/Security.php
+++ b/var/Widget/Security.php
@@ -41,6 +41,31 @@ class Widget_Security extends Typecho_Widget
         }
     }
 
+    /**
+     * 在系统升级的时候进行安全性检查
+     *
+     * @return array
+     */
+    public function systemCheck()
+    {
+        $errors = array();
+
+        // 检查安装文件的安全性
+        $installFile = __TYPECHO_ROOT_DIR__ . '/install.php';
+        if (file_exists($installFile)) {
+            $installFileContents = file_get_contents($installFile);
+
+            if (0 !== strpos($installFileContents,
+                    '<?php if (!file_exists(dirname(__FILE__) . \'/config.inc.php\')): ?>') ||
+                false !== strpos($installFileContents,
+                    '!isset($_GET[\'finish\']) && file_exists(__TYPECHO_ROOT_DIR__ . \'/config.inc.php\') && empty($_SESSION[\'typecho\'])')) {
+                $errors[] = _t('您正在运行一个不安全的安装脚本 <strong>%s</strong>, 请用新版中的对应文件替代或者直接删除它', $installFile);
+            }
+        }
+
+        return $errors;
+    }
+
     /**
      * @param $enabled
      */