diff --git a/application/admin/controller/auth/Admin.php b/application/admin/controller/auth/Admin.php
index a8d2360..881b694 100644
--- a/application/admin/controller/auth/Admin.php
+++ b/application/admin/controller/auth/Admin.php
@@ -218,6 +218,10 @@ class Admin extends Backend
      */
     public function del($ids = "")
     {
+        if (!$this->request->isPost()) {
+            $this->error(__("Invalid parameters"));
+        }
+        $ids = $ids ? $ids : $this->request->post("ids");
         if ($ids) {
             $ids = array_intersect($this->childrenAdminIds, array_filter(explode(',', $ids)));
             // 避免越权删除管理员
diff --git a/application/admin/controller/auth/Adminlog.php b/application/admin/controller/auth/Adminlog.php
index 1652ed0..1db61a2 100644
--- a/application/admin/controller/auth/Adminlog.php
+++ b/application/admin/controller/auth/Adminlog.php
@@ -8,7 +8,7 @@ use app\common\controller\Backend;
 /**
  * 管理员日志
  *
- * @icon fa fa-users
+ * @icon   fa fa-users
  * @remark 管理员可以查看自己所拥有的权限的管理员日志
  */
 class Adminlog extends Backend
@@ -30,7 +30,7 @@ class Adminlog extends Backend
         $this->childrenGroupIds = $this->auth->getChildrenGroupIds($this->auth->isSuperAdmin() ? true : false);
 
         $groupName = AuthGroup::where('id', 'in', $this->childrenGroupIds)
-                ->column('id,name');
+            ->column('id,name');
 
         $this->view->assign('groupdata', $groupName);
     }
@@ -40,21 +40,20 @@ class Adminlog extends Backend
      */
     public function index()
     {
-        if ($this->request->isAjax())
-        {
+        if ($this->request->isAjax()) {
             list($where, $sort, $order, $offset, $limit) = $this->buildparams();
             $total = $this->model
-                    ->where($where)
-                    ->where('admin_id', 'in', $this->childrenAdminIds)
-                    ->order($sort, $order)
-                    ->count();
+                ->where($where)
+                ->where('admin_id', 'in', $this->childrenAdminIds)
+                ->order($sort, $order)
+                ->count();
 
             $list = $this->model
-                    ->where($where)
-                    ->where('admin_id', 'in', $this->childrenAdminIds)
-                    ->order($sort, $order)
-                    ->limit($offset, $limit)
-                    ->select();
+                ->where($where)
+                ->where('admin_id', 'in', $this->childrenAdminIds)
+                ->order($sort, $order)
+                ->limit($offset, $limit)
+                ->select();
             $result = array("total" => $total, "rows" => $list);
 
             return json($result);
@@ -68,8 +67,9 @@ class Adminlog extends Backend
     public function detail($ids)
     {
         $row = $this->model->get(['id' => $ids]);
-        if (!$row)
+        if (!$row) {
             $this->error(__('No Results were found'));
+        }
         $this->view->assign("row", $row->toArray());
         return $this->view->fetch();
     }
@@ -87,7 +87,7 @@ class Adminlog extends Backend
      * 编辑
      * @internal
      */
-    public function edit($ids = NULL)
+    public function edit($ids = null)
     {
         $this->error();
     }
@@ -97,21 +97,21 @@ class Adminlog extends Backend
      */
     public function del($ids = "")
     {
-        if ($ids)
-        {
+        if (!$this->request->isPost()) {
+            $this->error(__("Invalid parameters"));
+        }
+        $ids = $ids ? $ids : $this->request->post("ids");
+        if ($ids) {
             $childrenGroupIds = $this->childrenGroupIds;
-            $adminList = $this->model->where('id', 'in', $ids)->where('admin_id', 'in', function($query) use($childrenGroupIds) {
-                        $query->name('auth_group_access')->field('uid');
-                    })->select();
-            if ($adminList)
-            {
+            $adminList = $this->model->where('id', 'in', $ids)->where('admin_id', 'in', function ($query) use ($childrenGroupIds) {
+                $query->name('auth_group_access')->field('uid');
+            })->select();
+            if ($adminList) {
                 $deleteIds = [];
-                foreach ($adminList as $k => $v)
-                {
+                foreach ($adminList as $k => $v) {
                     $deleteIds[] = $v->id;
                 }
-                if ($deleteIds)
-                {
+                if ($deleteIds) {
                     $this->model->destroy($deleteIds);
                     $this->success();
                 }
@@ -129,10 +129,9 @@ class Adminlog extends Backend
         // 管理员禁止批量操作
         $this->error();
     }
-    
+
     public function selectpage()
     {
         return parent::selectpage();
     }
-
 }
diff --git a/application/admin/controller/auth/Group.php b/application/admin/controller/auth/Group.php
index 0e82c8d..218ae8d 100644
--- a/application/admin/controller/auth/Group.php
+++ b/application/admin/controller/auth/Group.php
@@ -11,7 +11,7 @@ use think\Exception;
 /**
  * 角色组
  *
- * @icon fa fa-group
+ * @icon   fa fa-group
  * @remark 角色组可以有多个,角色有上下级层级关系,如果子角色有角色组和管理员的权限则可以派生属于自己组别下级的角色组或管理员
  */
 class Group extends Backend
@@ -140,7 +140,7 @@ class Group extends Backend
                 $this->error(__('The parent group exceeds permission limit'));
             }
             // 父节点不能是它自身的子节点或自己本身
-            if (in_array($params['pid'], Tree::instance()->getChildrenIds($row->id,true))){
+            if (in_array($params['pid'], Tree::instance()->getChildrenIds($row->id, true))) {
                 $this->error(__('The parent group can not be its own child or itself'));
             }
             $params['rules'] = explode(',', $params['rules']);
@@ -163,16 +163,16 @@ class Group extends Backend
                 Db::startTrans();
                 try {
                     $row->save($params);
-                    $children_auth_groups = model("AuthGroup")->all(['id'=>['in',implode(',',(Tree::instance()->getChildrenIds($row->id)))]]);
+                    $children_auth_groups = model("AuthGroup")->all(['id' => ['in', implode(',', (Tree::instance()->getChildrenIds($row->id)))]]);
                     $childparams = [];
-                    foreach ($children_auth_groups as $key=>$children_auth_group) {
+                    foreach ($children_auth_groups as $key => $children_auth_group) {
                         $childparams[$key]['id'] = $children_auth_group->id;
                         $childparams[$key]['rules'] = implode(',', array_intersect(explode(',', $children_auth_group->rules), $rules));
                     }
                     model("AuthGroup")->saveAll($childparams);
                     Db::commit();
                     $this->success();
-                }catch (Exception $e){
+                } catch (Exception $e) {
                     Db::rollback();
                     $this->error($e->getMessage());
                 }
@@ -189,6 +189,10 @@ class Group extends Backend
      */
     public function del($ids = "")
     {
+        if (!$this->request->isPost()) {
+            $this->error(__("Invalid parameters"));
+        }
+        $ids = $ids ? $ids : $this->request->post("ids");
         if ($ids) {
             $ids = explode(',', $ids);
             $grouplist = $this->auth->getGroups();
diff --git a/application/admin/controller/auth/Rule.php b/application/admin/controller/auth/Rule.php
index 764e628..310d383 100644
--- a/application/admin/controller/auth/Rule.php
+++ b/application/admin/controller/auth/Rule.php
@@ -134,6 +134,10 @@ class Rule extends Backend
      */
     public function del($ids = "")
     {
+        if (!$this->request->isPost()) {
+            $this->error(__("Invalid parameters"));
+        }
+        $ids = $ids ? $ids : $this->request->post("ids");
         if ($ids) {
             $delIds = [];
             foreach (explode(',', $ids) as $k => $v) {
diff --git a/application/admin/controller/general/Attachment.php b/application/admin/controller/general/Attachment.php
index ba8cbb1..352f489 100644
--- a/application/admin/controller/general/Attachment.php
+++ b/application/admin/controller/general/Attachment.php
@@ -103,6 +103,10 @@ class Attachment extends Backend
      */
     public function del($ids = "")
     {
+        if (!$this->request->isPost()) {
+            $this->error(__("Invalid parameters"));
+        }
+        $ids = $ids ? $ids : $this->request->post("ids");
         if ($ids) {
             \think\Hook::add('upload_delete', function ($params) {
                 if ($params['storage'] == 'local') {
diff --git a/application/admin/controller/user/Rule.php b/application/admin/controller/user/Rule.php
index 3dfa64e..611d687 100644
--- a/application/admin/controller/user/Rule.php
+++ b/application/admin/controller/user/Rule.php
@@ -87,6 +87,10 @@ class Rule extends Backend
      */
     public function del($ids = "")
     {
+        if (!$this->request->isPost()) {
+            $this->error(__("Invalid parameters"));
+        }
+        $ids = $ids ? $ids : $this->request->post("ids");
         if ($ids) {
             $delIds = [];
             foreach (explode(',', $ids) as $k => $v) {
diff --git a/application/admin/controller/user/User.php b/application/admin/controller/user/User.php
index 9a3ee80..47636bd 100644
--- a/application/admin/controller/user/User.php
+++ b/application/admin/controller/user/User.php
@@ -52,6 +52,7 @@ class User extends Backend
                 ->limit($offset, $limit)
                 ->select();
             foreach ($list as $k => $v) {
+                $v->avatar = $v->avatar ? cdnurl($v->avatar, true) : letter_avatar($v->nickname);
                 $v->hidden(['password', 'salt']);
             }
             $result = array("total" => $total, "rows" => $list);
@@ -94,6 +95,10 @@ class User extends Backend
      */
     public function del($ids = "")
     {
+        if (!$this->request->isPost()) {
+            $this->error(__("Invalid parameters"));
+        }
+        $ids = $ids ? $ids : $this->request->post("ids");
         $row = $this->model->get($ids);
         $this->modelValidate = true;
         if (!$row) {
diff --git a/public/assets/js/require-backend.min.js b/public/assets/js/require-backend.min.js
index ecfbc60..eb66287 100644
--- a/public/assets/js/require-backend.min.js
+++ b/public/assets/js/require-backend.min.js
@@ -11725,9 +11725,11 @@ define('table',['jquery', 'bootstrap', 'moment', 'moment/locale/zh-cn', 'bootstr
                 }
                 //渲染内容前
                 table.on('pre-body.bs.table', function (e, data) {
-                    $.each(data, function (i, row) {
-                        row[options.stateField] = $.inArray(row[options.pk], options.selectedIds) > -1;
-                    });
+                    if (options.maintainSelected) {
+                        $.each(data, function (i, row) {
+                            row[options.stateField] = $.inArray(row[options.pk], options.selectedIds) > -1;
+                        });
+                    }
                 });
                 //当内容渲染完成后
                 table.on('post-body.bs.table', function (e, data) {
diff --git a/public/assets/js/require-table.js b/public/assets/js/require-table.js
index 0903901..6f45b3a 100644
--- a/public/assets/js/require-table.js
+++ b/public/assets/js/require-table.js
@@ -199,9 +199,11 @@ define(['jquery', 'bootstrap', 'moment', 'moment/locale/zh-cn', 'bootstrap-table
                 }
                 //渲染内容前
                 table.on('pre-body.bs.table', function (e, data) {
-                    $.each(data, function (i, row) {
-                        row[options.stateField] = $.inArray(row[options.pk], options.selectedIds) > -1;
-                    });
+                    if (options.maintainSelected) {
+                        $.each(data, function (i, row) {
+                            row[options.stateField] = $.inArray(row[options.pk], options.selectedIds) > -1;
+                        });
+                    }
                 });
                 //当内容渲染完成后
                 table.on('post-body.bs.table', function (e, data) {
diff --git a/public/assets/less/fastadmin/mixins.less b/public/assets/less/fastadmin/mixins.less
index 07eda67..8211568 100755
--- a/public/assets/less/fastadmin/mixins.less
+++ b/public/assets/less/fastadmin/mixins.less
@@ -74,22 +74,12 @@
 }
 
 //Different radius each side
-.border-radius(@top-left;
-@top-right
-;
-@bottom-left
-;
-@bottom-right
-)
+.border-radius(@top-left,  @top-right,  @bottom-left,  @bottom-right)
 {
-  border-top-left-radius: @top-left
-;
-  border-top-right-radius: @top-right
-;
-  border-bottom-right-radius: @bottom-right
-;
-  border-bottom-left-radius: @bottom-left
-;
+  border-top-left-radius: @top-left;
+  border-top-right-radius: @top-right;
+  border-bottom-right-radius: @bottom-right;
+  border-bottom-left-radius: @bottom-left;
 }
 
 //Gradient background