diff --git a/Public/Theme/Ticket/Default/Content/Content_index_operate.php b/Public/Theme/Ticket/Default/Content/Content_index_operate.php
index ae012bd3bb0485cd9275fa129e2a4ccf088d395b..1cd28dc30eee2de616e52af1681469657b82ae0e 100644
--- a/Public/Theme/Ticket/Default/Content/Content_index_operate.php
+++ b/Public/Theme/Ticket/Default/Content/Content_index_operate.php
@@ -2,8 +2,8 @@
 /**
  * 鏈ā鏉夸负閫氱敤缂栬緫鎸夐挳锛岃嫢娌℃湁鐗规畩闇€姹傦紝璇峰姞杞芥湰妯℃澘
  */
-$echoEditUrl = empty($editUrl) ? $label->url(GROUP . '-' . MODULE . '-action', array('id' => $value["{$fieldPrefix}id"], 'back_url' => base64_encode($_SERVER['REQUEST_URI']))) : $editUrl;
-$echoDeleteUrl = empty($deleteUrl) ? $label->url(GROUP . '-' . MODULE . '-action', array('id' => $value["{$fieldPrefix}id"], 'method' => 'DELETE', 'back_url' => base64_encode($_SERVER['REQUEST_URI']))) : $deleteUrl;
+$echoEditUrl = empty($editUrl) ? $label->url(GROUP . '-' . MODULE . '-action', array('id' => $label->xss($value["{$fieldPrefix}id"]), 'back_url' => base64_encode($_SERVER['REQUEST_URI']))) : $editUrl;
+$echoDeleteUrl = empty($deleteUrl) ? $label->url(GROUP . '-' . MODULE . '-action', array('id' => $label->xss($value["{$fieldPrefix}id"]), 'method' => 'DELETE', 'back_url' => base64_encode($_SERVER['REQUEST_URI']))) : $deleteUrl;
 
 ?>
 <?php if($label->checkAuth(GROUP.'GET'.MODULE.'action') === true): ?>
diff --git a/Public/Theme/Ticket/Default/Ticket_form/Ticket_form_index.php b/Public/Theme/Ticket/Default/Ticket_form/Ticket_form_index.php
index 55682dca56eb8e69a007176b49e07ec31d9808b4..a57b8150a221d28eeb5914cf88b14907b087647f 100644
--- a/Public/Theme/Ticket/Default/Ticket_form/Ticket_form_index.php
+++ b/Public/Theme/Ticket/Default/Ticket_form/Ticket_form_index.php
@@ -5,7 +5,8 @@
         <div class="am-btn-toolbar">
             <div class="am-btn-group am-btn-group-xs">
                 <a href="<?= $addUrl ?>" class="am-btn am-btn-default"><span class="am-icon-plus"></span> 鏂板</a>
-                <a class="am-btn am-btn-primary" href="<?= $label->url('Category-ticket', array('number' => $_GET['number'])); ?>" target="_blank"><span class="am-icon-pencil-square-o"></span> 棰勮宸ュ崟</a>
+                <a class="am-btn am-btn-warning" href="<?= $label->url('Ticket-Ticket_model-action', array('id' => $label->xss($_GET['number']))); ?>" target="_blank"><span class="am-icon-edit"></span> 缂栬緫</a>
+                <a class="am-btn am-btn-primary" href="<?= $label->url('Category-ticket', array('number' => $label->xss($_GET['number']))); ?>" target="_blank"><span class="am-icon-pencil-square-o"></span> 棰勮宸ュ崟</a>
 
             </div>
         </div>