diff --git a/Learun.Framework.Ultimate V7/Learun.Application.Web/Areas/LogisticsManagement/Views/Accommodation/Form.cshtml b/Learun.Framework.Ultimate V7/Learun.Application.Web/Areas/LogisticsManagement/Views/Accommodation/Form.cshtml
index c96287895..e2b246b99 100644
--- a/Learun.Framework.Ultimate V7/Learun.Application.Web/Areas/LogisticsManagement/Views/Accommodation/Form.cshtml	
+++ b/Learun.Framework.Ultimate V7/Learun.Application.Web/Areas/LogisticsManagement/Views/Accommodation/Form.cshtml	
@@ -3,9 +3,13 @@
     Layout = "~/Views/Shared/_Form.cshtml";
 }
 <div class="lr-form-wrap">
+    <div class="col-xs-6 lr-form-item" data-table="Acc_DormitoryBuild">
+        <div class="lr-form-item-title">编号</div>
+        <input id="DNo" type="text" class="form-control" />
+    </div>
     <div class="col-xs-6 lr-form-item" data-table="Acc_DormitoryBuild">
         <div class="lr-form-item-title">名称</div>
-        <input id="Name" type="text" class="form-control" />
+        <input id="Name" type="text" class="form-control"/>
     </div>
     <div class="col-xs-6 lr-form-item" data-table="Acc_DormitoryBuild">
         <div class="lr-form-item-title">学生</div>
@@ -14,7 +18,7 @@
 
     <div class="col-xs-6 lr-form-item" data-table="Acc_DormitoryBuild">
         <div class="lr-form-item-title">位置</div>
-        <input id="Address" type="text" class="form-control" />
+        <input id="Address" type="text" class="form-control"/>
     </div>
     <div class="col-xs-6 lr-form-item" data-table="Acc_DormitoryBuild">
         <div class="lr-form-item-title">类别<font face="宋体">*</font></div>
@@ -24,7 +28,7 @@
     {
         <div class="col-xs-6 lr-form-item" data-table="Acc_DormitoryBuild">
             <div class="lr-form-item-title">父单位</div>
-            <input id="ParentID" type="hidden" value="@ViewBag.ParentID" />
+            <input id="ParentID" type="hidden" value="@ViewBag.ParentID"/>
             <label class="form-control">@ViewBag.ParentName</label>
         </div>
 
@@ -52,30 +56,30 @@
     </div>
     <div class="col-xs-6 lr-form-item" data-table="Acc_DormitoryBuild">
         <div class="lr-form-item-title">负责人</div>
-        <input id="Functionary" type="text" class="form-control" />
+        <input id="Functionary" type="text" class="form-control"/>
     </div>
     <div class="col-xs-6 lr-form-item" data-table="Acc_DormitoryBuild">
         <div class="lr-form-item-title">负责人电话</div>
-        <input id="Phone" type="text" class="form-control" />
+        <input id="Phone" type="text" class="form-control"/>
     </div>
     <div class="col-xs-6 lr-form-item" data-table="Acc_DormitoryBuild">
         <div class="lr-form-item-title">价格</div>
-        <input id="Price" type="text" class="form-control" />
+        <input id="Price" type="text" class="form-control"/>
     </div>
 
     @if (ViewBag.BuildType == "4")
     {
         <div class="col-xs-6 lr-form-item" data-table="Acc_DormitoryBuild">
             <div class="lr-form-item-title">舍长</div>
-            <input id="Leader" type="text" class="form-control" />
+            <input id="Leader" type="text" class="form-control"/>
         </div>
         <div class="col-xs-6 lr-form-item" data-table="Acc_DormitoryBuild">
             <div class="lr-form-item-title">学生名字</div>
-            <input id="StudentID" type="text" class="form-control" />
+            <input id="StudentID" type="text" class="form-control"/>
         </div>
         <div class="col-xs-6 lr-form-item" data-table="Acc_DormitoryBuild">
             <div class="lr-form-item-title">星级</div>
-            <input id="Starred" type="text" class="form-control" />
+            <input id="Starred" type="text" class="form-control"/>
         </div>
         <div class="col-xs-6 lr-form-item" data-table="Acc_DormitoryBuild">
             <div class="lr-form-item-title">是否独卫</div>
@@ -85,7 +89,7 @@
 
     <div class="col-xs-12 lr-form-item" data-table="Acc_DormitoryBuild">
         <div class="lr-form-item-title">备注</div>
-        <textarea id="Remark" class="form-control" style="height:100px;"></textarea>
+        <textarea id="Remark" class="form-control" style="height: 100px;"></textarea>
     </div>
 </div>
 @Html.AppendJsFile("/Areas/LogisticsManagement/Views/Accommodation/Form.js")
diff --git a/Learun.Framework.Ultimate V7/Learun.Application.Web/Areas/LogisticsManagement/Views/Accommodation/Index.js b/Learun.Framework.Ultimate V7/Learun.Application.Web/Areas/LogisticsManagement/Views/Accommodation/Index.js
index c2917124b..3f0bd4f34 100644
--- a/Learun.Framework.Ultimate V7/Learun.Application.Web/Areas/LogisticsManagement/Views/Accommodation/Index.js	
+++ b/Learun.Framework.Ultimate V7/Learun.Application.Web/Areas/LogisticsManagement/Views/Accommodation/Index.js	
@@ -165,6 +165,7 @@ var bootstrap = function ($, learun) {
                 $('#gridtable').lrAuthorizeJfGridLei({
                     url: top.$.rootUrl + '/LogisticsManagement/Accommodation/GetPageList',
                     headData: [
+                        { label: "编号", name: "DNo", width: 100, align: "left" },
                         { label: "名称", name: "Name", width: 100, align: "left" },
                         { label: "学生名字", name: "StuName", width: 100, align: "left" },
 
@@ -208,6 +209,7 @@ var bootstrap = function ($, learun) {
                 $('#gridtable').lrAuthorizeJfGridLei({
                     url: top.$.rootUrl + '/LogisticsManagement/Accommodation/GetPageList',
                     headData: [
+                        { label: "编号", name: "DNo", width: 100, align: "left" },
                         { label: "名称", name: "Name", width: 100, align: "left" },
                         { label: "学生", name: "StudentID", width: 100, align: "left",
                             formatterAsync: function (callback, value, row, op, $cell) {
diff --git a/Learun.Framework.Ultimate V7/Learun.Application.WebApi/Modules/BaseApi.cs b/Learun.Framework.Ultimate V7/Learun.Application.WebApi/Modules/BaseApi.cs
index 79f18c5e3..d7bc44a92 100644
--- a/Learun.Framework.Ultimate V7/Learun.Application.WebApi/Modules/BaseApi.cs	
+++ b/Learun.Framework.Ultimate V7/Learun.Application.WebApi/Modules/BaseApi.cs	
@@ -175,11 +175,23 @@ namespace Learun.Application.WebApi
         /// <returns></returns>
         private Response BeforeRequest(NancyContext ctx)
         {
+            ctx.Request.Url.Query =Learun.Util.WebHelper.Formatstr(ctx.Request.Url.Query);
+            foreach (var p in ctx.Parameters)
+            {
+                if (p.ParameterType == typeof(string))
+                {
+                    if (ctx.Parameters[p.ParameterName] != null)
+                    {
+                        ctx.Parameters[p.ParameterName] = Learun.Util.WebHelper.Formatstr(ctx.Parameters[p.ParameterName].ToString());
+                    }
+                }
+            }
             string path = ctx.ResolvedRoute.Description.Path;
             //验证登录状态
             ReqParameter req = this.Bind<ReqParameter>();
             loginMark = req.loginMark;
             token = req.token;
+            
             if (path == "/learun/adms/user/login" || path == "/" || path == "/bgimg" || path == "/learun/adms/user/img" || path == "/learun/adms/desktop/img"||path== "/learun/adms/user/imgfordc")
             {// 登录接口，默认页面接口不做权限验证处理
                 return null;
diff --git a/Learun.Framework.Ultimate V7/Learun.Framework.Module/Learun.Application.Module/Learun.Application.TwoDevelopment/LogisticsManagement/Accommodation/Acc_DormitoryBuildEntity.cs b/Learun.Framework.Ultimate V7/Learun.Framework.Module/Learun.Application.Module/Learun.Application.TwoDevelopment/LogisticsManagement/Accommodation/Acc_DormitoryBuildEntity.cs
index 8dfc1bb3a..4c0a5434b 100644
--- a/Learun.Framework.Ultimate V7/Learun.Framework.Module/Learun.Application.Module/Learun.Application.TwoDevelopment/LogisticsManagement/Accommodation/Acc_DormitoryBuildEntity.cs	
+++ b/Learun.Framework.Ultimate V7/Learun.Framework.Module/Learun.Application.Module/Learun.Application.TwoDevelopment/LogisticsManagement/Accommodation/Acc_DormitoryBuildEntity.cs	
@@ -20,6 +20,11 @@ namespace Learun.Application.TwoDevelopment.LogisticsManagement
         [Column("ID")]
         public string ID { get; set; }
         /// <summary>
+        /// 编号
+        /// </summary>
+        [Column("DNo")]
+        public string DNo { get; set; }
+        /// <summary>
         /// 名称
         /// </summary>
         [Column("NAME")]
diff --git a/Learun.Framework.Ultimate V7/Learun.Framework.Module/Learun.Application.Module/Learun.Application.TwoDevelopment/LogisticsManagement/Accommodation/AccommodationService.cs b/Learun.Framework.Ultimate V7/Learun.Framework.Module/Learun.Application.Module/Learun.Application.TwoDevelopment/LogisticsManagement/Accommodation/AccommodationService.cs
index 72d6b7479..a50da8fc5 100644
--- a/Learun.Framework.Ultimate V7/Learun.Framework.Module/Learun.Application.Module/Learun.Application.TwoDevelopment/LogisticsManagement/Accommodation/AccommodationService.cs	
+++ b/Learun.Framework.Ultimate V7/Learun.Framework.Module/Learun.Application.Module/Learun.Application.TwoDevelopment/LogisticsManagement/Accommodation/AccommodationService.cs	
@@ -34,6 +34,7 @@ namespace Learun.Application.TwoDevelopment.LogisticsManagement
                 strSql.Append("SELECT ");
                 strSql.Append(@"
                 t.ID,
+                t.DNo,
                 t.Name,
                 t.Address,
                 t.Campus,
@@ -64,6 +65,11 @@ namespace Learun.Application.TwoDevelopment.LogisticsManagement
                     dp.Add("ParentID", queryParam["ParentID"].ToString(), DbType.String);
                     strSql.Append(" AND t.ParentID =@ParentID ");
                 }
+                if (!queryParam["DNo"].IsEmpty())
+                {
+                    dp.Add("DNo", queryParam["DNo"].ToString(), DbType.String);
+                    strSql.Append(" AND t.DNo =@DNo ");
+                }
                 if (!queryParam["Name"].IsEmpty())
                 {
                     dp.Add("Name", "%" + queryParam["Name"].ToString() + "%", DbType.String);
diff --git a/Learun.Framework.Ultimate V7/Learun.Framework.Module/Learun.Util/Learun.Util/Web/WebHelper.cs b/Learun.Framework.Ultimate V7/Learun.Framework.Module/Learun.Util/Learun.Util/Web/WebHelper.cs
index a05421892..68ae49dd7 100644
--- a/Learun.Framework.Ultimate V7/Learun.Framework.Module/Learun.Util/Learun.Util/Web/WebHelper.cs	
+++ b/Learun.Framework.Ultimate V7/Learun.Framework.Module/Learun.Util/Learun.Util/Web/WebHelper.cs	
@@ -345,6 +345,7 @@ namespace Learun.Util
             System.Text.RegularExpressions.Regex regex10 = new System.Text.RegularExpressions.Regex(@"select", System.Text.RegularExpressions.RegexOptions.IgnoreCase);
             System.Text.RegularExpressions.Regex regex11 = new System.Text.RegularExpressions.Regex(@"update", System.Text.RegularExpressions.RegexOptions.IgnoreCase);
             System.Text.RegularExpressions.Regex regex12 = new System.Text.RegularExpressions.Regex(@"delete", System.Text.RegularExpressions.RegexOptions.IgnoreCase);
+            System.Text.RegularExpressions.Regex regex13 = new System.Text.RegularExpressions.Regex(@"exec", System.Text.RegularExpressions.RegexOptions.IgnoreCase);
             html = regex1.Replace(html, ""); //过滤<script></script>标记
             html = regex2.Replace(html, ""); //过滤href=javascript: (<A>) 属性
             html = regex3.Replace(html, " _disibledevent="); //过滤其它控件的on...事件
@@ -352,6 +353,7 @@ namespace Learun.Util
             html = regex10.Replace(html, "s_elect");
             html = regex11.Replace(html, "u_pudate");
             html = regex12.Replace(html, "d_elete");
+            html = regex13.Replace(html, "e_xec");
             html = html.Replace("'", "’");
             html = html.Replace("&nbsp;", " ");
             return html;