diff --git a/classes/module/ModuleHandler.class.php b/classes/module/ModuleHandler.class.php
index 35d7870a8..bd762aeda 100644
--- a/classes/module/ModuleHandler.class.php
+++ b/classes/module/ModuleHandler.class.php
@@ -297,7 +297,10 @@
 						$oModule = &$this->getModuleInstance($forward->module, $type, $kind);
 					}
                     $xml_info = $oModuleModel->getModuleActionXml($forward->module);
-					if($kind == "admin" && $type == "view")
+					$oMemberModel = &getModel('member');
+					$logged_info = $oMemberModel->getLoggedInfo();
+
+					if($this->module == "admin" && $type == "view")
 					{
 						$logged_info = Context::get('logged_info');
 						if($logged_info->is_admin=='Y'){
@@ -317,6 +320,18 @@
 							return $oMessageObject;
 						}
 					}
+					if ($kind == 'admin'){
+						$grant = $oModuleModel->getGrant($this->module_info, $logged_info);		
+						if(!$grant->is_admin && !$grant->manager) {
+                            $this->error = 'msg_is_not_manager';
+                            $oMessageObject = &ModuleHandler::getModuleInstance('message',$type);
+                            $oMessageObject->setError(-1);
+                            $oMessageObject->setMessage($this->error);
+                            $oMessageObject->dispMessage();
+                            return $oMessageObject;
+                        }   
+						
+					}
 				}
 				else if($xml_info->default_index_act && method_exists($oModule, $xml_info->default_index_act))
 				{
diff --git a/common/js/unittest/unittest_common.html b/common/js/unittest/unittest_common.html
index d747815d4..0361e7a8a 100644
--- a/common/js/unittest/unittest_common.html
+++ b/common/js/unittest/unittest_common.html
@@ -1,3 +1,4 @@
+<<<<<<< .working
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="ko">
 <head>
@@ -72,3 +73,79 @@ describe('SetQuery', {
 </head>
 <body><div style="display:none;"><p>A</p><p>B</p></div></body>
 </html>
+=======
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="ko">
+<head>
+<meta http-equiv="Content-Type" content="text/html;charset=UTF-8" />
+<title>JSSpec results</title>
+<link rel="stylesheet" type="text/css" href="css/JSSpec.css" />
+<script type="text/javascript" src="JSSpec/JSSpec.js"></script>
+<script type="text/javascript" src="JSSpec/diff_match_patch.js"></script>
+<script type="text/javascript" src="../jquery.js"></script>
+<script type="text/javascript" src="../common.js"></script>
+<script type="text/javascript">// <![CDATA[
+describe('SetQuery', {
+    'should satisfy basic uri condition' : function() {
+        target = "http://xpressengine.com/";
+        value_of(target.setQuery("q","r")).should_be("http://xpressengine.com/?q=r");
+    },
+    'should work when ssl is on' : function() {
+        target = "http://xpressengine.com/";
+        ssl_actions = new Array("dispLogin");
+        value_of(target.setQuery("act","dispLogin")).should_be("https://xpressengine.com/?act=dispLogin");
+    },
+    'should work when ssl is on and https_port is set (not 443)' : function() {
+        target = "http://xpressengine.com/";
+        https_port = 445;
+        ssl_actions = new Array("dispLogin");
+        value_of(target.setQuery("act","dispLogin")).should_be("https://xpressengine.com:445/?act=dispLogin");
+    },
+    'should work when ssl is on and https_port is set as 443' : function() {
+        target = "http://xpressengine.com/";
+        https_port = 443;
+        ssl_actions = new Array("dispLogin");
+        value_of(target.setQuery("act","dispLogin")).should_be("https://xpressengine.com/?act=dispLogin");
+    },
+    'should replace https to http if act is not a member of ssl_actions': function() {
+        targets = "https://xpressengine.com/";
+        ssl_actions = new Array("dispLogin");
+        value_of(targets.setQuery("act","dispLogin2")).should_be("http://xpressengine.com/?act=dispLogin2");
+    },
+    'should remove https port' : function() {
+        targetsp = "https://xpressengine.com:443/?q=r";
+        value_of(targetsp.setQuery("act","dispLogin2")).should_be("http://xpressengine.com/?q=r&act=dispLogin2");
+    },
+    'should remove https port and add http port if http port is defined' : function() {
+        targetsp = "https://xpressengine.com:443/?q=r";
+        http_port = 8000;
+        value_of(targetsp.setQuery("act","dispLogin2")).should_be("http://xpressengine.com:8000/?q=r&act=dispLogin2");
+    },
+    'should only remove https port and if http port is defined as 80' : function() {
+        targetsp = "https://xpressengine.com:443/?q=r";
+        http_port = 80;
+        value_of(targetsp.setQuery("act","dispLogin2")).should_be("http://xpressengine.com/?q=r&act=dispLogin2");
+    },
+    'should work if enforce_ssl is set' : function() {
+        target = "http://xpressengine.com/";
+        enforce_ssl = true;
+        value_of(target.setQuery("act","dispLogin")).should_be("https://xpressengine.com/?act=dispLogin");
+    },
+    'should work if enforce_ssl is set with 443 port' : function() {
+        target = "http://xpressengine.com/";
+        enforce_ssl = true;
+        https_port = 443;
+        value_of(target.setQuery("act","dispLogin")).should_be("https://xpressengine.com/?act=dispLogin");
+    },
+    'should work if enforce_ssl is set with none-443 port' : function() {
+        target = "http://xpressengine.com/";
+        enforce_ssl = true;
+        https_port = 445;
+        value_of(target.setQuery("act","dispLogin")).should_be("https://xpressengine.com:445/?act=dispLogin");
+    }
+})
+// ]]></script>
+</head>
+<body><div style="display:none;"><p>A</p><p>B</p></div></body>
+</html>
+>>>>>>> .merge-right.r9269
diff --git a/config/func.inc.php b/config/func.inc.php
index 0b7833813..be21d1a79 100644
--- a/config/func.inc.php
+++ b/config/func.inc.php
@@ -414,7 +414,7 @@
      * @brief If the recent post within a day, output format of YmdHis is "min/hours ago from now". If not within a day, it return format string.
      **/
     function getTimeGap($date, $format = 'Y.m.d') {
-        $gap = time() - ztime($date);
+        $gap = time() - zgap() - ztime($date);
 
         $lang_time_gap = Context::getLang('time_gap');
         if($gap<60) $buff = sprintf($lang_time_gap['min'], (int)($gap / 60)+1);
diff --git a/modules/addon/addon.admin.controller.php b/modules/addon/addon.admin.controller.php
index fa02dfeb6..a1b2b43d8 100644
--- a/modules/addon/addon.admin.controller.php
+++ b/modules/addon/addon.admin.controller.php
@@ -4,6 +4,7 @@
      * @author NHN (developers@xpressengine.com)
      * @brief admin controller class of addon modules
      **/
+
     require_once(_XE_PATH_.'modules/addon/addon.controller.php');
 
     class addonAdminController extends addonController {
diff --git a/modules/addon/addon.admin.view.php b/modules/addon/addon.admin.view.php
index 49fc3e12d..c08ee2252 100644
--- a/modules/addon/addon.admin.view.php
+++ b/modules/addon/addon.admin.view.php
@@ -74,6 +74,9 @@
 
             // Template specifies the path and file
             $this->setTemplateFile('setup_addon');
+
+			$security = new Security();
+			$security->encodeHTML('addon_info.', 'addon_info.author..', 'mid_list....');
         }
 
         /**
@@ -91,6 +94,9 @@
             $this->setLayoutFile('popup_layout');
             // Template specifies the path and file
             $this->setTemplateFile('addon_info');
+
+			$security = new Security();
+			$security->encodeHTML('addon_info.', 'addon_info.author..');
         }
 
     }
diff --git a/modules/admin/admin.admin.view.php b/modules/admin/admin.admin.view.php
index 8f26938ce..80a4b0124 100644
--- a/modules/admin/admin.admin.view.php
+++ b/modules/admin/admin.admin.view.php
@@ -212,6 +212,9 @@
 			// add javascript tooltip plugin - gony
 			Context::loadJavascriptPlugin('qtip');
 			Context::loadJavascriptPlugin('watchinput');
+
+			$security = new Security();
+			$security->encodeHTML('selected_module_info.', 'selected_module_info.author..', 'package_modules..', 'installed_modules..');
 		}
 
         /**
@@ -309,7 +312,6 @@
                     }
                     Context::set('news', $news);
                 }
-
                 Context::set('released_version', $buff->zbxe_news->attrs->released_version);
                 Context::set('download_link', $buff->zbxe_news->attrs->download_link);
             }
@@ -356,7 +358,6 @@
             Context::set('selected_lang', $db_info->lang_type);
 
 			Context::set('default_url', $db_info->default_url);
-
             Context::set('langs', Context::loadLangSupported());
 
             Context::set('lang_selected', Context::loadLangSelected());
@@ -388,6 +389,9 @@
 
             Context::set('pwd',$pwd);
             $this->setTemplateFile('config');
+
+			$security = new Security();
+			$security->encodeHTML('news..', 'released_version', 'download_link', 'selected_lang', 'module_list..', 'module_list..author..', 'addon_list..', 'addon_list..author..', 'start_module.');
         }
 
 		/**
diff --git a/modules/autoinstall/autoinstall.admin.view.php b/modules/autoinstall/autoinstall.admin.view.php
index 0b4ea31b8..fa79de62f 100644
--- a/modules/autoinstall/autoinstall.admin.view.php
+++ b/modules/autoinstall/autoinstall.admin.view.php
@@ -97,6 +97,7 @@
                     $title = $xmlDoc->{$type}->title->body;
 					$installed[$key]->title = $title;
 				}
+
 				Context::set('installed', $installed);
 
 				foreach($installed as $key=>$val)
@@ -140,6 +141,9 @@
             Context::set('page_navigation', $output->page_navigation);
 
             $this->setTemplateFile('index');
+
+			$security = new Security();
+			$security->encodeHTML('item_list..');
         }
 
         function dispAutoinstallAdminInstall() {
@@ -203,7 +207,6 @@
                     $package->cur_version = $installedPackage->current_version;
                     $package->need_update = version_compare($package->version, $installedPackage->current_version, ">");
                 }
-
                 Context::set("package", $package);
             }
             if(!$_SESSION['ftp_password'])
@@ -211,6 +214,9 @@
                 Context::set('need_password', true);
             }
             $this->setTemplateFile('install');
+
+			$security = new Security();
+			$security->encodeHTML('package.' , 'package.depends..');
         }
 
         function dispAutoinstallAdminIndex() {
@@ -288,6 +294,9 @@
                 Context::set('page_navigation', $page_navigation);
             }
 
+			$security = new Security();
+			$security->encodeHTML('package.' , 'package.depends..');
+
         }
 
         function dispCategory()
@@ -330,6 +339,11 @@
 				$installedPackage->avail_remove = $item_list[$package_srl]->avail_remove;
 				$installedPackage->deps = $item_list[$package_srl]->deps;
 				Context::set('package', $installedPackage);
+            $this->setTemplateFile('uninstall');
+            Context::addJsFilter($this->module_path.'tpl/filter', 'uninstall_package.xml');
+
+				$security = new Security();
+				$security->encodeHTML('package.');
 
 				$this->setTemplateFile('uninstall');
 			}
diff --git a/modules/autoinstall/tpl/list.html b/modules/autoinstall/tpl/list.html
index 0f16eb365..501196d9c 100644
--- a/modules/autoinstall/tpl/list.html
+++ b/modules/autoinstall/tpl/list.html
@@ -24,9 +24,9 @@
 				<!--@end-->
 
 				Sort by
-				<a href="{getUrl('order_target','newest','order_type',$_newest_order_type)}">{$lang->order_newest}<!--@if($order_target == 'newest')--><!--@if($_newest_order_type == 'asc')-->▼<!--@else-->▲<!--@end--><!--@end--></a> |
-				<a href="{getUrl('order_target','download','order_type',$_download_order_type)}">{$lang->order_download}<!--@if($order_target == 'download')--><!--@if($_download_order_type == 'asc')-->▼<!--@else-->▲<!--@end--><!--@end--></a> |
-				<a href="{getUrl('order_target','popular','order_type',$_popular_order_type)}">{$lang->order_popular}<!--@if($order_target == 'popular')--><!--@if($_popular_order_type == 'asc')-->▼<!--@else-->▲<!--@end--><!--@end--></a>
+				<a href="{getUrl('order_target','newest','order_type',$_newest_order_type)}">{$lang->order_newest}<!--@if($order_target == 'newest')--><!--@if($_newest_order_type == 'asc')-->��<!--@else-->��<!--@end--><!--@end--></a> |
+				<a href="{getUrl('order_target','download','order_type',$_download_order_type)}">{$lang->order_download}<!--@if($order_target == 'download')--><!--@if($_download_order_type == 'asc')-->��<!--@else-->��<!--@end--><!--@end--></a> |
+				<a href="{getUrl('order_target','popular','order_type',$_popular_order_type)}">{$lang->order_popular}<!--@if($order_target == 'popular')--><!--@if($_popular_order_type == 'asc')-->��<!--@else-->��<!--@end--><!--@end--></a>
 			</span>
 		</caption>
 		<thead>
diff --git a/modules/comment/tpl/comment_list.html b/modules/comment/tpl/comment_list.html
index 5d14fc3d1..90259fbeb 100644
--- a/modules/comment/tpl/comment_list.html
+++ b/modules/comment/tpl/comment_list.html
@@ -52,10 +52,10 @@ xe.lang.msg_empty_search_keyword = '{$lang->msg_empty_search_keyword}';
 			</tfoot>
 			<tbody>
 				<!--@foreach($comment_list as $no => $val)-->
-				{@ $comment = cut_str(trim(htmlspecialchars(strip_tags($val->content))), 200, '...')}
+				{@ $comment = cut_str(trim(strip_tags($val->content)), 200, '...')}
 				<tr>
 					<td class="text"><a href="{getUrl('','document_srl',$val->document_srl)}#comment_{$val->comment_srl}" target="_blank"><!--@if(strlen($comment))-->{$comment}<!--@else--><em>{$lang->no_text_comment}</em><!--@end--></a></td>
-					<td><a href="#popup_menu_area" class="member_{$val->member_srl}">{htmlspecialchars($val->nick_name)}</a></td>
+					<td><a href="#popup_menu_area" class="member_{$val->member_srl}">{$val->nick_name}</a></td>
 					<td>0/0</td>
 					<td>{(zdate($val->regdate,"Y-m-d\nH:i:s"))}</td>
 					<td><a href="{getUrl('search_target','ipaddress','search_keyword',$val->ipaddress)}">{$val->ipaddress}</a></td>
diff --git a/modules/communication/communication.admin.model.php b/modules/communication/communication.admin.model.php
index 862eac520..0c6131265 100644
--- a/modules/communication/communication.admin.model.php
+++ b/modules/communication/communication.admin.model.php
@@ -1,3 +1,4 @@
+<<<<<<< .working
 <?php
     /**
      * @class  communicationAdminModel
@@ -38,3 +39,49 @@
 
     }
 ?>
+=======
+<?php
+    /**
+     * @class  communicationAdminModel
+     * @author NHN (developers@xpressengine.com)
+     * @brief  communication module의 admin model class
+     **/
+
+    class communicationAdminModel extends communication {
+
+        /**
+         * @brief 초기화
+         **/
+        function init() {
+        }
+
+        /**
+         * @brief 지정된 스킨의 컬러셋 선택을 위한 html을 return
+         **/
+        function getCommunicationAdminColorset() {
+            $skin = Context::get('skin');
+            if(!$skin) $tpl = "";
+            else {
+                $oModuleModel = &getModel('module');
+                $skin_info = $oModuleModel->loadSkinInfo($this->module_path, $skin);
+                Context::set('skin_info', $skin_info);
+
+                $oModuleModel = &getModel('module');
+                $communication_config = $oModuleModel->getModuleConfig('communication');
+                if(!$communication_config->colorset) $communication_config->colorset = "white";
+                Context::set('communication_config', $communication_config);
+				
+				$security = new Security();
+				$security->encodeHTML('skin_info.colorset..title','skin_info.colorset..name');
+				$security->encodeHTML('skin_info.colorset..name');
+
+                $oTemplate = &TemplateHandler::getInstance();
+                $tpl = $oTemplate->compile($this->module_path.'tpl', 'colorset_list');
+            }
+
+            $this->add('tpl', $tpl);
+        }
+
+    }
+?>
+>>>>>>> .merge-right.r9269
diff --git a/modules/communication/communication.admin.view.php b/modules/communication/communication.admin.view.php
index 9e751746c..c45f37ccc 100644
--- a/modules/communication/communication.admin.view.php
+++ b/modules/communication/communication.admin.view.php
@@ -27,7 +27,12 @@
             Context::set('editor_skin_list', $oEditorModel->getEditorSkinList() );
             // get a list of communication skins
             Context::set('communication_skin_list', $oModuleModel->getSkins($this->module_path) );
-            // specify a template
+			$security = new Security();		
+			$security->encodeHTML('communication_config..');
+			$security->encodeHTML('editor_skin_list..');
+			$security->encodeHTML('communication_skin_list..title');			
+
+			// specify a template
             $this->setTemplatePath($this->module_path.'tpl');
             $this->setTemplateFile('index');
         }
diff --git a/modules/document/document.admin.controller.php b/modules/document/document.admin.controller.php
index 8560cfb8d..d17d9e30b 100644
--- a/modules/document/document.admin.controller.php
+++ b/modules/document/document.admin.controller.php
@@ -544,6 +544,8 @@
             $document_args->document_srl = $output->data->document_srl;
             $document_args->module_srl = $output->data->module_srl;
             $document_args->member_srl = $output->data->member_srl;
+            $document_args->ipaddress = $output->data->ipaddress;
+            $document_args->update_order = $output->data->update_order;
 
             $oDocument = $oDocumentModel->getDocument($document_args->document_srl);
 
diff --git a/modules/document/document.admin.view.php b/modules/document/document.admin.view.php
index 2ed0b26f7..cbecaa317 100644
--- a/modules/document/document.admin.view.php
+++ b/modules/document/document.admin.view.php
@@ -1,3 +1,4 @@
+<<<<<<< .working
 <?php
     /**
      * @class  documentAdminView
@@ -169,3 +170,163 @@
         }
     }
 ?>
+=======
+<?php
+    /**
+     * @class  documentAdminView
+     * @author NHN (developers@xpressengine.com)
+     * @brief  document 모듈의 admin view 클래스
+     **/
+
+    class documentAdminView extends document {
+
+        /**
+         * @brief 초기화
+         **/
+        function init() {
+        }
+
+        /**
+         * @brief 목록 출력 (관리자용)
+         **/
+        function dispDocumentAdminList() {
+            // 목록을 구하기 위한 옵션
+            $args->page = Context::get('page'); ///< 페이지
+            $args->list_count = 30; ///< 한페이지에 보여줄 글 수
+            $args->page_count = 10; ///< 페이지 네비게이션에 나타날 페이지의 수
+
+            $args->search_target = Context::get('search_target'); ///< 검색 대상 (title, contents...)
+            $args->search_keyword = Context::get('search_keyword'); ///< 검색어
+
+            $args->sort_index = 'list_order'; ///< 소팅 값
+
+            $args->module_srl = Context::get('module_srl');
+
+            // 목록 구함, document->getDocumentList 에서 걍 알아서 다 해버리는 구조이다... (아.. 이거 나쁜 버릇인데.. ㅡ.ㅜ 어쩔수 없다)
+            $oDocumentModel = &getModel('document');
+            $output = $oDocumentModel->getDocumentList($args);
+
+            // 템플릿에 쓰기 위해서 document_model::getDocumentList() 의 return object에 있는 값들을 세팅
+            Context::set('total_count', $output->total_count);
+            Context::set('total_page', $output->total_page);
+            Context::set('page', $output->page);
+            Context::set('document_list', $output->data);
+            Context::set('page_navigation', $output->page_navigation);
+
+            // 템플릿에서 사용할 검색옵션 세팅
+            $count_search_option = count($this->search_option);
+            for($i=0;$i<$count_search_option;$i++) {
+                $search_option[$this->search_option[$i]] = Context::getLang($this->search_option[$i]);
+            }
+            Context::set('search_option', $search_option);
+
+            // 템플릿 지정
+            $this->setTemplatePath($this->module_path.'tpl');
+            $this->setTemplateFile('document_list');
+        }
+
+        /**
+         * @brief 문서 모듈 설정 
+         **/
+        function dispDocumentAdminConfig() {
+            $oDocumentModel = &getModel('document');
+            $config = $oDocumentModel->getDocumentConfig();
+            Context::set('config',$config);
+
+            // 템플릿 파일 지정
+            $this->setTemplatePath($this->module_path.'tpl');
+            $this->setTemplateFile('document_config');
+        }
+
+        /**
+         * @brief 관리자 페이지의 신고 목록 보기
+         **/
+        function dispDocumentAdminDeclared() {
+            // 목록을 구하기 위한 옵션
+            $args->page = Context::get('page'); ///< 페이지
+            $args->list_count = 30; ///< 한페이지에 보여줄 글 수
+            $args->page_count = 10; ///< 페이지 네비게이션에 나타날 페이지의 수
+
+            $args->sort_index = 'document_declared.declared_count'; ///< 소팅 값
+            $args->order_type = 'desc'; ///< 소팅 정렬 값
+
+            // 목록을 구함
+            $declared_output = executeQuery('document.getDeclaredList', $args);
+
+            if($declared_output->data && count($declared_output->data)) {
+                $document_list = array();
+
+                $oDocumentModel = &getModel('document');
+                foreach($declared_output->data as $key => $document) {
+                    $document_list[$key] = new documentItem();
+                    $document_list[$key]->setAttribute($document);
+                }
+                $declared_output->data = $document_list;
+            }
+        
+            // 템플릿에 쓰기 위해서 document_model::getDocumentList() 의 return object에 있는 값들을 세팅
+            Context::set('total_count', $declared_output->total_count);
+            Context::set('total_page', $declared_output->total_page);
+            Context::set('page', $declared_output->page);
+            Context::set('document_list', $declared_output->data);
+            Context::set('page_navigation', $declared_output->page_navigation);
+
+            // 템플릿 지정
+            $this->setTemplatePath($this->module_path.'tpl');
+            $this->setTemplateFile('declared_list');
+        }
+
+        function dispDocumentAdminAlias() {
+            $args->document_srl = Context::get('document_srl');
+            if(!$args->document_srl) return $this->dispDocumentAdminList();
+
+            $oModel = &getModel('document');
+            $oDocument = $oModel->getDocument($args->document_srl);
+            if(!$oDocument->isExists()) return $this->dispDocumentAdminList();
+            Context::set('oDocument', $oDocument);
+
+            $output = executeQueryArray('document.getAliases', $args);
+            if(!$output->data)
+            {
+                $aliases = array();
+            }
+            else
+            {
+                $aliases = $output->data; 
+            }
+
+            Context::set('aliases', $aliases);
+	
+            $this->setTemplatePath($this->module_path.'tpl');
+            $this->setTemplateFile('document_alias');
+        }
+
+        function dispDocumentAdminTrashList() {
+            // 목록을 구하기 위한 옵션
+            $args->page = Context::get('page'); ///< 페이지
+            $args->list_count = 30; ///< 한페이지에 보여줄 글 수
+            $args->page_count = 10; ///< 페이지 네비게이션에 나타날 페이지의 수
+
+            $args->sort_index = 'list_order'; ///< 소팅 값
+            $args->order_type = 'desc'; ///< 소팅 정렬 값
+
+            $args->module_srl = Context::get('module_srl');
+
+            // 목록을 구함
+            $oDocumentAdminModel = &getAdminModel('document');
+            $output = $oDocumentAdminModel->getDocumentTrashList($args);
+
+            // 템플릿에 쓰기 위해서 document_admin_model::getDocumentTrashList() 의 return object에 있는 값들을 세팅
+            Context::set('total_count', $output->total_count);
+            Context::set('total_page', $output->total_page);
+            Context::set('page', $output->page);
+            Context::set('document_list', $output->data);
+            Context::set('page_navigation', $output->page_navigation);
+
+            // 템플릿 지정
+            $this->setTemplatePath($this->module_path.'tpl');
+            $this->setTemplateFile('document_trash_list');
+        }
+    }
+?>
+>>>>>>> .merge-right.r9269
diff --git a/modules/document/document.controller.php b/modules/document/document.controller.php
index 78e6d4418..80a9d499a 100644
--- a/modules/document/document.controller.php
+++ b/modules/document/document.controller.php
@@ -1603,20 +1603,26 @@ class documentController extends document {
 		else $document_srl_list = $cart;
 
 		$document_srl_count = count($document_srl_list);
+
+		$oDocumentModel = &getModel('document');
+		$document_items = array();
+		foreach($document_srl_list as $document_srl){
+			$oDocument = $oDocumentModel->getDocument($document_srl);
+			$document_items[] = $oDocument;
+			if (!$oDocument->isGranted()) return $this->stop('msg_not_permitted');
+		}
+
 		// Send a message
 		if($message_content) {
 
 			$oCommunicationController = &getController('communication');
-			$oDocumentModel = &getModel('document');
 
 			$logged_info = Context::get('logged_info');
 
 			$title = cut_str($message_content,10,'...');
 			$sender_member_srl = $logged_info->member_srl;
 
-			for($i=0;$i<$document_srl_count;$i++) {
-				$document_srl = $document_srl_list[$i];
-				$oDocument = $oDocumentModel->getDocument($document_srl);
+			foreach($document_items as $oDocument){
 				if(!$oDocument->get('member_srl') || $oDocument->get('member_srl')==$sender_member_srl) continue;
 
 				if($type=='move') $purl = sprintf("<a href=\"%s\" onclick=\"window.open(this.href);return false;\">%s</a>", $oDocument->getPermanentUrl(), $oDocument->getPermanentUrl());
@@ -1802,4 +1808,4 @@ class documentController extends document {
 		if(!$obj->status && $obj->is_secret != 'Y') $obj->status = $this->getConfigStatus('public');
 	}
 }
-?>
+?>
\ No newline at end of file
diff --git a/modules/document/document.item.php b/modules/document/document.item.php
index 81360772d..c0cfe4176 100644
--- a/modules/document/document.item.php
+++ b/modules/document/document.item.php
@@ -80,7 +80,8 @@
             $logged_info = Context::get('logged_info');
             if($logged_info->is_admin == 'Y') return true;
 
-			$grant = Context::get('grant');
+			$oModuleModel = &getModel('module');
+			$grant = $oModuleModel->getGrant($oModuleModel->getModuleInfoByModuleSrl($this->get('module_srl')), $logged_info);
 			if($grant->manager) return true;
 
             if($this->get('member_srl') && ($this->get('member_srl') == $logged_info->member_srl || $this->get('member_srl')*-1 == $logged_info->member_srl)) return true;
diff --git a/modules/document/document.model.php b/modules/document/document.model.php
index d3d120665..daf2b4851 100644
--- a/modules/document/document.model.php
+++ b/modules/document/document.model.php
@@ -819,7 +819,10 @@
             // Bringing existing extra_keys
             $extra_keys = $this->getExtraKeys($module_srl);
             Context::set('extra_keys', $extra_keys);
-            // Get information of module_grants
+			$security = new Security();				
+			$security->encodeHTML('extra_keys..name','extra_keys..eid');
+
+			// Get information of module_grants
             $oTemplate = &TemplateHandler::getInstance();
             return $oTemplate->compile($this->module_path.'tpl', 'extra_keys');
         }
@@ -878,6 +881,10 @@
 
             $category_info->title = htmlspecialchars($category_info->title);
             Context::set('category_info', $category_info);
+			
+			$security = new Security();				
+			$security->encodeHTML('group_list..title');
+
             // tpl template file directly compile and will return a variable and puts it on.
             $oTemplate = &TemplateHandler::getInstance();
             $tpl = $oTemplate->compile('./modules/document/tpl', 'category_info');
diff --git a/modules/document/tpl/extra_keys.html b/modules/document/tpl/extra_keys.html
index 5617adee6..a345e325e 100644
--- a/modules/document/tpl/extra_keys.html
+++ b/modules/document/tpl/extra_keys.html
@@ -28,7 +28,7 @@
         <tr>
             <th><div>{$lang->column_name}</div></th>
             <td class="wide">
-                <input type="text" name="name" value="{htmlspecialchars($selected_var->name)}" class="inputTypeText w200" id="name" /><a href="{getUrl('','module','module','act','dispModuleAdminLangcode','target','name')}" onclick="popopen(this.href);return false;" class="buttonSet buttonSetting"><span>{$lang->cmd_find_langcode}</span></a>
+                <input type="text" name="name" value="{$selected_var->name}" class="inputTypeText w200" id="name" /><a href="{getUrl('','module','module','act','dispModuleAdminLangcode','target','name')}" onclick="popopen(this.href);return false;" class="buttonSet buttonSetting"><span>{$lang->cmd_find_langcode}</span></a> 
             </td>
         </tr>
         <tr>
diff --git a/modules/editor/editor.admin.view.php b/modules/editor/editor.admin.view.php
index 723204163..b9b5ac6b0 100644
--- a/modules/editor/editor.admin.view.php
+++ b/modules/editor/editor.admin.view.php
@@ -71,7 +71,10 @@
 			Context::set('component_list', $component_list);
 			Context::set('component_count', $component_count);						
 			Context::set('editor_config_default', $editor_config_default);
-			 
+			
+			$security = new Security();
+			$security->encodeHTML('component_list....');
+
             $this->setTemplatePath($this->module_path.'tpl');
             $this->setTemplateFile('admin_index');
         }
@@ -109,10 +112,16 @@
                 }
             } else {
                 $module_categories[0]->list = $mid_list;
-            }
+            }			
 
             Context::set('mid_list',$module_categories);
 
+			//Security
+			$security = new Security();
+			$security->encodeHTML('group_list..title');			
+			$security->encodeHTML('component...');
+			$security->encodeHTML('mid_list..title','mid_list..list..browser_title');			
+			
             $this->setTemplatePath($this->module_path.'tpl');
             $this->setTemplateFile('setup_component');
             $this->setLayoutFile("popup_layout");
diff --git a/modules/editor/editor.view.php b/modules/editor/editor.view.php
index 6deded5ab..6d3b6daa8 100644
--- a/modules/editor/editor.view.php
+++ b/modules/editor/editor.view.php
@@ -96,18 +96,26 @@
                 $style = $contents[$i];
                 $info = $oModuleModel->loadSkinInfo($this->module_path,$style,'styles');
                 $content_style_list[$style]->title = $info->title;
-            }
+            }			
             Context::set('content_style_list', $content_style_list);
             // Get a group list
             $oMemberModel = &getModel('member');
             $site_module_info = Context::get('site_module_info');
             $group_list = $oMemberModel->getGroups($site_module_info->site_srl);
             Context::set('group_list', $group_list);
-            // Set a template file
+
+			//Security
+			$security = new Security();
+			$security->encodeHTML('group_list..title');
+			$security->encodeHTML('group_list..description');
+			$security->encodeHTML('content_style_list..');
+			$security->encodeHTML('editor_comment_colorset_list..title');			
+
+			// Set a template file
             $oTemplate = &TemplateHandler::getInstance();
             $tpl = $oTemplate->compile($this->module_path.'tpl', 'editor_module_config');
             $obj .= $tpl;
-
+			
             return new Object();
         }
 
diff --git a/modules/file/file.admin.view.php b/modules/file/file.admin.view.php
index 5f7e673f7..cc3a9652c 100644
--- a/modules/file/file.admin.view.php
+++ b/modules/file/file.admin.view.php
@@ -164,8 +164,13 @@
             Context::set('page', $output->page);
             Context::set('page_navigation', $output->page_navigation);
             // Set a template
+			$security = new Security();
+			$security->encodeHTML('file_list..source_filename','file_list..ipaddress');
+			$security->encodeHTML('module_list..browser_title','module_list..mid');						
+
             $this->setTemplatePath($this->module_path.'tpl');
             $this->setTemplateFile('file_list');
+
         }
 
         /**
diff --git a/modules/file/file.controller.php b/modules/file/file.controller.php
index 173387be0..39fa7f4ca 100644
--- a/modules/file/file.controller.php
+++ b/modules/file/file.controller.php
@@ -1,3 +1,4 @@
+<<<<<<< .working
 <?php
     /**
      * @class  fileController
@@ -616,3 +617,654 @@
         }
     }
 ?>
+=======
+<?php
+    /**
+     * @class  fileController
+     * @author NHN (developers@xpressengine.com)
+     * @brief  file 모듈의 controller 클래스
+     **/
+
+    class fileController extends file {
+
+        /**
+         * @brief 초기화
+         **/
+        function init() {
+        }
+
+
+        /**
+         * @brief 에디터에서 첨부파일 업로드 
+         * editor_sequence, uploadTargetSrl 변수값을 받아서 이를 바탕으로 첨부 대상 srl을 결정함.
+         * 만약 uploadTargetSrl이 없다면 새로 생성하고 return 하여 UI에서 이에 대한 값을 재설정하도록 하여
+         * sync이상없도록 함
+         **/
+        function procFileUpload() {
+            $file_info = Context::get('Filedata');
+
+            // 정상적으로 업로드된 파일이 아니면 오류 출력
+            if(!is_uploaded_file($file_info['tmp_name'])) exit();
+
+            // 기본적으로 필요한 변수 설정
+            $oFileModel = &getModel('file');
+            $editor_sequence = Context::get('editor_sequence');
+            $upload_target_srl = intval(Context::get('uploadTargetSrl'));
+            if(!$upload_target_srl) $upload_target_srl = intval(Context::get('upload_target_srl'));
+            $module_srl = $this->module_srl;
+
+            // 업로드 권한이 없거나 정보가 없을시 종료
+            if(!$_SESSION['upload_info'][$editor_sequence]->enabled) exit();
+
+            // upload_target_srl 값이 명시되지 않았을 경우 세션정보에서 추출
+            if(!$upload_target_srl) $upload_target_srl = $_SESSION['upload_info'][$editor_sequence]->upload_target_srl;
+
+            // 세션정보에도 정의되지 않았다면 새로 생성
+            if(!$upload_target_srl) $_SESSION['upload_info'][$editor_sequence]->upload_target_srl = $upload_target_srl = getNextSequence();
+
+
+            return $this->insertFile($file_info, $module_srl, $upload_target_srl);
+        }
+
+
+        /**
+         * @brief iframe 첨부파일 업로드 
+         **/
+        function procFileIframeUpload() {
+            // 기본적으로 필요한 변수 설정
+            $editor_sequence = Context::get('editor_sequence');
+            $callback = Context::get('callback');
+            $module_srl = $this->module_srl;
+            $upload_target_srl = intval(Context::get('uploadTargetSrl'));
+            if(!$upload_target_srl) $upload_target_srl = intval(Context::get('upload_target_srl'));
+
+            // 업로드 권한이 없거나 정보가 없을시 종료
+            if(!$_SESSION['upload_info'][$editor_sequence]->enabled) exit();
+
+            // upload_target_srl 값이 명시되지 않았을 경우 세션정보에서 추출
+            if(!$upload_target_srl) $upload_target_srl = $_SESSION['upload_info'][$editor_sequence]->upload_target_srl;
+
+            // 세션정보에도 정의되지 않았다면 새로 생성
+            if(!$upload_target_srl) $_SESSION['upload_info'][$editor_sequence]->upload_target_srl = $upload_target_srl = getNextSequence();
+
+            // file_srl이 요청되었을 경우 삭제 후 재업로드 시도
+            $file_srl = Context::get('file_srl');
+            if($file_srl) $this->deleteFile($file_srl);
+
+            $file_info = Context::get('Filedata');
+
+            // 정상적으로 업로드된 파일이 아니면 오류 출력
+            if(is_uploaded_file($file_info['tmp_name'])) {
+                $output = $this->insertFile($file_info, $module_srl, $upload_target_srl);
+                Context::set('uploaded_fileinfo',$output);
+            }
+
+            Context::set('layout','none');
+
+            $this->setTemplatePath($this->module_path.'tpl');
+            $this->setTemplateFile('iframe');
+
+        }
+
+        /**
+         * @brief image resize
+         **/
+        function procFileImageResize() {
+            $source_src = Context::get('source_src');
+            $width = Context::get('width');
+            $height = Context::get('height');
+            $type = Context::get('type');
+            $output_src = Context::get('output_src');
+
+            if(!$source_src || !$width) return new Object(-1,'msg_invalid_request');
+            if(!$output_src){
+                $output_src = $source_src . '.resized' . strrchr($source_src,'.');
+            }
+            if(!$type) $type = 'ratio';
+            if(!$height) $height = $width-1;
+
+            if(FileHandler::createImageFile($source_src,$output_src,$width,$height,'','ratio')){
+                $output->info = getimagesize($output_src);	
+                $output->src = $output_src;
+            }else{
+                return new Object(-1,'msg_invalid_request');
+            }
+
+            $this->add('resized_info',$output);		
+        }
+
+
+
+        /**
+         * @brief 첨부파일 다운로드
+         * 직접 요청을 받음
+         * file_srl : 파일의 sequence
+         * sid : db에 저장된 비교 값, 틀리면 다운로드 하지 않음
+         **/
+        function procFileDownload() {
+            $oFileModel = &getModel('file');
+
+            $file_srl = Context::get('file_srl');
+            $sid = Context::get('sid');
+            $logged_info = Context::get('logged_info');
+
+            // 파일의 정보를 DB에서 받아옴
+            $file_obj = $oFileModel->getFile($file_srl);
+
+            // 요청된 파일 정보가 잘못되었다면 파일을 찾을 수 없다는 오류 출력
+            if($file_obj->file_srl!=$file_srl || $file_obj->sid!=$sid) return $this->stop('msg_file_not_found');
+
+            // 대기 상태일 경우 파일 다운로드 권한이 없음을 알림 (최고관리자는 다운 로드 허용)
+            if($logged_info->is_admin != 'Y' && $file_obj->isvalid!='Y') return $this->stop('msg_not_permitted_download');
+
+            // 파일 이름
+            $filename = $file_obj->source_filename;
+            $file_module_config = $oFileModel->getFileModuleConfig($file_obj->module_srl);
+
+            // 파일 외부링크 차단
+            if($file_module_config->allow_outlink == 'N') {
+                //외부링크 허용 확장자 처리
+                if($file_module_config->allow_outlink_format) {
+                    $allow_outlink_format_array = array();
+                    $allow_outlink_format_array = explode(',', $file_module_config->allow_outlink_format);
+                    if(!is_array($allow_outlink_format_array)) $allow_outlink_format_array[0] = $file_module_config->allow_outlink_format;
+
+                    foreach($allow_outlink_format_array as $val) {
+                        $val = trim($val);
+                        if(preg_match("/\.{$val}$/i", $filename)) {
+                            $file_module_config->allow_outlink = 'Y';
+                            break;
+                        }
+                    }
+                }
+                //외부링크 허용 사이트 처리
+                if($file_module_config->allow_outlink != 'Y') {
+                    $referer = parse_url($_SERVER["HTTP_REFERER"]);
+                    if($referer['host'] != $_SERVER['HTTP_HOST']) {
+                        if($file_module_config->allow_outlink_site) {
+                            $allow_outlink_site_array = array();
+                            $allow_outlink_site_array = explode("\n", $file_module_config->allow_outlink_site);
+                            if(!is_array($allow_outlink_site_array)) $allow_outlink_site_array[0] = $file_module_config->allow_outlink_site;
+
+                            foreach($allow_outlink_site_array as $val) {
+                                $site = parse_url(trim($val));
+                                if($site['host'] == $referer['host']) {
+                                    $file_module_config->allow_outlink = 'Y';
+                                    break;
+                                }
+                            }
+                        }
+                    }
+                    else $file_module_config->allow_outlink = 'Y';
+                }
+                if($file_module_config->allow_outlink != 'Y') return $this->stop('msg_not_allowed_outlink');
+            }
+
+            // 파일 다운로드 권한이 있는지 확인
+            if(is_array($file_module_config->download_grant) && count($file_module_config->download_grant)>0) {
+                if(!Context::get('is_logged')) return $this->stop('msg_not_permitted_download');
+                $logged_info = Context::get('logged_info');
+                if($logged_info->is_admin != 'Y') {
+
+                    $oModuleModel =& getModel('module');
+                    $module_info = $oModuleModel->getModuleInfoByModuleSrl($file_obj->module_srl);
+
+                    if(!$oModuleModel->isSiteAdmin($logged_info, $module_info->site_srl))
+                    {
+                        $oMemberModel =& getModel('member');
+                        $member_groups = $oMemberModel->getMemberGroups($logged_info->member_srl, $module_info->site_srl);
+
+                        $is_permitted = false;
+                        for($i=0;$i<count($file_module_config->download_grant);$i++) {
+                            $group_srl = $file_module_config->download_grant[$i];
+                            if($member_groups[$group_srl]) {
+                                $is_permitted = true;
+                                break;
+                            }
+                        }
+                        if(!$is_permitted) return $this->stop('msg_not_permitted_download');
+                    }
+                }
+            }
+
+            // trigger 호출 (before)
+            $output = ModuleHandler::triggerCall('file.downloadFile', 'before', $file_obj);
+            if(!$output->toBool()) return $this->stop(($output->message)?$output->message:'msg_not_permitted_download');
+
+            // 파일 출력
+            if(strstr($_SERVER['HTTP_USER_AGENT'], "MSIE")) {
+                $filename = rawurlencode($filename);
+                $filename = preg_replace('/\./', '%2e', $filename, substr_count($filename, '.') - 1);
+            }
+
+            $uploaded_filename = $file_obj->uploaded_filename;
+            if(!file_exists($uploaded_filename)) return $this->stop('msg_file_not_found');
+
+            $fp = fopen($uploaded_filename, 'rb');
+            if(!$fp) return $this->stop('msg_file_not_found');
+
+            header("Cache-Control: "); 
+            header("Pragma: "); 
+            header("Content-Type: application/octet-stream"); 
+            header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); 
+
+            header("Content-Length: " .(string)($file_obj->file_size)); 
+            header('Content-Disposition: attachment; filename="'.$filename.'"'); 
+            header("Content-Transfer-Encoding: binary\n"); 
+
+			// if file size is lager than 10MB, use fread function (#18675748)
+			if (filesize($uploaded_filename) > 1024 * 1024) {
+				while(!feof($fp)) echo fread($fp, 1024);
+				fclose($fp);
+			} else {
+				fpassthru($fp); 
+			}
+
+            // 이상이 없으면 download_count 증가
+            $args->file_srl = $file_srl;
+            executeQuery('file.updateFileDownloadCount', $args);
+
+            // trigger 호출 (after)
+            $output = ModuleHandler::triggerCall('file.downloadFile', 'after', $file_obj);
+
+            Context::close();
+
+            exit();
+        }
+
+        /**
+         * @brief 에디터에서 첨부 파일 삭제
+         **/
+        function procFileDelete() {
+            // 기본적으로 필요한 변수인 upload_target_srl, module_srl을 설정
+            $editor_sequence = Context::get('editor_sequence');
+            $file_srl = Context::get('file_srl');
+            $file_srls = Context::get('file_srls');
+            if($file_srls) $file_srl = $file_srls;
+
+            // 업로드 권한이 없거나 정보가 없을시 종료
+            if(!$_SESSION['upload_info'][$editor_sequence]->enabled) exit();
+
+            $upload_target_srl = $_SESSION['upload_info'][$editor_sequence]->upload_target_srl;
+
+			$logged_info = Context::get('logged_info');
+			$oFileModel = &getModel('file');
+
+            $srls = explode(',',$file_srl);
+            if(!count($srls)) return;
+
+            for($i=0;$i<count($srls);$i++) {
+                $srl = (int)$srls[$i];
+                if(!$srl) continue;
+
+                $args = null;
+                $args->file_srl = $srl;
+                $output = executeQuery('file.getFile', $args);
+                if(!$output->toBool()) continue;
+
+                $file_info = $output->data;
+                if(!$file_info) continue;
+
+				$file_grant = $oFileModel->getFileGrant($file_info, $logged_info); 
+
+				if(!$file_grant->is_deletable) continue;
+
+				if($upload_target_srl && $file_srl) $output = $this->deleteFile($file_srl);
+            }
+
+        }
+
+        /**
+         * @brief 특정 upload_target_srl(document_srl)에 등록된 첨부파일의 갯수를 return하는 trigger
+         **/
+        function triggerCheckAttached(&$obj) {
+            $document_srl = $obj->document_srl;
+            if(!$document_srl) return new Object();
+
+            // 첨부 파일의 갯수를 구함
+            $oFileModel = &getModel('file');
+            $obj->uploaded_count = $oFileModel->getFilesCount($document_srl);
+
+            return new Object();
+        }
+
+        /**
+         * @brief 특정 upload_target_srl(document_srl)에 등록된 첨부파일을 연결하는 trigger
+         **/
+        function triggerAttachFiles(&$obj) {
+            $document_srl = $obj->document_srl;
+            if(!$document_srl) return new Object();
+
+            $output = $this->setFilesValid($document_srl);
+            if(!$output->toBool()) return $output;
+
+            return new Object();
+        }
+
+        /**
+         * @brief 특정 upload_target_srl(document_srl)에 등록된 첨부파일을 삭제하는 trigger
+         **/
+        function triggerDeleteAttached(&$obj) {
+            $document_srl = $obj->document_srl;
+            if(!$document_srl) return new Object();
+
+            $output = $this->deleteFiles($document_srl);
+            return $output;
+        }
+
+        /**
+         * @brief 특정 upload_target_srl(comment_srl)에 등록된 첨부파일의 갯수를 return하는 trigger
+         **/
+        function triggerCommentCheckAttached(&$obj) {
+            $comment_srl = $obj->comment_srl;
+            if(!$comment_srl) return new Object();
+
+            // 첨부 파일의 갯수를 구함
+            $oFileModel = &getModel('file');
+            $obj->uploaded_count = $oFileModel->getFilesCount($comment_srl);
+
+            return new Object();
+        }
+
+        /**
+         * @brief 특정 upload_target_srl(comment_srl)에 등록된 첨부파일을 연결하는 trigger
+         **/
+        function triggerCommentAttachFiles(&$obj) {
+            $comment_srl = $obj->comment_srl;
+            $uploaded_count = $obj->uploaded_count;
+            if(!$comment_srl || !$uploaded_count) return new Object();
+
+            $output = $this->setFilesValid($comment_srl);
+            if(!$output->toBool()) return $output;
+
+            return new Object();
+        }
+
+        /**
+         * @brief 특정 upload_target_srl(comment_srl)에 등록된 첨부파일을 삭제하는 trigger
+         **/
+        function triggerCommentDeleteAttached(&$obj) {
+            $comment_srl = $obj->comment_srl;
+            if(!$comment_srl) return new Object();
+
+            $output = $this->deleteFiles($comment_srl);
+            return $output;
+        }
+
+        /**
+         * @brief module 삭제시 해당 첨부파일 모두 삭제하는 trigger
+         **/
+        function triggerDeleteModuleFiles(&$obj) {
+            $module_srl = $obj->module_srl;
+            if(!$module_srl) return new Object();
+
+            $oFileController = &getAdminController('file');
+            return $oFileController->deleteModuleFiles($module_srl);
+        }
+
+        /**
+         * @brief 업로드 가능하다고 세팅
+         **/
+        function setUploadInfo($editor_sequence, $upload_target_srl=0) {
+            $_SESSION['upload_info'][$editor_sequence]->enabled = true;
+            $_SESSION['upload_info'][$editor_sequence]->upload_target_srl = $upload_target_srl;
+        }
+
+        /**
+         * @brief 특정 upload_target_srl의 첨부파일들의 상태를 유효로 변경
+         * 글이 등록될때 글에 첨부된 파일들의 상태를 유효상태로 변경함으로서 관리시 불필요 파일로 인식되지 않도록 함
+         **/
+        function setFilesValid($upload_target_srl) {
+            $args->upload_target_srl = $upload_target_srl;
+            return executeQuery('file.updateFileValid', $args);
+        }
+
+        /**
+         * @brief 첨부파일 추가
+         **/
+        function insertFile($file_info, $module_srl, $upload_target_srl, $download_count = 0, $manual_insert = false) {
+            // trigger 호출 (before)
+            $trigger_obj->module_srl = $module_srl;
+            $trigger_obj->upload_target_srl = $upload_target_srl;
+            $output = ModuleHandler::triggerCall('file.insertFile', 'before', $trigger_obj);
+            if(!$output->toBool()) return $output;
+			
+			// A workaround for Firefox upload bug
+			if (preg_match('/^=\?UTF-8\?B\?(.+)\?=$/i', $file_info['name'], $match)) {
+				$file_info['name'] = base64_decode(strtr($match[1], ':', '/'));
+			}
+
+            if(!$manual_insert) {
+                // 첨부파일 설정 가져옴
+                $logged_info = Context::get('logged_info');
+                if($logged_info->is_admin != 'Y') {
+                    $oFileModel = &getModel('file');
+                    $config = $oFileModel->getFileConfig($module_srl);
+                    $allowed_filesize = $config->allowed_filesize * 1024 * 1024;
+                    $allowed_attach_size = $config->allowed_attach_size * 1024 * 1024;
+
+                    // 한 파일당 허용 용량 초과시 오류 출력
+                    if($allowed_filesize < filesize($file_info['tmp_name'])) return new Object(-1, 'msg_exceeds_limit_size');
+
+
+                    // 해당 문서에 첨부된 모든 파일의 용량을 가져옴 (DB에서 가져옴)
+                    $size_args->upload_target_srl = $upload_target_srl;
+                    $output = executeQuery('file.getAttachedFileSize', $size_args);
+                    $attached_size = (int)$output->data->attached_size + filesize($file_info['tmp_name']);
+                    if($attached_size > $allowed_attach_size) return new Object(-1, 'msg_exceeds_limit_size');
+                }
+            }
+
+            // 이미지인지 기타 파일인지 체크하여 upload path 지정
+            if(preg_match("/\.(jpe?g|gif|png|wm[va]|mpe?g|avi|swf|flv|mp[1-4]|as[fx]|wav|midi?|moo?v|qt|r[am]{1,2}|m4v)$/i", $file_info['name'])) {
+                // direct 파일에 해킹을 의심할 수 있는 확장자가 포함되어 있으면 바로 삭제함
+                $file_info['name'] = preg_replace('/\.(php|phtm|html?|cgi|pl|exe|jsp|asp|inc)/i', '$0-x',$file_info['name']);
+                $file_info['name'] = str_replace(array('<','>'),array('%3C','%3E'),$file_info['name']);
+
+                $path = sprintf("./files/attach/images/%s/%s", $module_srl,getNumberingPath($upload_target_srl,3));
+
+				// special character to '_'
+				// change to md5 file name. because window php bug. window php is not recognize unicode character file name - by cherryfilter
+				$ext = substr(strrchr($file_info['name'],'.'),1);
+				//$_filename = preg_replace('/[#$&*?+%"\']/', '_', $file_info['name']);
+				$_filename = md5(crypt(rand(1000000,900000), rand(0,100))).'.'.$ext;
+                $filename  = $path.$_filename;
+                $idx = 1;
+                while(file_exists($filename)) {
+                    $filename = $path.preg_replace('/\.([a-z0-9]+)$/i','_'.$idx.'.$1',$_filename);
+                    $idx++;
+                }
+                $direct_download = 'Y';
+            } else {
+                $path = sprintf("./files/attach/binaries/%s/%s", $module_srl, getNumberingPath($upload_target_srl,3));
+                $filename = $path.md5(crypt(rand(1000000,900000), rand(0,100)));
+                $direct_download = 'N';
+            }
+
+            // 디렉토리 생성
+            if(!FileHandler::makeDir($path)) return new Object(-1,'msg_not_permitted_create');
+
+            // 파일 이동
+            if($manual_insert) {
+                @copy($file_info['tmp_name'], $filename);
+                if(!file_exists($filename)) {
+                    $filename = $path. md5(crypt(rand(1000000,900000).$file_info['name'])).'.'.$ext;
+                    @copy($file_info['tmp_name'], $filename);
+                }
+            } else {
+                if(!@move_uploaded_file($file_info['tmp_name'], $filename)) {
+                    $filename = $path. md5(crypt(rand(1000000,900000).$file_info['name'])).'.'.$ext;
+                    if(!@move_uploaded_file($file_info['tmp_name'], $filename))  return new Object(-1,'msg_file_upload_error');
+                }
+            }
+
+            // 사용자 정보를 구함
+            $oMemberModel = &getModel('member');
+            $member_srl = $oMemberModel->getLoggedMemberSrl();
+
+            // 파일 정보를 정리
+            $args->file_srl = getNextSequence();
+            $args->upload_target_srl = $upload_target_srl;
+            $args->module_srl = $module_srl;
+            $args->direct_download = $direct_download;
+            $args->source_filename = $file_info['name'];
+            $args->uploaded_filename = $filename;
+            $args->download_count = $download_count;
+            $args->file_size = @filesize($filename);
+            $args->comment = NULL;
+            $args->member_srl = $member_srl;
+            $args->sid = md5(rand(rand(1111111,4444444),rand(4444445,9999999)));
+
+            $output = executeQuery('file.insertFile', $args);
+            if(!$output->toBool()) return $output;
+
+            // trigger 호출 (after)
+            $trigger_output = ModuleHandler::triggerCall('file.insertFile', 'after', $args);
+            if(!$trigger_output->toBool()) return $trigger_output;
+
+
+			$_SESSION['__XE_UPLOADING_FILES_INFO__'][$args->file_srl] = true;
+
+            $output->add('file_srl', $args->file_srl);
+            $output->add('file_size', $args->file_size);
+            $output->add('sid', $args->sid);
+            $output->add('direct_download', $args->direct_download);
+            $output->add('source_filename', $args->source_filename);
+            $output->add('upload_target_srl', $upload_target_srl);
+            $output->add('uploaded_filename', $args->uploaded_filename);
+            return $output;
+        }
+
+        /**
+         * @brief 첨부파일 삭제
+         **/
+        function deleteFile($file_srl) {
+            if(!$file_srl) return;
+
+            $srls = explode(',',$file_srl);
+            if(!count($srls)) return;
+
+            for($i=0;$i<count($srls);$i++) {
+                $srl = (int)$srls[$i];
+                if(!$srl) continue;
+
+                $args = null;
+                $args->file_srl = $srl;
+                $output = executeQuery('file.getFile', $args);
+                if(!$output->toBool()) continue;
+
+                $file_info = $output->data;
+                if(!$file_info) continue;
+
+                $source_filename = $output->data->source_filename;
+                $uploaded_filename = $output->data->uploaded_filename;
+
+                // trigger 호출 (before)
+                $trigger_obj = $output->data;
+                $output = ModuleHandler::triggerCall('file.deleteFile', 'before', $trigger_obj);
+                if(!$output->toBool()) return $output;
+
+                // DB에서 삭제
+                $output = executeQuery('file.deleteFile', $args);
+                if(!$output->toBool()) return $output;
+
+                // trigger 호출 (after)
+                $trigger_output = ModuleHandler::triggerCall('file.deleteFile', 'after', $trigger_obj);
+                if(!$trigger_output->toBool()) return $trigger_output;
+
+                // 삭제 성공하면 파일 삭제
+                FileHandler::removeFile($uploaded_filename);
+            }
+
+            return $output;
+        }
+
+        /**
+         * @brief 특정 문서의 첨부파일을 모두 삭제
+         **/
+        function deleteFiles($upload_target_srl) {
+            // 첨부파일 목록을 받음
+            $oFileModel = &getModel('file');
+            $file_list = $oFileModel->getFiles($upload_target_srl);
+
+            // 첨부파일이 없으면 성공 return
+            if(!is_array($file_list)||!count($file_list)) return new Object();
+
+            // DB에서 삭제 
+            $args->upload_target_srl = $upload_target_srl;
+            $output = executeQuery('file.deleteFiles', $args);
+            if(!$output->toBool()) return $output;
+
+            // 실제 파일 삭제
+            $path = array();
+            $file_count = count($file_list);
+            for($i=0;$i<$file_count;$i++) {
+                $uploaded_filename = $file_list[$i]->uploaded_filename;
+                FileHandler::removeFile($uploaded_filename);
+                $module_srl = $file_list[$i]->module_srl;
+
+                $path_info = pathinfo($uploaded_filename);
+                if(!in_array($path_info['dirname'], $path)) $path[] = $path_info['dirname'];
+            }
+
+            // 해당 글의 첨부파일 디렉토리 삭제
+            for($i=0;$i<count($path);$i++) FileHandler::removeBlankDir($path[$i]);
+
+            return $output;
+        }
+
+        /**
+         * @brief 특정 글의 첨부파일을 다른 글로 이동
+         **/
+        function moveFile($source_srl, $target_module_srl, $target_srl) {
+            if($source_srl == $target_srl) return;
+
+            $oFileModel = &getModel('file');
+            $file_list = $oFileModel->getFiles($source_srl);
+            if(!$file_list) return;
+
+            $file_count = count($file_list);
+
+            for($i=0;$i<$file_count;$i++) {
+
+                unset($file_info);
+                $file_info = $file_list[$i];
+                $old_file = $file_info->uploaded_filename;
+
+                // 이미지인지 기타 파일인지 체크하여 이동할 위치 정함
+                if(preg_match("/\.(jpg|jpeg|gif|png|wmv|wma|mpg|mpeg|avi|swf|flv|mp1|mp2|mp3|mp4|asf|wav|asx|mid|midi|asf|mov|moov|qt|rm|ram|ra|rmm|m4v)$/i", $file_info->source_filename)) {
+                    $path = sprintf("./files/attach/images/%s/%s/", $target_module_srl,$target_srl);
+                    $new_file = $path.$file_info->source_filename;
+                } else {
+                    $path = sprintf("./files/attach/binaries/%s/%s/", $target_module_srl, $target_srl);
+                    $new_file = $path.md5(crypt(rand(1000000,900000), rand(0,100)));
+                }
+
+                // 이전 대상이 동일하면 그냥 패스
+                if($old_file == $new_file) continue;
+
+                // 디렉토리 생성
+                FileHandler::makeDir($path);
+
+                // 파일 이동
+                FileHandler::rename($old_file, $new_file);
+
+                // DB 정보도 수정
+                unset($args);
+                $args->file_srl = $file_info->file_srl;
+                $args->uploaded_filename = $new_file;
+                $args->module_srl = $file_info->module_srl;
+                $args->upload_target_srl = $target_srl;
+                executeQuery('file.updateFile', $args);
+            }
+        }
+
+        /**
+         * @brief upload_target_srl을 키로 하는 첨부파일을 찾아서 java script 코드로 return
+         **/
+        function printUploadedFileList($editor_sequence, $upload_target_srl) {
+            return;
+        }
+    }
+?>
+>>>>>>> .merge-right.r9269
diff --git a/modules/file/file.model.php b/modules/file/file.model.php
index df8de11c5..b7496d77e 100644
--- a/modules/file/file.model.php
+++ b/modules/file/file.model.php
@@ -1,3 +1,4 @@
+<<<<<<< .working
 <?php
     /**
      * @class  fileModel
@@ -221,3 +222,238 @@
         }
     }
 ?>
+=======
+<?php
+    /**
+     * @class  fileModel
+     * @author NHN (developers@xpressengine.com)
+     * @brief  file 모듈의 model 클래스
+     **/
+
+    class fileModel extends file {
+
+        /**
+         * @brief 초기화
+         **/
+        function init() {
+        }
+
+        /**
+         * @brief 특정 문서에 속한 첨부파일 목록을 return
+         * 문서 생성/ 수정시 ajax로 특정 upload_target_srl에 대해서 파일 목록을 요청받을 때 사용됨.
+         * upload_target_srl이 정해지지 않은 경우 서버측 session의 값으로 대체 시도
+         **/
+        function getFileList() {
+            $oModuleModel = &getModel('module');
+
+            $mid = Context::get('mid');
+            $editor_sequence = Context::get('editor_sequence');
+            $upload_target_srl = Context::get('upload_target_srl');
+            if(!$upload_target_srl) $upload_target_srl = $_SESSION['upload_info'][$editor_sequence]->upload_target_srl;
+
+            if($upload_target_srl) {
+                $tmp_files = $this->getFiles($upload_target_srl);
+                $file_count = count($tmp_files);
+
+                for($i=0;$i<$file_count;$i++) {
+                    $file_info = $tmp_files[$i];
+                    if(!$file_info->file_srl) continue;
+
+                    $obj = null;
+                    $obj->file_srl = $file_info->file_srl;
+                    $obj->source_filename = $file_info->source_filename;
+                    $obj->file_size = $file_info->file_size;
+                    $obj->disp_file_size = FileHandler::filesize($file_info->file_size);
+                    if($file_info->direct_download=='N') $obj->download_url = $this->getDownloadUrl($file_info->file_srl, $file_info->sid);
+                    else $obj->download_url = str_replace('./', '', $file_info->uploaded_filename);
+                    $obj->direct_download = $file_info->direct_download;
+                    $files[] = $obj;
+                    $attached_size += $file_info->file_size;
+                }
+            } else {
+                $upload_target_srl = 0;
+                $attached_size = 0;
+                $files = array();
+            }
+
+            // 업로드 상태 표시 작성
+            $upload_status = $this->getUploadStatus($attached_size);
+
+            // 남은 용량 체크
+            $config = $oModuleModel->getModuleInfoByMid($mid);
+            $file_config = $this->getUploadConfig();
+            $left_size = $file_config->allowed_attach_size*1024*1024 - $attached_size;
+
+            // 필요한 정보들 세팅
+            $this->add("files",$files);
+            $this->add("editor_sequence",$editor_sequence);
+            $this->add("upload_target_srl",$upload_target_srl);
+            $this->add("upload_status",$upload_status);
+            $this->add("left_size",$left_size);
+        }
+
+        /**
+         * @brief 특정 문서에 속한 첨부파일의 개수를 return
+         **/
+        function getFilesCount($upload_target_srl) {
+            $args->upload_target_srl = $upload_target_srl;
+            $output = executeQuery('file.getFilesCount', $args);
+            return (int)$output->data->count;
+        }
+
+        /**
+         * @brief 다운로드 경로를 구함
+         **/
+        function getDownloadUrl($file_srl, $sid) {
+            return sprintf('?module=%s&amp;act=%s&amp;file_srl=%s&amp;sid=%s', 'file', 'procFileDownload', $file_srl, $sid);
+        }
+
+        /**
+         * @brief 파일 설정 정보를 구함
+         **/
+        function getFileConfig($module_srl = null) {
+            // 설정 정보를 받아옴 (module model 객체를 이용)
+            $oModuleModel = &getModel('module');
+
+            $file_module_config = $oModuleModel->getModuleConfig('file');
+
+            if($module_srl) $file_config = $oModuleModel->getModulePartConfig('file',$module_srl);
+            if(!$file_config) $file_config = $file_module_config;
+
+            if($file_config) {
+                $config->allowed_filesize = $file_config->allowed_filesize;
+                $config->allowed_attach_size = $file_config->allowed_attach_size;
+                $config->allowed_filetypes = $file_config->allowed_filetypes;
+                $config->download_grant = $file_config->download_grant;
+                $config->allow_outlink = $file_config->allow_outlink;
+                $config->allow_outlink_site = $file_config->allow_outlink_site;
+                $config->allow_outlink_format = $file_config->allow_outlink_format;
+            }
+
+            // 전체 파일첨부 속성을 먼저 따른다
+            if(!$config->allowed_filesize) $config->allowed_filesize = $file_module_config->allowed_filesize;
+            if(!$config->allowed_attach_size) $config->allowed_attach_size = $file_module_config->allowed_attach_size;
+            if(!$config->allowed_filetypes) $config->allowed_filetypes = $file_module_config->allowed_filetypes;
+            if(!$config->allow_outlink) $config->allow_outlink = $file_module_config->allow_outlink;
+            if(!$config->allow_outlink_site) $config->allow_outlink_site = $file_module_config->allow_outlink_site;
+            if(!$config->allow_outlink_format) $config->allow_outlink_format = $file_module_config->allow_outlink_format;
+            if(!$config->download_grant) $config->download_grant = $file_module_config->download_grant;
+
+            // 그래도 없으면 default로 
+            if(!$config->allowed_filesize) $config->allowed_filesize = '2';
+            if(!$config->allowed_attach_size) $config->allowed_attach_size = '3';
+            if(!$config->allowed_filetypes) $config->allowed_filetypes = '*.*';
+            if(!$config->allow_outlink) $config->allow_outlink = 'Y';
+            if(!$config->download_grant) $config->download_grant = array();
+
+            return $config;
+        }
+
+        /**
+         * @brief 파일 정보를 구함
+         **/
+        function getFile($file_srl) {
+            $args->file_srl = $file_srl;
+            $output = executeQuery('file.getFile', $args);
+            if(!$output->toBool()) return $output;
+
+            $file = $output->data;
+            $file->download_url = $this->getDownloadUrl($file->file_srl, $file->sid);
+
+            return $file;
+        }
+
+        /**
+         * @brief 특정 문서에 속한 파일을 모두 return
+         **/
+        function getFiles($upload_target_srl) {
+            $args->upload_target_srl = $upload_target_srl;
+            $args->sort_index = 'file_srl';
+            $output = executeQuery('file.getFiles', $args);
+            if(!$output->data) return;
+
+            $file_list = $output->data;
+
+            if($file_list && !is_array($file_list)) $file_list = array($file_list);
+
+            $file_count = count($file_list);
+            for($i=0;$i<$file_count;$i++) {
+                $file = $file_list[$i];
+                $file->source_filename = stripslashes($file->source_filename);
+                $file->download_url = $this->getDownloadUrl($file->file_srl, $file->sid);
+                $file_list[$i] = $file;
+            }
+
+            return $file_list;
+        }
+
+        /**
+         * @brief 첨부파일에 대한 설정을 return (관리자/비관리자 자동 구분)
+         **/
+        function getUploadConfig() {
+            $logged_info = Context::get('logged_info');
+            if($logged_info->is_admin == 'Y') {
+                $file_config->allowed_filesize = preg_replace("/[a-z]/is","",ini_get('upload_max_filesize'));
+                $file_config->allowed_attach_size = preg_replace("/[a-z]/is","",ini_get('upload_max_filesize'));
+                $file_config->allowed_filetypes = '*.*';
+            } else {
+                $module_srl = Context::get('module_srl');
+                // module_srl이 없으면 현재 모듈
+                if(!$module_srl) {
+                    $current_module_info = Context::get('current_module_info');
+                    $module_srl = $current_module_info->module_srl;
+                }
+                $file_config = $this->getFileConfig($module_srl);
+            }
+            return $file_config;
+        }
+
+        /**
+         * @brief 파일 업로드를 위한 관리자/비관리자에 따른 안내문구 return
+         **/
+        function getUploadStatus($attached_size = 0) {
+            $file_config = $this->getUploadConfig();
+
+            // 업로드 상태 표시 작성
+            $upload_status = sprintf(
+                    '%s : %s/ %s<br /> %s : %s (%s : %s)',
+                    Context::getLang('allowed_attach_size'),
+                    FileHandler::filesize($attached_size),
+                    FileHandler::filesize($file_config->allowed_attach_size*1024*1024),
+                    Context::getLang('allowed_filesize'),
+                    FileHandler::filesize($file_config->allowed_filesize*1024*1024),
+                    Context::getLang('allowed_filetypes'),
+                    $file_config->allowed_filetypes
+                );
+            return $upload_status;
+        }
+
+        /**
+         * @brief 특정 모듈의 file 설정을 return
+         **/
+        function getFileModuleConfig($module_srl) {
+            return $this->getFileConfig($module_srl);
+        }
+
+		function getFileGrant($file_info, $member_info){
+			if (!$file_info) return null;
+
+			if ($_SESSION['__XE_UPLOADING_FILES_INFO__'][$file_info->file_srl]) {
+				$file_grant->is_deletable = true;
+				return $file_grant;
+			}
+
+			$oModuleModel = &getModel('module');
+			$grant = $oModuleModel->getGrant($oModuleModel->getModuleInfoByModuleSrl($file_info->module_srl), $member_info);
+
+			$oDocumentModel = &getModel('document');
+			$oDocument = $oDocumentModel->getDocument($file_info->upload_target_srl);
+			if ($oDocument->isExists()) $document_grant = $oDocument->isGranted(); 
+			
+			$file_grant->is_deletable = ($document_grant || $member_info->is_admin == 'Y' || $member_info->member_srl == $file_info->member_srl || $grant->manager);
+			
+			return $file_grant;
+		}
+    }
+?>
+>>>>>>> .merge-right.r9269
diff --git a/modules/integration_search/integration_search.admin.view.php b/modules/integration_search/integration_search.admin.view.php
index 87eb4f8b4..e6a95c562 100644
--- a/modules/integration_search/integration_search.admin.view.php
+++ b/modules/integration_search/integration_search.admin.view.php
@@ -20,7 +20,7 @@
             $oModuleModel = &getModel('module');
             $this->config = $oModuleModel->getModuleConfig('integration_search');
             Context::set('config',$this->config);
-
+			
             $this->setTemplatePath($this->module_path."/tpl/");
         }
 
@@ -50,6 +50,9 @@
 
             Context::set('mid_list',$module_categories);*/
 
+			$security = new Security();
+			$security->encodeHTML('skin_list..title');
+
             // Sample Code
             Context::set('sample_code', htmlspecialchars('<form action="{getUrl()}" method="get"><input type="hidden" name="vid" value="{$vid}" /><input type="hidden" name="mid" value="{$mid}" /><input type="hidden" name="act" value="IS" /><input type="text" name="is_keyword" class="inputTypeText" value="{$is_keyword}" /><span class="button"><input type="submit" value="{$lang->cmd_search}" /></span></form>') );
 
@@ -74,8 +77,11 @@
                 }
             }
             Context::set('skin_info', $skin_info);
-            Context::set('skin_vars', $skin_vars);
-
+            Context::set('skin_vars', $skin_vars); //maybe not used
+			
+			$security = new Security();
+			$security->encodeHTML('skin_info...');			
+			
             $this->setTemplateFile("skin_info");
         }
     }
diff --git a/modules/integration_search/tpl/skin_info.html b/modules/integration_search/tpl/skin_info.html
index 541821231..29dd215d0 100644
--- a/modules/integration_search/tpl/skin_info.html
+++ b/modules/integration_search/tpl/skin_info.html
@@ -82,10 +82,10 @@
         <td class="wide">
             <!--@if($val->type=="text")-->
                 <!--@if(!$val->value)-->{@ $val->value = $val->default}<!--@endif-->
-                <input type="text" name="{$val->name}" value="{htmlspecialchars($val->value)}" class="inputTypeText w400" />
+                <input type="text" name="{$val->name}" value="{$val->value}" class="inputTypeText w400" />
 
             <!--@elseif($val->type=="textarea")-->
-                <textarea name="{$val->name}" class="inputTypeTextArea w400">{htmlspecialchars($val->value)}</textarea>
+                <textarea name="{$val->name}" class="inputTypeTextArea w400">{$val->value}</textarea>
 
             <!--@elseif($val->type=="select")-->
                 <select name="{$val->name}">
diff --git a/modules/layout/layout.admin.view.php b/modules/layout/layout.admin.view.php
index 556d6f7f5..616b13510 100644
--- a/modules/layout/layout.admin.view.php
+++ b/modules/layout/layout.admin.view.php
@@ -23,6 +23,10 @@
 			$layout_list = $oLayoutModel->getDownloadedLayoutList('P', true);
 			$layout_list[] = $oLayoutModel->getLayoutInfo('faceoff', null, 'P');
 			Context::set('type', 'P');
+			
+			//Security
+			$security = new Security();
+			$security->encodeHTML('layout_list..layout','layout_list..title');						
 
 			$pcLayoutCount = $oLayoutModel->getInstalledLayoutCount('P');
 			$mobileLayoutCount = $oLayoutModel->getInstalledLayoutCount('M');
@@ -32,7 +36,11 @@
 
 			$security = new Security($layout_list);
 			$layout_list = $security->encodeHTML('..', '..author..');
-
+			
+			//Security
+			$security = new Security();
+			$security->encodeHTML('layout_list..layout','layout_list..title');						
+			
 			foreach($layout_list as $no => $layout_info)
 			{
 				$layout_list[$no]->description = nl2br(trim($layout_info->description));
@@ -100,6 +108,10 @@
 			$oModel = &getModel('layout');
 			$type = Context::get('type');
 			if (!in_array($type, array('P', 'M'))) $type = 'P';
+			
+			//Security
+			$security = new Security();
+			$security->encodeHTML('layout_list..layout','layout_list..title');						
 
 			// Get layout info
 			$layout = Context::get('layout');
@@ -247,7 +259,12 @@
 			$security = new Security($layout_info);
 			$layout_info = $security->encodeHTML('.', '.author..');
 			Context::set('selected_layout', $layout_info);
-
+			
+			//Security
+			$security = new Security();
+			$security->encodeHTML('layout_list..');	
+			$security->encodeHTML('layout_list..author..');	
+			
 			$security = new Security();
 			$security->encodeHTML('layout_code_css', 'layout_code', 'widget_list..title');
         }
@@ -315,7 +332,13 @@
             $layout_info = $oLayoutModel->getLayoutInfo(Context::get('selected_layout'));
             Context::set('layout_info', $layout_info);
             // Set the layout to be pop-up
-            $this->setLayoutFile('popup_layout');
+            $this->setLayoutFile('popup_layout');			
+			
+			$security = new Security();
+			$security->encodeHTML('layout_list..');	
+			$security->encodeHTML('layout_list..author..');				
+			$security->encodeHTML('layout_list..history..');
+			$security->encodeHTML('layout_list..history..author..');				
             // Set a template file
             $this->setTemplateFile('layout_detail_info');
         }
diff --git a/modules/layout/tpl/index.html b/modules/layout/tpl/index.html
index 711d95c21..5e5ddbfb9 100644
--- a/modules/layout/tpl/index.html
+++ b/modules/layout/tpl/index.html
@@ -28,7 +28,7 @@
             (module) 
             <!--@end-->
         </td>
-        <td class="wide">{htmlspecialchars($val->title)}</td>
+        <td class="wide">{$val->title}</td>
         <td class="nowrap">{zdate($val->regdate,"Y-m-d")}</td>
         <td>
             <!--@if(!$val->module_srl)-->
diff --git a/modules/layout/tpl/mindex.html b/modules/layout/tpl/mindex.html
index fe2d64b86..71adb11a0 100644
--- a/modules/layout/tpl/mindex.html
+++ b/modules/layout/tpl/mindex.html
@@ -28,7 +28,7 @@
             (module) 
             <!--@end-->
         </td>
-        <td class="wide">{htmlspecialchars($val->title)}</td>
+        <td class="wide">{$val->title}</td>
         <td class="nowrap">{zdate($val->regdate,"Y-m-d")}</td>
         <td>
             <!--@if(!$val->module_srl)-->
diff --git a/modules/member/conf/module.xml b/modules/member/conf/module.xml
index bed4279ca..5068807dc 100644
--- a/modules/member/conf/module.xml
+++ b/modules/member/conf/module.xml
@@ -88,7 +88,7 @@
 	<menus>
 		<menu name="userList">
 			<title xml:lang="en">Member List</title>
-			<title xml:lang="ko">회원 목록</title>
+			<title xml:lang="ko">ȸ�� ���</title>
 			<title xml:lang="zh-CN">Member List</title>
 			<title xml:lang="jp">Member List</title>
 			<title xml:lang="es">Member List</title>
@@ -101,7 +101,7 @@
 		</menu>
 		<menu name="userGroup">
 			<title xml:lang="en">Member Group</title>
-			<title xml:lang="ko">회원 그룹</title>
+			<title xml:lang="ko">ȸ�� �׷�</title>
 			<title xml:lang="zh-CN">Member Group</title>
 			<title xml:lang="jp">Member Group</title>
 			<title xml:lang="es">Member Group</title>
@@ -114,7 +114,7 @@
 		</menu>
 		<menu name="userSetting">
 			<title xml:lang="en">Member Setting</title>
-			<title xml:lang="ko">회원 설정</title>
+			<title xml:lang="ko">ȸ�� ����</title>
 			<title xml:lang="zh-CN">Member Setting</title>
 			<title xml:lang="jp">Member Setting</title>
 			<title xml:lang="es">Member Setting</title>
diff --git a/modules/member/member.admin.controller.php b/modules/member/member.admin.controller.php
index d7dd291bd..14904b8f0 100644
--- a/modules/member/member.admin.controller.php
+++ b/modules/member/member.admin.controller.php
@@ -674,6 +674,7 @@
 			
 			if (!$args->group_srl) $args->group_srl = getNextSequence();
 
+			if (!$args->group_srl) $args->group_srl = getNextSequence();
             return executeQuery('member.insertGroup', $args);
         }
 
diff --git a/modules/member/member.admin.model.php b/modules/member/member.admin.model.php
index 35e307f78..12a30764a 100644
--- a/modules/member/member.admin.model.php
+++ b/modules/member/member.admin.model.php
@@ -1,3 +1,4 @@
+<<<<<<< .working
 <?php
     /**
      * @class  memberAdminModel
@@ -207,3 +208,147 @@
 		}
     }
 ?>
+=======
+<?php
+    /**
+     * @class  memberAdminModel
+     * @author NHN (developers@xpressengine.com)
+     * @brief  member module의 admin model class
+     **/
+
+    class memberAdminModel extends member {
+
+        /**
+         * @brief 자주 호출될거라 예상되는 데이터는 내부적으로 가지고 있자...
+         **/
+        var $member_info = NULL;
+        var $member_groups = NULL;
+        var $join_form_list = NULL;
+
+        /**
+         * @brief 초기화
+         **/
+        function init() {
+        }
+
+        /**
+         * @brief 회원 목록을 구함
+         **/
+        function getMemberList() {
+            // 검색 옵션 정리
+            $args->is_admin = Context::get('is_admin')=='Y'?'Y':'';
+            $args->is_denied = Context::get('is_denied')=='Y'?'Y':'';
+            $args->selected_group_srl = Context::get('selected_group_srl');
+
+            $search_target = trim(Context::get('search_target'));
+            $search_keyword = trim(Context::get('search_keyword'));
+
+            if($search_target && $search_keyword) {
+                switch($search_target) {
+                    case 'user_id' :
+                            if($search_keyword) $search_keyword = str_replace(' ','%',$search_keyword);
+                            $args->s_user_id = $search_keyword;
+                        break;
+                    case 'user_name' :
+                            if($search_keyword) $search_keyword = str_replace(' ','%',$search_keyword);
+                            $args->s_user_name = $search_keyword;
+                        break;
+                    case 'nick_name' :
+                            if($search_keyword) $search_keyword = str_replace(' ','%',$search_keyword);
+                            $args->s_nick_name = $search_keyword;
+							$args->html_nick_name = htmlspecialchars($search_keyword);
+                        break;
+                    case 'email_address' :
+                            if($search_keyword) $search_keyword = str_replace(' ','%',$search_keyword);
+                            $args->s_email_address = $search_keyword;
+                        break;
+                    case 'regdate' :
+                            $args->s_regdate = preg_replace("/[^0-9]/","",$search_keyword);
+                        break;
+                    case 'regdate_more' :
+                            $args->s_regdate_more = substr(preg_replace("/[^0-9]/","",$search_keyword) . '00000000000000',0,14);
+                        break;
+                    case 'regdate_less' :
+                            $args->s_regdate_less = substr(preg_replace("/[^0-9]/","",$search_keyword) . '00000000000000',0,14);
+                        break;
+                    case 'last_login' :
+                            $args->s_last_login = $search_keyword;
+                        break;
+                    case 'last_login_more' :
+                            $args->s_last_login_more = substr(preg_replace("/[^0-9]/","",$search_keyword) . '00000000000000',0,14);
+                        break;
+                    case 'last_login_less' :
+                            $args->s_last_login_less = substr(preg_replace("/[^0-9]/","",$search_keyword) . '00000000000000',0,14);
+                        break;
+                    case 'extra_vars' :
+                            $args->s_extra_vars = ereg_replace("[^0-9]","",$search_keyword);
+                        break;
+                }
+            }
+
+            // selected_group_srl이 있으면 query id를 변경 (table join때문에)
+            $sort_order = Context::get('sort_order');
+            $sort_index = Context::get('sort_index');
+            if($sort_index != 'last_login') {
+                $sort_index = "list_order";
+            }else{
+                $sort_order = 'desc';
+            }
+            if($args->selected_group_srl) {
+                $query_id = 'member.getMemberListWithinGroup';
+                $args->sort_index = "member.".$sort_index;
+            } else {
+                $query_id = 'member.getMemberList';
+                $args->sort_index = $sort_index; 
+            }
+            if($sort_order != "desc") $sort_order = "asc";
+            $args->sort_order = $sort_order;
+            Context::set('sort_order', $sort_order);
+
+            // 기타 변수들 정리
+            $args->page = Context::get('page');
+            $args->list_count = 40;
+            $args->page_count = 10;
+            $output = executeQuery($query_id, $args);
+            return $output;
+        }
+
+        /**
+         * @brief 사이트별 회원 목록을 구함
+         **/
+        function getSiteMemberList($site_srl, $page = 1) {
+            $args->site_srl = $site_srl;
+            $args->page = $page;
+            $args->list_count = 40;
+            $args->page_count = 10;
+            $query_id = 'member.getSiteMemberList';
+            $output = executeQueryArray($query_id, $args);
+            return $output;
+        }
+
+        /**
+         * @brief 회원 모듈의 특정 스킨에 속한 컬러셋 목록을 return
+         **/
+        function getMemberAdminColorset() {
+            $skin = Context::get('skin');
+            if(!$skin) $tpl = "";
+            else {
+                $oModuleModel = &getModel('module');
+                $skin_info = $oModuleModel->loadSkinInfo($this->module_path, $skin);
+                Context::set('skin_info', $skin_info);
+
+                $oModuleModel = &getModel('module');
+                $config = $oModuleModel->getModuleConfig('member');
+                if(!$config->colorset) $config->colorset = "white";
+                Context::set('config', $config);
+
+                $oTemplate = &TemplateHandler::getInstance();
+                $tpl = $oTemplate->compile($this->module_path.'tpl', 'colorset_list');
+            }
+
+            $this->add('tpl', $tpl);
+        }
+
+    }
+?>
+>>>>>>> .merge-right.r9269
diff --git a/modules/member/member.admin.view.php b/modules/member/member.admin.view.php
index a5fb6b271..389eea016 100644
--- a/modules/member/member.admin.view.php
+++ b/modules/member/member.admin.view.php
@@ -1,4 +1,4 @@
-<?php
+<?php	
     /**
      * @class  memberAdminView
      * @author NHN (developers@xpressengine.com)
@@ -7,90 +7,59 @@
 
     class memberAdminView extends member {
 
-        var $group_list = NULL; ///< group list
-        var $memberInfo = NULL; ///< selected member info
-
+        var $group_list = NULL; ///< group list        var $memberInfo = NULL; ///< selected member info
         /**
-         * @brief initialization
-         **/
+         * @brief initialization         **/
         function init() {
             $oMemberModel = &getModel('member');
 
-            // if member_srl exists, set memberInfo
-            $member_srl = Context::get('member_srl');
+            // if member_srl exists, set memberInfo            $member_srl = Context::get('member_srl');
             if($member_srl) {
-                $this->memberInfo = $oMemberModel->getMemberInfoByMemberSrl($member_srl);
-                if(!$this->memberInfo) Context::set('member_srl','');
-                else Context::set('member_info',$this->memberInfo);
-            }
+                $this->memberInfo = $oMemberModel->getMemberInfoByMemberSrl($member_srl);                if(!$this->memberInfo) Context::set('member_srl','');                else Context::set('member_info',$this->memberInfo);            }
 
-            // retrieve group list
-            $this->group_list = $oMemberModel->getGroups();
+            // retrieve group list            $this->group_list = $oMemberModel->getGroups();
             Context::set('group_list', $this->group_list);
 
+			$security = new Security();						
+			$security->encodeHTML('group_list..');
+			
             $this->setTemplatePath($this->module_path.'tpl');
         }
 
         /**
-         * @brief display member list
-         **/
+         * @brief display member list         **/
         function dispMemberAdminList() {
             $oMemberAdminModel = &getAdminModel('member');
             $oMemberModel = &getModel('member');
             $output = $oMemberAdminModel->getMemberList();
 
-			$filter = Context::get('filter_type');
-			global $lang;
-			switch($filter){
-				case 'super_admin' : Context::set('filter_type_title', $lang->cmd_show_super_admin_member);break;
-				case 'site_admin' : Context::set('filter_type_title', $lang->cmd_show_site_admin_member);break;
-				case 'enable' :  Context::set('filter_type_title', $lang->approval);break;
-				case 'disable' : Context::set('filter_type_title', $lang->denied);break;
-				default : Context::set('filter_type_title', $lang->cmd_show_all_member);break;
-			}
-
-            // retrieve list of groups for each member
+			$filter = Context::get('filter_type');			global $lang;			switch($filter){				case 'super_admin' : Context::set('filter_type_title', $lang->cmd_show_super_admin_member);break;				case 'site_admin' : Context::set('filter_type_title', $lang->cmd_show_site_admin_member);break;				case 'enable' :  Context::set('filter_type_title', $lang->approval);break;				case 'disable' : Context::set('filter_type_title', $lang->denied);break;				default : Context::set('filter_type_title', $lang->cmd_show_all_member);break;			}            // retrieve list of groups for each member
             if($output->data) {
                 foreach($output->data as $key => $member) {
                     $output->data[$key]->group_list = $oMemberModel->getMemberGroups($member->member_srl,0);
                 }
             }
-
-			$config = $oMemberModel->getMemberConfig();
-			$memberIdentifiers = array('user_id'=>'user_id', 'user_name'=>'user_name', 'nick_name'=>'nick_name');
-			$usedIdentifiers = array();
-			foreach($config->signupForm as $signupItem){
-				if (!count($memberIdentifiers)) break;
-				if(in_array($signupItem->name, $memberIdentifiers) && ($signupItem->required || $signupItem->isUse)){
-					unset($memberIdentifiers[$signupItem->name]);
-					$usedIdentifiers[$signupItem->name] = $lang->{$signupItem->name};
-				}
-			}
-
-            Context::set('total_count', $output->total_count);
+			$config = $oMemberModel->getMemberConfig();			$memberIdentifiers = array('user_id'=>'user_id', 'user_name'=>'user_name', 'nick_name'=>'nick_name');			$usedIdentifiers = array();			foreach($config->signupForm as $signupItem){				if (!count($memberIdentifiers)) break;				if(in_array($signupItem->name, $memberIdentifiers) && ($signupItem->required || $signupItem->isUse)){					unset($memberIdentifiers[$signupItem->name]);					$usedIdentifiers[$signupItem->name] = $lang->{$signupItem->name};				}			}            Context::set('total_count', $output->total_count);
             Context::set('total_page', $output->total_page);
             Context::set('page', $output->page);
             Context::set('member_list', $output->data);
-            Context::set('usedIdentifiers', $usedIdentifiers);
-            Context::set('page_navigation', $output->page_navigation);
-
-            $this->setTemplateFile('member_list');
+            Context::set('usedIdentifiers', $usedIdentifiers);            Context::set('page_navigation', $output->page_navigation);
+			
+			$security = new Security();			
+			$security->encodeHTML('member_list..user_name','member_list..group_list..');
+			
+			$this->setTemplateFile('member_list');
         }
 
         /**
          * @brief default configuration for member management
          **/
         function dispMemberAdminConfig() {
-			global $lang;
-            // retrieve configuration via module model instance
+			global $lang;            // retrieve configuration via module model instance
             $oModuleModel = &getModel('module');
             $oMemberModel = &getModel('member');
             $config = $oMemberModel->getMemberConfig();
-
-            // Get join form list which is additionally set
-            $extendItems = $oMemberModel->getJoinFormList();
-
-            Context::set('config',$config);
+            // Get join form list which is additionally set            $extendItems = $oMemberModel->getJoinFormList();            Context::set('config',$config);
 
             // list of skins for member module
             $skin_list = $oModuleModel->getSkins($this->module_path);
@@ -116,6 +85,9 @@
             $denied_list = $oMemberModel->getDeniedIDs();
 			Context::set('deniedIDs', $denied_list);
 
+			$security = new Security();
+			$security->encodeHTML('config..');
+
             $this->setTemplateFile('member_config');
         }
 
@@ -127,14 +99,12 @@
             $oModuleModel = &getModel('module');
             $member_config = $oModuleModel->getModuleConfig('member');
             Context::set('member_config', $member_config);
-			$extendForm = $oMemberModel->getCombineJoinForm($this->memberInfo);
-            Context::set('extend_form_list', $extendForm);
-
-			$memberInfo = get_object_vars(Context::get('member_info'));
-			Context::set('memberInfo', $memberInfo);
-
-			$disableColumns = array('password', 'find_account_question');
-			Context::set('disableColumns', $disableColumns);
+			$extendForm = $oMemberModel->getCombineJoinForm($this->memberInfo);            Context::set('extend_form_list', $extendForm);			$memberInfo = get_object_vars(Context::get('member_info'));			Context::set('memberInfo', $memberInfo);			$disableColumns = array('password', 'find_account_question');			Context::set('disableColumns', $disableColumns);			
+			$security = new Security();
+			$security->encodeHTML('member_config..');
+			$security->encodeHTML('member_info.user_name','member_info.description','member_info.group_list..');			
+			$security->encodeHTML('extend_form_list...');
+			
             $this->setTemplateFile('member_info');
         }
 
@@ -145,13 +115,9 @@
             // retrieve extend form
             $oMemberModel = &getModel('member');
 
-            $memberInfo = Context::get('member_info');
-            $memberInfo->signature = $oMemberModel->getSignature($this->memberInfo->member_srl);
-            Context::set('member_info', $memberInfo);
-
+            $memberInfo = Context::get('member_info');            $memberInfo->signature = $oMemberModel->getSignature($this->memberInfo->member_srl);            Context::set('member_info', $memberInfo);
             // get an editor for the signature
-            if($memberInfo->member_srl) {
-                $oEditorModel = &getModel('editor');
+            if($memberInfo->member_srl) {                $oEditorModel = &getModel('editor');
                 $option->primary_key_name = 'member_srl';
                 $option->content_key_name = 'signature';
                 $option->allow_fileupload = false;
@@ -160,21 +126,14 @@
                 $option->enable_component = false;
                 $option->resizable = false;
                 $option->height = 200;
-                $editor = $oEditorModel->getEditor($this->memberInfo->member_srl, $option);
-                Context::set('editor', $editor);
+                $editor = $oEditorModel->getEditor($this->memberInfo->member_srl, $option);                Context::set('editor', $editor);
             }
-
-			$formTags = $this->_getMemberInputTag($memberInfo);
-			Context::set('formTags', $formTags);
-
-			$member_config = $oMemberModel->getMemberConfig();
-			global $lang;
-			if (!$member_config->identifier) $member_config->identifier = 'user_id';
-			$identifierForm->title = $lang->{$member_config->identifier};
-			$identifierForm->name = $member_config->identifier;
-			$identifierForm->value = $memberInfo->{$member_config->identifier};
-			Context::set('identifierForm', $identifierForm);
-            $this->setTemplateFile('insert_member');
+			
+			$security = new Security();				
+			$security->encodeHTML('extend_form_list..');
+			$security->encodeHTML('extend_form_list..default_value.');			
+			
+			$formTags = $this->_getMemberInputTag($memberInfo);			Context::set('formTags', $formTags);			$member_config = $oMemberModel->getMemberConfig();			global $lang;			if (!$member_config->identifier) $member_config->identifier = 'user_id';			$identifierForm->title = $lang->{$member_config->identifier};			$identifierForm->name = $member_config->identifier;			$identifierForm->value = $memberInfo->{$member_config->identifier};			Context::set('identifierForm', $identifierForm);            $this->setTemplateFile('insert_member');
         }
 
 		function _getMemberInputTag($memberInfo){
@@ -355,7 +314,7 @@ EOD;
             $this->setTemplateFile('delete_form');
         }
 
-        /**
+        /** ->group_update_form
          * @brief display group list
          **/
         function dispMemberAdminGroupList() {
@@ -365,91 +324,87 @@ EOD;
             Context::set('config', $config);
 
             $group_srl = Context::get('group_srl');
-
+			
             if($group_srl && $this->group_list[$group_srl]) {
                 Context::set('selected_group', $this->group_list[$group_srl]);
-                $this->setTemplateFile('group_update_form');
+				$this->setTemplateFile('group_update_form');
             } else {
                 $this->setTemplateFile('group_list');
-            }
+            }			
+			$output = $oModuleModel->getModuleFileBoxList();			Context::set('fileBoxList', $output->data);        }
 
-			$output = $oModuleModel->getModuleFileBoxList();
-			Context::set('fileBoxList', $output->data);
-        }
-
-        /**
-         * @brief Display a list of member join form
-         **/
+        /** O
+         * @brief Display a list of member join form         **/
         function dispMemberAdminJoinFormList() {
-            // Create a member model object
-            $oMemberModel = &getModel('member');
-            // Get join form list which is additionally set
-            $form_list = $oMemberModel->getJoinFormList();
+            // Create a member model object            $oMemberModel = &getModel('member');
+            // Get join form list which is additionally set            $form_list = $oMemberModel->getJoinFormList();
             Context::set('form_list', $form_list);
-
+			$security = new Security($form_list);						
+			$security->encodeHTML('form_list..');
+			
             $this->setTemplateFile('join_form_list');
         }
 
-        /**
-         * @brief Display an admin page for memebr join forms
-         **/
+        /** O h, ck
+         * @brief Display an admin page for memebr join forms         **/
         function dispMemberAdminInsertJoinForm() {
-            // Get the value of join_form
-            $member_join_form_srl = Context::get('member_join_form_srl');
+            // Get the value of join_form            $member_join_form_srl = Context::get('member_join_form_srl');
             if($member_join_form_srl) {
                 $oMemberModel = &getModel('member');
                 $join_form = $oMemberModel->getJoinForm($member_join_form_srl);
 
                 if(!$join_form) Context::set('member_join_form_srl','',true);
-                else Context::set('join_form', $join_form);
+                else {
+					Context::set('join_form', $join_form);
+					$security = new Security();
+					$security->encodeHTML('join_form..');
+				}
+				
             }
             $this->setTemplateFile('insert_join_form');
         }
 
-        /**
-         * @brief Display denied ID list
-         **/
+        /** O
+         * @brief Display denied ID list         **/
         function dispMemberAdminDeniedIDList() {
-            // Create a member model object
-            $oMemberModel = &getModel('member');
-            // Get a denied ID list
-            $output = $oMemberModel->getDeniedIDList();
+            // Create a member model object            $oMemberModel = &getModel('member');
+            // Get a denied ID list            $output = $oMemberModel->getDeniedIDList();
 
             Context::set('total_count', $output->total_count);
             Context::set('total_page', $output->total_page);
             Context::set('page', $output->page);
             Context::set('member_list', $output->data);
             Context::set('page_navigation', $output->page_navigation);
-
+			
+			$security = new Security();
+			$security->encodeHTML('member_list..');			
             $this->setTemplateFile('denied_id_list');
         }
 
         /**
-         * @brief Update all the member groups
-         **/
+         * @brief Update all the member groups         **/
         function dispMemberAdminManageGroup() {
-            // Get a list of the selected member
-            $args->member_srl = trim(Context::get('member_srls'));
+            // Get a list of the selected member            $args->member_srl = trim(Context::get('member_srls'));
             $output = executeQueryArray('member.getMembers', $args);
             Context::set('member_list', $output->data);
-            // Get a list of the selected member
-            $oMemberModel = &getModel('member');
+            // Get a list of the selected member            $oMemberModel = &getModel('member');
             Context::set('member_groups', $oMemberModel->getGroups());
-
+			
+			$security = new Security();
+			$security->encodeHTML('member_list..');	
+			
             $this->setLayoutFile('popup_layout');
             $this->setTemplateFile('manage_member_group');
         }
 
         /**
-         * @brief Delete all members
-         **/
+         * @brief Delete all members         **/
         function dispMemberAdminDeleteMembers() {
-            // Get a list of the selected member
-            $args->member_srl = trim(Context::get('member_srls'));
+            // Get a list of the selected member            $args->member_srl = trim(Context::get('member_srls'));
             $output = executeQueryArray('member.getMembers', $args);
             Context::set('member_list', $output->data);
 
-            $this->setLayoutFile('popup_layout');
+			$this->setLayoutFile('popup_layout');
             $this->setTemplateFile('delete_members');
         }
     }
diff --git a/modules/member/member.controller.php b/modules/member/member.controller.php
index 9fb04f87d..babb0683c 100644
--- a/modules/member/member.controller.php
+++ b/modules/member/member.controller.php
@@ -1,3 +1,4 @@
+<<<<<<< .working
 <?php
     /**
      * @class  memberController
@@ -1877,3 +1878,1948 @@
         }
     }
 ?>
+=======
+<?php
+    /**
+     * @class  memberController
+     * @author NHN (developers@xpressengine.com)
+     * @brief  member module의 Controller class
+     **/
+
+    class memberController extends member {
+
+        /**
+         * @brief 초기화
+         **/
+        function init() {
+        }
+
+        /**
+         * @brief user_id, password를 체크하여 로그인 시킴
+         **/
+        function procMemberLogin($user_id = null, $password = null, $keep_signed = null) {
+            // 변수 정리
+            if(!$user_id) $user_id = Context::get('user_id');
+            $user_id = trim($user_id);
+
+            if(!$password) $password = Context::get('password');
+            $password = trim($password);
+
+            if(!$keep_signed) $keep_signed = Context::get('keep_signed');
+
+            // 아이디나 비밀번호가 없을때 오류 return
+            if(!$user_id) return new Object(-1,'null_user_id');
+            if(!$password) return new Object(-1,'null_password');
+
+            $output = $this->doLogin($user_id, $password, $keep_signed=='Y'?true:false);
+
+            $oModuleModel = &getModel('module');
+            $config = $oModuleModel->getModuleConfig('member');
+            if($config->after_login_url) $this->setRedirectUrl($config->after_login_url);
+
+            // 설정된 change_password_date 확인
+            $limit_date = $config->change_password_date;
+
+            // change_password_date가 설정되어 있으면 확인
+            if ($limit_date > 0) {
+                $oMemberModel = &getModel('member');
+                $member_info = $oMemberModel->getMemberInfoByUserID($user_id);
+                if ($member_info->change_password_date < date ('YmdHis', strtotime ('-' . $limit_date . ' day'))) {
+                    $this->setRedirectUrl(getNotEncodedUrl('','vid',Context::get('vid'),'mid',Context::get('mid'),'act','dispMemberModifyPassword'));
+                }
+            }
+
+            $redirect_url = Context::get('redirect_url'); 
+            if ($output->toBool () && Context::getRequestMethod () == "POST" && $redirect_url) {
+                header ("location:" . $redirect_url);
+            }
+
+            return $output;
+        }
+
+        /**
+         * @brief openid로그인
+         **/
+        function procMemberOpenIDLogin($validator = "procMemberOpenIDValidate") {
+            $oModuleModel = &getModel('module');
+            $config = $oModuleModel->getModuleConfig('member');
+            if($config->enable_openid != 'Y') $this->stop('msg_invalid_request');
+
+            if(!defined('Auth_OpenID_RAND_SOURCE') && !file_exists("/dev/urandom"))
+            {
+                define('Auth_OpenID_RAND_SOURCE', null);
+            }
+
+            set_include_path(_XE_PATH_."modules/member/php-openid-1.2.3");
+            require_once('Auth/OpenID.php');
+            require_once('Auth/OpenID/Consumer.php');
+            require_once('Auth/OpenID/XEStore.php');
+            $store = new Auth_OpenID_XEStore();
+            $consumer = new Auth_OpenID_Consumer($store);
+
+            $user_id = Context::get('user_id');
+            if (!$user_id) $user_id = Context::get('openid');
+            $auth_request = $consumer->begin($user_id); 
+            $auth_request->addExtensionArg('sreg', 'required', 'email');
+            $auth_request->addExtensionArg('sreg', 'optional', 'dob');
+            if(!$auth_request)
+            {
+                return new Object(-1, "association failed");
+            }
+
+            $trust_root = 'http://'.$_SERVER["HTTP_HOST"];
+            $referer_url = Context::get('referer_url');
+            if (!$referer_url) $referer_url = $_SERVER['HTTP_REFERER'];
+            if (!$referer_url)
+                $referer_url = htmlspecialchars_decode(getRequestUri(RELEASE_SSL));
+            $goto = urlencode($referer_url);
+            $ApprovedURL = Context::getRequestUri(RELEASE_SSL) . "?module=member&act=" . $validator. "&goto=" . $goto;
+            $redirect_url = $auth_request->redirectURL($trust_root, $ApprovedURL);
+            $this->add("redirect_url", $redirect_url);
+            if (Context::getRequestMethod() == 'POST')
+                header("location:" . $redirect_url);
+        }
+
+        function getLegacyUserIDsFromOpenID($openid_identity) {
+            //  Issue 17515512: workaround
+            $result = array();
+            $uri_matches = array();
+            preg_match(Auth_OpenID_getURIPattern(), $openid_identity, $uri_matches);
+
+            if (count($uri_matches) < 9) {
+                for ($i = count($uri_matches); $i <= 9; $i++) {
+                    $uri_matches[] = '';
+                }
+            }
+
+            $scheme = $uri_matches[2];
+            $authority = $uri_matches[4];
+            $path = $uri_matches[5];
+            $query = $uri_matches[6];
+            $fragment = $uri_matches[8];
+
+            if ($scheme === null) $scheme = '';
+            if ($authority === null) $authority = '';
+            if ($path === null) $path = '';
+            if ($query === null) $query = '';
+            if ($fragment === null) $fragment = '';
+
+            if ($scheme == 'http' or $scheme == '')
+                $scheme_part = '';
+            else
+                $scheme_part = $scheme."://";
+
+
+            if ($path == '' || $path == '/') {
+                $result[] = $scheme_part.$authority.''.$query.$fragment;
+                $result[] = $scheme_part.$authority.'/'.$query.$fragment;
+            }
+            else {
+                $result[] = $scheme_part.$authority.$path.$query.$fragment;
+            }
+
+            return $result;
+        }
+
+        /**
+         * @brief openid 인증 체크
+         **/
+        function procMemberOpenIDValidate() {
+            set_include_path(_XE_PATH_."modules/member/php-openid-1.2.3");
+            require_once('Auth/OpenID.php');
+            require_once('Auth/OpenID/Consumer.php');
+            require_once('Auth/OpenID/XEStore.php');
+            require_once('Auth/OpenID/URINorm.php');
+
+            $store = new Auth_OpenID_XEStore();
+            $consumer = new Auth_OpenID_Consumer($store);
+            $response = $consumer->complete($_GET);
+            switch($response->status) {
+                case Auth_OpenID_CANCEL :
+                // 사용자가 인증을 취소했을 때의 처리
+                return $this->stop('authorization_canceled');
+            case Auth_OpenID_FAILURE :
+                // 무언가의 문제로 인해 인증이 실패했을 때의 처리(인증을 요구한 openid가 없다든가..)
+                return $this->stop('invalid_authorization');
+            case Auth_OpenID_SUCCESS :
+                // 인증성공!!
+                break;
+            default:
+                return $this->stop('invalid_authorization');
+            }
+
+            // 인증 성공
+            $oMemberModel = &getModel('member');
+
+            //  이 오픈아이디와 연결된 (또는 연결되어 있을 가능성이 있는) 제로보드 아이디들을 받아온다.
+            $login_success = false;
+            $assoc_member_info = null;
+            $openid_identity = $response->signed_args["openid.identity"];
+            $args->openid = $openid_identity;
+            $output = executeQuery('member.getMemberSrlByOpenID', $args);
+
+            if ($output->toBool() && $output->data && !is_array($output->data)) {
+                $member_srl = $output->data->member_srl;
+                $member_info = $oMemberModel->getMemberInfoByMemberSrl($member_srl);
+                if ($member_info) {
+                    $assoc_member_info = $member_info;
+                }
+            }
+            
+            $user_id_candidates = $this->getLegacyUserIDsFromOpenID($openid_identity);
+            $default_user_id = $user_id_candidates[0];
+
+            if ($assoc_member_info != null) {
+                $user_id_candidates = array_merge(array($assoc_member_info->user_id), $user_id_candidates);
+            }
+            $sreg = $response->extensionResponse('sreg');
+
+            foreach($user_id_candidates as $user_id) {
+                $args->user_id = $args->nick_name = $user_id;
+                // 기본 정보들을 받음
+                $args->email_address = $sreg['email']; 
+                $args->user_name = $sreg['fullname'];
+                if(!$args->user_name) list($args->user_name) = explode('@', $args->email_address);
+                $args->birthday = str_replace('-','',$sreg['dob']);
+
+                // 자체 인증 시도
+                $output = $this->doLogin($args->user_id);
+
+                if ($output->toBool()) {
+                    if ($assoc_member_info == null) {
+                        $logged_info = Context::get('logged_info');
+                        $args->member_srl = $logged_info->member_srl;
+                        $args->openid = $openid_identity;
+                        executeQuery('member.addOpenIDToMember', $args);
+                    }
+                    $login_success = true;
+                    break;
+                }
+            }
+
+            // 자체 인증 실패시 회원 가입시킴
+            if(!$login_success) {
+                $args->user_id = $args->nick_name = $default_user_id;
+                $args->password = md5(getmicrotime());
+
+                $output = $this->insertMember($args);
+                if(!$output->toBool()) return $this->stop($output->getMessage());
+                $output = $this->doLogin($args->user_id);
+                if(!$output->toBool()) return $this->stop($output->getMessage());
+
+                $logged_info = Context::get('logged_info');
+                $args->member_srl = $logged_info->member_srl;
+                $args->openid = $openid_identity;
+                executeQuery('member.addOpenIDToMember', $args);
+            }
+
+            Context::close();
+
+            // 페이지 이동
+            if(Context::get('goto')) {
+                $goto = Context::get('goto');
+                header("location:" . $goto);
+            } else {
+                header("location:./");
+            }
+
+            exit();
+        }
+
+        /**
+         * @brief 오픈아이디 연결 요청
+         **/
+        function procMemberAddOpenIDToMember() {
+            return $this->procMemberOpenIDLogin("procMemberValidateAddOpenIDToMember");
+        }
+
+        /**
+         * @brief 오픈아이디 연결 요청 마무리
+         **/
+        function procMemberValidateAddOpenIDToMember() {
+            set_include_path(_XE_PATH_."modules/member/php-openid-1.2.3");
+            require_once('Auth/OpenID.php');
+            require_once('Auth/OpenID/Consumer.php');
+            require_once('Auth/OpenID/XEStore.php');
+            require_once('Auth/OpenID/URINorm.php');
+
+            $store = new Auth_OpenID_XEStore();
+            $consumer = new Auth_OpenID_Consumer($store);
+            $response = $consumer->complete($_GET);
+
+            switch($response->status) {
+                case Auth_OpenID_CANCEL :
+                // 사용자가 인증을 취소했을 때의 처리
+                return $this->stop('authorization_canceled');
+            case Auth_OpenID_FAILURE :
+                // 무언가의 문제로 인해 인증이 실패했을 때의 처리(인증을 요구한 openid가 없다든가..)
+                return $this->stop('invalid_authorization');
+            case Auth_OpenID_SUCCESS :
+                {
+                    $logged_info = Context::get('logged_info');
+                    if (!Context::get('is_logged')) return $this->stop('msg_not_logged');
+
+                    $member_srl = $logged_info->member_srl;
+
+                    $args->member_srl = $member_srl;
+                    $openid_identity = $response->signed_args["openid.identity"];
+                    $args->openid = $openid_identity;
+
+                    $output = executeQuery('member.addOpenIDToMember', $args);
+                    if (!$output->toBool()) return $output;
+
+                    Context::close();
+
+                    if(Context::get('goto')){
+                        $goto = Context::get('goto');
+                        header("location:" . $goto);
+                    }else{
+                        header("location:./");
+                    }
+                    exit();
+                }
+                // 인증성공!!
+                break;
+            default:
+                return $this->stop('invalid_authorization');
+            }
+        }
+
+        /**
+         * @brief 오픈아이디 연결 해제
+         **/
+        function procMemberDeleteOpenIDFromMember() {
+            $logged_info = Context::get('logged_info');
+            $openid_identity = Context::get('openid_to_delete');
+            $arg->openid = $openid_identity;
+            $result = executeQuery('member.getMemberSrlByOpenID', $arg);
+
+            if (!Context::get('is_logged')) {
+                $this->setError(-1);
+                $this->setMessage('msg_not_logged');
+                return;
+            } else if (!$result->data || is_array($result->data)) {
+                $this->setError(-1);
+                $this->setMessage('msg_not_founded');
+                return;
+            } else if ($result->data->member_srl != $logged_info->member_srl) {
+                $this->setError(-1);
+                $this->setMessage('msg_not_permitted');
+                return;
+            }
+
+            $arg->openid = $openid_identity;
+
+            $output = executeQuery('member.deleteMemberOpenID', $arg);
+            if(!$output->toBool()) return $output;
+
+            $this->setMessage('success_updated');
+        }
+
+
+        /**
+         * @brief 로그아웃
+         **/
+        function procMemberLogout() {
+            // 로그아웃 이전에 trigger 호출 (before)
+            $logged_info = Context::get('logged_info');
+            $trigger_output = ModuleHandler::triggerCall('member.doLogout', 'before', $logged_info);
+            if(!$trigger_output->toBool()) return $trigger_output;
+
+            // 세션 정보 파기
+            $this->destroySessionInfo();
+
+            // 로그아웃 이후 trigger 호출 (after)
+            $trigger_output = ModuleHandler::triggerCall('member.doLogout', 'after', $logged_info);
+            if(!$trigger_output->toBool()) return $trigger_output;
+
+            $output = new Object();
+
+            $oModuleModel = &getModel('module');
+            $config = $oModuleModel->getModuleConfig('member');
+            if($config->after_logout_url) Context::set('redirect_url', $config->after_logout_url);
+
+            return $output;
+        }
+
+        /**
+         * @brief 스크랩 기능
+         **/
+        function procMemberScrapDocument() {
+            // 로그인 정보 체크
+            if(!Context::get('is_logged')) return new Object(-1, 'msg_not_logged');
+            $logged_info = Context::get('logged_info');
+
+            $document_srl = (int)Context::get('document_srl');
+            if(!$document_srl) $document_srl = (int)Context::get('target_srl');
+            if(!$document_srl) return new Object(-1,'msg_invalid_request');
+
+            // 문서 가져오기
+            $oDocumentModel = &getModel('document');
+            $oDocument = $oDocumentModel->getDocument($document_srl);
+
+            // 변수 정리
+            $args->document_srl = $document_srl;
+            $args->member_srl = $logged_info->member_srl;
+            $args->user_id = $oDocument->get('user_id');
+            $args->user_name = $oDocument->get('user_name');
+            $args->nick_name = $oDocument->get('nick_name');
+            $args->target_member_srl = $oDocument->get('member_srl');
+            $args->title = $oDocument->get('title');
+
+            // 있는지 조사
+            $output = executeQuery('member.getScrapDocument', $args);
+            if($output->data->count) return new Object(-1, 'msg_alreay_scrapped');
+
+            // 입력
+            $output = executeQuery('member.addScrapDocument', $args);
+            if(!$output->toBool()) return $output;
+
+            $this->setError(-1);
+            $this->setMessage('success_registed');
+        }
+
+        /**
+         * @brief 스크랩 삭제
+         **/
+        function procMemberDeleteScrap() {
+            // 로그인 정보 체크
+            if(!Context::get('is_logged')) return new Object(-1, 'msg_not_logged');
+            $logged_info = Context::get('logged_info');
+
+            $document_srl = (int)Context::get('document_srl');
+            if(!$document_srl) return new Object(-1,'msg_invalid_request');
+
+            // 변수 정리
+            $args->member_srl = $logged_info->member_srl;
+            $args->document_srl = $document_srl;
+            return executeQuery('member.deleteScrapDocument', $args);
+        }
+
+        /**
+         * @brief 게시글 저장
+         **/
+        function procMemberSaveDocument() {
+            // 로그인 정보 체크
+            if(!Context::get('is_logged')) return new Object(-1, 'msg_not_logged');
+
+            $logged_info = Context::get('logged_info');
+
+            // form 정보를 모두 받음
+            $obj = Context::getRequestVars();
+
+            // 글의 대상 모듈을 회원 정보로 변경
+            $obj->module_srl = $logged_info->member_srl;
+			unset($obj->is_notice);
+
+            // 제목을 사용하지 않는 방명록 등에서 내용 앞 부분을 제목 가져오기
+            if(!$obj->title) {
+                $obj->title = cut_str(strip_tags($obj->content), 20, '...');
+            }
+
+            $oDocumentModel = &getModel('document');
+            $oDocumentController = &getController('document');
+
+            // 이미 존재하는 글인지 체크
+            $oDocument = $oDocumentModel->getDocument($obj->document_srl, $this->grant->manager);
+
+            // 이미 존재하는 경우 수정
+            if($oDocument->isExists() && $oDocument->document_srl == $obj->document_srl) {
+                $output = $oDocumentController->updateDocument($oDocument, $obj);
+                $msg_code = 'success_updated';
+
+            // 그렇지 않으면 신규 등록
+            } else {
+                $output = $oDocumentController->insertDocument($obj);
+                $msg_code = 'success_registed';
+                $obj->document_srl = $output->get('document_srl');
+                $oDocument = $oDocumentModel->getDocument($obj->document_srl, $this->grant->manager);
+            }
+
+            // 등록된 첨부파일의 상태를 무효로 지정
+            if($oDocument->hasUploadedFiles()) {
+                $args->upload_target_srl = $oDocument->document_srl;
+                $args->isvalid = 'N';
+                executeQuery('file.updateFileValid', $args);
+            }
+
+            $this->setMessage('success_saved');
+            $this->add('document_srl', $obj->document_srl);
+        }
+
+        /**
+         * @brief 저장된 글 삭제
+         **/
+        function procMemberDeleteSavedDocument() {
+            // 로그인 정보 체크
+            if(!Context::get('is_logged')) return new Object(-1, 'msg_not_logged');
+            $logged_info = Context::get('logged_info');
+
+            $document_srl = (int)Context::get('document_srl');
+            if(!$document_srl) return new Object(-1,'msg_invalid_request');
+
+            // 변수 정리
+            $oDocumentController = &getController('document');
+            $oDocumentController->deleteDocument($document_srl, true);
+        }
+
+        /**
+         * @brief 회원 가입시 특정 항목들에 대한 값 체크
+         **/
+        function procMemberCheckValue() {
+            $name = Context::get('name');
+            $value = Context::get('value');
+            if(!$value) return;
+
+            $oMemberModel = &getModel('member');
+
+            // 로그인 여부 체크
+            $logged_info = Context::get('logged_info');
+
+
+            switch($name) {
+                case 'user_id' :
+                        // 금지 아이디 검사
+                        if($oMemberModel->isDeniedID($value)) return new Object(0,'denied_user_id');
+
+                        // 중복 검사
+                        $member_srl = $oMemberModel->getMemberSrlByUserID($value);
+                        if($member_srl && $logged_info->member_srl != $member_srl ) return new Object(0,'msg_exists_user_id');
+                    break;
+                case 'nick_name' :
+                        // 중복 검사
+                        $member_srl = $oMemberModel->getMemberSrlByNickName($value);
+                        if($member_srl && $logged_info->member_srl != $member_srl ) return new Object(0,'msg_exists_nick_name');
+
+                    break;
+                case 'email_address' :
+                        // 중복 검사
+                        $member_srl = $oMemberModel->getMemberSrlByEmailAddress($value);
+                        if($member_srl && $logged_info->member_srl != $member_srl ) return new Object(0,'msg_exists_email_address');
+                    break;
+            }
+        }
+
+        /**
+         * @brief 회원 가입
+         **/
+        function procMemberInsert() {
+            if (Context::getRequestMethod () == "GET") return new Object (-1, "msg_invalid_request");
+            $oMemberModel = &getModel ('member');
+            $config = $oMemberModel->getMemberConfig ();
+
+            // before 트리거 호출
+            $trigger_output = ModuleHandler::triggerCall ('member.procMemberInsert', 'before', $config);
+            if (!$trigger_output->toBool ()) return $trigger_output;
+
+            // 관리자가 회원가입을 허락하였는지 검사
+            if ($config->enable_join != 'Y') return $this->stop ('msg_signup_disabled');
+
+            // 약관에 동의하였는지 검사 (약관이 있을 경우만)
+            if ($config->agreement && Context::get('accept_agreement')!='Y') return $this->stop('msg_accept_agreement');
+
+            // 필수 정보들을 미리 추출
+            $args = Context::gets('user_id','user_name','nick_name','homepage','blog','birthday','email_address','password','allow_mailing','find_account_question','find_account_answer');
+            $args->member_srl = getNextSequence();
+            $args->list_order = -1 * $args->member_srl;
+
+            // 넘어온 모든 변수중에서 몇가지 불필요한 것들 삭제
+            $all_args = Context::getRequestVars();
+            unset($all_args->module);
+            unset($all_args->act);
+            unset($all_args->is_admin);
+            unset($all_args->description);
+            unset($all_args->group_srl_list);
+            unset($all_args->body);
+            unset($all_args->accept_agreement);
+            unset($all_args->signature);
+            unset($all_args->password2);
+
+            // 메일 인증 기능 사용시 회원 상태를 denied로 설정
+            if ($config->enable_confirm == 'Y') $args->denied = 'Y';
+
+            // 모든 request argument에서 필수 정보만 제외 한 후 추가 데이터로 입력
+            $extra_vars = delObjectVars($all_args, $args);
+            $args->extra_vars = serialize($extra_vars);
+
+            // member_srl의 값에 따라 insert/update
+            $output = $this->insertMember($args);
+            if(!$output->toBool()) return $output;
+
+            // 가상사이트일 경우 사이트 가입
+            $site_module_info = Context::get('site_module_info');
+            if($site_module_info->site_srl > 0) {
+                $default_group = $oMemberModel->getDefaultGroup($site_module_info->site_srl);
+                if($default_group->group_srl) {
+                    $this->addMemberToGroup($args->member_srl, $default_group->group_srl, $site_module_info->site_srl);
+                }
+
+            }
+
+            // 로그인 시킴
+            if ($config->enable_confirm != 'Y') $this->doLogin($args->user_id);
+
+            // 결과 정리
+            $this->add('member_srl', $args->member_srl);
+            if($config->redirect_url) $this->add('redirect_url', $config->redirect_url);
+            if ($config->enable_confirm == 'Y') {
+                $msg = sprintf(Context::getLang('msg_confirm_mail_sent'), $args->email_address);
+                $this->setMessage($msg);
+            }
+            else $this->setMessage('success_registed');
+
+            // after 트리거 호출
+            $trigger_output = ModuleHandler::triggerCall('member.procMemberInsert', 'after', $config);
+            if(!$trigger_output->toBool()) return $trigger_output;
+        }
+
+        /**
+         * @brief 회원 정보 수정
+         **/
+        function procMemberModifyInfo() {
+            if(!Context::get('is_logged')) return $this->stop('msg_not_logged');
+
+            // 필수 정보들을 미리 추출
+            $args = Context::gets('user_name','nick_name','homepage','blog','birthday','email_address','allow_mailing','find_account_question','find_account_answer');
+
+            // 로그인 정보
+            $logged_info = Context::get('logged_info');
+            $args->member_srl = $logged_info->member_srl;
+
+            // 넘어온 모든 변수중에서 몇가지 불필요한 것들 삭제
+            $all_args = Context::getRequestVars();
+            unset($all_args->module);
+            unset($all_args->act);
+            unset($all_args->is_admin);
+            unset($all_args->description);
+            unset($all_args->group_srl_list);
+            unset($all_args->body);
+            unset($all_args->accept_agreement);
+            unset($all_args->signature);
+            unset($all_args->_filter);
+
+            // 모든 request argument에서 필수 정보만 제외 한 후 추가 데이터로 입력
+            $extra_vars = delObjectVars($all_args, $args);
+            $args->extra_vars = serialize($extra_vars);
+
+            // 멤버 모델 객체 생성
+            $oMemberModel = &getModel('member');
+
+            // member_srl의 값에 따라 insert/update
+            $output = $this->updateMember($args);
+            if(!$output->toBool()) return $output;
+
+            // 서명 저장
+            $signature = Context::get('signature');
+            $this->putSignature($args->member_srl, $signature);
+
+            // user_id 에 따른 정보 가져옴
+            $member_info = $oMemberModel->getMemberInfoByMemberSrl($args->member_srl);
+
+            // 로그인 성공후 trigger 호출 (after)
+            $trigger_output = ModuleHandler::triggerCall('member.doLogin', 'after', $member_info);
+            if(!$trigger_output->toBool()) return $trigger_output;
+
+            $this->setSessionInfo($member_info);
+
+            // 결과 리턴
+            $this->add('member_srl', $args->member_srl);
+            $this->setMessage('success_updated');
+        }
+
+        /**
+         * @brief 회원 비밀번호 수정
+         **/
+        function procMemberModifyPassword() {
+            if(!Context::get('is_logged')) return $this->stop('msg_not_logged');
+
+            // 필수 정보들을 미리 추출
+            $current_password = trim(Context::get('current_password'));
+            $password = trim(Context::get('password'));
+
+            // 로그인한 유저의 정보를 가져옴
+            $logged_info = Context::get('logged_info');
+            $member_srl = $logged_info->member_srl;
+
+            // member model 객체 생성
+            $oMemberModel = &getModel('member');
+
+            // member_srl 에 따른 정보 가져옴
+            $member_info = $oMemberModel->getMemberInfoByMemberSrl($member_srl);
+
+            // 현재 비밀번호가 맞는지 확인
+            if(!$oMemberModel->isValidPassword($member_info->password, $current_password)) return new Object(-1, 'invalid_password');
+
+            // 이전 비밀번호와 같은지 확인
+            if ($current_password == $password) return new Object(-1, 'invalid_new_password');
+
+            // member_srl의 값에 따라 insert/update
+            $args->member_srl = $member_srl;
+            $args->password = $password;
+            $output = $this->updateMemberPassword($args);
+            if(!$output->toBool()) return $output;
+
+            $this->add('member_srl', $args->member_srl);
+            $this->setMessage('success_updated');
+        }
+
+        /**
+         * @brief 탈퇴
+         **/
+        function procMemberLeave() {
+            if(!Context::get('is_logged')) return $this->stop('msg_not_logged');
+
+            // 필수 정보들을 미리 추출
+            $password = trim(Context::get('password'));
+
+            // 로그인한 유저의 정보를 가져옴
+            $logged_info = Context::get('logged_info');
+            $member_srl = $logged_info->member_srl;
+
+            // member model 객체 생성
+            $oMemberModel = &getModel('member');
+
+            // member_srl 에 따른 정보 가져옴
+            $member_info = $oMemberModel->getMemberInfoByMemberSrl($member_srl);
+
+            // 현재 비밀번호가 맞는지 확인
+            if(!$oMemberModel->isValidPassword($member_info->password, $password)) return new Object(-1, 'invalid_password');
+
+            $output = $this->deleteMember($member_srl);
+            if(!$output->toBool()) return $output;
+
+            // 모든 세션 정보 파기
+            $this->destroySessionInfo();
+
+            // 성공 메세지 리턴
+            $this->setMessage('success_leaved');
+        }
+
+        /**
+         * @brief 오픈아이디 탈퇴
+         **/
+        function procMemberOpenIDLeave() {
+            // 비로그인 상태이면 에러
+            if(!Context::get('is_logged')) return $this->stop('msg_not_logged');
+
+            // 현재 ip와 세션 아이피 비교
+            if($_SESSION['ipaddress']!=$_SERVER['REMOTE_ADDR']) return $this->stop('msg_not_permitted');
+
+            // 로그인한 유저의 정보를 가져옴
+            $logged_info = Context::get('logged_info');
+            $member_srl = $logged_info->member_srl;
+
+            $output = $this->deleteMember($member_srl);
+            if(!$output->toBool()) return $output;
+
+            // 모든 세션 정보 파기
+            $this->destroySessionInfo();
+
+            // 성공 메세지 리턴
+            $this->setMessage('success_leaved');
+        }
+
+        /**
+         * @brief 프로필 이미지 추가
+         **/
+        function procMemberInsertProfileImage() {
+            // 정상적으로 업로드 된 파일인지 검사
+            $file = $_FILES['profile_image'];
+            if(!is_uploaded_file($file['tmp_name'])) return $this->stop('msg_not_uploaded_profile_image');
+
+            // 회원 정보를 검사해서 회원번호가 없거나 관리자가 아니고 회원번호가 틀리면 무시
+            $member_srl = Context::get('member_srl');
+            if(!$member_srl) return $this->stop('msg_not_uploaded_profile_image');
+
+            $logged_info = Context::get('logged_info');
+            if($logged_info->is_admin != 'Y' && $logged_info->member_srl != $member_srl) return $this->stop('msg_not_uploaded_profile_image');
+
+            // 회원 모듈 설정에서 이미지 이름 사용 금지를 하였을 경우 관리자가 아니면 return;
+            $oModuleModel = &getModel('module');
+            $config = $oModuleModel->getModuleConfig('member');
+            if($logged_info->is_admin != 'Y' && $config->profile_image != 'Y') return $this->stop('msg_not_uploaded_profile_image');
+
+            $this->insertProfileImage($member_srl, $file['tmp_name']);
+
+            // 페이지 리프레쉬
+            $this->setRefreshPage();
+        }
+
+        function insertProfileImage($member_srl, $target_file) {
+            $oModuleModel = &getModel('module');
+            $config = $oModuleModel->getModuleConfig('member');
+
+            // 정해진 사이즈를 구함
+            $max_width = $config->profile_image_max_width;
+            if(!$max_width) $max_width = "90";
+            $max_height = $config->profile_image_max_height;
+            if(!$max_height) $max_height = "20";
+
+            // 저장할 위치 구함
+            $target_path = sprintf('files/member_extra_info/profile_image/%s', getNumberingPath($member_srl));
+            FileHandler::makeDir($target_path);
+
+            // 파일 정보 구함
+            list($width, $height, $type, $attrs) = @getimagesize($target_file);
+            if($type == 3) $ext = 'png';
+            elseif($type == 2) $ext = 'jpg';
+            else $ext = 'gif';
+
+            $target_filename = sprintf('%s%d.%s', $target_path, $member_srl, $ext);
+
+            // 지정된 사이즈보다 크거나 gif가 아니면 변환
+            if($width > $max_width || $height > $max_height || $type!=1) FileHandler::createImageFile($target_file, $target_filename, $max_width, $max_height, $ext);
+            else @copy($target_file, $target_filename);
+        }
+
+        /**
+         * @brief 이미지 이름을 추가
+         **/
+        function procMemberInsertImageName() {
+            // 정상적으로 업로드 된 파일인지 검사
+            $file = $_FILES['image_name'];
+            if(!is_uploaded_file($file['tmp_name'])) return $this->stop('msg_not_uploaded_image_name');
+
+            // 회원 정보를 검사해서 회원번호가 없거나 관리자가 아니고 회원번호가 틀리면 무시
+            $member_srl = Context::get('member_srl');
+            if(!$member_srl) return $this->stop('msg_not_uploaded_image_name');
+
+            $logged_info = Context::get('logged_info');
+            if($logged_info->is_admin != 'Y' && $logged_info->member_srl != $member_srl) return $this->stop('msg_not_uploaded_image_name');
+
+            // 회원 모듈 설정에서 이미지 이름 사용 금지를 하였을 경우 관리자가 아니면 return;
+            $oModuleModel = &getModel('module');
+            $config = $oModuleModel->getModuleConfig('member');
+            if($logged_info->is_admin != 'Y' && $config->image_name != 'Y') return $this->stop('msg_not_uploaded_image_name');
+
+            $this->insertImageName($member_srl, $file['tmp_name']);
+
+            // 페이지 리프레쉬
+            $this->setRefreshPage();
+        }
+
+        function insertImageName($member_srl, $target_file) {
+            $oModuleModel = &getModel('module');
+            $config = $oModuleModel->getModuleConfig('member');
+
+            // 정해진 사이즈를 구함
+            $max_width = $config->image_name_max_width;
+            if(!$max_width) $max_width = "90";
+            $max_height = $config->image_name_max_height;
+            if(!$max_height) $max_height = "20";
+
+            // 저장할 위치 구함
+            $target_path = sprintf('files/member_extra_info/image_name/%s/', getNumberingPath($member_srl));
+            FileHandler::makeDir($target_path);
+
+            $target_filename = sprintf('%s%d.gif', $target_path, $member_srl);
+
+            // 파일 정보 구함
+            list($width, $height, $type, $attrs) = @getimagesize($target_file);
+
+            // 지정된 사이즈보다 크거나 gif가 아니면 변환
+            if($width > $max_width || $height > $max_height || $type!=1) FileHandler::createImageFile($target_file, $target_filename, $max_width, $max_height, 'gif');
+            else @copy($target_file, $target_filename);
+        }
+
+        /**
+         * @brief 프로필 이미지를 삭제
+         **/
+        function procMemberDeleteProfileImage() {
+            $member_srl = Context::get('member_srl');
+            if(!$member_srl) return new Object(0,'success');
+
+            $logged_info = Context::get('logged_info');
+
+            if($logged_info->is_admin != 'Y') {
+                $oModuleModel = &getModel('module');
+                $config = $oModuleModel->getModuleConfig('member');
+                if($config->profile_image == 'N') return new Object(0,'success');
+            }
+
+            if($logged_info->is_admin == 'Y' || $logged_info->member_srl == $member_srl) {
+                $oMemberModel = &getModel('member');
+                $profile_image = $oMemberModel->getProfileImage($member_srl);
+                FileHandler::removeFile($profile_image->file);
+            }
+            return new Object(0,'success');
+        }
+
+        /**
+         * @brief 이미지 이름을 삭제
+         **/
+        function procMemberDeleteImageName() {
+            $member_srl = Context::get('member_srl');
+            if(!$member_srl) return new Object(0,'success');
+
+            $logged_info = Context::get('logged_info');
+
+            if($logged_info->is_admin != 'Y') {
+                $oModuleModel = &getModel('module');
+                $config = $oModuleModel->getModuleConfig('member');
+                if($config->image_name == 'N') return new Object(0,'success');
+            }
+
+            if($logged_info->is_admin == 'Y' || $logged_info->member_srl == $member_srl) {
+                $oMemberModel = &getModel('member');
+                $image_name = $oMemberModel->getImageName($member_srl);
+                FileHandler::removeFile($image_name->file);
+            }
+            return new Object(0,'success');
+        }
+
+        /**
+         * @brief 이미지 마크를 추가
+         **/
+        function procMemberInsertImageMark() {
+            // 정상적으로 업로드 된 파일인지 검사
+            $file = $_FILES['image_mark'];
+            if(!is_uploaded_file($file['tmp_name'])) return $this->stop('msg_not_uploaded_image_mark');
+
+            // 회원 정보를 검사해서 회원번호가 없거나 관리자가 아니고 회원번호가 틀리면 무시
+            $member_srl = Context::get('member_srl');
+            if(!$member_srl) return $this->stop('msg_not_uploaded_image_mark');
+
+            $logged_info = Context::get('logged_info');
+            if($logged_info->is_admin != 'Y' && $logged_info->member_srl != $member_srl) return $this->stop('msg_not_uploaded_image_mark');
+
+            // 회원 모듈 설정에서 이미지 마크 사용 금지를 하였을 경우 관리자가 아니면 return;
+            $oModuleModel = &getModel('module');
+            $config = $oModuleModel->getModuleConfig('member');
+            if($logged_info->is_admin != 'Y' && $config->image_mark != 'Y') return $this->stop('msg_not_uploaded_image_mark');
+
+            $this->insertImageMark($member_srl, $file['tmp_name']);
+
+            // 페이지 리프레쉬
+            $this->setRefreshPage();
+        }
+
+        function insertImageMark($member_srl, $target_file) {
+            $oModuleModel = &getModel('module');
+            $config = $oModuleModel->getModuleConfig('member');
+
+            // 정해진 사이즈를 구함
+            $max_width = $config->image_mark_max_width;
+            if(!$max_width) $max_width = "20";
+            $max_height = $config->image_mark_max_height;
+            if(!$max_height) $max_height = "20";
+
+            $target_path = sprintf('files/member_extra_info/image_mark/%s/', getNumberingPath($member_srl));
+            FileHandler::makeDir($target_path);
+
+            $target_filename = sprintf('%s%d.gif', $target_path, $member_srl);
+
+            // 파일 정보 구함
+            list($width, $height, $type, $attrs) = @getimagesize($target_file);
+
+            if($width > $max_width || $height > $max_height || $type!=1) FileHandler::createImageFile($target_file, $target_filename, $max_width, $max_height, 'gif');
+            else @copy($target_file, $target_filename);
+
+        }
+
+        /**
+         * @brief 이미지 마크를  삭제
+         **/
+        function procMemberDeleteImageMark() {
+            $member_srl = Context::get('member_srl');
+            if(!$member_srl) return new Object(0,'success');
+
+            $logged_info = Context::get('logged_info');
+            if($logged_info->is_admin == 'Y' || $logged_info->member_srl == $member_srl) {
+                $oMemberModel = &getModel('member');
+                $image_mark = $oMemberModel->getImageMark($member_srl);
+                FileHandler::removeFile($image_mark->file);
+            }
+            return new Object(0,'success');
+        }
+
+        /**
+         * @brief 아이디/ 비밀번호 찾기
+         **/
+        function procMemberFindAccount() {
+            $email_address = Context::get('email_address');
+            if(!$email_address) return new Object(-1, 'msg_invalid_request');
+
+            $oMemberModel = &getModel('member');
+            $oModuleModel = &getModel('module');
+
+            // 메일 주소에 해당하는 회원이 있는지 검사
+            $member_srl = $oMemberModel->getMemberSrlByEmailAddress($email_address);
+            if(!$member_srl) return new Object(-1, 'msg_email_not_exists');
+
+            // 회원의 정보를 가져옴
+            $member_info = $oMemberModel->getMemberInfoByMemberSrl($member_srl);
+
+            // 아이디/비밀번호 찾기가 가능한 상태의 회원인지 검사
+            if ($member_info->denied == 'Y') {
+                $chk_args->member_srl = $member_info->member_srl;
+                $output = executeQuery('member.chkAuthMail', $chk_args);
+                if ($output->toBool() && $output->data->count != '0') return new Object(-1, 'msg_user_not_confirmed');
+            }
+
+            // 인증 DB에 데이터를 넣음
+            $args->user_id = $member_info->user_id;
+            $args->member_srl = $member_info->member_srl;
+            $args->new_password = rand(111111,999999);
+            $args->auth_key = md5( rand(0,999999 ) );
+            $args->is_register = 'N';
+
+            $output = executeQuery('member.insertAuthMail', $args);
+            if(!$output->toBool()) return $output;
+
+            // 메일 내용을 구함
+            Context::set('auth_args', $args);
+            Context::set('member_info', $member_info);
+
+            $member_config = $oModuleModel->getModuleConfig('member');
+            if(!$member_config->skin) $member_config->skin = "default";
+            if(!$member_config->colorset) $member_config->colorset = "white";
+
+            Context::set('member_config', $member_config);
+
+            $tpl_path = sprintf('%sskins/%s', $this->module_path, $member_config->skin);
+            if(!is_dir($tpl_path)) $tpl_path = sprintf('%sskins/%s', $this->module_path, 'default');
+
+            $find_url = getFullUrl ('', 'module', 'member', 'act', 'procMemberAuthAccount', 'member_srl', $member_info->member_srl, 'auth_key', $args->auth_key);
+            Context::set('find_url', $find_url);
+
+            $oTemplate = &TemplateHandler::getInstance();
+            $content = $oTemplate->compile($tpl_path, 'find_member_account_mail');
+
+            // 사이트 웹마스터 정보를 구함
+            $oModuleModel = &getModel('module');
+            $member_config = $oModuleModel->getModuleConfig('member');
+
+            // 메일 발송
+            $oMail = new Mail();
+            $oMail->setTitle( Context::getLang('msg_find_account_title') );
+            $oMail->setContent($content);
+            $oMail->setSender( $member_config->webmaster_name?$member_config->webmaster_name:'webmaster', $member_config->webmaster_email);
+            $oMail->setReceiptor( $member_info->user_name, $member_info->email_address );
+            $oMail->send();
+
+            // 메세지 return
+            $msg = sprintf(Context::getLang('msg_auth_mail_sent'), $member_info->email_address);
+            return new Object(0,$msg);
+        }
+
+
+        /**
+         * @brief 질문/답변을 통한 임시 비밀번호 생성
+         **/
+        function procMemberFindAccountByQuestion() {
+            $email_address = Context::get('email_address');
+            $user_id = Context::get('user_id');
+            $find_account_question = trim(Context::get('find_account_question'));
+            $find_account_answer = trim(Context::get('find_account_answer'));
+
+            if(!$user_id || !$email_address || !$find_account_question || !$find_account_answer) return new Object(-1, 'msg_invalid_request');
+
+            $oMemberModel = &getModel('member');
+            $oModuleModel = &getModel('module');
+
+            // 메일 주소에 해당하는 회원이 있는지 검사
+            $member_srl = $oMemberModel->getMemberSrlByEmailAddress($email_address);
+            if(!$member_srl) return new Object(-1, 'msg_email_not_exists');
+
+            // 회원의 정보를 가져옴
+            $member_info = $oMemberModel->getMemberInfoByMemberSrl($member_srl);
+
+            // 질문 응답이 없으면 
+            if (!$member_info->find_account_question || !$member_info->find_account_answer) return new Object(-1, 'msg_question_not_exists');
+
+            if(trim($member_info->find_account_question) != $find_account_question || trim($member_info->find_account_answer) != $find_account_answer) return new Object(-1, 'msg_answer_not_matches');
+
+            // 임시비밀번호로 변경 및 비밀번호 변경시간을 1로 설정
+            $args->member_srl = $member_srl;
+            list($usec, $sec) = explode(" ", microtime()); 
+            $temp_password = substr(md5($user_id . $member_info->find_account_answer. $usec . $sec),0,15);
+
+            $args->password = $temp_password;
+            $args->change_password_date = '1';
+            $output = $this->updateMemberPassword($args);
+            if(!$output->toBool()) return $output;
+
+            $_SESSION['xe_temp_password_'.$user_id] = $temp_password;
+
+            $this->add('user_id',$user_id);
+        }
+
+        /**
+         * @brief 아이디/비밀번호 찾기 기능 실행
+         * 메일에 등록된 링크를 선택시 호출되는 method로 비밀번호를 바꾸고 인증을 시켜버림
+         **/
+        function procMemberAuthAccount() {
+            // user_id, authkey 검사
+            $member_srl = Context::get('member_srl');
+            $auth_key = Context::get('auth_key');
+            if(!$member_srl || !$auth_key) return $this->stop('msg_invalid_request');
+
+            // user_id, authkey로 비밀번호 찾기 로그 검사
+            $args->member_srl = $member_srl;
+            $args->auth_key = $auth_key;
+            $output = executeQuery('member.getAuthMail', $args);
+            if(!$output->toBool() || $output->data->auth_key != $auth_key) return $this->stop('msg_invalid_auth_key');
+
+            // 인증 정보가 맞다면 새비밀번호로 비밀번호를 바꿈
+            if ($output->data->is_register == 'Y') {
+                $args->password = $output->data->new_password;
+                $args->denied = 'N';
+            } else {
+                $args->password = md5($output->data->new_password);
+                unset($args->denied);
+            }
+
+            // $output->data->is_register 값을 백업해 둔다.
+            $is_register = $output->data->is_register;
+
+            $output = executeQuery('member.updateMemberPassword', $args);
+            if(!$output->toBool()) return $this->stop($output->getMessage());
+
+            // 인증 테이블에서 member_srl에 해당하는 모든 값을 지움
+            executeQuery('member.deleteAuthMail',$args);
+
+            // 결과를 통보
+            Context::set('is_register', $is_register);
+            $this->setTemplatePath($this->module_path.'tpl');
+            $this->setTemplateFile('msg_success_authed');
+        }
+
+        /**
+         * @brief 아이디/비밀번호 찾기 기능 실행
+         * 메일에 등록된 링크를 선택시 호출되는 method로 비밀번호를 바꾸고 인증을 시켜버림
+         **/
+        function procMemberUpdateAuthMail() {
+            $member_srl = Context::get('member_srl');
+            if(!$member_srl) return new Object(-1, 'msg_invalid_request');
+
+            $oMemberModel = &getModel('member');
+
+            // 회원의 정보를 가져옴
+            $member_info = $oMemberModel->getMemberInfoByMemberSrl($member_srl);
+
+            // 인증메일 재발송 요청이 가능한 상태의 회원인지 검사
+            if ($member_info->denied != 'Y')
+                return new Object(-1, 'msg_invalid_request');
+
+            $chk_args->member_srl = $member_srl;
+            $output = executeQuery('member.chkAuthMail', $chk_args);
+            if ($output->toBool() && $output->data->count == '0') return new Object(-1, 'msg_invalid_request');
+
+            // 인증 DB에 데이터를 넣음
+            $auth_args->member_srl = $member_srl;
+            $auth_args->auth_key = md5(rand(0, 999999));
+
+            $output = executeQuery('member.updateAuthMail', $auth_args);
+            if (!$output->toBool()) {
+                $oDB->rollback();
+                return $output;
+            }
+
+            // 메일 내용을 구함
+            Context::set('auth_args', $auth_args);
+            Context::set('member_info', $member_info);
+
+            $oModuleModel = &getModel('module');
+            $member_config = $oModuleModel->getModuleConfig('member');
+            if(!$member_config->skin) $member_config->skin = "default";
+            if(!$member_config->colorset) $member_config->colorset = "white";
+
+            Context::set('member_config', $member_config);
+
+            $tpl_path = sprintf('%sskins/%s', $this->module_path, $member_config->skin);
+            if(!is_dir($tpl_path)) $tpl_path = sprintf('%sskins/%s', $this->module_path, 'default');
+
+            $auth_url = getFullUrl('','module','member','act','procMemberAuthAccount','member_srl',$member_info->member_srl, 'auth_key',$auth_args->auth_key);
+            Context::set('auth_url', $auth_url);
+
+            $oTemplate = &TemplateHandler::getInstance();
+            $content = $oTemplate->compile($tpl_path, 'confirm_member_account_mail');
+
+            // 사이트 웹마스터 정보를 구함
+            $oModuleModel = &getModel('module');
+            $member_config = $oModuleModel->getModuleConfig('member');
+
+            // 메일 발송
+            $oMail = new Mail();
+            $oMail->setTitle( Context::getLang('msg_confirm_account_title') );
+            $oMail->setContent($content);
+            $oMail->setSender( $member_config->webmaster_name?$member_config->webmaster_name:'webmaster', $member_config->webmaster_email);
+            $oMail->setReceiptor( $member_info->user_name, $member_info->email_address );
+            $oMail->send();
+
+            // 메세지 return
+            $msg = sprintf(Context::getLang('msg_auth_mail_sent'), $member_info->email_address);
+            return new Object(-1, $msg);
+        }
+
+        /**
+         * @brief 인증 메일 재발송
+         **/
+        function procMemberResendAuthMail() {
+            // email_address 검사
+            $email_address = Context::get('email_address');
+            if(!$email_address) return $this->stop('msg_invalid_request');
+
+            // email_address로 비밀번호 찾기 로그 검사
+            $oMemberModel = &getModel('member');
+
+            $args->email_address = $email_address;
+            $member_info = $oMemberModel->getMemberSrlByEmailAddress($email_address);
+            if(!$member_info) return $this->stop('msg_not_exists_member');
+
+            $member_info = $oMemberModel->getMemberInfoByMemberSrl($member_info);
+
+            // 이전에 인증 메일을 보냈는지 확인
+            $chk_args->member_srl = $member_info->member_srl;
+            $output = executeQuery('member.chkAuthMail', $chk_args);
+            if($output->toBool() && $output->data->count == '0') return new Object(-1, 'msg_invalid_request');
+
+            $auth_args->member_srl = $member_info->member_srl;
+            $output = executeQueryArray('member.getAuthMailInfo', $auth_args);
+            if(!$output->data || !$output->data[0]->auth_key)  return new Object(-1, 'msg_invalid_request');
+            $auth_info = $output->data[0];
+
+            // 메일 내용을 구함
+            Context::set('member_info', $member_info);
+            $oModuleModel = &getModel('module');
+            $member_config = $oModuleModel->getModuleConfig('member');
+            if(!$member_config->skin) $member_config->skin = "default";
+            if(!$member_config->colorset) $member_config->colorset = "white";
+
+            Context::set('member_config', $member_config);
+
+            $tpl_path = sprintf('%sskins/%s', $this->module_path, $member_config->skin);
+            if(!is_dir($tpl_path)) $tpl_path = sprintf('%sskins/%s', $this->module_path, 'default');
+
+            $auth_url = getFullUrl('','module','member','act','procMemberAuthAccount','member_srl',$member_info->member_srl, 'auth_key',$auth_info->auth_key);
+            Context::set('auth_url', $auth_url);
+
+            $oTemplate = &TemplateHandler::getInstance();
+            $content = $oTemplate->compile($tpl_path, 'confirm_member_account_mail');
+
+            // 사이트 웹마스터 정보를 구함
+            $oModuleModel = &getModel('module');
+            $member_config = $oModuleModel->getModuleConfig('member');
+
+            // 메일 발송
+            $oMail = new Mail();
+            $oMail->setTitle( Context::getLang('msg_confirm_account_title') );
+            $oMail->setContent($content);
+            $oMail->setSender( $member_config->webmaster_name?$member_config->webmaster_name:'webmaster', $member_config->webmaster_email);
+            $oMail->setReceiptor( $args->user_name, $args->email_address );
+            $oMail->send();
+
+            $msg = sprintf(Context::getLang('msg_confirm_mail_sent'), $args->email_address);
+            $this->setMessage($msg);
+        }
+
+        /**
+         * @brief 가상 사이트 가입
+         **/
+        function procModuleSiteSignUp() {
+            $site_module_info = Context::get('site_module_info');
+            $logged_info = Context::get('logged_info');
+            if(!$site_module_info->site_srl || !Context::get('is_logged') || count($logged_info->group_srl_list) ) return new Object(-1,'msg_invalid_request');
+
+            $oMemberModel = &getModel('member');
+            $default_group = $oMemberModel->getDefaultGroup($site_module_info->site_srl);
+            $this->addMemberToGroup($logged_info->member_srl, $default_group->group_srl, $site_module_info->site_srl);
+            $groups[$default_group->group_srl] = $default_group->title;
+            $logged_info->group_list = $groups;
+        }
+
+        /**
+         * @brief 가상 사이트 탈퇴
+         **/
+        function procModuleSiteLeave() {
+            $site_module_info = Context::get('site_module_info');
+            $logged_info = Context::get('logged_info');
+            if(!$site_module_info->site_srl || !Context::get('is_logged') || count($logged_info->group_srl_list) ) return new Object(-1,'msg_invalid_request');
+
+            $args->site_srl= $site_module_info->site_srl;
+            $args->member_srl = $logged_info->member_srl;
+            $output = executeQuery('member.deleteMembersGroup', $args);
+            if(!$output->toBool()) return $output;
+            $this->setMessage('success_deleted');
+        }
+
+        /**
+         * @brief 회원 설정 정보를 저장
+         **/
+        function setMemberConfig($args) {
+            if(!$args->skin) $args->skin = "default";
+            if(!$args->colorset) $args->colorset = "white";
+            if(!$args->editor_skin) $args->editor_skin= "xpresseditor";
+            if(!$args->editor_colorset) $args->editor_colorset = "white";
+            if($args->enable_join!='Y') $args->enable_join = 'N';
+            if($args->enable_openid!='Y') $args->enable_openid= 'N';
+            if($args->profile_image !='Y') $args->profile_image = 'N';
+            if($args->image_name!='Y') $args->image_name = 'N';
+            if($args->image_mark!='Y') $args->image_mark = 'N';
+            if($args->group_image_mark!='Y') $args->group_image_mark = 'N';
+            if(!trim(strip_tags($args->agreement))) $args->agreement = null;
+            $args->limit_day = (int)$args->limit_day;
+
+            $agreement = trim($args->agreement);
+            unset($args->agreement);
+
+            $oModuleController = &getController('module');
+            $output = $oModuleController->insertModuleConfig('member',$args);
+            if(!$output->toBool()) return $output;
+
+            $agreement_file = _XE_PATH_.'files/member_extra_info/agreement.txt';
+            FileHandler::writeFile($agreement_file, $agreement);
+
+            return new Object();
+        }
+
+        /**
+         * @brief 서명을 파일로 저장
+         **/
+        function putSignature($member_srl, $signature) {
+            $signature = trim(removeHackTag($signature));
+            $signature = preg_replace('/<(\/?)(embed|object|param)/is', '&lt;$1$2', $signature);
+
+            $check_signature = trim(str_replace(array('&nbsp;',"\n","\r"),'',strip_tags($signature,'<img><object>')));
+            $path = sprintf('files/member_extra_info/signature/%s/', getNumberingPath($member_srl));
+            $filename = sprintf('%s%d.signature.php', $path, $member_srl);
+
+            if(!$check_signature) return FileHandler::removeFile($filename);
+
+            $buff = sprintf('<?php if(!defined("__ZBXE__")) exit();?>%s', $signature);
+            FileHandler::makeDir($path);
+            FileHandler::writeFile($filename, $buff);
+        }
+
+        /**
+         * @brief 서명 파일 삭제
+         **/
+        function delSignature($member_srl) {
+            $filename = sprintf('files/member_extra_info/signature/%s%d.gif', getNumberingPath($member_srl), $member_srl);
+            FileHandler::removeFile($filename);
+        }
+
+        /**
+         * @brief member_srl에 group_srl을 추가
+         **/
+        function addMemberToGroup($member_srl,$group_srl,$site_srl=0) {
+            $args->member_srl = $member_srl;
+            $args->group_srl = $group_srl;
+            if($site_srl) $args->site_srl = $site_srl;
+
+            $oModel =& getModel('member');
+            $groups = $oModel->getMemberGroups($member_srl, $site_srl, true);
+            if($groups[$group_srl]) return new Object();
+
+            // 추가
+            $output = executeQuery('member.addMemberToGroup',$args);
+            $output2 = ModuleHandler::triggerCall('member.addMemberToGroup', 'after', $args);
+
+            return $output;
+        }
+
+        /**
+         * @brief 특정 회원들의 그룹을 일괄 변경
+         * 가상 사이트와 같이 한 회원이 하나의 그룹만 가질 경우 사용할 수 있음
+         **/
+        function replaceMemberGroup($args) {
+            $obj->site_srl = $args->site_srl;
+            $obj->member_srl = implode(',',$args->member_srl);
+
+            $output = executeQueryArray('member.getMembersGroup', $obj);
+            if($output->data) foreach($output->data as $key => $val) $date[$val->member_srl] = $val->regdate;
+
+            $output = executeQuery('member.deleteMembersGroup', $obj);
+            if(!$output->toBool()) return $output;
+
+            $inserted_members = array();
+            foreach($args->member_srl as $key => $val) {
+                if($inserted_members[$val]) continue;
+                $inserted_members[$val] = true;
+
+                unset($obj);
+                $obj->member_srl = $val;
+                $obj->group_srl = $args->group_srl;
+                $obj->site_srl = $args->site_srl;
+                $obj->regdate = $date[$obj->member_srl];
+                $output = executeQuery('member.addMemberToGroup', $obj);
+                if(!$output->toBool()) return $output;
+            }
+            return new Object();
+        }
+
+
+        /**
+         * @brief 자동 로그인 시킴
+         **/
+        function doAutologin() {
+            // 자동 로그인 키 값을 구함
+            $args->autologin_key = $_COOKIE['xeak'];
+
+            // 키값에 해당하는 정보 구함
+            $output = executeQuery('member.getAutologin', $args);
+
+            // 정보가 없으면 쿠키 삭제
+            if(!$output->toBool() || !$output->data) {
+                setCookie('xeak',null,time()+60*60*24*365, '/');
+                return;
+            }
+
+            $user_id = $output->data->user_id;
+            $password = $output->data->password;
+            if(!$user_id || !$password) {
+                setCookie('xeak',null,time()+60*60*24*365, '/');
+                return;
+            }
+
+            $do_auto_login = false;
+
+            // 정보를 바탕으로 키값 비교
+            $key = md5($user_id.$password.$_SERVER['REMOTE_ADDR']);
+
+            if($key == $args->autologin_key) {
+
+                // 설정된 change_password_date 확인
+                $oModuleModel = &getModel('module');
+                $member_config = $oModuleModel->getModuleConfig('member');
+                $limit_date = $member_config->change_password_date;
+
+                // change_password_date가 설정되어 있으면 확인
+                if($limit_date > 0) {
+                    $oMemberModel = &getModel('member');
+                    $member_info = $oMemberModel->getMemberInfoByUserID($user_id);
+
+                    if($member_info->change_password_date >= date('YmdHis', strtotime('-'.$limit_date.' day')) ){
+                        $do_auto_login = true;
+                    }
+
+                } else {
+                    $do_auto_login = true;
+                }
+            }
+            
+            
+            if($do_auto_login) {
+                $output = $this->doLogin($user_id);
+            } else {
+                executeQuery('member.deleteAutologin', $args);
+                setCookie('xeak',null,time()+60*60*24*365, '/');
+            }
+        }
+
+        /**
+         * @brief 로그인 시킴
+         **/
+        function doLogin($user_id, $password = '', $keep_signed = false) {
+            $user_id = strtolower($user_id);
+
+            // 로그인 이전에 trigger 호출 (before)
+            $trigger_obj->user_id = $user_id;
+            $trigger_obj->password = $password;
+            $trigger_output = ModuleHandler::triggerCall('member.doLogin', 'before', $trigger_obj);
+            if(!$trigger_output->toBool()) return $trigger_output;
+
+            // member model 객체 생성
+            $oMemberModel = &getModel('member');
+
+            // user_id 에 따른 정보 가져옴
+            $member_info = $oMemberModel->getMemberInfoByUserID($user_id);
+
+            // return 값이 없으면 존재하지 않는 사용자로 지정
+            if(!$user_id || strtolower($member_info->user_id) != strtolower($user_id)) return new Object(-1, 'invalid_user_id');
+
+            // 비밀번호 검사
+            if($password && !$oMemberModel->isValidPassword($member_info->password, $password)) return new Object(-1, 'invalid_password');
+
+            // denied == 'Y' 이면 알림
+            if($member_info->denied == 'Y') {
+                $args->member_srl = $member_info->member_srl;
+                $output = executeQuery('member.chkAuthMail', $args);
+                if ($output->toBool() && $output->data->count != '0') return new Object(-1,'msg_user_not_confirmed');
+                return new Object(-1,'msg_user_denied');
+            }
+
+            // denied_date가 현 시간보다 적으면 알림
+            if($member_info->limit_date && substr($member_info->limit_date,0,8) >= date("Ymd")) return new Object(-1,sprintf(Context::getLang('msg_user_limited'),zdate($member_info->limit_date,"Y-m-d")));
+
+            // 사용자 정보의 최근 로그인 시간을 기록
+            $args->member_srl = $member_info->member_srl;
+            $output = executeQuery('member.updateLastLogin', $args);
+
+            // 로그인 성공후 trigger 호출 (after)
+            $trigger_output = ModuleHandler::triggerCall('member.doLogin', 'after', $member_info);
+            if(!$trigger_output->toBool()) return $trigger_output;
+
+            // 자동 로그인 사용시 정보 처리
+            if($keep_signed) {
+                // 자동 로그인 키 생성
+                $autologin_args->autologin_key = md5(strtolower($user_id).$member_info->password.$_SERVER['REMOTE_ADDR']);
+                $autologin_args->member_srl = $member_info->member_srl;
+                executeQuery('member.deleteAutologin', $autologin_args);
+                $autologin_output = executeQuery('member.insertAutologin', $autologin_args);
+                if($autologin_output->toBool()) setCookie('xeak',$autologin_args->autologin_key, time()+60*60*24*365, '/');
+            }
+
+            $this->setSessionInfo($member_info);
+
+            return $output;
+        }
+
+        /**
+         * @brief 세션 정보 갱싱 또는 생성
+         **/
+        function setSessionInfo($member_info = null) {
+            $oMemberModel = &getModel('member');
+
+            // 사용자 정보가 넘어오지 않았다면 현재 세션 정보에서 사용자 정보를 추출
+            if(!$member_info && $_SESSION['member_srl'] && $oMemberModel->isLogged() ) {
+                $member_info = $oMemberModel->getMemberInfoByMemberSrl($_SESSION['member_srl']);
+
+                // 회원정보가 없다면 세션 파기
+                if($member_info->member_srl != $_SESSION['member_srl']) {
+                    $this->destroySessionInfo();
+                    return;
+                }
+            }
+
+            // 사용중지 아이디이면 세션 파기
+            if($member_info->denied=='Y') {
+                $this->destroySessionInfo();
+                return;
+            }
+
+            // 오픈아이디인지 체크 (일단 아이디 형식으로만 결정)
+            if(preg_match("/^([_0-9a-zA-Z]+)$/is", $member_info->user_id)) $member_info->is_openid = false;
+            else $member_info->is_openid = true;
+
+            // 로그인 처리를 위한 세션 설정
+            $_SESSION['is_logged'] = true;
+            $_SESSION['ipaddress'] = $_SERVER['REMOTE_ADDR'];
+            $_SESSION['member_srl'] = $member_info->member_srl;
+            $_SESSION['is_admin'] = '';
+
+            // 비밀번호는 세션에 저장되지 않도록 지워줌;;
+            //unset($member_info->password);
+
+            // 사용자 그룹 설정
+            /*
+            if($member_info->group_list) {
+                $group_srl_list = array_keys($member_info->group_list);
+                $_SESSION['group_srls'] = $group_srl_list;
+
+                // 관리자 그룹일 경우 관리자로 지정
+                $oMemberModel = &getModel('member');
+                $admin_group = $oMemberModel->getAdminGroup();
+                if($admin_group->group_srl && in_array($admin_group->group_srl, $group_srl_list)) $_SESSION['is_admin'] = 'Y';
+            }
+            */
+
+            // 세션에 로그인 사용자 정보 저장
+            $_SESSION['logged_info'] = $member_info;
+            Context::set('is_logged', true);
+            Context::set('logged_info', $member_info);
+
+            // 사용자의 전용 메뉴 구성 (이 메뉴는 애드온등으로 변경될 수 있음)
+            $this->addMemberMenu( 'dispMemberInfo', 'cmd_view_member_info');
+            $this->addMemberMenu( 'dispMemberScrappedDocument', 'cmd_view_scrapped_document');
+            $this->addMemberMenu( 'dispMemberSavedDocument', 'cmd_view_saved_document');
+            $this->addMemberMenu( 'dispMemberOwnDocument', 'cmd_view_own_document');
+        }
+
+        /**
+         * @brief 로그인한 사용자의 개인화된 메뉴 제공을 위한 method
+         * 로그인 정보 출력 위젯 또는 개인화 페이지에서 사용됨
+         **/
+        function addMemberMenu($act, $str) {
+            $logged_info = Context::get('logged_info');
+
+            $logged_info->menu_list[$act] = Context::getLang($str);
+
+            Context::set('logged_info', $logged_info);
+            $_SESSION['logged_info'] = $logged_info;
+        }
+
+        /**
+         * @brief 로그인 회원의 닉네임등을 클릭할때 나타나는 팝업 메뉴를 추가하는 method
+         **/
+        function addMemberPopupMenu($url, $str, $icon = '', $target = 'self') {
+            $member_popup_menu_list = Context::get('member_popup_menu_list');
+            if(!is_array($member_popup_menu_list)) $member_popup_menu_list = array();
+
+            $obj->url = $url;
+            $obj->str = $str;
+            $obj->icon = $icon;
+            $obj->target = $target;
+            $member_popup_menu_list[] = $obj;
+
+            Context::set('member_popup_menu_list', $member_popup_menu_list);
+        }
+
+        /**
+         * @brief member 테이블에 사용자 추가
+         **/
+        function insertMember(&$args, $password_is_hashed = false) {
+            // trigger 호출 (before)
+            $output = ModuleHandler::triggerCall('member.insertMember', 'before', $args);
+            if(!$output->toBool()) return $output;
+
+            // 멤버 설정 정보에서 가입약관 부분을 재확인
+            $oModuleModel = &getModel('module');
+            $config = $oModuleModel->getModuleConfig('member');
+
+            $logged_info = Context::get('logged_info');
+
+            // 임시 제한 일자가 있을 경우 제한 일자에 내용 추가
+            if($config->limit_day) $args->limit_date = date("YmdHis", time()+$config->limit_day*60*60*24);
+
+            // 입력할 사용자의 아이디를 소문자로 변경
+            $args->user_id = strtolower($args->user_id);
+
+            // 필수 변수들의 조절
+            if($args->allow_mailing!='Y') $args->allow_mailing = 'N';
+            if($args->denied!='Y') $args->denied = 'N';
+            $args->allow_message= 'Y';
+
+            if($logged_info->is_admin == 'Y') {
+                if($args->is_admin!='Y') $args->is_admin = 'N';
+            } else {
+                unset($args->is_admin);
+            }
+
+            list($args->email_id, $args->email_host) = explode('@', $args->email_address);
+
+            // 홈페이지, 블로그의 주소 검사
+            if($args->homepage && !preg_match("/^[a-z]+:\/\//i",$args->homepage)) $args->homepage = 'http://'.$args->homepage;
+            if($args->blog && !preg_match("/^[a-z]+:\/\//i",$args->blog)) $args->blog = 'http://'.$args->blog;
+
+            // 모델 객체 생성
+            $oMemberModel = &getModel('member');
+            // 금지 아이디인지 체크
+            if($oMemberModel->isDeniedID($args->user_id)) return new Object(-1,'denied_user_id');
+
+            // 아이디, 닉네임, email address 의 중복 체크
+            $member_srl = $oMemberModel->getMemberSrlByUserID($args->user_id);
+            if($member_srl) return new Object(-1,'msg_exists_user_id');
+
+            $member_srl = $oMemberModel->getMemberSrlByNickName($args->nick_name);
+            if($member_srl) return new Object(-1,'msg_exists_nick_name');
+
+            $member_srl = $oMemberModel->getMemberSrlByEmailAddress($args->email_address);
+            if($member_srl) return new Object(-1,'msg_exists_email_address');
+
+            $oDB = &DB::getInstance();
+            $oDB->begin();
+
+            // DB에 입력
+            $args->member_srl = getNextSequence();
+            $args->list_order = -1 * $args->member_srl;
+			$args->nick_name = htmlspecialchars($args->nick_name);
+			$args->homepage = htmlspecialchars($args->homepage);
+			$args->blog = htmlspecialchars($args->blog);
+            if($args->password && !$password_is_hashed) $args->password = md5($args->password);
+            elseif(!$args->password) unset($args->password);
+
+            $output = executeQuery('member.insertMember', $args);
+            if(!$output->toBool()) {
+                $oDB->rollback();
+                return $output;
+            }
+
+            // 입력된 그룹 값이 없으면 기본 그룹의 값을 등록
+            if(!$args->group_srl_list) {
+                $default_group = $oMemberModel->getDefaultGroup(0);
+
+                // 기본 그룹에 추가
+                $output = $this->addMemberToGroup($args->member_srl,$default_group->group_srl);
+                if(!$output->toBool()) {
+                    $oDB->rollback();
+                    return $output;
+                }
+
+            // 입력된 그룹 값이 있으면 해당 그룹의 값을 등록
+            } else {
+                $group_srl_list = explode('|@|', $args->group_srl_list);
+                for($i=0;$i<count($group_srl_list);$i++) {
+                    $output = $this->addMemberToGroup($args->member_srl,$group_srl_list[$i]);
+
+                    if(!$output->toBool()) {
+                        $oDB->rollback();
+                        return $output;
+                    }
+                }
+            }
+
+            // 메일 인증 모드 사용시(가입된 회원이 denied일 때) 인증 메일 발송
+            if ($args->denied == 'Y') {
+                // 인증 DB에 데이터를 넣음
+                $auth_args->user_id = $args->user_id;
+                $auth_args->member_srl = $args->member_srl;
+                $auth_args->new_password = $args->password;
+                $auth_args->auth_key = md5(rand(0, 999999));
+                $auth_args->is_register = 'Y';
+
+                $output = executeQuery('member.insertAuthMail', $auth_args);
+                if (!$output->toBool()) {
+                    $oDB->rollback();
+                    return $output;
+                }
+
+                // 메일 내용을 구함
+                Context::set('auth_args', $auth_args);
+                Context::set('member_info', $args);
+
+                $member_config = $oModuleModel->getModuleConfig('member');
+                if(!$member_config->skin) $member_config->skin = "default";
+                if(!$member_config->colorset) $member_config->colorset = "white";
+
+                Context::set('member_config', $member_config);
+
+                $tpl_path = sprintf('%sskins/%s', $this->module_path, $member_config->skin);
+                if(!is_dir($tpl_path)) $tpl_path = sprintf('%sskins/%s', $this->module_path, 'default');
+
+                $auth_url = getFullUrl('','module','member','act','procMemberAuthAccount','member_srl',$args->member_srl, 'auth_key',$auth_args->auth_key);
+                Context::set('auth_url', $auth_url);
+
+                $oTemplate = &TemplateHandler::getInstance();
+                $content = $oTemplate->compile($tpl_path, 'confirm_member_account_mail');
+
+                // 사이트 웹마스터 정보를 구함
+                $oModuleModel = &getModel('module');
+                $member_config = $oModuleModel->getModuleConfig('member');
+
+                // 메일 발송
+                $oMail = new Mail();
+                $oMail->setTitle( Context::getLang('msg_confirm_account_title') );
+                $oMail->setContent($content);
+                $oMail->setSender( $member_config->webmaster_name?$member_config->webmaster_name:'webmaster', $member_config->webmaster_email);
+                $oMail->setReceiptor( $args->user_name, $args->email_address );
+                $oMail->send();
+            }
+
+            // trigger 호출 (after)
+            if($output->toBool()) {
+                $trigger_output = ModuleHandler::triggerCall('member.insertMember', 'after', $args);
+                if(!$trigger_output->toBool()) {
+                    $oDB->rollback();
+                    return $trigger_output;
+                }
+            }
+
+            $oDB->commit(true);
+
+            $output->add('member_srl', $args->member_srl);
+            return $output;
+        }
+
+        /**
+         * @brief member 정보 수정
+         **/
+        function updateMember($args) {
+            // trigger 호출 (before)
+            $output = ModuleHandler::triggerCall('member.updateMember', 'before', $args);
+            if(!$output->toBool()) return $output;
+
+            // 모델 객체 생성
+            $oMemberModel = &getModel('member');
+
+            $logged_info = Context::get('logged_info');
+
+            // 수정하려는 대상의 원래 정보 가져오기
+            $member_info = $oMemberModel->getMemberInfoByMemberSrl($args->member_srl);
+            if(!$args->user_id) $args->user_id = $member_info->user_id;
+
+            // 필수 변수들의 조절
+            if($args->allow_mailing!='Y') $args->allow_mailing = 'N';
+            if($args->allow_message && !in_array($args->allow_message, array('Y','N','F'))) $args->allow_message = 'Y';
+
+            if($logged_info->is_admin == 'Y') {
+                if($args->denied!='Y') $args->denied = 'N';
+                if($args->is_admin!='Y' && $logged_info->member_srl != $args->member_srl) $args->is_admin = 'N';
+            } else {
+                unset($args->is_admin);
+                unset($args->denied);
+            }
+
+            list($args->email_id, $args->email_host) = explode('@', $args->email_address);
+
+            // 홈페이지, 블로그의 주소 검사
+            if($args->homepage && !preg_match("/^[a-z]+:\/\//is",$args->homepage)) $args->homepage = 'http://'.$args->homepage;
+            if($args->blog && !preg_match("/^[a-z]+:\/\//is",$args->blog)) $args->blog = 'http://'.$args->blog;
+
+            // 아이디, 닉네임, email address 의 중복 체크
+            $member_srl = $oMemberModel->getMemberSrlByUserID($args->user_id);
+            if($member_srl&&$args->member_srl!=$member_srl) return new Object(-1,'msg_exists_user_id');
+
+            $member_srl = $oMemberModel->getMemberSrlByNickName($args->nick_name);
+            if($member_srl&&$args->member_srl!=$member_srl) return new Object(-1,'msg_exists_nick_name');
+
+            $member_srl = $oMemberModel->getMemberSrlByEmailAddress($args->email_address);
+            if($member_srl&&$args->member_srl!=$member_srl) return new Object(-1,'msg_exists_email_address');
+
+            $oDB = &DB::getInstance();
+            $oDB->begin();
+
+            // DB에 update
+            if($args->password) $args->password = md5($args->password);
+            else $args->password = $member_info->password;
+            if(!$args->user_name) $args->user_name = $member_info->user_name;
+			$args->nick_name = htmlspecialchars($args->nick_name);
+			$args->homepage = htmlspecialchars($args->homepage);
+			$args->blog = htmlspecialchars($args->blog);
+
+			if(!$args->description) $args->description = '';
+            $output = executeQuery('member.updateMember', $args);
+            if(!$output->toBool()) {
+                $oDB->rollback();
+                return $output;
+            }
+
+            // 그룹 정보가 있으면 그룹 정보를 변경
+            if($args->group_srl_list) {
+                $group_srl_list = explode('|@|', $args->group_srl_list);
+                $args->site_srl = 0;
+
+                // 일단 해당 회원의 모든 그룹 정보를 삭제
+                $output = executeQuery('member.deleteMemberGroupMember', $args);
+                if(!$output->toBool()) {
+                    $oDB->rollback();
+                    return $output;
+                }
+
+                // 하나 하나 루프를 돌면서 입력
+                for($i=0;$i<count($group_srl_list);$i++) {
+                    $output = $this->addMemberToGroup($args->member_srl,$group_srl_list[$i]);
+                    if(!$output->toBool()) {
+                        $oDB->rollback();
+                        return $output;
+                    }
+                }
+            }
+
+            // trigger 호출 (after)
+            if($output->toBool()) {
+                $trigger_output = ModuleHandler::triggerCall('member.updateMember', 'after', $args);
+                if(!$trigger_output->toBool()) {
+                    $oDB->rollback();
+                    return $trigger_output;
+                }
+            }
+
+            $oDB->commit();
+
+            // 세션에 저장
+            $member_info = $oMemberModel->getMemberInfoByMemberSrl($args->member_srl);
+
+            $logged_info = Context::get('logged_info');
+            if($logged_info->member_srl == $member_srl) {
+                $_SESSION['logged_info'] = $member_info;
+            }
+
+            $output->add('member_srl', $args->member_srl);
+            return $output;
+        }
+
+        /**
+         * @brief member 비밀번호 수정
+         **/
+        function updateMemberPassword($args) {
+            $output = executeQuery('member.updateChangePasswordDate', $args);
+            $args->password = md5($args->password);
+            return executeQuery('member.updateMemberPassword', $args);
+        }
+
+        /**
+         * @brief 사용자 삭제
+         **/
+        function deleteMember($member_srl) {
+            // trigger 호출 (before)
+            $trigger_obj->member_srl = $member_srl;
+            $output = ModuleHandler::triggerCall('member.deleteMember', 'before', $trigger_obj);
+            if(!$output->toBool()) return $output;
+
+            // 모델 객체 생성
+            $oMemberModel = &getModel('member');
+
+            // 해당 사용자의 정보를 가져옴
+            $member_info = $oMemberModel->getMemberInfoByMemberSrl($member_srl);
+            if(!$member_info) return new Object(-1, 'msg_not_exists_member');
+
+            // 관리자의 경우 삭제 불가능
+            if($member_info->is_admin == 'Y') return new Object(-1, 'msg_cannot_delete_admin');
+
+            $oDB = &DB::getInstance();
+            $oDB->begin();
+
+            $args->member_srl = $member_srl;
+            // member_auth_mail에서 해당 항목들 삭제
+            $output = executeQuery('member.deleteAuthMail', $args);
+            if (!$output->toBool()) {
+                $oDB->rollback();
+                return $output;
+            }
+
+            //  member_openid에서 해당 항목들 삭제
+            $output = executeQuery('member.deleteMemberOpenIDByMemberSrl', $ags);
+
+            //  TODO: 테이블 업그레이드를 하지 않은 경우에 실패할 수 있다.
+            /*
+            if(!$output->toBool()) {
+                $oDB->rollback();
+                return $output;
+            }
+            */
+
+            // member_group_member에서 해당 항목들 삭제
+            $output = executeQuery('member.deleteMemberGroupMember', $args);
+            if(!$output->toBool()) {
+                $oDB->rollback();
+                return $output;
+            }
+
+            // member 테이블에서 삭제
+            $output = executeQuery('member.deleteMember', $args);
+            if(!$output->toBool()) {
+                $oDB->rollback();
+                return $output;
+            }
+
+            // trigger 호출 (after)
+            if($output->toBool()) {
+                $trigger_output = ModuleHandler::triggerCall('member.deleteMember', 'after', $trigger_obj);
+                if(!$trigger_output->toBool()) {
+                    $oDB->rollback();
+                    return $trigger_output;
+                }
+            }
+
+            $oDB->commit();
+
+            // 이름이미지, 이미지마크, 서명 삭제
+            $this->procMemberDeleteImageName();
+            $this->procMemberDeleteImageMark();
+            $this->delSignature($member_srl);
+
+            return $output;
+        }
+
+        /**
+         * @brief 모든 세션 정보 파기
+         **/
+        function destroySessionInfo() {
+            if(!$_SESSION || !is_array($_SESSION)) return;
+            foreach($_SESSION as $key => $val) {
+                $_SESSION[$key] = '';
+            }
+            session_destroy();
+            setcookie(session_name(), '', time()-42000, '/');
+            setcookie('sso','',time()-42000, '/');
+
+            if($_COOKIE['xeak']) {
+                $args->autologin_key = $_COOKIE['xeak'];
+                executeQuery('member.deleteAutologin', $args);
+            }
+        }
+    }
+?>
+>>>>>>> .merge-right.r9269
diff --git a/modules/member/queries/getMemberList.xml b/modules/member/queries/getMemberList.xml
index 56fb025a2..6b9fb7bc6 100644
--- a/modules/member/queries/getMemberList.xml
+++ b/modules/member/queries/getMemberList.xml
@@ -13,6 +13,7 @@
             <condition operation="like" column="user_id" var="s_user_id" />
             <condition operation="like" column="user_name" var="s_user_name" pipe="or" />
             <condition operation="like" column="nick_name" var="s_nick_name" pipe="or" />
+            <condition operation="like" column="nick_name" var="html_nick_name" pipe="or" />
             <condition operation="like" column="email_address" var="s_email_address" pipe="or" />
             <condition operation="like" column="extra_vars" var="s_extra_vars" pipe="or" />
             <condition operation="like_prefix" column="regdate" var="s_regdate" pipe="or" />
diff --git a/modules/member/queries/getMemberListWithinGroup.xml b/modules/member/queries/getMemberListWithinGroup.xml
index 3470dc9e0..9d1dc2705 100644
--- a/modules/member/queries/getMemberListWithinGroup.xml
+++ b/modules/member/queries/getMemberListWithinGroup.xml
@@ -16,6 +16,7 @@
             <condition operation="like" column="member.user_id" var="s_user_id" />
             <condition operation="like" column="member.user_name" var="s_user_name" pipe="or" />
             <condition operation="like" column="member.nick_name" var="s_nick_name" pipe="or" />
+            <condition operation="like" column="member.nick_name" var="html_nick_name" pipe="or" />
             <condition operation="like" column="member.email_address" var="s_email_address" pipe="or" />
             <condition operation="like" column="extra_vars" var="s_extra_vars" pipe="or" />
             <condition operation="like_prefix" column="member.regdate" var="s_regdate" pipe="or" />
diff --git a/modules/member/tpl/group_list.html b/modules/member/tpl/group_list.html
index c0e77b446..d3d943aa9 100644
--- a/modules/member/tpl/group_list.html
+++ b/modules/member/tpl/group_list.html
@@ -131,4 +131,4 @@
 			<a href="{getUrl('', 'module','admin', 'act', 'dispModuleAdminFileBox')}" target="_blank">{$lang->link_file_box}</a>
 		</div>
 	</div>
-</div>
+</div>
\ No newline at end of file
diff --git a/modules/member/tpl/join_form_list.html b/modules/member/tpl/join_form_list.html
index 63888578c..1acef3440 100644
--- a/modules/member/tpl/join_form_list.html
+++ b/modules/member/tpl/join_form_list.html
@@ -23,7 +23,7 @@
 <tbody>
     <!--@foreach($form_list as $no => $val)-->
     <tr class="row{$cycle_idx}">
-        <td>{htmlspecialchars($val->column_title)}</td>
+        <td>{$val->column_title}</td>
         <td>{$val->column_name}</td>
         <td>{$lang->column_type_list[$val->column_type]}</td>
         <td>{$val->is_active}</td>
diff --git a/modules/menu/menu.admin.model.php b/modules/menu/menu.admin.model.php
index a89eaac3b..6e805219b 100644
--- a/modules/menu/menu.admin.model.php
+++ b/modules/menu/menu.admin.model.php
@@ -208,10 +208,16 @@
                 }
             }
             Context::set('item_info', $item_info);
-            // Compile the template file into tpl variable and then return it
-            $oTemplate = &TemplateHandler::getInstance();
-            $tpl = $oTemplate->compile($this->module_path.'tpl', 'menu_item_info');
+			//Security
+			$security = new Security();						
+			$security->encodeHTML('group_list..title');
+			$security->encodeHTML('item_info.url');
+			$security->encodeHTML('item_info.name');			
 
+			// Compile the template file into tpl variable and then return it
+            $oTemplate = &TemplateHandler::getInstance();
+            $tpl = $oTemplate->compile($this->module_path.'tpl', 'menu_item_info');			
+			
             $this->add('tpl', str_replace("\n"," ",$tpl));
         }
 
@@ -253,4 +259,4 @@
             return $moduleInfoList;
 		}
     }
-?>
+?>
\ No newline at end of file
diff --git a/modules/menu/menu.admin.view.php b/modules/menu/menu.admin.view.php
index 04cb6b586..972ff5eef 100644
--- a/modules/menu/menu.admin.view.php
+++ b/modules/menu/menu.admin.view.php
@@ -30,10 +30,14 @@
 
             Context::set('total_count', $output->total_count);
             Context::set('total_page', $output->total_page);
-            Context::set('page', $output->page);
+            Context::set('page', $output->page);			
             Context::set('menu_list', $output->data);
-            Context::set('page_navigation', $output->page_navigation);
-
+			Context::set('page_navigation', $output->page_navigation);
+			
+			//Security
+			$security = new Security();
+			$security->encodeHTML('menu_list..title');	
+			
             $this->setTemplateFile('index');
         }
  
@@ -68,7 +72,12 @@
             if($menu_info->menu_srl != $menu_srl) return $this->dispMenuAdminContent();
 
             Context::set('menu_info', $menu_info);
-            // Set the layout to be pop-up
+
+			//Security
+			$security = new Security();
+			$security->encodeHTML('menu_info..title');			
+
+			// Set the layout to be pop-up
             $this->setTemplateFile('menu_management');
         }
 
@@ -93,7 +102,14 @@
             Context::set('mid_list', $mid_list);
             // Set the menu as a pop-up
             $this->setLayoutFile('popup_layout');
-            // Set a template file
+			//Security
+			$security = new Security();
+			$security->encodeHTML('module_category..title');
+			$security->encodeHTML('module_list..module');
+			$security->encodeHTML('mid_list..module');
+			$security->encodeHTML('mid_list..browser_title');			
+
+			// Set a template file
             $this->setTemplateFile('mid_list');
         }
 
diff --git a/modules/menu/tpl/index.html b/modules/menu/tpl/index.html
index 3dd1fff47..20bd983f5 100644
--- a/modules/menu/tpl/index.html
+++ b/modules/menu/tpl/index.html
@@ -1,3 +1,4 @@
+<<<<<<< .working
 <!--%import("filter/delete_menu.xml")-->
 <!--%import("js/menu_admin.js")-->
 
@@ -49,3 +50,56 @@
     <!--@end-->
     <a href="{getUrl('page',$page_navigation->last_page,'module_srl','')}" class="nextEnd">{$lang->last_page}</a>
 </div>
+=======
+<!--%import("filter/delete_menu.xml")-->
+<!--%import("js/menu_admin.js")-->
+
+<!--#include("header.html")-->
+
+<!-- 삭제를 위한 임시 form -->
+<form id="fo_menu" action="./" method="get">
+    <input type="hidden" name="menu_srl" value="" />
+</form>
+
+<!-- 목록 -->
+<table cellspacing="0" class="crossTable">
+<caption>Total {number_format($total_count)}, Page {number_format($page)}/{number_format($total_page)}</caption>
+<thead>
+    <tr>
+        <th scope="col"><div>{$lang->no}</div></th>
+        <th scope="col" class="wide"><div>{$lang->title}</div></th>
+        <th scope="col"><div>{$lang->regdate}</div></th>
+        <th scope="col" colspan="2"><div>&nbsp;</div></th>
+    </tr>
+</thead>
+<tbody>
+    <!--@foreach($menu_list as $no => $val)-->
+    <tr class="row{$cycle_idx}">
+        <td class="number center">{$no}</td>
+        <td class="wide">{$val->title}</td>
+        <td class="nowrap">{zdate($val->regdate,"Y-m-d")}</td>
+        <td><a href="{getUrl('act','dispMenuAdminManagement','menu_srl',$val->menu_srl)}" class="buttonSet buttonSetting"><span>{$lang->cmd_setup}</span></a></td>
+        <td><a href="#" onclick="doDeleteMenu('{$val->menu_srl}');return false;" title="{$lang->cmd_delete}" class="buttonSet buttonDelete"><span>{$lang->cmd_delete}</span></a></td>
+    </tr>
+    <!--@end-->
+    <tr>
+        <th colspan="5" class="button">
+            <a href="{getUrl('act','dispMenuAdminInsert','module_srl','')}" class="button black strong"><span>{$lang->cmd_make}</span></a>
+        </th>
+    </tr>
+</tbody>
+</table>
+
+<!-- 페이지 네비게이션 -->
+<div class="pagination a1">
+    <a href="{getUrl('page','','module_srl','')}" class="prevEnd">{$lang->first_page}</a> 
+    <!--@while($page_no = $page_navigation->getNextPage())-->
+        <!--@if($page == $page_no)-->
+            <strong>{$page_no}</strong> 
+        <!--@else-->
+            <a href="{getUrl('page',$page_no,'module_srl','')}">{$page_no}</a> 
+        <!--@end-->
+    <!--@end-->
+    <a href="{getUrl('page',$page_navigation->last_page,'module_srl','')}" class="nextEnd">{$lang->last_page}</a>
+</div>
+>>>>>>> .merge-right.r9269
diff --git a/modules/menu/tpl/menu_item_info.html b/modules/menu/tpl/menu_item_info.html
index b23b95a7d..4e3f52b1b 100644
--- a/modules/menu/tpl/menu_item_info.html
+++ b/modules/menu/tpl/menu_item_info.html
@@ -22,14 +22,14 @@
         <tr>
             <th scope="row"><div>{$lang->menu_name}</div></th>
             <td>
-                <input type="text" name="menu_name" id="menu_name" value="{htmlspecialchars($item_info->name)}" class="inputTypeText w300"/>
+                <input type="text" name="menu_name" id="menu_name" value="{$item_info->name}" class="inputTypeText w300"/>
                 <a href="{getUrl('','module','module','act','dispModuleAdminLangcode','target','menu_name')}" onclick="popopen(this.href);return false;" class="buttonSet buttonSetting"><span>{$lang->cmd_find_langcode}</span></a>
             </td>
         </tr>
         <tr>
             <th scope="row"><div>{$lang->menu_url}</div></th>
             <td>
-                <input type="text" name="menu_url" value="{htmlspecialchars($item_info->url)}" class="inputTypeText" />
+                <input type="text" name="menu_url" value="{$item_info->url}" class="inputTypeText" />
                 <a href="{getUrl('module','menu','act','dispMenuAdminMidList')}" onclick="popopen(this.href);return false;" class="button black"><span>{$lang->cmd_search_mid}</span> </a>
                 <p class="clear">{$lang->about_menu_url}</p>
             </td>
diff --git a/modules/menu/tpl/menu_management.html b/modules/menu/tpl/menu_management.html
index 38c4da962..47d5a909c 100644
--- a/modules/menu/tpl/menu_management.html
+++ b/modules/menu/tpl/menu_management.html
@@ -27,7 +27,7 @@
                 <th scope="col"><div>{$lang->title}</div></th>
                 <td>
                     <div class="fl">
-                        <input type="text" name="title" value="{htmlspecialchars($menu_info->title)}" class="inputTypeText" />
+                        <input type="text" name="title" value="{$menu_info->title}" class="inputTypeText" />
                     </div>
                     <div class="fr">
                         <span class="button"><input type="submit" value="{$lang->cmd_modify}" /></span>
diff --git a/modules/menu/tpl/mid_list.html b/modules/menu/tpl/mid_list.html
index a74053c92..d61b6c3b1 100644
--- a/modules/menu/tpl/mid_list.html
+++ b/modules/menu/tpl/mid_list.html
@@ -33,6 +33,7 @@
       </tr>
     </thead>
     <tbody>
+
     <!--@foreach($mid_list as $key => $val)-->
     <tr>
         <td class="nowrap center">
diff --git a/modules/message/message.admin.view.php b/modules/message/message.admin.view.php
index 4797e8699..dd2594445 100644
--- a/modules/message/message.admin.view.php
+++ b/modules/message/message.admin.view.php
@@ -1,3 +1,4 @@
+<<<<<<< .working
 <?php
     /**
      * @class  messageAdminView
@@ -31,3 +32,45 @@
 
     }
 ?>
+=======
+<?php
+    /**
+     * @class  messageAdminView
+     * @author NHN (developers@xpressengine.com)
+     * @brief  message모듈의 admin view class
+     **/
+
+    class messageAdminView extends message {
+
+        /**
+         * @brief 초기화
+         **/
+        function init() {
+        }
+
+        /**
+         * @brief 설정 
+         **/
+        function dispMessageAdminConfig() {
+            // 스킨 목록을 구해옴
+            $oModuleModel = &getModel('module');
+            $skin_list = $oModuleModel->getskins($this->module_path);
+            Context::set('skin_list', $skin_list);
+
+            // 설정 정보를 받아옴 (module model 객체를 이용)
+            $config = $oModuleModel->getModuleConfig('message');
+            Context::set('config',$config);
+
+            // 템플릿 파일 지정
+            $this->setTemplatePath($this->module_path.'tpl');
+			
+			//Security
+			$security = new Security();
+			$security->encodeHTML('skin_list..title');				
+			
+            $this->setTemplateFile('config');
+        }
+
+    }
+?>
+>>>>>>> .merge-right.r9269
diff --git a/modules/module/module.admin.controller.php b/modules/module/module.admin.controller.php
index 84e0a6f77..c2fd38860 100644
--- a/modules/module/module.admin.controller.php
+++ b/modules/module/module.admin.controller.php
@@ -1,3 +1,4 @@
+<<<<<<< .working
 <?php
     /**
      * @class  moduleAdminController
@@ -592,3 +593,492 @@
 
     }
 ?>
+=======
+<?php
+    /**
+     * @class  moduleAdminController
+     * @author NHN (developers@xpressengine.com)
+     * @brief  module 모듈의 admin controller class
+     **/
+
+    class moduleAdminController extends module {
+
+        /**
+         * @brief 초기화
+         **/
+        function init() {
+        }
+
+        /**
+         * @brief 모듈 카테고리 추가
+         **/
+        function procModuleAdminInsertCategory() {
+            $args->title = Context::get('title');
+            $output = executeQuery('module.insertModuleCategory', $args);
+            if(!$output->toBool()) return $output;
+
+            $this->setMessage("success_registed");
+        }
+
+        /**
+         * @brief 카테고리의 내용 수정
+         **/
+        function procModuleAdminUpdateCategory() {
+            $mode = Context::get('mode');
+
+            switch($mode) {
+                case 'delete' :
+                        $output = $this->doDeleteModuleCategory();
+                        $msg_code = 'success_deleted';
+                    break;
+                case 'update' :
+                        $output = $this->doUpdateModuleCategory();
+                        $msg_code = 'success_updated';
+                    break;
+            }
+            if(!$output->toBool()) return $output;
+
+            $this->setMessage($msg_code);
+        }
+
+        /**
+         * @brief 모듈 카테고리의 제목 변경
+         **/
+        function doUpdateModuleCategory() {
+            $args->title = Context::get('title');
+            $args->module_category_srl = Context::get('module_category_srl');
+            return executeQuery('module.updateModuleCategory', $args);
+        }
+
+        /**
+         * @brief 모듈 카테고리 삭제
+         **/
+        function doDeleteModuleCategory() {
+            $args->module_category_srl = Context::get('module_category_srl');
+            return executeQuery('module.deleteModuleCategory', $args);
+        }
+
+        /**
+         * @brief 모듈 복사
+         **/
+        function procModuleAdminCopyModule() {
+            // 복사하려는 대상 모듈의 정보를 구함
+            $module_srl = Context::get('module_srl');
+            if(!$module_srl) return;
+
+            // 새로 생성하려는 모듈들의 이름/브라우저 제목을 구함
+            $clones = array();
+            $args = Context::getAll();
+            for($i=1;$i<=10;$i++) {
+                $mid = trim($args->{"mid_".$i});
+                if(!$mid) continue;
+                if(!preg_match("/^[a-zA-Z]([a-zA-Z0-9_]*)$/i", $mid)) return new Object(-1, 'msg_limit_mid');
+                $browser_title = $args->{"browser_title_".$i};
+                if(!$mid) continue;
+                if($mid && !$browser_title) $browser_title = $mid;
+                $clones[$mid] = $browser_title;
+            }
+            if(!count($clones)) return;
+
+            $oModuleModel = &getModel('module');
+            $oModuleController = &getController('module');
+
+            // 모듈 정보 가져옴
+            $module_info = $oModuleModel->getModuleInfoByModuleSrl($module_srl);
+
+            // 권한 정보 가져옴
+            $module_args->module_srl = $module_srl;
+            $output = executeQueryArray('module.getModuleGrants', $module_args);
+            $grant = array();
+            if($output->data) {
+                foreach($output->data as $key => $val) $grant[$val->name][] = $val->group_srl;
+            }
+
+
+            $oDB = &DB::getInstance();
+            $oDB->begin();
+
+            // 모듈 복사
+            foreach($clones as $mid => $browser_title) {
+                $clone_args = null;
+                $clone_args = clone($module_info);
+                $clone_args->module_srl = null;
+                $clone_args->content = null;
+                $clone_args->mid = $mid;
+                $clone_args->browser_title = $browser_title;
+                $clone_args->is_default = 'N';
+
+                // 모듈 생성
+                $output = $oModuleController->insertModule($clone_args);
+                $module_srl = $output->get('module_srl');
+
+                // 권한 정보 등록
+                if(count($grant)) $oModuleController->insertModuleGrants($module_srl, $grant);
+            }
+
+            $oDB->commit();
+            $this->setMessage('success_registed');
+        }
+
+        /**
+         * @brief 모듈 권한 저장
+         **/
+        function procModuleAdminInsertGrant() {
+            $oModuleController = &getController('module');
+            $oModuleModel = &getModel('module');
+
+            // 모듈 번호 구함
+            $module_srl = Context::get('module_srl');
+
+            // 해당 모듈의 정보를 구함
+            $module_info = $oModuleModel->getModuleInfoByModuleSrl($module_srl);
+            if(!$module_info) return new Object(-1,'msg_invalid_request');
+
+            // 관리자 아이디 등록
+            $oModuleController->deleteAdminId($module_srl);
+            $admin_member = Context::get('admin_member');
+            if($admin_member) {
+                $admin_members = explode(',',$admin_member);
+                for($i=0;$i<count($admin_members);$i++) {
+                    $admin_id = trim($admin_members[$i]);
+                    if(!$admin_id) continue;
+                    $oModuleController->insertAdminId($module_srl, $admin_id);
+
+                }
+            }
+
+            // 권한 정리
+            $xml_info = $oModuleModel->getModuleActionXML($module_info->module);
+
+            $grant_list = $xml_info->grant;
+
+            $grant_list->access->default = 'guest';
+            $grant_list->manager->default = 'manager';
+
+            foreach($grant_list as $grant_name => $grant_info) {
+                // default값을 구함
+                $default = Context::get($grant_name.'_default');
+
+                // -1 = 로그인 사용자만, -2 = 사이트 가입자만, 0 = 모든 사용자
+                if(strlen($default)){
+                    $grant->{$grant_name}[] = $default;
+                    continue;
+
+                // 특정 그룹 사용자
+                } else {
+                    $group_srls = Context::get($grant_name);
+                    if($group_srls) {
+                        if(strpos($group_srls,'|@|')!==false) $group_srls = explode('|@|',$group_srls);
+                        elseif(strpos($group_srls,',')!==false) $group_srls = explode(',',$group_srls);
+                        else $group_srls = array($group_srls);
+                        $grant->{$grant_name} = $group_srls;
+                    }
+                    continue;
+                }
+                $grant->{$group_srls} = array();
+            }
+            
+            // DB에 저장
+            $args->module_srl = $module_srl;
+            $output = executeQuery('module.deleteModuleGrants', $args);
+            if(!$output->toBool()) return $output;
+
+            // DB에 권한 저장 
+			if ($grant){
+				foreach($grant as $grant_name => $group_srls) {
+					foreach($group_srls as $key => $val) {
+						$args = null;
+						$args->module_srl = $module_srl;
+						$args->name = $grant_name;
+						$args->group_srl = $val;
+						$output = executeQuery('module.insertModuleGrant', $args);
+						if(!$output->toBool()) return $output;
+					}
+				}
+			}
+            $this->setMessage('success_registed');
+        }
+
+        /**
+         * @brief 스킨 정보 업데이트
+         **/
+        function procModuleAdminUpdateSkinInfo() {
+            // module_srl에 해당하는 정보들을 가져오기
+            $module_srl = Context::get('module_srl');
+
+            $oModuleModel = &getModel('module');
+            $module_info = $oModuleModel->getModuleInfoByModuleSrl($module_srl);
+            if($module_info->module_srl) {
+                $skin = $module_info->skin;
+
+                // 스킨의 정보를 구해옴 (extra_vars를 체크하기 위해서)
+                $module_path = './modules/'.$module_info->module;
+                $skin_info = $oModuleModel->loadSkinInfo($module_path, $skin);
+                $skin_vars = $oModuleModel->getModuleSkinVars($module_srl);
+                // 입력받은 변수들을 체크 (mo, act, module_srl, page등 기본적인 변수들 없앰)
+                $obj = Context::getRequestVars();
+                unset($obj->act);
+                unset($obj->module_srl);
+                unset($obj->page);
+                unset($obj->mid);
+                unset($obj->module);
+
+                // 원 skin_info에서 extra_vars의 type이 image일 경우 별도 처리를 해줌
+                if($skin_info->extra_vars) {
+                    foreach($skin_info->extra_vars as $vars) {
+                        if($vars->type!='image') continue;
+
+                        $image_obj = $obj->{$vars->name};
+
+                        // 삭제 요청에 대한 변수를 구함
+                        $del_var = $obj->{"del_".$vars->name};
+                        unset($obj->{"del_".$vars->name});
+                        if($del_var == 'Y') {
+                            FileHandler::removeFile($skin_vars[$vars->name]->value);
+                            continue;
+                        }
+
+                        // 업로드 되지 않았다면 이전 데이터를 그대로 사용
+                        if(!$image_obj['tmp_name']) {
+                            $obj->{$vars->name} = $skin_vars[$vars->name]->value;
+                            continue;
+                        }
+
+                        // 정상적으로 업로드된 파일이 아니면 무시
+                        if(!is_uploaded_file($image_obj['tmp_name'])) {
+                            unset($obj->{$vars->name});
+                            continue;
+                        }
+
+                        // 이미지 파일이 아니어도 무시
+                        if(!preg_match("/\.(jpg|jpeg|gif|png)$/i", $image_obj['name'])) {
+                            unset($obj->{$vars->name});
+                            continue;
+                        }
+
+                        // 경로를 정해서 업로드
+                        $path = sprintf("./files/attach/images/%s/", $module_srl);
+
+                        // 디렉토리 생성
+                        if(!FileHandler::makeDir($path)) return false;
+
+                        $filename = $path.$image_obj['name'];
+
+                        // 파일 이동
+                        if(!move_uploaded_file($image_obj['tmp_name'], $filename)) {
+                            unset($obj->{$vars->name});
+                            continue;
+                        }
+
+                        // 정상 파일 업로드 
+                        FileHandler::removeFile($skin_vars[$vars->name]->value);
+                        // 변수를 바꿈
+                        unset($obj->{$vars->name});
+                        $obj->{$vars->name} = $filename;
+                    }
+                }
+                // 해당 모듈의 전체 스킨 불러와서 이미지는 제거
+                /*
+                if($skin_info->extra_vars) {
+                    foreach($skin_info->extra_vars as $vars) {
+                        if($vars->type!='image') continue;
+                        $value = $skin_vars[$vars->name];
+                        if(file_exists($value)) @unlink($value);
+                    }
+                }
+                */
+                $oModuleController = &getController('module');
+                $oModuleController->deleteModuleSkinVars($module_srl);
+
+                // 등록
+                $oModuleController->insertModuleSkinVars($module_srl, $obj);
+            }
+
+            $this->setLayoutPath('./common/tpl');
+            $this->setLayoutFile('default_layout.html');
+            $this->setTemplatePath('./modules/module/tpl');
+            $this->setTemplateFile("top_refresh.html");
+        }
+
+        /**
+         * @brief 모듈 일괄 정리
+         **/
+        function procModuleAdminModuleSetup() {
+            $vars = Context::getRequestVars();
+
+            if(!$vars->module_srls) return new Object(-1,'msg_invalid_request');
+
+            $module_srls = explode(',',$vars->module_srls);
+            if(!count($module_srls)) return new Object(-1,'msg_invalid_request');
+
+            $oModuleModel = &getModel('module');
+            $oModuleController= &getController('module');
+            foreach($module_srls as $module_srl) {
+                $module_info = $oModuleModel->getModuleInfoByModuleSrl($module_srl);
+                $module_info->module_category_srl = $vars->module_category_srl;
+                $module_info->layout_srl = $vars->layout_srl;
+                $module_info->skin = $vars->skin;
+                $module_info->description = $vars->description;
+                $module_info->header_text = $vars->header_text;
+                $module_info->footer_text = $vars->footer_text;
+                $oModuleController->updateModule($module_info);
+            }
+
+            $this->setMessage('success_registed');
+        }
+
+        /**
+         * @brief 모듈 권한 일괄 정리
+         **/
+        function procModuleAdminModuleGrantSetup() {
+            $module_srls = Context::get('module_srls');
+            if(!$module_srls) return new Object(-1,'msg_invalid_request');
+
+            $modules = explode(',',$module_srls);
+            if(!count($modules)) return new Object(-1,'msg_invalid_request');
+
+            $oModuleController = &getController('module');
+            $oModuleModel = &getModel('module');
+
+            $module_info = $oModuleModel->getModuleInfoByModuleSrl($modules[0]);
+            $xml_info = $oModuleModel->getModuleActionXml($module_info->module);
+            $grant_list = $xml_info->grant;
+
+            $grant_list->access->default = 'guest';
+            $grant_list->manager->default = 'manager';
+
+            foreach($grant_list as $grant_name => $grant_info) {
+                // default값을 구함
+                $default = Context::get($grant_name.'_default');
+
+                // -1 = 로그인 사용자만, 0 = 모든 사용자
+                if(strlen($default)){
+                    $grant->{$grant_name}[] = $default;
+                    continue;
+
+                // 특정 그룹 사용자
+                } else {
+                    $group_srls = Context::get($grant_name);
+                    if($group_srls) {
+                        if(strpos($group_srls,'|@|')!==false) $group_srls = explode('|@|',$group_srls);
+                        elseif(strpos($group_srls,',')!==false) $group_srls = explode(',',$group_srls);
+                        else $group_srls = array($group_srls);
+                        $grant->{$grant_name} = $group_srls;
+                    }
+                    continue;
+                }
+                $grant->{$group_srls} = array();
+            }
+
+            
+            // DB에 저장
+            foreach($modules as $module_srl) {
+                $args = null;
+                $args->module_srl = $module_srl;
+                $output = executeQuery('module.deleteModuleGrants', $args);
+                if(!$output->toBool()) continue;
+
+                // DB에 권한 저장 
+                foreach($grant as $grant_name => $group_srls) {
+                    foreach($group_srls as $key => $val) {
+                        $args = null;
+                        $args->module_srl = $module_srl;
+                        $args->name = $grant_name;
+                        $args->group_srl = $val;
+                        $output = executeQuery('module.insertModuleGrant', $args);
+                        if(!$output->toBool()) return $output;
+                    }
+                }
+            }
+            $this->setMessage('success_registed');
+        }
+
+        /**
+         * @brief 언어 추가/ 업데이트
+         **/
+        function procModuleAdminInsertLang() {
+            // 언어코드명 가져옴 
+            $site_module_info = Context::get('site_module_info');
+            $args->site_srl = (int)$site_module_info->site_srl;
+            $args->name = str_replace(' ','_',Context::get('lang_code'));
+            if(!$args->name) return new Object(-1,'msg_invalid_request');
+
+            // 언어코드가 있는지 조사
+            $output = executeQueryArray('module.getLang', $args);
+            if(!$output->toBool()) return $output;
+
+            // 있으면 업데이트를 위해 기존 값들을 지움
+            if($output->data) $output = executeQuery('module.deleteLang', $args);
+            if(!$output->toBool()) return $output;
+
+            // 입력
+            $lang_supported = Context::get('lang_supported');
+            foreach($lang_supported as $key => $val) {
+                $args->lang_code = $key;
+                $args->value = trim(Context::get($key));
+                if(!$args->value) {
+                    $args->value = Context::get(strtolower($key));
+                    if(!$args->value) $args->value = $args->name;
+                }
+                $output = executeQuery('module.insertLang', $args);
+                if(!$output->toBool()) return $output;
+            }
+            $this->makeCacheDefinedLangCode($args->site_srl);
+
+            $this->add('name', $args->name);
+        }
+
+        /**
+         * @brief 언어 제거
+         **/
+        function procModuleAdminDeleteLang() {
+            // 언어코드명 가져옴 
+            $site_module_info = Context::get('site_module_info');
+            $args->site_srl = (int)$site_module_info->site_srl;
+            $args->name = str_replace(' ','_',Context::get('name'));
+            if(!$args->name) return new Object(-1,'msg_invalid_request');
+
+            $output = executeQuery('module.deleteLang', $args);
+            if(!$output->toBool()) return $output;
+            $this->makeCacheDefinedLangCode($args->site_srl);
+        }
+
+        /**
+         * @brief 사용자 정이 언어코드 파일 저장
+         **/
+        function makeCacheDefinedLangCode($site_srl = 0) {
+            // 현재 사이트의 언어파일 가져오기
+            if(!$site_srl) {
+                $site_module_info = Context::get('site_module_info');
+                $args->site_srl = (int)$site_module_info->site_srl;
+            } else {
+                $args->site_srl = $site_srl;
+            }
+            $output = executeQueryArray('module.getLang', $args);
+            if(!$output->toBool() || !$output->data) return;
+
+            // 캐시 디렉토리 설정
+            $cache_path = _XE_PATH_.'files/cache/lang_defined/';
+            if(!is_dir($cache_path)) FileHandler::makeDir($cache_path);
+
+            $lang_supported = Context::get('lang_supported');
+            foreach($lang_supported as $key => $val) {
+                $fp[$key] = fopen( sprintf('%s/%d.%s.php', $cache_path, $args->site_srl, $key), 'w' );
+                if(!$fp[$key]) return;
+                fwrite($fp[$key],"<?php if(!defined('__ZBXE__')) exit(); \r\n");
+            }
+
+            foreach($output->data as $key => $val) {
+                if($fp[$val->lang_code]) fwrite($fp[$val->lang_code], sprintf('$lang["%s"] = "%s";'."\r\n", $val->name, str_replace('"','\\"',$val->value)));
+            }
+
+            foreach($lang_supported as $key => $val) {
+                if(!$fp[$key]) continue;
+                fwrite($fp[$key],"?>");
+                fclose($fp[$key]);
+            }
+        }
+
+    }
+?>
+>>>>>>> .merge-right.r9269
diff --git a/modules/module/module.admin.model.php b/modules/module/module.admin.model.php
index c364e9d5f..f589a7b92 100644
--- a/modules/module/module.admin.model.php
+++ b/modules/module/module.admin.model.php
@@ -96,7 +96,13 @@
             $oMemberModel = &getModel('member');
             $group_list = $oMemberModel->getGroups($module_info->site_srl);
             Context::set('group_list', $group_list);
-            // Get information of module_grants
+
+			//Security			
+			$security = new Security();
+			$security->encodeHTML('group_list..title');
+			$security->encodeHTML('group_list..description');
+
+			// Get information of module_grants
             $oTemplate = &TemplateHandler::getInstance();
             return $oTemplate->compile($this->module_path.'tpl', 'module_grants');
         }
@@ -132,7 +138,13 @@
             Context::set('module_info', $module_info);
             Context::set('mid', $module_info->mid);
             Context::set('skin_info', $skin_info);
-            Context::set('skin_vars', $skin_vars);
+            Context::set('skin_vars', $skin_vars);	
+			
+			//Security
+			$security = new Security(); 
+			$security->encodeHTML('mid');
+			$security->encodeHTML('module_info.browser_title');
+			$security->encodeHTML('skin_info...');
 
             $oTemplate = &TemplateHandler::getInstance();
             return $oTemplate->compile($this->module_path.'tpl', 'skin_config');
diff --git a/modules/module/module.admin.view.php b/modules/module/module.admin.view.php
index 410eace80..8901126d8 100644
--- a/modules/module/module.admin.view.php
+++ b/modules/module/module.admin.view.php
@@ -62,6 +62,10 @@
 
             Context::set('favoriteModuleList', $favoriteModuleList);
 			Context::set('module_list', $module_list);
+
+			$security = new Security();
+			$security->encodeHTML('module_list....');
+
             // Set a template file
             $this->setTemplateFile('module_list');
 
@@ -75,7 +79,11 @@
             $oModuleModel = &getModel('module');
             $module_info = $oModuleModel->getModuleInfoXml(Context::get('selected_module'));
             Context::set('module_info', $module_info);
-            // Set the layout to be pop-up
+
+			$security = new Security();				
+			$security->encodeHTML('module_info...');
+
+			// Set the layout to be pop-up
             $this->setLayoutFile('popup_layout');
             // Set a template file
             $this->setTemplateFile('module_info');
@@ -90,16 +98,27 @@
             // Obtain a list of modules
             $oModuleModel = &getModel('module');
             // Display the category page if a category is selected
+			//Security
+			$security = new Security();				
+			
             if($module_category_srl) {
                 $selected_category  = $oModuleModel->getModuleCategory($module_category_srl);
                 Context::set('selected_category', $selected_category);
-                // Set a template file
+
+				//Security
+				$security->encodeHTML('selected_category.title');				
+
+				// Set a template file
                 $this->setTemplateFile('category_update_form');
             // If not selected, display a list of categories
             } else {
                 $category_list = $oModuleModel->getModuleCategories();
                 Context::set('category_list', $category_list);
-                // Set a template file
+
+				//Security
+				$security->encodeHTML('category_list..title');
+
+				// Set a template file
                 $this->setTemplateFile('category_list');
             }
         }
@@ -143,7 +162,13 @@
             // Get a list of module categories
             $module_category = $oModuleModel->getModuleCategories();
             Context::set('module_category', $module_category);
-            // Set the layout to be pop-up
+
+			$security = new Security();				
+			$security->encodeHTML('layout_list..title','layout_list..layout');
+			$security->encodeHTML('skin_list....');
+			$security->encodeHTML('module_category...')
+
+			// Set the layout to be pop-up
             $this->setLayoutFile('popup_layout');
             // Set a template file
             $this->setTemplateFile('module_setup');
@@ -201,7 +226,10 @@
             $oMemberModel = &getModel('member');
             $group_list = $oMemberModel->getGroups($module_info->site_srl);
             Context::set('group_list', $group_list);
-            // Set the layout to be pop-up
+			$security = new Security();				
+			$security->encodeHTML('group_list..title');
+
+			// Set the layout to be pop-up
             $this->setLayoutFile('popup_layout');
             // Set a template file
             $this->setTemplateFile('module_grant_setup');
diff --git a/modules/module/tpl/skin_config.html b/modules/module/tpl/skin_config.html
index bdaaded02..8506ff858 100644
--- a/modules/module/tpl/skin_config.html
+++ b/modules/module/tpl/skin_config.html
@@ -84,11 +84,11 @@
         <th scope="row"><div>{$val->title}</div></th>
         <td class="wide">
             <!--@if($val->type=="text")-->
-                <input type="text" name="{$val->name}" value="{htmlspecialchars($val->value)}" id="target{$val->name}" class="inputTypeText w400" />
+                <input type="text" name="{$val->name}" value="{$val->value}" id="target{$val->name}" class="inputTypeText w400" />
                 <a href="{getUrl('','module','module','act','dispModuleAdminLangcode','target','target'.$val->name)}" onclick="popopen(this.href);return false;" class="buttonSet buttonSetting"><span>{$lang->cmd_find_langcode}</span></a>
 
             <!--@elseif($val->type=="textarea")-->
-                <textarea name="{$val->name}" class="inputTypeTextArea w400" id="target{$val->name}">{htmlspecialchars($val->value)}</textarea>
+                <textarea name="{$val->name}" class="inputTypeTextArea w400" id="target{$val->name}">{$val->value}</textarea>
                 <a href="{getUrl('','module','module','act','dispModuleAdminLangcode','target','target'.$val->name)}" onclick="popopen(this.href);return false;" class="buttonSet buttonSetting"><span>{$lang->cmd_find_langcode}</span></a>
 
             <!--@elseif($val->type=="select")-->
diff --git a/modules/opage/opage.admin.view.php b/modules/opage/opage.admin.view.php
index 51a4bc7de..2448f2620 100644
--- a/modules/opage/opage.admin.view.php
+++ b/modules/opage/opage.admin.view.php
@@ -22,7 +22,11 @@
             // Get a list of module categories
             $module_category = $oModuleModel->getModuleCategories();
             Context::set('module_category', $module_category);
-            // Get a template path (admin templates are collected on the tpl for opage)
+			//Security
+			$security = new Security();
+			$security->encodeHTML('module_category..title');			
+
+			// Get a template path (admin templates are collected on the tpl for opage)
             $this->setTemplatePath($this->module_path.'tpl');
         }
 
@@ -41,8 +45,12 @@
             Context::set('total_page', $output->total_page);
             Context::set('page', $output->page);
             Context::set('opage_list', $output->data);
-            Context::set('page_navigation', $output->page_navigation);
-            // Set a template file
+            Context::set('page_navigation', $output->page_navigation);			
+			//Security
+			$security = new Security();
+			$security->encodeHTML('opage_list..');
+
+			// Set a template file
             $this->setTemplateFile('index');
         }
 
@@ -77,7 +85,21 @@
 
             $mobile_layout_list = $oLayoutModel->getLayoutList(0,"M");
             Context::set('mlayout_list', $mobile_layout_list);
-            // Set a template file
+			//Security
+			$security = new Security();
+			$security->encodeHTML('module_info.');			
+			$security->encodeHTML('layout_list..layout');
+			$security->encodeHTML('layout_list..title');
+			$security->encodeHTML('mlayout_list..layout');
+			$security->encodeHTML('mlayout_list..title');						
+			//group_list 및 grant는 사용되는 곳을 모르겠음.
+			/*
+			$security->encodeHTML('group_list..title');
+			$security->encodeHTML('group_list..description');
+			$security->encodeHTML('grant_list..');
+			*/						
+
+			// Set a template file
             $this->setTemplateFile('opage_insert');
         }
 
@@ -93,7 +115,13 @@
 			$columnList = array('module_srl', 'mid', 'module');
             $module_info = $oModuleModel->getModuleInfoByModuleSrl($module_srl, $columnList);
             Context::set('module_info',$module_info);
-            // Set a template file
+			//Security
+			$security = new Security();
+			$security->encodeHTML('module_info.module');
+			$security->encodeHTML('module_info.mid');
+			$security->encodeHTML('module_info.browser_title');			
+
+			// Set a template file
             $this->setTemplateFile('opage_delete');
         }
 
@@ -121,6 +149,10 @@
             $grant_content = $oModuleAdminModel->getModuleGrantHTML($this->module_info->module_srl, $this->xml_info->grant);
             Context::set('grant_content', $grant_content);
 
+			//Security
+			$security = new Security();
+			$security->encodeHTML('module_info..');
+			
             $this->setTemplateFile('grant_list');
         }
     }
diff --git a/modules/opage/opage.view.php b/modules/opage/opage.view.php
index 3bf4f9ac3..25b94c93a 100644
--- a/modules/opage/opage.view.php
+++ b/modules/opage/opage.view.php
@@ -1,3 +1,4 @@
+<<<<<<< .working
 <?php
     /**
      * @class  opageView
@@ -143,3 +144,172 @@
 
     }
 ?>
+=======
+<?php
+    /**
+     * @class  opageView
+     * @author NHN (developers@xpressengine.com)
+     * @brief  opage 모듈의 view 클래스
+     **/
+
+    class opageView extends opage {
+
+        var $path;
+        var $cache_file;
+        var $caching_interval;
+
+        /**
+         * @brief 초기화
+         **/
+        function init() {
+            // 템플릿 경로 구함 (opage의 경우 tpl에 관리자용 템플릿 모아놓음)
+            $this->setTemplatePath($this->module_path.'tpl');
+
+            // 외부 페이지 모듈의 정보를 구함
+            $oOpageModel = &getModel('opage');
+            $module_info = $oOpageModel->getOpage($this->module_srl);
+            Context::set('module_info', $module_info);
+
+            // 외부 페이지에서 명시된 외부 페이지 경로/ 캐싱 간격을 를 구함
+            $this->path = $module_info->path;
+            $this->caching_interval = $module_info->caching_interval;
+
+            // 캐시 파일 지정
+            $this->cache_file = sprintf("./files/cache/opage/%d.cache.php", $module_info->module_srl);
+        }
+
+        /**
+         * @brief 일반 요청시 출력
+         **/
+        function dispOpageIndex() {
+
+            // http 인지 내부 파일인지 점검
+            if($this->path) {
+                if(preg_match("/^([a-z]+):\/\//i",$this->path)) $content = $this->getHtmlPage($this->path, $this->caching_interval, $this->cache_file);
+                else $content = $this->executeFile($this->path, $this->caching_interval, $this->cache_file);
+            }
+
+            Context::set('opage_content', $content);
+
+            // 결과 출력 템플릿 지정
+            $this->setTemplateFile('content');
+        }
+
+        /**
+         * @brief 외부 http로 요청되는 파일일 경우 파일을 받아와서 저장 후 return
+         **/
+        function getHtmlPage($path, $caching_interval, $cache_file) {
+
+            // 캐시 검사
+            if($caching_interval > 0 && file_exists($cache_file) && filemtime($cache_file) + $caching_interval*60 > time()) {
+
+                $content = FileHandler::readFile($cache_file);
+
+            } else {
+
+                FileHandler::getRemoteFile($path, $cache_file);
+                $content = FileHandler::readFile($cache_file);
+
+            }
+
+            // opage controller 생성
+            $oOpageController = &getController('opage');
+
+            // 외부 서버의 페이지 일 경우 이미지, css, javascript등의 url을 변경
+            $content = $oOpageController->replaceSrc($content, $path);
+
+            // 해당 문서를 utf-8로 변경
+            $buff->content = $content;
+            $buff = Context::convertEncoding($buff);
+            $content = $buff->content;
+
+            // title 추출
+            $title = $oOpageController->getTitle($content);
+            if($title) Context::setBrowserTitle($title);
+
+            // header script 추출
+            $head_script = $oOpageController->getHeadScript($content);
+            if($head_script) Context::addHtmlHeader($head_script);
+
+            // body 내용 추출
+            $body_script = $oOpageController->getBodyScript($content);
+            if(!$body_script) $body_script = $content;
+
+            return $content;
+        }
+
+        /**
+         * @brief 내부 파일일 경우 include하도록 캐시파일을 만들고 처리
+         **/
+        function executeFile($path, $caching_interval, $cache_file) {
+            // 파일이 없으면 취소
+            if(!file_exists($path)) return;
+
+            // 경로와 파일이름을 구함
+            $tmp_path = explode('/',$cache_file);
+            $filename = $tmp_path[count($tmp_path)-1];
+            $filepath = preg_replace('/'.$filename."$/i","",$cache_file);
+
+            // 캐시 검사
+            if($caching_interval <1 || !file_exists($cache_file) || filemtime($cache_file) + $caching_interval*60 <= time() || filemtime($cache_file)<filemtime($path) ) {
+                if(file_exists($cache_file)) FileHandler::removeFile($cache_file);
+
+                // 일단 대상 파일을 읽어서 내용을 구함
+                ob_start();
+                @include($path);
+                $content = ob_get_clean();
+
+                // 상대경로를 절대경로로 변경
+                $path_info = pathinfo($path);
+                $this->path = str_replace('\\', '/', realpath($path_info['dirname'])).'/';
+                $content = preg_replace_callback('/(src=|href=|url\()("|\')?([^"\'\)]+)("|\'\))?/is',array($this,'_replacePath'),$content);
+                $content = preg_replace_callback('/(<load[^>]+target=)(")([^"]+)(")/is',array($this,'_replacePath'),$content);
+                $content = preg_replace_callback('/(<!--%import\()(\")([^"]+)(\")/is',array($this,'_replacePath'),$content);
+
+                FileHandler::writeFile($cache_file, $content);
+
+                // include후 결과를 return
+                if(!file_exists($cache_file)) return;
+
+                // 컴파일 시도
+                $oTemplate = &TemplateHandler::getInstance();
+                $script = $oTemplate->compileDirect($filepath, $filename);
+
+                FileHandler::writeFile($cache_file, $script);
+            }
+
+            $__Context = &$GLOBALS['__Context__'];
+            $__Context->tpl_path = $filepath;
+            if($_SESSION['is_logged']) $__Context->logged_info = $_SESSION['logged_info'];
+
+            ob_start();
+            @include($cache_file);
+            $content = ob_get_clean();
+
+            return $content;
+        }
+
+        function _replacePath($matches) {
+            $val = trim($matches[3]);
+
+            // 외부 또는 /, #, { 로 시작하는 경로라면 그냥 pass
+			// /=absolute path, #=hash in a page, {=Template syntax
+            if(preg_match('@^((?:http|https|ftp|telnet|mms)://|(?:mailto|javascript):|[/#{])@i',$val)) {
+				return $matches[0];
+
+            // .. 와 같은 경우 대상 경로를 구함
+            } elseif(preg_match('/^\.\./i',$val)) {
+				$p = Context::pathToUrl($this->path);
+                return sprintf("%s%s%s%s",$matches[1],$matches[2],$p.$val,$matches[4]);
+            }
+
+            if(substr($val,0,2)=='./') $val = substr($val,2);
+			$p = Context::pathToUrl($this->path);
+            $path = sprintf("%s%s%s%s",$matches[1],$matches[2],$p.$val,$matches[4]);
+
+			return $path;
+        }
+
+    }
+?>
+>>>>>>> .merge-right.r9269
diff --git a/modules/opage/tpl/index.html b/modules/opage/tpl/index.html
index d1099314b..9c070e48e 100644
--- a/modules/opage/tpl/index.html
+++ b/modules/opage/tpl/index.html
@@ -1,3 +1,4 @@
+<<<<<<< .working
 <!--%import("js/opage_admin.js")-->
 <!--#include("header.html")-->
 
@@ -83,3 +84,90 @@
     <!--@end-->
     <a href="{getUrl('page',$page_navigation->last_page,'module_srl','')}" class="nextEnd">{$lang->last_page}</a>
 </div>
+=======
+<!--%import("js/opage_admin.js")-->
+<!--#include("header.html")-->
+
+<!-- 정보 -->
+
+<form action="./" method="get" onsubmit="return doChangeCategory(this);" id="fo_list">
+
+<!-- 목록 -->
+<table cellspacing="0" class="rowTable">
+<caption>Total {number_format($total_count)}, page {number_format($page)}/{number_format($total_page)}</caption>
+<thead>
+    <tr>
+        <th scope="col"><div>{$lang->no}</div></th>
+        <th scope="col"><div><input type="checkbox" onclick="XE.checkboxToggleAll(); return false;" /></div></th>
+        <th scope="col">
+            <div>
+                <input type="hidden" name="module" value="{$module}" />
+                <input type="hidden" name="act" value="{$act}" />
+                <select name="module_category_srl">
+                    <option value="">{$lang->module_category}</option>
+                    <option value="0" <!--@if($module_category_srl==="0")-->selected="selected"<!--@end-->>{$lang->not_exists}</option>
+                    <!--@foreach($module_category as $key => $val)-->
+                    <option value="{$key}" <!--@if($module_category_srl==$key)-->selected="selected"<!--@end-->>{$val->title}</option>
+                    <!--@end-->
+                    <option value="">---------</option>
+                    <option value="-1">{$lang->cmd_management}</option>
+                </select>
+                <input type="submit" name="go_button" id="go_button" value="GO" class="buttonTypeGo" />
+            </div>
+        </th>
+        <th scope="col" class="half_wide"><div>{$lang->mid}</div></th>
+        <th scope="col" class="half_wide"><div>{$lang->browser_title}</div></th>
+        <th scope="col"><div>{$lang->regdate}</div></th>
+        <th scope="col" colspan="3"><div>&nbsp;</div></th>
+    </tr>
+</thead>
+
+<tbody>
+    <!--@foreach($opage_list as $no => $val)-->
+    <tr class="row{$cycle_idx}">
+        <td class="number center">{$no}</td>
+        <td class="center"><input type="checkbox" name="cart" value="{$val->module_srl}" /></td>
+        <td>
+            <!--@if(!$val->module_category_srl)-->
+                {$lang->not_exists}
+            <!--@else-->
+                {$module_category[$val->module_category_srl]->title}
+            <!--@end-->
+        </td>
+        <td>{$val->mid}</td>
+        <td><a href="{getUrl('','mid',$val->mid)}"  onclick="window.open(this.href); return false;">{$val->browser_title}</a></td>
+        <td>{zdate($val->regdate,"Y-m-d")}</td>
+        <td><a href="{getUrl('act','dispOpageAdminInsert','module_srl',$val->module_srl)}" class="buttonSet buttonSetting"><span>{$lang->cmd_setup}</span></a></td>
+        <td><a href="./?module=module&act=dispModuleAdminCopyModule&module_srl={$val->module_srl}" onclick="popopen(this.href);return false;" class="buttonSet buttonCopy"><span>{$lang->cmd_copy}</span></a></td>
+        <td><a href="{getUrl('act','dispOpageAdminDelete','module_srl', $val->module_srl)}" class="buttonSet buttonDelete"><span>{$lang->cmd_delete}</span></a></td>
+    </tr>
+    <!--@end-->
+</tbody>
+</table>
+
+<!-- 버튼 -->
+<div class="clear">
+    <div class="fl">
+        <a href="{getUrl('','module','module','act','dispModuleAdminModuleSetup')}" onclick="doCartSetup(this.href); return false;" class="button green"><span>{$lang->cmd_setup}</span></a>
+        <a href="{getUrl('','module','module','act','dispModuleAdminModuleGrantSetup')}" onclick="doCartSetup(this.href); return false;" class="button blue"><span>{$lang->cmd_manage_grant}</span></a>
+    </div>
+    <div class="fr ">
+        <a href="{getUrl('act','dispOpageAdminInsert','module_srl','')}" class="button black strong"><span>{$lang->cmd_make}</span></a>
+    </div>
+</div>
+
+</form>
+
+<!-- 페이지 네비게이션 -->
+<div class="pagination a1">
+    <a href="{getUrl('page','','module_srl','')}" class="prevEnd">{$lang->first_page}</a> 
+    <!--@while($page_no = $page_navigation->getNextPage())-->
+        <!--@if($page == $page_no)-->
+            <strong>{$page_no}</strong> 
+        <!--@else-->
+            <a href="{getUrl('page',$page_no,'module_srl','')}">{$page_no}</a> 
+        <!--@end-->
+    <!--@end-->
+    <a href="{getUrl('page',$page_navigation->last_page,'module_srl','')}" class="nextEnd">{$lang->last_page}</a>
+</div>
+>>>>>>> .merge-right.r9269
diff --git a/modules/opage/tpl/opage_insert.html b/modules/opage/tpl/opage_insert.html
index 1ac126c7a..5aab31f88 100644
--- a/modules/opage/tpl/opage_insert.html
+++ b/modules/opage/tpl/opage_insert.html
@@ -32,7 +32,7 @@
     <tr>
         <th scope="row"><div>{$lang->browser_title}</div></th>
         <td colspan="3">
-            <input type="text" name="browser_title" value="{htmlspecialchars($module_info->browser_title)}"  class="inputTypeText w400" id="browser_title"/>
+            <input type="text" name="browser_title" value="{$module_info->browser_title}"  class="inputTypeText w400" id="browser_title"/>
             <a href="{getUrl('','module','module','act','dispModuleAdminLangcode','target','browser_title')}" onclick="popopen(this.href);return false;" class="buttonSet buttonSetting"><span>{$lang->cmd_find_langcode}</span></a>
             <p>{$lang->about_browser_title}</p>
         </td>
@@ -68,8 +68,6 @@
 	<p>{$lang->about_layout}</p>
 	</td>
 	</tr>
-
-
     <tr>
         <th scope="row"><div>{$lang->opage_caching_interval}</div></th>
         <td colspan="3">
@@ -80,14 +78,14 @@
     <tr class="row2">
         <th scope="row"><div>{$lang->opage_path}</div></th>
         <td colspan="3">
-            <input type="text" name="opage_path" value="{htmlspecialchars($module_info->path)}"  class="inputTypeText w400" />
+            <input type="text" name="opage_path" value="{$module_info->path}"  class="inputTypeText w400" />
             <p>{$lang->about_opage_path}<b>{realpath("./")}</b></p>
         </td>
     </tr>
     <tr class="row">
         <th scope="row"><div>{$lang->opage_mobile_path}</div></th>
         <td colspan="3">
-            <input type="text" name="opage_mpath" value="{htmlspecialchars($module_info->mpath)}"  class="inputTypeText w400" />
+            <input type="text" name="opage_mpath" value="{$module_info->mpath}"  class="inputTypeText w400" />
             <p>{$lang->about_opage_mobile_path}<b>{realpath("./")}</b></p>
         </td>
     </tr>
diff --git a/modules/page/page.admin.view.php b/modules/page/page.admin.view.php
index 4a44df879..e80860613 100644
--- a/modules/page/page.admin.view.php
+++ b/modules/page/page.admin.view.php
@@ -34,7 +34,11 @@
             // Get a list of module categories
             $module_category = $oModuleModel->getModuleCategories();
             Context::set('module_category', $module_category);
-            // Get a template path (page in the administrative template tpl putting together)
+			//Security
+			$security = new Security();
+			$security->encodeHTML('module_category..title');
+
+			// Get a template path (page in the administrative template tpl putting together)
             $this->setTemplatePath($this->module_path.'tpl');
 
         }
@@ -66,7 +70,13 @@
             Context::set('page', $output->page);
             Context::set('page_list', $output->data);
             Context::set('page_navigation', $output->page_navigation);
-            // Set a template file
+			//Security
+			$security = new Security();
+			$security->encodeHTML('page_list..browser_title');
+			$security->encodeHTML('page_list..mid');
+			$security->encodeHTML('module_info.');
+
+			// Set a template file
             $this->setTemplateFile('index');
         }
 
@@ -76,7 +86,6 @@
         function dispPageAdminInfo() {
             // Get module_srl by GET parameter
             $module_srl = Context::get('module_srl');
-
             $module_info = Context::get('module_info');
             // If you do not value module_srl just showing the index page
             if(!$module_srl) return $this->dispPageAdminContent();
@@ -105,6 +114,14 @@
 				Context::set('mskin_list', $mskin_list);
 			}
 
+			//Security
+			$security = new Security();
+			$security->encodeHTML('layout_list..layout');
+			$security->encodeHTML('layout_list..title');
+			$security->encodeHTML('mlayout_list..layout');
+			$security->encodeHTML('mlayout_list..title');
+			$security->encodeHTML('module_info.');
+
             $this->setTemplateFile('page_info');
         }
 
@@ -121,6 +138,9 @@
             Context::set('setup_content', $content);
             // Set a template file
             $this->setTemplateFile('addition_setup');
+
+			$security = new Security();
+			$security->encodeHTML('module_info.');
         }
 
         /**
@@ -154,6 +174,14 @@
 
 			$mskin_list = $oModuleModel->getSkins($this->module_path, "m.skins");
 			Context::set('mskin_list', $mskin_list);
+
+			//Security
+			$security = new Security();
+			$security->encodeHTML('layout_list..layout');
+			$security->encodeHTML('layout_list..title');
+			$security->encodeHTML('mlayout_list..layout');
+			$security->encodeHTML('mlayout_list..title');
+
             // Set a template file
             $this->setTemplateFile('page_insert');
         }
@@ -168,7 +196,7 @@
                 else $mtime = filemtime($cache_file);
 
                 if($mtime + $interval*60 > time()) {
-                    $page_content = FileHandler::readFile($cache_file); 
+                    $page_content = FileHandler::readFile($cache_file);
                 } else {
                     $oWidgetController = &getController('widget');
                     $page_content = $oWidgetController->transWidgetCode($this->module_info->mcontent);
@@ -178,7 +206,7 @@
                 if(file_exists($cache_file)) FileHandler::removeFile($cache_file);
                 $page_content = $this->module_info->mcontent;
             }
-            
+
             Context::set('module_info', $this->module_info);
             Context::set('page_content', $page_content);
 
@@ -199,7 +227,12 @@
             $oWidgetModel = &getModel('widget');
             $widget_list = $oWidgetModel->getDownloadedWidgetList();
             Context::set('widget_list', $widget_list);
-            // Set a template file
+
+            //Security
+			$security = new Security();
+			$security->encodeHTML('widget_list..title','module_info.mid');
+
+			// Set a template file
             $this->setTemplateFile('page_mobile_content_modify');
 		}
 
@@ -231,6 +264,14 @@
             $this->setTemplateFile('page_content_modify');
 		}
 
+			//Security
+			$security = new Security();
+			$security->encodeHTML('widget_list..title','module_info.mid');
+
+			// 템플릿 파일 지정
+            $this->setTemplateFile('page_content_modify');
+        }
+
 		function _setArticleTypeContentModify() {
 			$oDocumentModel = &getModel('document');
 			$oDocument = $oDocumentModel->getDocument(0, true);
@@ -259,6 +300,9 @@
             Context::set('module_info',$module_info);
             // Set a template file
             $this->setTemplateFile('page_delete');
+
+			$security = new Security();
+			$security->encodeHTML('module_info.');
         }
 
         /**
@@ -271,6 +315,9 @@
             Context::set('grant_content', $grant_content);
 
             $this->setTemplateFile('grant_list');
+
+			$security = new Security();
+			$security->encodeHTML('module_info.');
         }
     }
 ?>
diff --git a/modules/page/tpl/index.html b/modules/page/tpl/index.html
index 716e4600c..e33420891 100644
--- a/modules/page/tpl/index.html
+++ b/modules/page/tpl/index.html
@@ -9,8 +9,8 @@
 	<input type="hidden" name="act" value="dispPageAdminContent" />
 
         <fieldset>
-			{$lang->mid} <input type="text" name="s_mid" value="{$s_mid}" class="inputTypeText" />
-			{$lang->browser_title} <input type="text" name="s_browser_title" value="{$s_browser_title}" class="inputTypeText" />
+			{$lang->mid} <input type="text" name="s_mid" value="{htmlspecialchars($s_mid)}" class="inputTypeText" />
+			{$lang->browser_title} <input type="text" name="s_browser_title" value="{htmlspecialchars($s_browser_title)}" class="inputTypeText" />
             <span class="button blue"><input type="submit" value="{$lang->cmd_search}" /></span>
             <a href="{getUrl('s_mid','','s_browser_title','','page','')}" class="button black"><span>{$lang->cmd_cancel}</span></a>
         </fieldset>
@@ -65,7 +65,7 @@
             <!--@end-->
         </td>
 		<td>{$val->page_type}</td>
-        <td>{htmlspecialchars($val->mid)}</td>
+        <td>{$val->mid}</td>
         <td><a href="{getSiteUrl($val->domain,'','mid',$val->mid)}"  onclick="window.open(this.href); return false;">{$val->browser_title}</a></td>
         <td>{zdate($val->regdate,"Y-m-d")}</td>
         <td><a href="{getUrl('act','dispPageAdminInfo','module_srl',$val->module_srl)}" class="buttonSet buttonSetting"><span>{$lang->cmd_setup}</span></a></td>
diff --git a/modules/page/tpl/page_info.html b/modules/page/tpl/page_info.html
index 86c82b628..8c7fc459c 100644
--- a/modules/page/tpl/page_info.html
+++ b/modules/page/tpl/page_info.html
@@ -37,7 +37,7 @@
     <tr>
         <th scope="row"><div>{$lang->browser_title}</div></th>
         <td colspan="3">
-            <input type="text" name="browser_title" value="{htmlspecialchars($module_info->browser_title)}"  class="inputTypeText w400" id="browser_title"/>
+            <input type="text" name="browser_title" value="{$module_info->browser_title}"  class="inputTypeText w400" id="browser_title"/>
             <a href="{getUrl('','module','module','act','dispModuleAdminLangcode','target','browser_title')}" onclick="popopen(this.href);return false;" class="buttonSet buttonSetting"><span>{$lang->cmd_find_langcode}</span></a>
             <p>{$lang->about_browser_title}</p>
         </td>
diff --git a/modules/page/tpl/page_insert.html b/modules/page/tpl/page_insert.html
index 7e7877b11..71f9da062 100644
--- a/modules/page/tpl/page_insert.html
+++ b/modules/page/tpl/page_insert.html
@@ -54,7 +54,7 @@
     <tr>
         <th scope="row"><div>{$lang->browser_title}</div></th>
         <td colspan="3">
-            <input type="text" name="browser_title" value="{htmlspecialchars($module_info->browser_title)}"  class="inputTypeText w400" id="browser_title"/>
+            <input type="text" name="browser_title" value="{$module_info->browser_title}"  class="inputTypeText w400" id="browser_title"/>
             <a href="{getUrl('','module','module','act','dispModuleAdminLangcode','target','browser_title')}" onclick="popopen(this.href);return false;" class="buttonSet buttonSetting"><span>{$lang->cmd_find_langcode}</span></a>
             <p>{$lang->about_browser_title}</p>
         </td>
diff --git a/modules/point/point.admin.view.php b/modules/point/point.admin.view.php
index da6de08df..db6d252f5 100644
--- a/modules/point/point.admin.view.php
+++ b/modules/point/point.admin.view.php
@@ -15,8 +15,14 @@
             $oModuleModel = &getModel('module');
             $config = $oModuleModel->getModuleConfig('point');
             // Set the configuration variable
-            Context::set('config', $config);
-            // Set the template path
+            Context::set('config', $config);				
+
+			//Security
+			$security = new Security();			
+			$security->encodeHTML('config.point_name','config.level_icon');
+			$security->encodeHTML('module_info..');			
+
+			// Set the template path
             $this->setTemplatePath($this->module_path.'tpl');
         }
 
@@ -36,9 +42,13 @@
                     if($val->is_admin == 'Y' || $val->is_default == 'Y') continue;    
                     $selected_group_list[$key] = $val;
                 }
-            }
+            }			
             Context::set('group_list', $selected_group_list);
-            // Set the template
+			//Security
+			$security = new Security();			
+			$security->encodeHTML('group_list..title','group_list..description');			
+
+			// Set the template
             $this->setTemplateFile('config');
         }
 
@@ -53,7 +63,11 @@
             Context::set('mid_list', $mid_list);
 
             Context::set('module_config', $oModuleModel->getModulePartConfigs('point'));
-            // Set the template
+			//Security
+			$security = new Security();			
+			$security->encodeHTML('mid_list..browser_title','mid_list..mid');			
+
+			// Set the template
             $this->setTemplateFile('module_config');
         }
 
@@ -87,7 +101,12 @@
             // Get a list of groups
             $this->group_list = $oMemberModel->getGroups();
             Context::set('group_list', $this->group_list);
-            // Set the template
+			//Security
+			$security = new Security();			
+			$security->encodeHTML('group_list..title','group_list..description');
+			$security->encodeHTML('member_list..');			
+
+			// Set the template
             $this->setTemplateFile('member_list');
         }
     }
diff --git a/modules/point/tpl/member_list.html b/modules/point/tpl/member_list.html
index 20dab82d2..1554edbf6 100644
--- a/modules/point/tpl/member_list.html
+++ b/modules/point/tpl/member_list.html
@@ -1,3 +1,4 @@
+<<<<<<< .working
 <load target="js/point_admin.js" usecdn="true" />
 <!--#include("header.html")-->
 
@@ -90,3 +91,96 @@
         <a href="#" onclick="location.href='{getUrl('','module',$module,'act',$act)}';return false;" class="button"><span>{$lang->cmd_cancel}</span></a>
     </fieldset>
 </form>
+=======
+<!--%import("filter/update_point.xml")-->
+<!--%import("js/point_admin.js")-->
+<!--#include("header.html")-->
+
+<table cellspacing="0" class="crossTable">
+<caption>Total {number_format($total_count)}, Page {number_format($page)}/{number_format($total_page)}</caption>
+<thead>
+    <tr>
+        <th scope="col"><div>{$lang->no}</div></th>
+        <th scope="col"><div>{$lang->user_id}</div></th>
+        <th scope="col"><div>{$lang->user_name}</div></th>
+        <th scope="col"><div>{$lang->nick_name}</div></th>
+        <th scope="col"><div>{$lang->point}</div></th>
+        <th scope="col"><div>{$lang->level}</div></th>
+    </tr>
+</thead>
+<tbody>
+    <!--@foreach($member_list as $no => $val)-->
+    <tr class="row{$cycle_idx}">
+        <td class="center number">{$no}</td>
+        <td class="nowrap">{$val->user_id}</td>
+        <td class="nowrap">{$val->user_name}</td>
+        <td class="nowrap"><span class="member_{$val->member_srl}">{$val->nick_name}</span></td>
+        <td class="nowrap">
+            <form action="./" method="get">
+                <input type="hidden" name="member_srl" value="{$val->member_srl}" />
+                <input type="text" name="orgpoint" value="{$val->point}" class="inputTypeText w80" readonly />
+                <input type="text" id="point_{$val->member_srl}" name="point" class="inputTypeText w80" />
+                <span class="button"><input type="button" value="+" onclick="updatePoint({$val->member_srl}, 'add')"/></span>
+                <span class="button"><input type="button" value="-" onclick="updatePoint({$val->member_srl}, 'minus')"/></span>
+                <span class="button"><input type="button" value="{$lang->cmd_update}" onclick="updatePoint({$val->member_srl}, 'update')" /></span>
+            </form>
+        </td>
+        <td class="number center">{$val->level}</td>
+    </tr>
+    <!--@end-->
+</tbody>
+</table>
+
+<form id="updateForm" action="./" method="POST">
+    <input type="hidden" id="update_action" name="action" value="" />
+    <input type="hidden" id="update_member_srl" name="member_srl" value="" />
+    <input type="hidden" id="update_point" name="point" class="inputTypeText w80" />
+</form>
+
+
+<!-- 페이지 네비게이션 -->
+<div class="pagination a1">
+    <a href="{getUrl('page','','module_srl','')}" class="prevEnd">{$lang->first_page}</a> 
+    <!--@while($page_no = $page_navigation->getNextPage())-->
+        <!--@if($page == $page_no)-->
+            <strong>{$page_no}</strong> 
+        <!--@else-->
+            <a href="{getUrl('page',$page_no,'module_srl','')}">{$page_no}</a> 
+        <!--@end-->
+    <!--@end-->
+    <a href="{getUrl('page',$page_navigation->last_page,'module_srl','')}" class="nextEnd">{$lang->last_page}</a>
+</div>
+
+<!-- 검색 -->
+<form action="./" method="get" class="adminSearch">
+<input type="hidden" name="module" value="{$module}" />
+<input type="hidden" name="act" value="{$act}" />
+
+    <fieldset>
+
+        <select name="is_admin">
+            <option value="" <!--@if($is_admin!='Y')-->selected="selected"<!--@end-->>{$lang->total}</option>
+            <option value="Y" <!--@if($is_admin=='Y')-->selected="selected"<!--@end-->>{$lang->is_admin}</option>
+        </select>
+        <select name="is_denied">
+            <option value="" <!--@if($is_denied!='Y')-->selected="selected"<!--@end-->>{$lang->total}</option>
+            <option value="Y" <!--@if($is_denied=='Y')-->selected="selected"<!--@end-->>{$lang->denied}</option>
+        </select>
+        <select name="selected_group_srl">
+            <option value="0">{$lang->group}</option>
+            <!--@foreach($group_list as $key => $val)-->
+            <option value="{$val->group_srl}" <!--@if($selected_group_srl==$val->group_srl)-->selected="selected"<!--@end-->>{$val->title}</option>
+            <!--@end-->
+        </select>
+        <select name="search_target">
+            <option value="">{$lang->search_target}</option>
+            <!--@foreach($lang->search_target_list as $key => $val)-->
+            <option value="{$key}" <!--@if($search_target==$key)-->selected="selected"<!--@end-->>{$val}</option>
+            <!--@end-->
+        </select>
+        <input type="text" name="search_keyword" value="{htmlspecialchars($search_keyword)}" class="inputTypeText" />
+        <span class="button black strong"><input type="submit" value="{$lang->cmd_search}" /></span>
+        <a href="#" onclick="location.href='{getUrl('','module',$module,'act',$act)}';return false;" class="button"><span>{$lang->cmd_cancel}</span></a>
+    </fieldset>
+</form>
+>>>>>>> .merge-right.r9269
diff --git a/modules/poll/poll.admin.view.php b/modules/poll/poll.admin.view.php
index b2217aa3a..a79ad5ffa 100644
--- a/modules/poll/poll.admin.view.php
+++ b/modules/poll/poll.admin.view.php
@@ -1,3 +1,4 @@
+<<<<<<< .working
 <?php
     /**
      * @class  pollAdminView
@@ -150,3 +151,140 @@
         }
     }
 ?>
+=======
+<?php
+    /**
+     * @class  pollAdminView
+     * @author NHN (developers@xpressengine.com)
+     * @brief  poll모듈의 admin view class
+     **/
+
+    class pollAdminView extends poll {
+
+        /**
+         * @brief 초기화
+         **/
+        function init() {
+        }
+
+        /**
+         * @brief 관리자 페이지
+         **/
+        function dispPollAdminList() {
+            // 검색 옵션 정리
+            $search_target = trim(Context::get('search_target'));
+            $search_keyword = trim(Context::get('search_keyword'));
+
+            if($search_target && $search_keyword) {
+                switch($search_target) {
+                    case 'title' :
+                            if($search_keyword) $search_keyword = str_replace(' ','%',$search_keyword);
+                            $args->s_title= $search_keyword;
+                        break;
+                    case 'regdate' :
+                            $args->s_regdate = $search_keyword;
+                        break;
+                    case 'ipaddress' :
+                            $args->s_ipaddress= $search_keyword;
+                        break;
+                }
+            }
+            // 목록을 구하기 위한 옵션
+            $args->page = Context::get('page'); ///< 페이지
+            $args->list_count = 50; ///< 한페이지에 보여줄 글 수
+            $args->page_count = 10; ///< 페이지 네비게이션에 나타날 페이지의 수
+
+            $args->sort_index = 'list_order'; ///< 소팅 값
+
+            // 목록 구함
+            $oPollAdminModel = &getAdminModel('poll');
+            $output = $oPollAdminModel->getPollList($args);
+
+            // 템플릿 변수 설정
+            Context::set('total_count', $output->total_count);
+            Context::set('total_page', $output->total_page);
+            Context::set('page', $output->page);
+            Context::set('poll_list', $output->data);
+            Context::set('page_navigation', $output->page_navigation);
+            Context::set('module_list', $module_list);			
+			
+			$security = new Security();				
+			$security->encodeHTML('poll_list..title');
+
+            // 템플릿 지정
+            $this->setTemplatePath($this->module_path.'tpl');
+            $this->setTemplateFile('poll_list');
+        }
+
+        /**
+         * @brief 설문조사 스킨, 컬러셋 설정
+         **/
+        function dispPollAdminConfig() {
+            $oModuleModel = &getModel('module');
+
+            // 설정 정보 가져오기
+            $config = $oModuleModel->getModuleConfig('poll');
+            Context::set('config', $config);
+
+            // 스킨 정보 가져오기
+            $skin_list = $oModuleModel->getSkins($this->module_path);
+            Context::set('skin_list', $skin_list);
+
+            if(!$skin_list[$config->skin]) $config->skin = "default";
+
+            // 설정된 스킨의 컬러셋 설정
+            Context::set('colorset_list', $skin_list[$config->skin]->colorset);
+			
+			$security = new Security();				
+			$security->encodeHTML('config..');
+			$security->encodeHTML('skin_list..title');
+			$security->encodeHTML('colorset_list..name','colorset_list..title');
+			
+            // 템플릿 지정
+            $this->setTemplatePath($this->module_path.'tpl');
+            $this->setTemplateFile('config');
+        }
+
+        /**
+         * @brief 설문조사 결과
+         **/
+        function dispPollAdminResult() {
+            // 팝업 레이아웃
+            $this->setLayoutFile("popup_layout");
+
+            // 결과 뽑기
+            $args->poll_srl = Context::get('poll_srl'); 
+            $args->poll_index_srl = Context::get('poll_index_srl'); 
+
+            $output = executeQuery('poll.getPoll', $args);
+            if(!$output->data) return $this->stop('msg_poll_not_exists');
+            $poll->stop_date = $output->data->stop_date;
+            $poll->poll_count = $output->data->poll_count;
+
+            $output = executeQuery('poll.getPollTitle', $args);
+            if(!$output->data) return $this->stop('msg_poll_not_exists');
+
+            $poll->poll[$args->poll_index_srl]->title = $output->data->title;
+            $poll->poll[$args->poll_index_srl]->checkcount = $output->data->checkcount;
+            $poll->poll[$args->poll_index_srl]->poll_count = $output->data->poll_count;
+
+            $output = executeQuery('poll.getPollItem', $args);
+            foreach($output->data as $key => $val) {
+                $poll->poll[$val->poll_index_srl]->item[] = $val;
+            }
+
+            $poll->poll_srl = $poll_srl;
+
+            Context::set('poll',$poll);
+
+            // 기본 설정의 스킨, 컬러셋 설정 
+            $oModuleModel = &getModel('module');
+            $poll_config = $oModuleModel->getModuleConfig('poll');
+            Context::set('poll_config', $poll_config);
+
+            $this->setTemplatePath($this->module_path.'tpl');
+            $this->setTemplateFile('result');
+        }
+    }
+?>
+>>>>>>> .merge-right.r9269
diff --git a/modules/poll/tpl/config.html b/modules/poll/tpl/config.html
index 11ae37bba..4c27a2b49 100644
--- a/modules/poll/tpl/config.html
+++ b/modules/poll/tpl/config.html
@@ -13,7 +13,7 @@
         <td class="center">
             <select name="skin" onchange="doDisplaySkinColorset(this);return false;">
             <!--@foreach($skin_list as $key => $val)-->
-                <option value="{$key}" <!--@if($config->skin == $key)-->selected="selected"<!--@end-->>{$val->title} ({$key})</option>
+                <option value="{$key}" <!--@if($config->skin == $key)-->selected="selected"<!--@end-->>{$val->title} ({htmlspecialchars($key)})</option>
             <!--@end-->
             </select>
         </td>
diff --git a/modules/poll/tpl/poll_list.html b/modules/poll/tpl/poll_list.html
index 8956eb4a6..83f5ed214 100644
--- a/modules/poll/tpl/poll_list.html
+++ b/modules/poll/tpl/poll_list.html
@@ -37,7 +37,7 @@ xe.lang.msg_empty_search_keyword = '{$lang->msg_empty_search_keyword}';
 			<tbody>
 				<!--@foreach($poll_list as $no => $val)-->
 				<tr>
-					<td class="title"><a href="<!--@if($val->document_srl)-->{getUrl('')}?document_srl={$val->document_srl}<!--@end--><!--@if($val->comment_srl)-->#comment_{$val->comment_srl}<!--@end-->" target="_blank">{htmlspecialchars($val->title)}</a></td>
+					<td class="title"><a href="<!--@if($val->document_srl)-->{getUrl('')}?document_srl={$val->document_srl}<!--@end--><!--@if($val->comment_srl)-->#comment_{$val->comment_srl}<!--@end-->" target="_blank">{$val->title}</a></td>
 					<td><!--@if($val->checkcount == 1)-->{$lang->single_check}<!--@else-->{$lang->multi_check}<!--@end--></td>
 					<td>{$val->poll_count}</td>
 					<td><a href="#popup_menu_area" class="member_{$val->member_srl}">{$val->nick_name}</a></td>
diff --git a/modules/rss/rss.admin.view.php b/modules/rss/rss.admin.view.php
index 694cb836a..e2a8b417c 100644
--- a/modules/rss/rss.admin.view.php
+++ b/modules/rss/rss.admin.view.php
@@ -44,8 +44,13 @@
 
 			Context::set('feed_config', $feed_config);
 			Context::set('total_config', $total_config);
+
+			$security = new Security();
+			$security->encodeHTML('feed_config..mid','feed_config..url');
+			$security->encodeHTML('total_config..');
+
 			$this->setTemplatePath($this->module_path.'tpl');
 			$this->setTemplateFile('rss_admin_index');
 		}
 	}
-?>
+?>
\ No newline at end of file
diff --git a/modules/rss/tpl/rss_admin_index.html b/modules/rss/tpl/rss_admin_index.html
index 9f2bccb20..9622ce39e 100644
--- a/modules/rss/tpl/rss_admin_index.html
+++ b/modules/rss/tpl/rss_admin_index.html
@@ -91,4 +91,4 @@
 			</table>
 		</div>
 	</form>
-</div>
+</div>
\ No newline at end of file
diff --git a/modules/spamfilter/spamfilter.admin.view.php b/modules/spamfilter/spamfilter.admin.view.php
index 507724481..bcf427da7 100644
--- a/modules/spamfilter/spamfilter.admin.view.php
+++ b/modules/spamfilter/spamfilter.admin.view.php
@@ -32,7 +32,12 @@
             Context::set('config',$config);
             Context::set('ip_list', $ip_list);
             Context::set('word_list', $word_list);
-            // Set a template file
+            
+			$security = new Security();
+			$security->encodeHTML('word_list..word');
+			$security->encodeHTML('ip_list..');
+
+			// Set a template file
             $this->setTemplateFile('index');
 		}
     }
diff --git a/modules/syndication/syndication.admin.view.php b/modules/syndication/syndication.admin.view.php
index 5c45b1400..02bbe760b 100644
--- a/modules/syndication/syndication.admin.view.php
+++ b/modules/syndication/syndication.admin.view.php
@@ -1,3 +1,4 @@
+<<<<<<< .working
 <?php
     /**
      * @class  syndicationAdminView
@@ -48,3 +49,61 @@
 
     }
 ?>
+=======
+<?php
+    /**
+     * @class  syndicationAdminView
+     * @author NHN (developers@xpressengine.com)
+     * @brief  syndication admin view class
+     **/
+
+    class syndicationAdminView extends syndication {
+
+        function init() {
+        }
+
+        function dispSyndicationAdminConfig() {
+            $oModuleModel = &getModel('module');
+
+            $module_config = $oModuleModel->getModuleConfig('syndication');
+            if(!$module_config->target_services) $module_config->target_services = array();
+
+            foreach($this->services as $key => $val) {
+                unset($obj);
+                $obj->service = $key;
+                $obj->ping = $val;
+                $obj->selected = in_array($key, $module_config->target_services)?true:false;
+                $services[] = $obj;
+            }
+            Context::set('services', $services);
+
+            if(!$module_config->site_url) {
+                $module_config->site_url = Context::getDefaultUrl()?Context::getDefaultUrl():getFullUrl();
+            }
+            Context::set('site_url', preg_replace('/^(http|https):\/\//i','',$module_config->site_url));
+
+            if(!$module_config->year) {
+                $module_config->year = date("Y");
+            }
+            Context::set('year', $module_config->year);
+
+            $output = executeQueryArray('syndication.getExceptModules');
+            $except_module_list = array();
+            for($i=0,$c=count($output->data);$i<$c;$i++) {
+                $except_module_list[] = $output->data[$i];
+            }
+            Context::set('except_module', $except_module_list);
+
+			//Security
+			$security = new Security();			
+			$security->encodeHTML('services..service','except_module..ping');
+			$security->encodeHTML('except_module..mid','except_module..browser_title');
+			
+			
+            $this->setTemplatePath($this->module_path.'tpl');
+            $this->setTemplateFile('config');
+        }
+
+    }
+?>
+>>>>>>> .merge-right.r9269
diff --git a/modules/trackback/trackback.admin.view.php b/modules/trackback/trackback.admin.view.php
index 1534890b3..276d74a9e 100644
--- a/modules/trackback/trackback.admin.view.php
+++ b/modules/trackback/trackback.admin.view.php
@@ -39,7 +39,12 @@
             Context::set('page', $output->page);
             Context::set('trackback_list', $output->data);
             Context::set('page_navigation', $output->page_navigation);
-            // Set a template
+			//Security
+			$security = new Security();
+			$security->encodeHTML('config.');
+			$security->encodeHTML('trackback_list..');
+
+			// Set a template
             $this->setTemplatePath($this->module_path.'tpl');
             $this->setTemplateFile('trackback_list');
         }
diff --git a/modules/widget/widget.admin.view.php b/modules/widget/widget.admin.view.php
index a402b3db0..9091db130 100644
--- a/modules/widget/widget.admin.view.php
+++ b/modules/widget/widget.admin.view.php
@@ -34,6 +34,9 @@
 			Context::set('tCount', count($widget_list));
 
             $this->setTemplateFile('downloaded_widget_list');
+
+			$security = new Security();
+			$security->encodeHTML('widget_list..', 'widget_list..author..');
         }
 
 		function dispWidgetAdminGenerateCode()
@@ -65,6 +68,9 @@
             $editor = $oEditorModel->getModuleEditor('document',$module_srl, $module_srl,'module_srl','content');
             Context::set('editor', $editor);
 
+			$security = new Security();
+			$security->encodeHTML('member_config..');
+
 			$this->setLayoutPath('./common/tpl');
             $this->setLayoutFile("default_layout");
             $this->setTemplateFile('add_content_widget');