diff --git a/app/controllers/schools_controller.rb b/app/controllers/schools_controller.rb
index f0dd6dd75..c6265c274 100644
--- a/app/controllers/schools_controller.rb
+++ b/app/controllers/schools_controller.rb
@@ -11,6 +11,10 @@ class SchoolsController < ApplicationController
   end
 
   def for_option
-    render_ok(schools: School.select(:id, :name).as_json)
+    schools = School.all
+    keyword = params[:keyword].to_s.strip
+    schools = schools.where('name LIKE ?', "%#{keyword}%") if keyword
+
+    render_ok(schools: schools.select(:id, :name).as_json)
   end
 end
diff --git a/app/controllers/weapps/check_accounts_controller.rb b/app/controllers/weapps/check_accounts_controller.rb
new file mode 100644
index 000000000..429c165b3
--- /dev/null
+++ b/app/controllers/weapps/check_accounts_controller.rb
@@ -0,0 +1,38 @@
+class Weapps::CheckAccountsController < Weapps::BaseController
+  def create
+    params[:type] == 'register' ? check_can_register : check_can_bind
+  end
+
+  private
+
+  def check_can_bind
+    if params[:login] =~ /^[a-zA-Z0-9]+([._\\]*[a-zA-Z0-9])*@([a-z0-9]+[-a-z0-9]*[a-z0-9]+.){1,63}[a-z0-9]+$/
+      user = User.find_by(mail: params[:login])
+      return render_error('该邮箱尚未注册') if user.blank?
+    elsif params[:login] =~ /^1\d{10}$/
+      user = User.find_by(phone: params[:login])
+      return render_error('该手机号尚未注册') if user.blank?
+    else
+      user = User.find_by(login: params[:login])
+      return render_error('该账号尚未注册') if user.blank?
+    end
+
+    return render_error('该账号已经绑定') if user.wechat_open_user.present?
+
+    render_ok
+  end
+
+  def check_can_register
+    if params[:login] =~ /^[a-zA-Z0-9]+([._\\]*[a-zA-Z0-9])*@([a-z0-9]+[-a-z0-9]*[a-z0-9]+.){1,63}[a-z0-9]+$/
+      user = User.find_by(mail: params[:login])
+      return render_error('该邮箱已注册') if user.present?
+    elsif params[:login] =~ /^1\d{10}$/
+      user = User.find_by(phone: params[:login])
+      return render_error('该手机号已注册') if user.present?
+    else
+      return render_error('请输入正确的邮箱或手机号')
+    end
+
+    render_ok
+  end
+end
\ No newline at end of file
diff --git a/app/helpers/application_helper.rb b/app/helpers/application_helper.rb
index 1d684350c..614e45425 100644
--- a/app/helpers/application_helper.rb
+++ b/app/helpers/application_helper.rb
@@ -15,6 +15,17 @@ module ApplicationHelper
     EduSetting.get(name)
   end
 
+  # xss共计问题
+  def content_safe content
+    tags = %w(
+        a abbr b bdo blockquote br caption cite code col colgroup dd del dfn dl
+        dt em figcaption figure h1 h2 h3 h4 h5 h6 hgroup i img ins kbd li mark
+        ol p pre q rp rt ruby s samp small strike strong sub sup table tbody td
+        tfoot th thead time tr u ul var wbr div span
+        )
+    sanitize content, tags: tags
+  end
+
   def graduation_navigation graduation
     graduation.class.to_s == "GraduationTopic" ? "毕设选题" : "毕设任务"
   end
diff --git a/app/services/admins/import_course_member_service.rb b/app/services/admins/import_course_member_service.rb
index 8f162902f..9b9393e78 100644
--- a/app/services/admins/import_course_member_service.rb
+++ b/app/services/admins/import_course_member_service.rb
@@ -36,7 +36,7 @@ class Admins::ImportCourseMemberService < ApplicationService
 
     member = course.course_members.find_by(user_id: user.id, role: data.role.to_i)
     # 如果已是课堂成员且是学生身份and不在指定的分班则移动到该分班
-    if member.present? && member.role == :STUDENT && course_group && member.course_group_id != course_group&.id
+    if member.present? && member.role == 'STUDENT' && course_group && member.course_group_id != course_group&.id
       member.update!(course_group_id: course_group&.id)
     elsif member.blank?
       course.course_members.create!(user_id: user.id, role: data.role.to_i, course_group_id: course_group&.id)
diff --git a/app/views/discusses/_discuss.json.jbuilder b/app/views/discusses/_discuss.json.jbuilder
index 400798150..5244414f9 100644
--- a/app/views/discusses/_discuss.json.jbuilder
+++ b/app/views/discusses/_discuss.json.jbuilder
@@ -2,7 +2,7 @@ json.author do
   json.partial! 'users/user', user: discuss.user
 end
 json.id discuss.id
-json.content discuss.content
+json.content content_safe(discuss.content)
 json.time time_from_now(discuss.created_at)
 json.position discuss.position
 json.shixun_id discuss.dis_id
diff --git a/app/views/memos/_memo.json.jbuilder b/app/views/memos/_memo.json.jbuilder
index a09b7f293..a9c430017 100644
--- a/app/views/memos/_memo.json.jbuilder
+++ b/app/views/memos/_memo.json.jbuilder
@@ -3,7 +3,7 @@ json.memo do
   json.forum_id memo.forum_id
   json.subject memo.subject
   json.is_md memo.is_md
-  json.content memo.content
+  json.content content_safe(memo.content)
   json.sticky memo.sticky
   json.reward memo.reward
   json.viewed_count memo.viewed_count
diff --git a/app/views/memos/_replies_list.json.jbuilder b/app/views/memos/_replies_list.json.jbuilder
index 9ec6976c2..8f86e79a6 100644
--- a/app/views/memos/_replies_list.json.jbuilder
+++ b/app/views/memos/_replies_list.json.jbuilder
@@ -1,5 +1,5 @@
 json.id memo.id
-json.content memo.content
+json.content content_safe(memo.content)
 json.time time_from_now(memo.created_at)
 json.user_id memo.author_id
 json.image_url url_to_avatar(memo.author)
@@ -15,7 +15,7 @@ json.admin @user.admin? || @user.business?
 json.children do
   json.array! memo.children_of_reply do |child|
     json.id child.id
-    json.content child.content
+    json.content content_safe(child.content)
     json.time time_from_now(child.created_at)
     json.image_url url_to_avatar(child.author)
     json.username child.author.full_name
diff --git a/app/views/messages/_content.json.jbuilder b/app/views/messages/_content.json.jbuilder
index 5e1d9088b..760f1670d 100644
--- a/app/views/messages/_content.json.jbuilder
+++ b/app/views/messages/_content.json.jbuilder
@@ -1 +1 @@
-json.content content
\ No newline at end of file
+json.content content_safe(content)
\ No newline at end of file
diff --git a/app/views/messages/_message_detail.json.jbuilder b/app/views/messages/_message_detail.json.jbuilder
index 38532429f..35237f732 100644
--- a/app/views/messages/_message_detail.json.jbuilder
+++ b/app/views/messages/_message_detail.json.jbuilder
@@ -1,6 +1,6 @@
 json.partial! "messages/message_simple", message: message
 json.partial! "commons/like", message: message
-json.content message.message_detail.try(:content)
+json.content content_safe(message.message_detail.try(:content))
 json.author do
   json.partial! "users/user_simple", user: message.author
 end
\ No newline at end of file
diff --git a/config/routes.rb b/config/routes.rb
index 2a731a595..49e8215ba 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -854,6 +854,7 @@ Rails.application.routes.draw do
       resource :register, only: [:create]
       resource :code_session, only: [:create]
       resource :verify, only: [:create]
+      resource :check_account, only: [:create]
 
       resources :searchs, only: [:index]
     end
diff --git a/db/migrate/20190426010412_add_is_invalid_to_student_works_scores.rb b/db/migrate/20190426010412_add_is_invalid_to_student_works_scores.rb
index 7b893db6d..2d782f924 100644
--- a/db/migrate/20190426010412_add_is_invalid_to_student_works_scores.rb
+++ b/db/migrate/20190426010412_add_is_invalid_to_student_works_scores.rb
@@ -1,6 +1,6 @@
 class AddIsInvalidToStudentWorksScores < ActiveRecord::Migration[5.2]
   def change
-    # add_column :student_works_scores, :is_invalid, :boolean, default: false
+    add_column :student_works_scores, :is_invalid, :boolean, default: false
 
     StudentWorksScore.where("score is not null").order("id desc").find_each do |score|
       unless score.is_invalid