diff --git a/var/Typecho/Common.php b/var/Typecho/Common.php
index c58c60e8..05e33aaa 100644
--- a/var/Typecho/Common.php
+++ b/var/Typecho/Common.php
@@ -731,15 +731,26 @@ EOF;
      */
     public static function subStr($str, $start, $length, $trim = "...")
     {
-        if (function_exists('mb_get_info')) {
-            $iLength = mb_strlen($str, self::$charset);
-            $str = mb_substr($str, $start, $length, self::$charset);
-            return ($length < $iLength - $start) ? $str . $trim : $str;
-        } else {
-            preg_match_all("/[\x01-\x7f]|[\xc2-\xdf][\x80-\xbf]|\xe0[\xa0-\xbf][\x80-\xbf]|[\xe1-\xef][\x80-\xbf][\x80-\xbf]|\xf0[\x90-\xbf][\x80-\xbf][\x80-\xbf]|[\xf1-\xf7][\x80-\xbf][\x80-\xbf][\x80-\xbf]/", $str, $info);
-            $str = join("", array_slice($info[0], $start, $length));
-            return ($length < (sizeof($info[0]) - $start)) ? $str . $trim : $str;
+        if (!strlen($str)) {
+            return '';
         }
+
+        $iLength = self::strLen($str) - $start;
+        $tLength = $length < $iLength ? ($length - self::strLen($trim)) : $length;
+
+        if (function_exists('mb_get_info')) {
+            $str = mb_substr($str, $start, $tLength, self::$charset);
+        } else {
+            if ('UTF-8' == strtoupper(self::$charset)) {
+                if (preg_match_all("/./u", $str, $matches)) {
+                    $str = implode('', array_slice($matches[0], $start, $tLength));
+                }
+            } else {
+                $str = substr($str, $start, $tLength);
+            }
+        }
+        
+        return $length < $iLength ? ($str . $trim) : $str;
     }
 
     /**
@@ -754,8 +765,8 @@ EOF;
         if (function_exists('mb_get_info')) {
             return mb_strlen($str, self::$charset);
         } else {
-            preg_match_all("/[\x01-\x7f]|[\xc2-\xdf][\x80-\xbf]|\xe0[\xa0-\xbf][\x80-\xbf]|[\xe1-\xef][\x80-\xbf][\x80-\xbf]|\xf0[\x90-\xbf][\x80-\xbf][\x80-\xbf]|[\xf1-\xf7][\x80-\xbf][\x80-\xbf][\x80-\xbf]/", $str, $info);
-            return sizeof($info[0]);
+            return 'UTF-8' == strtoupper(self::$charset) 
+                ? strlen(utf8_decode($str)) : strlen($info[0]);
         }
     }
 
@@ -792,12 +803,16 @@ EOF;
             }
 
             $str = $return;
+        } else if ('UTF-8' == strtoupper(self::$charset)) {
+            if (preg_match_all("/[\w" . preg_quote('_-') . "]+/u", $str, $matches)) {
+                $str = implode('-', $matches[0]);
+            }
         } else {
             $str = str_replace(array("'", ":", "\\", "/", '"'), "", $str);
             $str = str_replace(array("+", ",", ' ', '，', ' ', ".", "?", "=", "&", "!", "<", ">", "(", ")", "[", "]", "{", "}"), "-", $str);
-            $str = trim($str, '-');
         }
 
+        $str = trim($str, '-_');
         $str = !strlen($str) ? $default : $str;
         return substr($str, 0, $maxLength);
     }
diff --git a/var/Widget/Upload.php b/var/Widget/Upload.php
index 081d1d36..047074a7 100644
--- a/var/Widget/Upload.php
+++ b/var/Widget/Upload.php
@@ -54,6 +54,19 @@ class Widget_Upload extends Widget_Abstract_Contents implements Widget_Interface
         return self::makeUploadDir($path);
     }
 
+    /**
+     * 获取安全的文件名 
+     * 
+     * @param string $name 
+     * @static
+     * @access private
+     * @return string
+     */
+    private static function getSafeName($name)
+    {
+        preg_split("/(\/|\\\|:)/"
+    }
+
     /**
      * 上传文件处理函数,如果需要实现自己的文件哈希或者特殊的文件系统,请在options表里把uploadHandle改成自己的函数
      *