Merge branch 'develop' into pr/member-phone-number

2026-01-03 16:51:40 +09:00 · 2018-08-06 16:49:15 +09:00 · 2018-08-06 16:49:15 +09:00 · 68840c2ede
commit 68840c2ede
parent 625c3b741f 1d0fb32923
45 changed files with 424 additions and 494 deletions
--- a/classes/context/Context.class.php
+++ b/classes/context/Context.class.php
@ -91,13 +91,7 @@ class Context
 	 * @var string
 	 */
 	public $canonical_url = '';
-	
-	/**
-	 * unloaded basic files
-	 * @var array
-	 */
-	public $unloaded_basic_files = array();
-	
+
 	/**
 	 * language type - changed by HTTP_USER_AGENT or user's cookie
 	 * @var string
@ -306,7 +300,7 @@ class Context
 		{
 			if($_COOKIE['lang_type'] !== $lang_type)
 			{
-				setcookie('lang_type', $lang_type, $_SERVER['REQUEST_TIME'] + 3600 * 24 * 1000, '/');
+				setcookie('lang_type', $lang_type, time() + 86400 * 365, '/', null, !!config('session.use_ssl_cookies'));
 			}
 		}
 		elseif($_COOKIE['lang_type'])
@ -322,7 +316,7 @@ class Context
 					if(!strncasecmp($lang_code, $_SERVER['HTTP_ACCEPT_LANGUAGE'], strlen($lang_code)))
 					{
 						$lang_type = $lang_code;
-						setcookie('lang_type', $lang_type, $_SERVER['REQUEST_TIME'] + 3600 * 24 * 1000, '/');
+						setcookie('lang_type', $lang_type, time() + 86400 * 365, '/', null, !!config('session.use_ssl_cookies'));
 					}
 				}
 			}
@ -1703,13 +1697,12 @@ class Context
 		}
 		
 		// If using SSL always
-		$_use_ssl = self::get('_use_ssl');
-		if($_use_ssl == 'always')
+		if($site_module_info->security == 'always')
 		{
 			$query = self::getRequestUri(ENFORCE_SSL, $domain) . $query;
 		}
 		// optional SSL use
-		elseif($_use_ssl == 'optional')
+		elseif($site_module_info->security == 'optional')
 		{
 			$ssl_mode = ((self::get('module') === 'admin') || ($get_vars['module'] === 'admin') || (isset($get_vars['act']) && self::isExistsSSLAction($get_vars['act']))) ? ENFORCE_SSL : RELEASE_SSL;
 			$query = self::getRequestUri($ssl_mode, $domain) . $query;
@ -1775,7 +1768,8 @@ class Context
 			return;
 		}

-		if(self::get('_use_ssl') == 'always')
+		$site_module_info = self::get('site_module_info');
+		if ($site_module_info->security === 'always')
 		{
 			$ssl_mode = ENFORCE_SSL;
 		}
@ -1790,7 +1784,6 @@ class Context
 				break;
 		}

-		$site_module_info = self::get('site_module_info');
 		if ($domain !== null && $domain !== false && $domain !== $site_module_info->domain)
 		{
 			if (!isset($domain_infos[$domain]))
@ -2099,44 +2092,7 @@ class Context
 	{
 		self::$_oFrontEndFileHandler->unloadAllFiles($type);
 	}
-	
-	/**
-	 * unload basic files that load in HTMLDisplayHandler (filename|all|common|admin|mobile)
-	 *
-	 * @return void
-	 */
-	public static function unloadBasicFiles()
-	{
-		if(func_num_args() < 1)
-		{
-			return;
-		}
-		foreach(func_get_args() as $file)
-		{
-			self::$_instance->unloaded_basic_files[] = $file;
-		}
-	}
-	
-	/**
-	 * get unloaded basic files
-	 *
-	 * @return array unloaded basic files
-	 */
-	public static function getUnloadedBasicFiles()
-	{
-		return self::$_instance->unloaded_basic_files;
-	}
-	
-	/**
-	 * clear unloaded basic files
-	 *
-	 * @return void
-	 */
-	public static function clearUnloadedBasicFiles()
-	{
-		self::$_instance->unloaded_basic_files = array();
-	}
-	
+
 	/**
 	 * Add the js file
 	 *
--- a/classes/display/HTMLDisplayHandler.php
+++ b/classes/display/HTMLDisplayHandler.php
@ -235,25 +235,18 @@ class HTMLDisplayHandler
 		Context::set('favicon_url', $favicon_url);
 		Context::set('mobicon_url', $mobicon_url);

-		// set content variable that will be inserted in common layout
+		// convert the final layout
 		Context::set('content', $output);
-		
-		// load basic files
-		if(!in_array('all', Context::getUnloadedBasicFiles()))
+		$oTemplate = TemplateHandler::getInstance();
+		if(Mobile::isFromMobilePhone())
 		{
-			if(Mobile::isFromMobilePhone())
-			{
-				$this->_loadMobileJSCSS();
-			}
-			else
-			{
-				$this->_loadDesktopJSCSS();
-			}
-			$this->_loadCommonJSCSS();
+			$this->_loadMobileJSCSS();
 		}
-		
-		// set common layout
-		$output = TemplateHandler::getInstance()->compile('common/tpl', 'common_layout');
+		else
+		{
+			$this->_loadDesktopJSCSS();
+		}
+		$output = $oTemplate->compile('./common/tpl', 'common_layout');
 		
 		// replace the user-defined-language
 		$oModuleController = getController('module');
@ -567,21 +560,9 @@ class HTMLDisplayHandler
 	 * import basic .js files.
 	 * @return void
 	 */
-	private function _loadDesktopJSCSS()
+	function _loadDesktopJSCSS()
 	{
-		// add admin css
-		if(!in_array('admin', Context::getUnloadedBasicFiles()))
-		{
-			if(Context::get('module') == 'admin' || strpos(Context::get('act'), 'Admin') > 0)
-			{
-				$this->_loadBasicFile('modules/admin/tpl/css/admin.css', 10);
-				$this->_loadBasicFile('modules/admin/tpl/css/admin.iefix.css', 10, '', true);
-				$this->_loadBasicFile('modules/admin/tpl/css/admin.bootstrap.css', 1);
-				$this->_loadBasicFile('modules/admin/tpl/js/admin.js');
-				$this->_loadBasicFile('modules/admin/tpl/js/jquery.tmpl.js', 1);
-				$this->_loadBasicFile('modules/admin/tpl/js/jquery.jstree.js', 1);
-			}
-		}
+		$this->_loadCommonJSCSS();
 	}

 	/**
@ -589,12 +570,7 @@ class HTMLDisplayHandler
 	 */
 	private function _loadMobileJSCSS()
 	{
-		if(in_array('mobile', Context::getUnloadedBasicFiles()))
-		{
-			return;
-		}
-		
-		$this->_loadBasicFile('common/css/mobile.css', -1500000000);
+		$this->_loadCommonJSCSS();
 	}

 	/**
@ -602,12 +578,7 @@ class HTMLDisplayHandler
 	 */
 	private function _loadCommonJSCSS()
 	{
-		if(in_array('common', Context::getUnloadedBasicFiles()))
-		{
-			return;
-		}
-		
-		$jquery_version = preg_match('/MSIE [5-8]\./', $_SERVER['HTTP_USER_AGENT']) ? self::JQUERY_V1 : self::JQUERY_V2;
+		Context::loadFile(array('./common/css/rhymix.less', '', '', -1600000000), true);
 		$original_file_list = array(
 			'plugins/jquery.migrate/jquery-migrate-1.4.1.min.js',
 			'plugins/blankshield/blankshield.min.js',
@ -618,57 +589,40 @@ class HTMLDisplayHandler
 			'xml_handler.js',
 			'xml_js_filter.js',
 		);
-		
-		$this->_loadBasicFile('common/css/rhymix.less', -1600000000);
-		$this->_loadBasicFile('common/js/jquery-' . $jquery_version . (config('view.minify_scripts') !== 'none' ? '.min' : '') . '.js', -1800000000, 'head');
+		$jquery_version = preg_match('/MSIE [5-8]\./', $_SERVER['HTTP_USER_AGENT']) ? self::JQUERY_V1 : self::JQUERY_V2;
 		
 		if(config('view.minify_scripts') === 'none')
 		{
+			Context::loadFile(array('./common/js/jquery-' . $jquery_version . '.js', 'head', '', -1800000000), true);
 			foreach($original_file_list as $filename)
 			{
-				$this->_loadBasicFile('common/js/' . $filename, -1700000000, 'head');
+				Context::loadFile(array('./common/js/' . $filename, 'head', '', -1700000000), true);
 			}
 		}
 		else
 		{
+			Context::loadFile(array('./common/js/jquery-' . $jquery_version . '.min.js', 'head', '', -1800000000), true);
 			$concat_target_filename = 'files/cache/assets/minified/rhymix.min.js';
 			if(file_exists(\RX_BASEDIR . $concat_target_filename))
 			{
-				$original_mtime = 0;
 				$concat_target_mtime = filemtime(\RX_BASEDIR . $concat_target_filename);
+				$original_mtime = 0;
 				foreach($original_file_list as $filename)
 				{
 					$original_mtime = max($original_mtime, filemtime(\RX_BASEDIR . 'common/js/' . $filename));
 				}
 				if($concat_target_mtime > $original_mtime)
 				{
-					$no_renew = true;
+					Context::loadFile(array('./' . $concat_target_filename, 'head', '', -1700000000), true);
+					return;
 				}
 			}
-			if(!isset($no_renew))
-			{
-				$target_file_list = array();
-				foreach($original_file_list as $filename)
-				{
-					$target_file_list[] = \RX_BASEDIR . 'common/js/' . $filename;
-				}
-				Rhymix\Framework\Formatter::minifyJS($target_file_list, \RX_BASEDIR . $concat_target_filename);
-			}
-			$this->_loadBasicFile($concat_target_filename, -1700000000, 'head');
+			Rhymix\Framework\Formatter::minifyJS(array_map(function($str) {
+				return \RX_BASEDIR . 'common/js/' . $str;
+			}, $original_file_list), \RX_BASEDIR . $concat_target_filename);
+			Context::loadFile(array('./' . $concat_target_filename, 'head', '', -1700000000), true);
 		}
 	}
-	
-	/**
-	 * load basic file
-	 */
-	private function _loadBasicFile($filename, $index = 0, $type = '', $ie = false)
-	{
-		if(in_array(pathinfo($filename, PATHINFO_BASENAME), Context::getUnloadedBasicFiles()))
-		{
-			return;
-		}
-		Context::loadFile(array($filename, $type, $ie ? 'ie' : '', $index));
-	}
 }
 /* End of file HTMLDisplayHandler.class.php */
 /* Location: ./classes/display/HTMLDisplayHandler.class.php */
--- a/classes/extravar/Extravar.class.php
+++ b/classes/extravar/Extravar.class.php
@ -396,7 +396,7 @@ class ExtraItem
 				foreach($default as $v)
 				{
 					$checked = '';
-					if($value && in_array(trim($v), $value))
+					if(strval($value) !== '' && in_array(trim($v), $value))
 					{
 						$checked = ' checked="checked"';
 					}
@ -414,7 +414,7 @@ class ExtraItem
 				foreach($default as $v)
 				{
 					$selected = '';
-					if($value && in_array(trim($v), $value))
+					if(strval($value) !== '' && in_array(trim($v), $value))
 					{
 						$selected = ' selected="selected"';
 					}
@ -428,7 +428,7 @@ class ExtraItem
 				foreach($default as $v)
 				{
 					$checked = '';
-					if($value && in_array(trim($v), $value))
+					if(strval($value) !== '' && in_array(trim($v), $value))
 					{
 						$checked = ' checked="checked"';
 					}
--- a/classes/frontendfile/FrontEndFileHandler.class.php
+++ b/classes/frontendfile/FrontEndFileHandler.class.php
@ -288,9 +288,11 @@ class FrontEndFileHandler extends Handler
 		if (!file_exists($file->fileFullPath))
 		{
 			return;
-		}
-		
+		}
+		
 		$default_font_config = Context::get('default_font_config') ?: getController('editor')->default_font_config;
+		$file->vars['enable_xe_btn_styles'] = (defined('DISABLE_XE_BTN_STYLES') && DISABLE_XE_BTN_STYLES) ? 'false' : 'true';
+		$file->vars['enable_xe_msg_styles'] = (defined('DISABLE_XE_MSG_STYLES') && DISABLE_XE_MSG_STYLES) ? 'false' : 'true';
 		$file->vars = array_merge($file->vars, $default_font_config);
 		if ($file->fileExtension === 'less')
 		{
--- a/classes/mobile/Mobile.class.php
+++ b/classes/mobile/Mobile.class.php
@ -73,7 +73,7 @@ class Mobile
 		$uatype = $uahash . ':' . (self::$_ismobile ? '1' : '0');
 		if ($cookie !== $uatype)
 		{
-			setcookie('rx_uatype', $uatype, 0);
+			setcookie('rx_uatype', $uatype, 0, null, null, !!config('session.use_ssl_cookies'));
 			$_COOKIE['rx_uatype'] = $uatype;
 		}
 		
--- a/common/constants.php
+++ b/common/constants.php
@ -3,7 +3,7 @@
 /**
 * RX_VERSION is the version number of the Rhymix CMS.
 */
-define('RX_VERSION', '1.9.7');
+define('RX_VERSION', '1.9.8');

 /**
 * RX_MICROTIME is the startup time of the current script, in microseconds since the Unix epoch.
--- a/common/css/mobile.css
+++ b/common/css/mobile.css
@ -1,37 +0,0 @@
-@charset "utf-8";
-/*! Copyright (C) NAVER <http://www.navercorp.com> */
-/* @author NAVER <developers@xpressengine.com> */
-
-/* Message */
-.message {
-	position: relative;
-	margin: 1em 0;
-	padding: 0 1em;
-	border: 1px solid #ddd;
-	border-radius: 4px;
-	line-height: 1.4;
-	font-size: 13px;
-	text-shadow: 0 1px 0 rgba(255, 255, 255, 0.5);
-	background-color: #f8f8f8;
-}
-body>.message {
-	margin: 1em;
-}
-.message p {
-	margin: 1em 0 !important;
-}
-.message.info {
-	border-color: #BCE8F1;
-	color: #3A87AD;
-	background-color: #D9EDF7;
-}
-.message.error {
-	border-color: #EED3D7;
-	color: #B94A48;
-	background-color: #F2DEDE;
-}
-.message.update {
-	border-color: #D6E9C6;
-	color: #468847;
-	background-color: #DFF0D8;
-}
--- a/common/css/rhymix.less
+++ b/common/css/rhymix.less
@ -26,13 +26,17 @@ a img {
 .word_break(@wb) when (@wb = none) {
 	white-space: nowrap;
 }
-.xe_content {
+.xe_content, .rhymix_content {
 	font-family: @default_font_family;
 	font-size: @default_font_size;
 	line-height: @default_line_height;
 	.word_break(@default_word_break);
 	p {
 		margin: 0 0 @default_paragraph_spacing 0;
+		line-height: @default_line_height;
+		span {
+			line-height: @default_line_height;
+		}
 	}
 	img {
 		max-width: 100%;
@ -61,7 +65,7 @@ a img {
 }

 /* Popup Menu Area */
-#popup_menu_area {
+#rhymix_popup_menu, #popup_menu_area {
 	position: absolute;
 	z-index: 9999;
 	margin: 10px 0;
@ -94,7 +98,7 @@ a img {
 	}
 }
@media screen and (max-width: 400px) {
-	#popup_menu_area {
+	#rhymix_popup_menu, #popup_menu_area {
 		min-width:120px;
 		max-width:95%;
 		font-size: 13px;
@ -133,40 +137,6 @@ a img {
 	border: 0;
 }

-/* Message */
-.message {
-	position: relative;
-	margin: 1em 0;
-	padding: 0 1em;
-	border: 1px solid #ddd;
-	border-radius: 4px;
-	line-height: 1.4;
-	font-size: 13px;
-	text-shadow: 0 1px 0 rgba(255, 255, 255, 0.5);
-	background-color: #f8f8f8;
-	p {
-		margin: 1em 0 !important;
-	}
-	&.info {
-		border-color: #BCE8F1;
-		color: #3A87AD;
-		background-color: #D9EDF7;
-	}
-	&.error {
-		border-color: #EED3D7;
-		color: #B94A48;
-		background-color: #F2DEDE;
-	}
-	&.update {
-		border-color: #D6E9C6;
-		color: #468847;
-		background-color: #DFF0D8;
-	}
-}
-body > .message {
-	margin: 1em;
-}
-
 /* Waiting for server response */
 .wfsr {
 	z-index: 100;
@ -187,125 +157,6 @@ body > .message {
 	background: #333 url("../../common/img/msg.loading.gif") no-repeat center 15px;
 }

-/* Button */
-.btnArea {
-	clear: both;
-	margin: 10px 0;
-	padding: 0;
-	text-align: right;
-	zoom: 1;
-	&:after {
-		clear: both;
-		display: block;
-		content: "";
-	}
-}
-.btn {
-	display: inline-block;
-	*display: inline;
-	margin: 0;
-	padding: 0 12px !important;
-	height: 24px !important;
-	overflow: visible;
-	border: 1px solid #bbbbbb;
-	border-color: #e6e6e6 #e6e6e6 #bfbfbf;
-	border-color: rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.25);
-	border-bottom-color: #a2a2a2;
-	border-radius: 2px;
-	text-decoration: none !important;
-	text-align: center;
-	text-shadow: 0 1px 1px rgba(255, 255, 255, 0.75);
-	vertical-align: top;
-	line-height: 24px !important;
-	font-family: inherit;
-	font-size: 12px;
-	color: #333333;
-	*zoom: 1;
-	cursor: pointer;
-	box-shadow: inset 0 1px 0 rgba(255, 255, 255, 0.2), 0 1px 2px rgba(0, 0, 0, 0.05);
-	background-color: #f5f5f5;
-	*background-color: #e6e6e6;
-	background-image: -moz-linear-gradient(top, #ffffff, #e6e6e6);
-	background-image: -webkit-linear-gradient(top, #ffffff, #e6e6e6);
-	background-image: -webkit-gradient(top, #ffffff, #e6e6e6);
-	background-image: -o-linear-gradient(top, #ffffff, #e6e6e6);
-	background-image: linear-gradient(top, #ffffff, #e6e6e6);
-	background-repeat: repeat-x;
-	filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffffff', endColorstr='#e6e6e6', GradientType=0);
-	filter: progid:DXImageTransform.Microsoft.gradient(enabled=false);
-	&:hover, &:active, &[disabled] {
-		color: #333;
-		background-color: #e6e6e6;
-		*background-color: #d9d9d9;
-	}
-	>a, >button, >input, >span {
-		display: inline-block;
-		*zoom: 1;
-		margin: 0 -12px !important;
-		padding: 0 12px !important;
-		overflow: visible;
-		width: auto;
-		height: 24px;
-		border: 0;
-		vertical-align: top;
-		text-decoration: none !important;
-		line-height: 24px;
-		font-family: inherit;
-		font-size: 12px;
-		color: #333;
-		cursor: pointer;
-		background: none;
-	}
-}
-input.btn, button.btn {
-	height: 26px !important;
-}
-.btn-group {
-	position: relative;
-	display: inline-block;
-	*display: inline;
-	*margin-left: .3em;
-	white-space: nowrap;
-	vertical-align: middle;
-	font-size: 0;
-	*zoom: 1;
-	&:first-child {
-		*margin-left: 0;
-	}
-	&+.btn-group {
-		margin-left: 5px;
-	}
-	>.btn {
-		position: relative;
-		-webkit-border-radius: 0;
-		-moz-border-radius: 0;
-		border-radius: 0;
-		&+.btn {
-			margin-left: -1px;
-		}
-		&:first-child {
-			margin-left: 0;
-			-webkit-border-bottom-left-radius: 4px;
-			-moz-border-radius-bottomleft: 4px;
-			border-bottom-left-radius: 4px;
-			-webkit-border-top-left-radius: 4px;
-			-moz-border-radius-topleft: 4px;
-			border-top-left-radius: 4px;
-		}
-		&:last-child {
-			-webkit-border-top-right-radius: 4px;
-			-moz-border-radius-topright: 4px;
-			border-top-right-radius: 4px;
-			-webkit-border-bottom-right-radius: 4px;
-			-moz-border-radius-bottomright: 4px;
-			border-bottom-right-radius: 4px;
-		}
-		&:hover, &:focus, &:active, &.active {
-			z-index: 2;
-		}
-	}
-}
-
 /* Debug */
 #rhymix_debug_button {
 	display: none;
@ -445,3 +296,181 @@ input.btn, button.btn {
 		}
 	}
 }
+
+/* Button (for XE compatibility */
+.btnArea_mixin(@enabled) when (@enabled = true) {
+	clear: both;
+	margin: 10px 0;
+	padding: 0;
+	text-align: right;
+	zoom: 1;
+	&:after {
+		clear: both;
+		display: block;
+		content: "";
+	}
+}
+.btnArea_mixin(@enabled) when (@enabled = false) { }
+.btnArea {
+	.btnArea_mixin(@enable_xe_btn_styles);
+}
+.rhymix_button_wrapper {
+	.btnArea_mixin(true);
+}
+.btn_mixin(@enabled) when (@enabled = true) {
+	display: inline-block;
+	*display: inline;
+	margin: 0;
+	padding: 0 12px !important;
+	height: 24px !important;
+	overflow: visible;
+	border: 1px solid #bbbbbb;
+	border-color: #e6e6e6 #e6e6e6 #bfbfbf;
+	border-color: rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.25);
+	border-bottom-color: #a2a2a2;
+	border-radius: 2px;
+	text-decoration: none !important;
+	text-align: center;
+	text-shadow: 0 1px 1px rgba(255, 255, 255, 0.75);
+	vertical-align: top;
+	line-height: 24px !important;
+	font-family: inherit;
+	font-size: 12px;
+	color: #333333;
+	*zoom: 1;
+	cursor: pointer;
+	box-shadow: inset 0 1px 0 rgba(255, 255, 255, 0.2), 0 1px 2px rgba(0, 0, 0, 0.05);
+	background-color: #f5f5f5;
+	*background-color: #e6e6e6;
+	background-image: -moz-linear-gradient(top, #ffffff, #e6e6e6);
+	background-image: -webkit-linear-gradient(top, #ffffff, #e6e6e6);
+	background-image: -webkit-gradient(top, #ffffff, #e6e6e6);
+	background-image: -o-linear-gradient(top, #ffffff, #e6e6e6);
+	background-image: linear-gradient(top, #ffffff, #e6e6e6);
+	background-repeat: repeat-x;
+	filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffffff', endColorstr='#e6e6e6', GradientType=0);
+	filter: progid:DXImageTransform.Microsoft.gradient(enabled=false);
+	&:hover, &:active, &[disabled] {
+		color: #333;
+		background-color: #e6e6e6;
+		*background-color: #d9d9d9;
+	}
+	>a, >button, >input, >span {
+		display: inline-block;
+		*zoom: 1;
+		margin: 0 -12px !important;
+		padding: 0 12px !important;
+		overflow: visible;
+		width: auto;
+		height: 24px;
+		border: 0;
+		vertical-align: top;
+		text-decoration: none !important;
+		line-height: 24px;
+		font-family: inherit;
+		font-size: 12px;
+		color: #333;
+		cursor: pointer;
+		background: none;
+	}
+	input&, button& {
+		height: 26px !important;
+	}
+}
+.btn_mixin(@enabled) when (@enabled = false) { }
+.btn {
+	.btn_mixin(@enable_xe_btn_styles);
+}
+.rhymix_button {
+	.btn_mixin(true);
+}
+.btn-group_mixin(@enabled) when (@enabled = true) {
+	position: relative;
+	display: inline-block;
+	*display: inline;
+	*margin-left: .3em;
+	white-space: nowrap;
+	vertical-align: middle;
+	font-size: 0;
+	*zoom: 1;
+	&:first-child {
+		*margin-left: 0;
+	}
+	&+.btn-group {
+		margin-left: 5px;
+	}
+	>.btn {
+		position: relative;
+		-webkit-border-radius: 0;
+		-moz-border-radius: 0;
+		border-radius: 0;
+		&+.btn {
+			margin-left: -1px;
+		}
+		&:first-child {
+			margin-left: 0;
+			-webkit-border-bottom-left-radius: 4px;
+			-moz-border-radius-bottomleft: 4px;
+			border-bottom-left-radius: 4px;
+			-webkit-border-top-left-radius: 4px;
+			-moz-border-radius-topleft: 4px;
+			border-top-left-radius: 4px;
+		}
+		&:last-child {
+			-webkit-border-top-right-radius: 4px;
+			-moz-border-radius-topright: 4px;
+			border-top-right-radius: 4px;
+			-webkit-border-bottom-right-radius: 4px;
+			-moz-border-radius-bottomright: 4px;
+			border-bottom-right-radius: 4px;
+		}
+		&:hover, &:focus, &:active, &.active {
+			z-index: 2;
+		}
+	}
+}
+.btn-group_mixin(@enabled) when (@enabled = false) { }
+.btn-group {
+	.btn-group_mixin(@enable_xe_btn_styles);
+}
+
+/* Message (for XE compatibility) */
+.message_mixin(@enabled) when (@enabled = true) {
+	position: relative;
+	margin: 1em 0;
+	padding: 0 1em;
+	border: 1px solid #ddd;
+	border-radius: 4px;
+	line-height: 1.4;
+	font-size: 13px;
+	text-shadow: 0 1px 0 rgba(255, 255, 255, 0.5);
+	background-color: #f8f8f8;
+	p {
+		margin: 1em 0 !important;
+	}
+	&.info {
+		border-color: #BCE8F1;
+		color: #3A87AD;
+		background-color: #D9EDF7;
+	}
+	&.error {
+		border-color: #EED3D7;
+		color: #B94A48;
+		background-color: #F2DEDE;
+	}
+	&.update {
+		border-color: #D6E9C6;
+		color: #468847;
+		background-color: #DFF0D8;
+	}
+	body > & {
+		margin: 1em;
+	}
+}
+.message_mixin(@enabled) when (@enabled = false) { }
+.message {
+	.message_mixin(@enable_xe_msg_styles);
+}
+.rhymix_message {
+	.message_mixin(true);
+}
--- a/common/defaults/config.php
+++ b/common/defaults/config.php
@ -56,6 +56,7 @@ return array(
 		'use_db' => false,
 		'use_keys' => false,
 		'use_ssl' => false,
+		'use_ssl_cookies' => false,
 		'domain' => null,
 		'path' => null,
 		'lifetime' => 0,
--- a/common/defaults/whitelist.php
+++ b/common/defaults/whitelist.php
@ -78,5 +78,7 @@ return array(
 		'player.vimeo.com/',
 		// Afreeca
 		'afree.ca/',
+		// Soundcloud
+		'w.soundcloud.com/',
 	),
 );
--- a/common/framework/filters/filenamefilter.php
+++ b/common/framework/filters/filenamefilter.php
@ -30,6 +30,9 @@ class FilenameFilter
 		$filename = trim($filename, ' .-_');
 		$filename = preg_replace('/__+/', '_', $filename);
 		
+		// Clean up unnecessary encodings.
+		$filename = strtr($filename, array('&amp;' => '&'));
+		
 		// Change .php files to .phps to make them non-executable.
 		if (strtolower(substr($filename, strlen($filename) - 4)) === '.php')
 		{
--- a/common/framework/session.php
+++ b/common/framework/session.php
@ -80,7 +80,7 @@ class Session
 		ini_set('session.use_cookies', 1);
 		ini_set('session.use_only_cookies', 1);
 		ini_set('session.use_strict_mode', 1);
-		session_set_cookie_params($lifetime, $path, null, $ssl_only, false);
+		session_set_cookie_params($lifetime, $path, null, $ssl_only, $ssl_only);
 		session_name($session_name = Config::get('session.name') ?: session_name());
 		
 		// Get session ID from POST parameter if using relaxed key checks.
@ -295,7 +295,7 @@ class Session
 		if(!$is_default_domain && !\Context::get('sso_response') && $_COOKIE['sso'] !== md5($current_domain))
 		{
 			// Set sso cookie to prevent multiple simultaneous SSO validation requests.
-			setcookie('sso', md5($current_domain), 0, '/');
+			setcookie('sso', md5($current_domain), 0, '/', null, !!config('session.use_ssl'), true);
 			
 			// Redirect to the default site.
 			$sso_request = Security::encrypt($current_url);
--- a/common/framework/ua.php
+++ b/common/framework/ua.php
@ -366,7 +366,7 @@ class UA
 				
 			case 'rfc5987':
 				$filename = rawurlencode($filename);
-				return "filename*=UTF-8''" . $filename . '; filename="' . $filename . '"';
+				return "filename*=UTF-8''" . $filename;
 				
 			case 'old_ie':
 			default:
--- a/common/framework/url.php
+++ b/common/framework/url.php
@ -18,7 +18,8 @@ class URL
 	 */
 	public static function getCurrentURL(array $changes = array())
 	{
-		$url = self::getCurrentDomainURL(isset($_SERVER['REQUEST_URI']) ? $_SERVER['REQUEST_URI'] : '/');
+		$request_uri = preg_replace('/[<>"]/', '', isset($_SERVER['REQUEST_URI']) ? $_SERVER['REQUEST_URI'] : '/');
+		$url = self::getCurrentDomainURL($request_uri);
 		if (count($changes))
 		{
 			return self::modifyURL($url, $changes);
--- a/common/js/common.js
+++ b/common/js/common.js
@ -1055,7 +1055,8 @@ function getOuterHTML(obj) {
 function setCookie(name, value, expire, path) {
 	var s_cookie = name + "=" + escape(value) +
 		((!expire) ? "" : ("; expires=" + expire.toGMTString())) +
-		"; path=" + ((!path) ? "/" : path);
+		"; path=" + ((!path) ? "/" : path) + 
+		((cookies_ssl) ? ";secure" : "");

 	document.cookie = s_cookie;
 }
--- a/common/js/plugins/jquery.fileupload/js/main.js
+++ b/common/js/plugins/jquery.fileupload/js/main.js
@ -386,7 +386,8 @@

 					data.files[file.file_srl] = file;
 					$container.data(data);
-
+					
+					file.source_filename = file.source_filename.replace("&amp;", "&");
 					if(/\.(jpe?g|png|gif)$/i.test(file.source_filename)) {
 						result_image.push(template_fileimte_image(file));
 					}
--- a/common/legacy.php
+++ b/common/legacy.php
@ -917,7 +917,7 @@ function getScriptPath()
 */
 function getRequestUriByServerEnviroment()
 {
-	return escape($_SERVER['REQUEST_URI']);
+	return preg_replace('/[<>"]/', '', $_SERVER['REQUEST_URI']);
 }

 /**
--- a/common/tpl/common_layout.html
+++ b/common/tpl/common_layout.html
@ -55,7 +55,8 @@
 	var current_mid = {json_encode($mid ?: null)};
 	var http_port = {Context::get("_http_port") ?: 'null'};
 	var https_port = {Context::get("_https_port") ?: 'null'};
-	var enforce_ssl = {Context::get('_use_ssl') === 'always' ? 'true' : 'false'};
+	var enforce_ssl = {$site_module_info->security === 'always' ? 'true' : 'false'};
+	var cookies_ssl = {config('session.use_ssl_cookies') ? 'true' : 'false'};
 	var ssl_actions = {json_encode(array_keys(Context::getSSLActions()))};
 	var xeVid = null;
 </script>
--- a/modules/admin/admin.admin.controller.php
+++ b/modules/admin/admin.admin.controller.php
@ -726,6 +726,9 @@ class adminAdminController extends admin
 		
 		Rhymix\Framework\Config::set('admin.allow', array_values($allowed_ip));
 		Rhymix\Framework\Config::set('admin.deny', array_values($denied_ip));
+		Rhymix\Framework\Config::set('session.use_keys', $vars->use_session_keys === 'Y');
+		Rhymix\Framework\Config::set('session.use_ssl', $vars->use_session_ssl === 'Y');
+		Rhymix\Framework\Config::set('session.use_ssl_cookies', $vars->use_cookies_ssl === 'Y');
 		
 		// Save
 		if (!Rhymix\Framework\Config::save())
@ -824,8 +827,6 @@ class adminAdminController extends admin
 		Rhymix\Framework\Config::set('use_rewrite', $vars->use_rewrite === 'Y');
 		Rhymix\Framework\Config::set('session.delay', $vars->delay_session === 'Y');
 		Rhymix\Framework\Config::set('session.use_db', $vars->use_db_session === 'Y');
-		Rhymix\Framework\Config::set('session.use_keys', $vars->use_session_keys === 'Y');
-		Rhymix\Framework\Config::set('session.use_ssl', $vars->use_session_ssl === 'Y');
 		Rhymix\Framework\Config::set('view.minify_scripts', $vars->minify_scripts ?: 'common');
 		Rhymix\Framework\Config::set('view.concat_scripts', $vars->concat_scripts ?: 'none');
 		Rhymix\Framework\Config::set('view.server_push', $vars->use_server_push === 'Y');
--- a/modules/admin/admin.admin.view.php
+++ b/modules/admin/admin.admin.view.php
@ -450,6 +450,11 @@ class adminAdminView extends admin
 		Context::set('admin_denied_ip', implode(PHP_EOL, $denied_ip));
 		Context::set('remote_addr', RX_CLIENT_IP);
 		
+		// Session and cookie security settings
+		Context::set('use_session_keys', Rhymix\Framework\Config::get('session.use_keys'));
+		Context::set('use_session_ssl', Rhymix\Framework\Config::get('session.use_ssl'));
+		Context::set('use_cookies_ssl', Rhymix\Framework\Config::get('session.use_ssl_cookies'));
+		
 		$this->setTemplateFile('config_security');
 	}
 	
@ -538,8 +543,6 @@ class adminAdminView extends admin
 		Context::set('mobile_viewport', config('mobile.viewport') ?: 'width=device-width, initial-scale=1.0, user-scalable=yes');
 		Context::set('use_ssl', Rhymix\Framework\Config::get('url.ssl'));
 		Context::set('delay_session', Rhymix\Framework\Config::get('session.delay'));
-		Context::set('use_session_keys', Rhymix\Framework\Config::get('session.use_keys'));
-		Context::set('use_session_ssl', Rhymix\Framework\Config::get('session.use_ssl'));
 		Context::set('use_db_session', Rhymix\Framework\Config::get('session.use_db'));
 		Context::set('minify_scripts', Rhymix\Framework\Config::get('view.minify_scripts'));
 		Context::set('concat_scripts', Rhymix\Framework\Config::get('view.concat_scripts'));
@ -779,6 +782,7 @@ class adminAdminView extends admin
 		$info['session.use_db'] = config('session.use_db') ? 'true' : 'false';
 		$info['session.use_keys'] = config('session.use_keys') ? 'true' : 'false';
 		$info['session.use_ssl'] = config('session.use_ssl') ? 'true' : 'false';
+		$info['session.use_ssl_cookies'] = config('session.use_ssl_cookies') ? 'true' : 'false';
 		$info['view.concat_scripts'] = config('view.concat_scripts');
 		$info['view.minify_scripts'] = config('view.minify_scripts');
 		$info['use_rewrite'] = config('use_rewrite') ? 'true' : 'false';
--- a/modules/admin/lang/en.php
+++ b/modules/admin/lang/en.php
@ -162,7 +162,9 @@ $lang->about_delay_session = 'To improve performance when using a caching proxy
 $lang->use_session_keys = 'Use session security keys';
 $lang->about_use_session_keys = 'Use additional security keys to guard against session theft. This setting is highly recommended if you don\'t use SSL-only sessions.<br>This setting may cause some users to become logged out.';
 $lang->use_session_ssl = 'Use SSL-only session';
-$lang->about_use_session_ssl = 'Prevent the session from being used on non-SSL pages.<br>This helps improve security if your site always uses SSL and your server is configured to redirect all non-SSL pages to SSL.';
+$lang->about_use_session_ssl = 'Force the session to be SSL-only.<br>This helps improve security if your site always uses SSL.';
+$lang->use_cookies_ssl = 'Use SSL-only cookies';
+$lang->about_use_cookies_ssl = 'Force all cookies to be SSL-only.';
 $lang->use_object_cache = 'Use Cache';
 $lang->cache_default_ttl = 'Cache default TTL';
 $lang->cache_host = 'Host';
--- a/modules/admin/lang/ko.php
+++ b/modules/admin/lang/ko.php
@ -163,7 +163,9 @@ $lang->about_delay_session = 'Varnish 등의 프록시 캐싱 서버 사용시
 $lang->use_session_keys = '세션 보안키 사용';
 $lang->about_use_session_keys = '세션 탈취를 방지하기 위한 보안키를 사용합니다. SSL 전용 세션을 사용하지 않을 경우 반드시 보안키를 사용하시기를 권장합니다.<br>사용자 환경에 따라 로그인이 풀리는 문제가 발생할 수 있습니다.';
 $lang->use_session_ssl = 'SSL 전용 세션 사용';
-$lang->about_use_session_ssl = '세션을 SSL 전용으로 지정하여 SSL이 아닌 페이지에서 사용할 수 없도록 합니다.<br>SSL을 항상 사용하고, SSL이 아닌 페이지 방문시 자동으로 SSL 페이지로 리다이렉트되도록 서버가 설정되어 있는 경우<br>이 옵션을 사용하면 보안이 향상됩니다. (애드온 등을 사용하여 리다이렉트하는 경우 제외)';
+$lang->about_use_session_ssl = '세션을 SSL 전용으로 지정하여 SSL이 아닌 페이지에서는 사용할 수 없도록 합니다.<br>SSL을 항상 사용하도록 설정되어 있는 경우에만 활성화됩니다.';
+$lang->use_cookies_ssl = 'SSL 전용 쿠키 사용';
+$lang->about_use_cookies_ssl = '세션뿐 아니라 모든 쿠키를 SSL 전용으로 지정합니다.<br>SSL을 항상 사용하도록 설정되어 있는 경우에만 활성화됩니다.';
 $lang->use_object_cache = '캐시 사용';
 $lang->cache_default_ttl = '캐시 기본 TTL';
 $lang->cache_host = '호스트';
--- a/modules/admin/tpl/_header.html
+++ b/modules/admin/tpl/_header.html
@ -1,5 +1,10 @@
+<load target="css/admin.bootstrap.css" />
+<load target="css/admin.iefix.css" />
+<load target="css/admin.css" />
+<load target="js/admin.js" />
+<load target="js/jquery.tmpl.js" />
+<load target="js/jquery.jstree.js" />
 <meta name="apple-mobile-web-app-capable" content="yes" />
-<meta name="viewport" content="width=device-width, initial-scale=1, minimum-scale=1, maximum-scale=2, user-scalable=yes" />
 <script>
 	var admin_menu_srl = "{$admin_menu_srl}";
 	xe.cmd_find = "{$lang->cmd_find}";
--- a/modules/admin/tpl/config_advanced.html
+++ b/modules/admin/tpl/config_advanced.html
@ -105,24 +105,6 @@
 				<p class="x_help-block">{$lang->about_delay_session}</p>
 			</div>
 		</div>
-		<div class="x_control-group">
-			<label class="x_control-label">{$lang->use_session_keys}</label>
-			<div class="x_controls">
-				<label for="use_session_keys_y" class="x_inline"><input type="radio" name="use_session_keys" id="use_session_keys_y" value="Y" checked="checked"|cond="$use_session_keys !== false" /> {$lang->cmd_yes}</label>
-				<label for="use_session_keys_n" class="x_inline"><input type="radio" name="use_session_keys" id="use_session_keys_n" value="N" checked="checked"|cond="$use_session_keys === false" /> {$lang->cmd_no}</label>
-				<br />
-				<p class="x_help-block">{$lang->about_use_session_keys}</p>
-			</div>
-		</div>
-		<div class="x_control-group">
-			<label class="x_control-label">{$lang->use_session_ssl}</label>
-			<div class="x_controls">
-				<label for="use_session_ssl_y" class="x_inline"><input type="radio" name="use_session_ssl" id="use_session_ssl_y" value="Y" checked="checked"|cond="$use_session_ssl && $use_ssl === 'always'" disabled="disabled"|cond="$use_ssl !== 'always'" /> {$lang->cmd_yes}</label>
-				<label for="use_session_ssl_n" class="x_inline"><input type="radio" name="use_session_ssl" id="use_session_ssl_n" value="N" checked="checked"|cond="!$use_session_ssl || $use_ssl !== 'always'" disabled="disabled"|cond="$use_ssl !== 'always'" /> {$lang->cmd_no}</label>
-				<br />
-				<p class="x_help-block">{$lang->about_use_session_ssl}</p>
-			</div>
-		</div>
 		<div class="x_control-group">
 			<label class="x_control-label">{$lang->thumbnail_target}</label>
 			<div class="x_controls">
--- a/modules/admin/tpl/config_security.html
+++ b/modules/admin/tpl/config_security.html
@ -39,6 +39,33 @@
 				<p class="x_help-block">{$lang->about_admin_ip_deny}</p>
 			</div>
 		</div>
+		<div class="x_control-group">
+			<label class="x_control-label">{$lang->use_session_keys}</label>
+			<div class="x_controls">
+				<label for="use_session_keys_y" class="x_inline"><input type="radio" name="use_session_keys" id="use_session_keys_y" value="Y" checked="checked"|cond="$use_session_keys !== false" /> {$lang->cmd_yes}</label>
+				<label for="use_session_keys_n" class="x_inline"><input type="radio" name="use_session_keys" id="use_session_keys_n" value="N" checked="checked"|cond="$use_session_keys === false" /> {$lang->cmd_no}</label>
+				<br />
+				<p class="x_help-block">{$lang->about_use_session_keys}</p>
+			</div>
+		</div>
+		<div class="x_control-group">
+			<label class="x_control-label">{$lang->use_session_ssl}</label>
+			<div class="x_controls">
+				<label for="use_session_ssl_y" class="x_inline"><input type="radio" name="use_session_ssl" id="use_session_ssl_y" value="Y" checked="checked"|cond="$use_session_ssl && $site_module_info->security === 'always'" disabled="disabled"|cond="$site_module_info->security !== 'always'" /> {$lang->cmd_yes}</label>
+				<label for="use_session_ssl_n" class="x_inline"><input type="radio" name="use_session_ssl" id="use_session_ssl_n" value="N" checked="checked"|cond="!$use_session_ssl || $site_module_info->security !== 'always'" disabled="disabled"|cond="$site_module_info->security !== 'always'" /> {$lang->cmd_no}</label>
+				<br />
+				<p class="x_help-block">{$lang->about_use_session_ssl}</p>
+			</div>
+		</div>
+		<div class="x_control-group">
+			<label class="x_control-label">{$lang->use_cookies_ssl}</label>
+			<div class="x_controls">
+				<label for="use_cookies_ssl_y" class="x_inline"><input type="radio" name="use_cookies_ssl" id="use_cookies_ssl_y" value="Y" checked="checked"|cond="$use_cookies_ssl && $site_module_info->security === 'always'" disabled="disabled"|cond="$site_module_info->security !== 'always'" /> {$lang->cmd_yes}</label>
+				<label for="use_cookies_ssl_n" class="x_inline"><input type="radio" name="use_cookies_ssl" id="use_cookies_ssl_n" value="N" checked="checked"|cond="!$use_cookies_ssl || $site_module_info->security !== 'always'" disabled="disabled"|cond="$site_module_info->security !== 'always'" /> {$lang->cmd_no}</label>
+				<br />
+				<p class="x_help-block">{$lang->about_use_cookies_ssl}</p>
+			</div>
+		</div>
 		<div class="x_clearfix btnArea">
 			<div class="x_pull-right">
 				<button type="submit" class="x_btn x_btn-primary">{$lang->cmd_save}</button>
--- a/modules/admin/tpl/popup_layout.html
+++ b/modules/admin/tpl/popup_layout.html
@ -1,3 +1,9 @@
+<load target="css/admin.bootstrap.css" />
+<load target="css/admin.iefix.css" />
+<load target="css/admin.css" />
+<load target="js/admin.js" />
+<load target="js/jquery.tmpl.js" />
+<load target="js/jquery.jstree.js" />
 <div class="x">
 	<div class="content" id="content">
 		{$content}
--- a/modules/board/skins/default/_comment.html
+++ b/modules/board/skins/default/_comment.html
@ -15,7 +15,11 @@
 				</h3>
 				<p class="time">{$comment->getRegdate('Y.m.d H:i')}</p>
 			</div>
-			<!--@if(!$comment->isAccessible())-->
+			<!--@if($comment->status == RX_STATUS_DELETED)-->
+				<div class="xe_content deleted">{$lang->msg_deleted_comment}</div>
+			<!--@elseif($comment->status == RX_STATUS_DELETED_BY_ADMIN)-->
+				<div class="xe_content deleted deleted_by_admin">{$lang->msg_admin_deleted_comment}</div>
+			<!--@elseif(!$comment->isAccessible())-->
 			<form action="./" method="get" class="xe_content" onsubmit="return procFilter(this, input_password)">
 				<p><label for="cpw_{$comment->comment_srl}">{$lang->msg_is_secret} {$lang->msg_input_password}</label></p>
 				<p><input type="password" name="password" id="cpw_{$comment->comment_srl}" class="iText" /><input type="submit" class="btn" value="{$lang->cmd_input}" /></p>
@ -25,14 +29,7 @@
 				<input type="hidden" name="comment_srl" value="{$comment->get('comment_srl')}" />
 			</form>
 			<!--@else-->
-				<!--@if($comment->status == 7)-->
-				{$lang->msg_deleted_comment}
-				<!--@elseif($comment->status == 8)-->
-				{$lang->msg_admin_deleted_comment}
-				<!--@end-->
-				<block cond="$comment->status < 7">
-					{$comment->getContent(false)}
-				</block>
+				{$comment->getContent(false)}
 			<!--@end-->
 			<div cond="$comment->hasUploadedFiles()" class="fileList">
 				<button type="button" class="toggleFile" onclick="jQuery(this).next('ul.files').toggle();">{$lang->uploaded_file} [<strong>{$comment->get('uploaded_count')}</strong>]</button>
--- a/modules/board/skins/xedition/_comment.html
+++ b/modules/board/skins/xedition/_comment.html
@ -15,7 +15,11 @@
 				</h3>
 				<p class="time">{$comment->getRegdate('Y.m.d H:i')}</p>
 			</div>
-			<!--@if(!$comment->isAccessible())-->
+			<!--@if($comment->status == RX_STATUS_DELETED)-->
+				<div class="xe_content deleted">{$lang->msg_deleted_comment}</div>
+			<!--@elseif($comment->status == RX_STATUS_DELETED_BY_ADMIN)-->
+				<div class="xe_content deleted deleted_by_admin">{$lang->msg_admin_deleted_comment}</div>
+			<!--@elseif(!$comment->isAccessible())-->
 			<form action="./" method="get" class="xe_content secretForm" onsubmit="return procFilter(this, input_password)">
 				<p><label for="cpw_{$comment->comment_srl}">{$lang->msg_is_secret} {$lang->msg_input_password}</label></p>
 				<p><input type="password" name="password" id="cpw_{$comment->comment_srl}" class="iText" /><input type="submit" class="btn" value="{$lang->cmd_input}" /></p>
@ -25,7 +29,7 @@
 				<input type="hidden" name="comment_srl" value="{$comment->get('comment_srl')}" />
 			</form>
 			<!--@else-->
-			{$comment->getContent(false)}
+				{$comment->getContent(false)}
 			<!--@end-->
 			<div cond="$comment->hasUploadedFiles()" class="fileList">
 				<button type="button" class="toggleFile" onclick="jQuery(this).next('ul.files').toggle();"><i class="xi-diskette"></i> {$lang->uploaded_file} [<strong>{$comment->get('uploaded_count')}</strong>]</button>
--- a/modules/communication/m.skins/default/css/mcommunication.css
+++ b/modules/communication/m.skins/default/css/mcommunication.css
@ -15,7 +15,6 @@ input[type=radio]{width:13px;height:13px;margin:0;padding:0}
 /* Background */
 .rp li li,
 .rp .answer,
-.rp .btn,
 /* Body */
 .bd{background:#f8f8f8;padding:1px 0}
 .co{margin:10px;line-height:1.4;font-size:14px;color:#333}
@ -85,7 +84,6 @@ input[type=radio]{width:13px;height:13px;margin:0;padding:0}
 .rp li li li li{padding-left:55px;background-position:40px -145px}
 .rp li li li li li{padding-left:70px;background-position:55px -145px}
 .rp li li li li li li{padding-left:85px;background-position:70px -145px}
-.rp .btn{display:inline-block;width:15px;height:15px;overflow:hidden;vertical-align:middle;text-indent:15px}
 .rp .btn.ed{background-position:0 -32px}
 .rp .btn.de{background-position:-15px -32px}
 .rp .btn.re{background-position:-30px -32px}
--- a/modules/communication/skins/default/css/communication.css
+++ b/modules/communication/skins/default/css/communication.css
@ -233,49 +233,6 @@
 .xc .pagination ul>li:last-child>a,
 .xc .pagination ul>li:last-child>span{-webkit-border-top-right-radius:4px;border-top-right-radius:4px;-webkit-border-bottom-right-radius:4px;border-bottom-right-radius:4px;-moz-border-radius-topright:4px;-moz-border-radius-bottomright:4px}
 .xc .pagination-centered{text-align:center}
-/* Button */
-.xc .btn{font-size:12px;font-family:inherit;display:inline-block;*display:inline;padding:4px 12px;margin-bottom:0;*margin-left:.3em;line-height:20px;height:auto;color:#333333;text-align:center;text-shadow:0 1px 1px rgba(255, 255, 255, 0.75);vertical-align:middle;cursor:pointer;background-color:#f5f5f5;*background-color:#e6e6e6;background-image:-moz-linear-gradient(top, #ffffff, #e6e6e6);background-image:-webkit-gradient(linear, 0 0, 0 100%, from(#ffffff), to(#e6e6e6));background-image:-webkit-linear-gradient(top, #ffffff, #e6e6e6);background-image:-o-linear-gradient(top, #ffffff, #e6e6e6);background-image:linear-gradient(to bottom, #ffffff, #e6e6e6);background-repeat:repeat-x;border:1px solid #cccccc;*border:0;border-color:#e6e6e6 #e6e6e6 #bfbfbf;border-color:rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.25);border-bottom-color:#b3b3b3;-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffffff', endColorstr='#e6e6e6', GradientType=0);filter:progid:DXImageTransform.Microsoft.gradient(enabled=false);*zom:1;-webkit-box-shadow:inset 0 1px 0 rgba(255, 255, 255, 0.2), 0 1px 2px rgba(0, 0, 0, 0.05);-moz-box-shadow:inset 0 1px 0 rgba(255, 255, 255, 0.2), 0 1px 2px rgba(0, 0, 0, 0.05);box-shadow:inset 0 1px 0 rgba(255, 255, 255, 0.2), 0 1px 2px rgba(0, 0, 0, 0.05)}
-.xc .btn:hover,
-.xc .btn:focus,
-.xc .btn:active,
-.xc .btn.active,
-.xc .btn.disabled,
-.xc .btn[disabled]{color:#333333;background-color:#e6e6e6;*background-color:#d9d9d9}
-.xc .btn:active,
-.xc .btn.active{background-color:#cccccc \9}
-.xc .btn:first-child{*margin-left:0}
-.xc .btn:hover,
-.xc .btn:focus{color:#333333;text-decoration:none;background-position:0 -15px;-webkit-transition:background-position 0.1s linear;-moz-transition:background-position 0.1s linear;-o-transition:background-position 0.1s linear;transition:background-position 0.1s linear}
-.xc .btn:focus{outline:thin dotted #333;outline:5px auto -webkit-focus-ring-color;outline-offset:-2px}
-.xc .btn.active,
-.xc .btn:active{background-image:none;outline:0;-webkit-box-shadow:inset 0 2px 4px rgba(0, 0, 0, 0.15), 0 1px 2px rgba(0, 0, 0, 0.05);-moz-box-shadow:inset 0 2px 4px rgba(0, 0, 0, 0.15), 0 1px 2px rgba(0, 0, 0, 0.05);box-shadow:inset 0 2px 4px rgba(0, 0, 0, 0.15), 0 1px 2px rgba(0, 0, 0, 0.05)}
-.xc .btn.disabled,
-.xc .btn[disabled]{cursor:default;background-image:none;opacity:0.65;filter:alpha(opacity=65);-webkit-box-shadow:none;-moz-box-shadow:none;box-shadow:none}
-.xc .btn-inverse.active{color:rgba(255, 255, 255, 0.75)}
-.xc .btn-inverse{color:#ffffff!important;text-shadow:0 -1px 0 rgba(0, 0, 0, 0.25);background-color:#363636;*background-color:#222222;background-image:-moz-linear-gradient(top, #444444, #222222);background-image:-webkit-gradient(linear, 0 0, 0 100%, from(#444444), to(#222222));background-image:-webkit-linear-gradient(top, #444444, #222222);background-image:-o-linear-gradient(top, #444444, #222222);background-image:linear-gradient(to bottom, #444444, #222222);background-repeat:repeat-x;border-color:#222222 #222222 #000000;border-color:rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.25);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff444444', endColorstr='#ff222222', GradientType=0);filter:progid:DXImageTransform.Microsoft.gradient(enabled=false)}
-.xc .btn-inverse:hover,
-.xc .btn-inverse:focus,
-.xc .btn-inverse:active,
-.xc .btn-inverse.active,
-.xc .btn-inverse.disabled,
-.xc .btn-inverse[disabled]{color:#ffffff;background-color:#222222;*background-color:#151515}
-.xc .btn-inverse:active,
-.xc .btn-inverse.active{background-color:#080808 \9}
-.xc button.btn,
-.xc input[type="submit"].btn{*padding-top:3px;*padding-bottom:3px}
-.xc button.btn::-moz-focus-inner,
-.xc input[type="submit"].btn::-moz-focus-inner{padding:0;border:0}
-.xc .btn-group{position:relative;display:inline-block;*display:inline;*margin-left:.3em;font-size:0;white-space:nowrap;vertical-align:middle;*zoom:1}
-.xc .btn-group:first-child{*margin-left:0}
-.xc .btn-group+.btn-group{margin-left:5px}
-.xc .btn-group>.btn{position:relative;-webkit-border-radius:0;-moz-border-radius:0;border-radius:0}
-.xc .btn-group>.btn+.btn{margin-left:-1px}
-.xc .btn-group>.btn:first-child{margin-left:0;-webkit-border-bottom-left-radius:4px;border-bottom-left-radius:4px;-webkit-border-top-left-radius:4px;border-top-left-radius:4px;-moz-border-radius-bottomleft:4px;-moz-border-radius-topleft:4px}
-.xc .btn-group>.btn:last-child{-webkit-border-top-right-radius:4px;border-top-right-radius:4px;-webkit-border-bottom-right-radius:4px;border-bottom-right-radius:4px;-moz-border-radius-topright:4px;-moz-border-radius-bottomright:4px}
-.xc .btn-group>.btn:hover,
-.xc .btn-group>.btn:focus,
-.xc .btn-group>.btn:active,
-.xc .btn-group>.btn.active{z-index:2}
 /* Communication Module Customize */
 .xc,
 .xc input,
--- a/modules/document/document.model.php
+++ b/modules/document/document.model.php
@ -81,7 +81,7 @@ class documentModel extends document
 		$output = $this->getDocumentExtraVarsFromDB($document_srls);
 		foreach($output->data as $key => $val)
 		{
-			if(!$val->value)
+			if(strval($val->value) === '')
 			{
 				continue;
 			}
--- a/modules/editor/skins/ckeditor/file_upload.html
+++ b/modules/editor/skins/ckeditor/file_upload.html
@ -7,7 +7,7 @@
 	<div class="xefu-dropzone">
 		<span class="xefu-btn fileinput-button xefu-act-selectfile">
 			<span><i class="xi-icon xi-file-upload"></i> {$lang->edit->upload_file}</span>
-			<input id="xe-fileupload" type="file" class="fileupload-processing " value="{$lang->edit->upload_file}" name="Filedata" data-auto-upload="true" data-editor-sequence="{$editor_sequence}" multiple />
+			<input id="xe-fileupload" type="file" class="fileupload-processing " name="Filedata" data-auto-upload="true" data-editor-sequence="{$editor_sequence}" multiple />
 		</span>

 		<p class="xefu-dropzone-message" cond="!$m">{$lang->ckeditor_about_file_drop_area}</p>
--- a/modules/importer/importer.admin.controller.php
+++ b/modules/importer/importer.admin.controller.php
@ -372,13 +372,14 @@ class importerAdminController extends importer
 			FileHandler::removeFile($target_file);
 			if(!$xmlObj) continue;
 			// List Objects
-			$obj = null;
+			$obj = new stdClass();
+			$obj->member_srl = getNextSequence();
 			$obj->user_id = base64_decode($xmlObj->member->user_id->body);
 			$obj->password = base64_decode($xmlObj->member->password->body);
 			$obj->user_name = base64_decode($xmlObj->member->user_name->body);
 			$obj->nick_name = base64_decode($xmlObj->member->nick_name->body);
 			if(!$obj->user_name) $obj->user_name = $obj->nick_name;
-			$obj->email = base64_decode($xmlObj->member->email->body);
+			$obj->email_address = base64_decode($xmlObj->member->email->body);
 			$obj->homepage = base64_decode($xmlObj->member->homepage->body);
 			$obj->blog = base64_decode($xmlObj->member->blog->body);
 			$obj->birthday = substr(base64_decode($xmlObj->member->birthday->body),0,8);
@ -401,8 +402,20 @@ class importerAdminController extends importer
 			}
 			// Create url for homepage and blog
 			if($obj->homepage && strncasecmp('http://', $obj->homepage, 7) !== 0 && strncasecmp('https://', $obj->homepage, 8) !== 0) $obj->homepage = 'http://'.$obj->homepage;
-			// email address column
-			$obj->email_address = $obj->email;
+			// Check user ID
+			if(!preg_match('/^[a-z]+[\w-]*[a-z0-9_]+$/i', $obj->user_id))
+			{
+				$obj->user_id = preg_replace('/[^a-z0-9_-]+/i', '', $obj->user_id);
+			}
+			if(!preg_match('/^[a-z]+[\w-]*[a-z0-9_]+$/i', $obj->user_id))
+			{
+				$obj->user_id = 't' . $obj->member_srl;
+			}
+			// Check email address
+			if(!preg_match('/^[\w-]+((?:\.|\+|\~)[\w-]+)*@[\w-]+(\.[\w-]+)+$/', $obj->email_address))
+			{
+				$obj->email_address = $obj->user_id . '@example.com';
+			}
 			list($obj->email_id, $obj->email_host) = explode('@', $obj->email);
 			// Set the mailing option
 			if($obj->allow_mailing!='Y') $obj->allow_mailing = 'N';
@ -411,18 +424,37 @@ class importerAdminController extends importer
 			if(!in_array($obj->allow_message, array('Y','N','F'))) $obj->allow_message= 'Y';
 			// Get member-join date if the last login time is not found
 			if(!$obj->last_login) $obj->last_login = $obj->regdate;
-			// Get a member_srl
-			$obj->member_srl = getNextSequence();
+			// Set the list order
 			$obj->list_order = -1 * $obj->member_srl;
 			// List extra vars
 			$extra_vars = $obj->extra_vars;
 			unset($obj->extra_vars);
 			$obj->extra_vars = serialize($extra_vars);
-			// Check if the same nickname is existing
-			$nick_args = new stdClass;
-			$nick_args->nick_name = $obj->nick_name;
-			$nick_output = executeQuery('member.getMemberSrl', $nick_args);
-			if(!$nick_output->toBool()) $obj->nick_name .= '_'.$obj->member_srl;
+			// Check if the same user ID exists
+			$args = new stdClass;
+			$args->user_id = $obj->user_id;
+			$output = executeQuery('member.getMemberSrl', $args);
+			if(!$output->toBool() || $output->data)
+			{
+				$obj->user_id .= '_'.$obj->member_srl;
+			}
+			// Check if the same nickname exists
+			$args = new stdClass;
+			$args->nick_name = $obj->nick_name;
+			$output = executeQuery('member.getMemberSrl', $args);
+			if(!$output->toBool() || $output->data)
+			{
+				$obj->user_id .= '_'.$obj->member_srl;
+			}
+			// Check if the same email address exists
+			$args = new stdClass;
+			$args->email_address = $obj->email_address;
+			$output = executeQuery('member.getMemberSrl', $args);
+			if(!$output->toBool() || $output->data)
+			{
+				$obj->email_address = $obj->user_id . '@example.com';
+			}
+
 			// Add a member
 			$output = executeQuery('member.insertMember', $obj);

@ -433,7 +465,7 @@ class importerAdminController extends importer
 				$oMail->setTitle("Password update for your " . getFullSiteUrl() . " account");
 				$webmaster_name = $member_config->webmaster_name?$member_config->webmaster_name:'Webmaster';
 				$oMail->setContent("Dear $obj->user_name, <br /><br />
-						We recently migrated our phpBB forum to Rhymix. Since you password was encrypted we could not migrate it too, so please reset it by following this link:
+						We recently migrated our site to Rhymix. Since you password was encrypted we could not migrate it too, so please reset it by following this link:
 						<a href='" . getFullSiteUrl() . "/?act=dispMemberFindAccount' >" . getFullSiteUrl() . "?act=dispMemberFindAccount</a>. You need to enter you email address and hit the 'Find account' button. You will then receive an email with a new, generated password that you can change after login. <br /><br />

 						Thank you for your understanding,<br />
@ -751,6 +783,20 @@ class importerAdminController extends importer
 			$obj->commentStatus = base64_decode($xmlDoc->post->allow_comment->body)!='N'?'ALLOW':'DENY';
 			$obj->allow_trackback = base64_decode($xmlDoc->post->allow_trackback->body)!='N'?'Y':'N';
 			$obj->notify_message = base64_decode($xmlDoc->post->is_notice->body);
+			// Check user ID
+			if(!preg_match('/^[a-z]+[\w-]*[a-z0-9_]+$/i', $obj->user_id))
+			{
+				$obj->user_id = preg_replace('/[^a-z0-9_-]+/i', '', $obj->user_id);
+			}
+			if(!preg_match('/^[a-z]+[\w-]*[a-z0-9_]+$/i', $obj->user_id))
+			{
+				$obj->user_id = 't' . $obj->member_srl;
+			}
+			// Check email address
+			if(!preg_match('/^[\w-]+((?:\.|\+|\~)[\w-]+)*@[\w-]+(\.[\w-]+)+$/', $obj->email_address))
+			{
+				$obj->email_address = $obj->user_id . '@example.com';
+			}
 			// Change content information (attachment)
 			if(count($files))
 			{
@ -942,6 +988,20 @@ class importerAdminController extends importer
 				$obj->ipaddress = base64_decode($xmlDoc->comment->ipaddress->body);
 				$obj->status = base64_decode($xmlDoc->comment->status->body)==''?'1':base64_decode($xmlDoc->comment->status->body);
 				$obj->list_order = $obj->comment_srl*-1;
+				// Check user ID
+				if(!preg_match('/^[a-z]+[\w-]*[a-z0-9_]+$/i', $obj->user_id))
+				{
+					$obj->user_id = preg_replace('/[^a-z0-9_-]+/i', '', $obj->user_id);
+				}
+				if(!preg_match('/^[a-z]+[\w-]*[a-z0-9_]+$/i', $obj->user_id))
+				{
+					$obj->user_id = 't' . $obj->member_srl;
+				}
+				// Check email address
+				if(!preg_match('/^[\w-]+((?:\.|\+|\~)[\w-]+)*@[\w-]+(\.[\w-]+)+$/', $obj->email_address))
+				{
+					$obj->email_address = $obj->user_id . '@example.com';
+				}
 				// Change content information (attachment)
 				if(count($files))
 				{
--- a/modules/member/lang/en.php
+++ b/modules/member/lang/en.php
@ -138,6 +138,7 @@ $lang->msg_confirm_account_comment = 'Click on the following link to complete yo
 $lang->msg_auth_mail_sent = 'The activation mail has been sent to %s. Please check your mail.';
 $lang->msg_confirm_mail_sent = 'We have just sent the activation email to %s. Please check your mail.';
 $lang->msg_invalid_auth_key = 'This is an invalid request of verification.<br />Please retry finding account info or contact the administrator.';
+$lang->msg_expired_auth_key = 'Your verification link has expired. Please request a new verification email.';
 $lang->msg_success_authed = 'Please use the password you received in the email to log in, and change it to a password of your choice as soon as possible.';
 $lang->msg_success_confirmed = 'Your account has been activated. You may log in now.';
 $lang->msg_new_member = 'Add Member';
--- a/modules/member/lang/ko.php
+++ b/modules/member/lang/ko.php
@ -146,6 +146,7 @@ $lang->msg_confirm_mail_sent = '%s 메일로 가입 인증 메일이 발송되
 $lang->msg_change_mail_sent = '%s 메일로 이메일 변경 인증 메일이 발송되었습니다. 메일을 확인하세요.';
 $lang->msg_invalid_modify_email_auth_key = '잘못된 이메일 변경 요청입니다.<br />이메일 변경요청을 다시 하거나 사이트 관리자에게 문의해주세요.';
 $lang->msg_invalid_auth_key = '잘못된 계정 인증 요청입니다.<br />아이디/비밀번호 찾기를 다시 하거나 사이트 관리자에게 계정 정보를 문의해주세요.';
+$lang->msg_expired_auth_key = '인증 유효기간이 지났습니다. 인증을 다시 요청해 주십시오.';
 $lang->msg_success_authed = '임시 비밀번호로 변경되었습니다.<br />로그인 후 반드시 다른 비밀번호로 변경하시기 바랍니다.';
 $lang->msg_success_confirmed = '가입 인증이 완료되었습니다. 이제 로그인하실 수 있습니다.';
 $lang->msg_new_member = '회원 추가';
--- a/modules/member/member.controller.php
+++ b/modules/member/member.controller.php
@ -914,7 +914,7 @@ class memberController extends member
 		{
 			if(isset($args->{$val}))
 			{
-				$args->{$val} = preg_replace('/[\pZ\pC]+/u', '', $args->{$val});
+				$args->{$val} = preg_replace('/[\pZ\pC]+/u', '', html_entity_decode($args->{$val}));
 			}
 		}

@ -1575,7 +1575,7 @@ class memberController extends member
 		if(ztime($output->data->regdate) < time() - (86400 * 3))
 		{
 			executeQuery('member.deleteAuthMail', $args);
-			return $this->stop('msg_invalid_auth_key');
+			return $this->stop('msg_expired_auth_key');
 		}

 		// Back up the value of $output->data->is_register
--- a/modules/member/member.view.php
+++ b/modules/member/member.view.php
@ -192,7 +192,7 @@ class memberView extends member
 	function dispMemberSignUpForm()
 	{
 		//setcookie for redirect url in case of going to member sign up
-		setcookie("XE_REDIRECT_URL", $_SERVER['HTTP_REFERER']);
+		setcookie("XE_REDIRECT_URL", $_SERVER['HTTP_REFERER'], 0, '/', null, !!config('session.use_ssl_cookies'));

 		$member_config = $this->member_config;

--- a/modules/member/skins/default/css/member.css
+++ b/modules/member/skins/default/css/member.css
@ -233,49 +233,6 @@
 .xm .pagination ul>li:last-child>a,
 .xm .pagination ul>li:last-child>span{-webkit-border-top-right-radius:4px;border-top-right-radius:4px;-webkit-border-bottom-right-radius:4px;border-bottom-right-radius:4px;-moz-border-radius-topright:4px;-moz-border-radius-bottomright:4px}
 .xm .pagination-centered{text-align:center}
-/* Button */
-.xm .btn{font-size:12px;font-family:inherit;display:inline-block;*display:inline;padding:4px 12px;margin-bottom:0;*margin-left:.3em;line-height:20px;height:auto;color:#333333;text-align:center;text-shadow:0 1px 1px rgba(255, 255, 255, 0.75);vertical-align:middle;cursor:pointer;background-color:#f5f5f5;*background-color:#e6e6e6;background-image:-moz-linear-gradient(top, #ffffff, #e6e6e6);background-image:-webkit-gradient(linear, 0 0, 0 100%, from(#ffffff), to(#e6e6e6));background-image:-webkit-linear-gradient(top, #ffffff, #e6e6e6);background-image:-o-linear-gradient(top, #ffffff, #e6e6e6);background-image:linear-gradient(to bottom, #ffffff, #e6e6e6);background-repeat:repeat-x;border:1px solid #cccccc;*border:0;border-color:#e6e6e6 #e6e6e6 #bfbfbf;border-color:rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.25);border-bottom-color:#b3b3b3;-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffffff', endColorstr='#e6e6e6', GradientType=0);filter:progid:DXImageTransform.Microsoft.gradient(enabled=false);*zoom:1;-webkit-box-shadow:inset 0 1px 0 rgba(255, 255, 255, 0.2), 0 1px 2px rgba(0, 0, 0, 0.05);-moz-box-shadow:inset 0 1px 0 rgba(255, 255, 255, 0.2), 0 1px 2px rgba(0, 0, 0, 0.05);box-shadow:inset 0 1px 0 rgba(255, 255, 255, 0.2), 0 1px 2px rgba(0, 0, 0, 0.05)}
-.xm .btn:hover,
-.xm .btn:focus,
-.xm .btn:active,
-.xm .btn.active,
-.xm .btn.disabled,
-.xm .btn[disabled]{color:#333333;background-color:#e6e6e6;*background-color:#d9d9d9}
-.xm .btn:active,
-.xm .btn.active{background-color:#cccccc \9}
-.xm .btn:first-child{*margin-left:0}
-.xm .btn:hover,
-.xm .btn:focus{color:#333333;text-decoration:none;background-position:0 -15px;-webkit-transition:background-position 0.1s linear;-moz-transition:background-position 0.1s linear;-o-transition:background-position 0.1s linear;transition:background-position 0.1s linear}
-.xm .btn:focus{outline:thin dotted #333;outline:5px auto -webkit-focus-ring-color;outline-offset:-2px}
-.xm .btn.active,
-.xm .btn:active{background-image:none;outline:0;-webkit-box-shadow:inset 0 2px 4px rgba(0, 0, 0, 0.15), 0 1px 2px rgba(0, 0, 0, 0.05);-moz-box-shadow:inset 0 2px 4px rgba(0, 0, 0, 0.15), 0 1px 2px rgba(0, 0, 0, 0.05);box-shadow:inset 0 2px 4px rgba(0, 0, 0, 0.15), 0 1px 2px rgba(0, 0, 0, 0.05)}
-.xm .btn.disabled,
-.xm .btn[disabled]{cursor:default;background-image:none;opacity:0.65;filter:alpha(opacity=65);-webkit-box-shadow:none;-moz-box-shadow:none;box-shadow:none}
-.xm .btn-inverse.active{color:rgba(255, 255, 255, 0.75)}
-.xm .btn-inverse{color:#ffffff!important;text-shadow:0 -1px 0 rgba(0, 0, 0, 0.25);background-color:#363636;*background-color:#222222;background-image:-moz-linear-gradient(top, #444444, #222222);background-image:-webkit-gradient(linear, 0 0, 0 100%, from(#444444), to(#222222));background-image:-webkit-linear-gradient(top, #444444, #222222);background-image:-o-linear-gradient(top, #444444, #222222);background-image:linear-gradient(to bottom, #444444, #222222);background-repeat:repeat-x;border-color:#222222 #222222 #000000;border-color:rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.25);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff444444', endColorstr='#ff222222', GradientType=0);filter:progid:DXImageTransform.Microsoft.gradient(enabled=false)}
-.xm .btn-inverse:hover,
-.xm .btn-inverse:focus,
-.xm .btn-inverse:active,
-.xm .btn-inverse.active,
-.xm .btn-inverse.disabled,
-.xm .btn-inverse[disabled]{color:#ffffff;background-color:#222222;*background-color:#151515}
-.xm .btn-inverse:active,
-.xm .btn-inverse.active{background-color:#080808 \9}
-.xm button.btn,
-.xm input[type="submit"].btn{*padding-top:3px;*padding-bottom:3px}
-.xm button.btn::-moz-focus-inner,
-.xm input[type="submit"].btn::-moz-focus-inner{padding:0;border:0}
-.xm .btn-group{position:relative;display:inline-block;*display:inline;*margin-left:.3em;font-size:0;white-space:nowrap;vertical-align:middle;*zoom:1}
-.xm .btn-group:first-child{*margin-left:0}
-.xm .btn-group+.btn-group{margin-left:5px}
-.xm .btn-group>.btn{position:relative;-webkit-border-radius:0;-moz-border-radius:0;border-radius:0}
-.xm .btn-group>.btn+.btn{margin-left:-1px}
-.xm .btn-group>.btn:first-child{margin-left:0;-webkit-border-bottom-left-radius:4px;border-bottom-left-radius:4px;-webkit-border-top-left-radius:4px;border-top-left-radius:4px;-moz-border-radius-bottomleft:4px;-moz-border-radius-topleft:4px}
-.xm .btn-group>.btn:last-child{-webkit-border-top-right-radius:4px;border-top-right-radius:4px;-webkit-border-bottom-right-radius:4px;border-bottom-right-radius:4px;-moz-border-radius-topright:4px;-moz-border-radius-bottomright:4px}
-.xm .btn-group>.btn:hover,
-.xm .btn-group>.btn:focus,
-.xm .btn-group>.btn:active,
-.xm .btn-group>.btn.active{z-index:2}
 /* Member module customize */
 .xm,
 .xm input,
--- a/modules/page/page.view.php
+++ b/modules/page/page.view.php
@ -204,17 +204,32 @@ class pageView extends page
 			FileHandler::writeFile($cache_file, $script);
 		}

+		// Import Context and lang as local variables.
 		$__Context = &$GLOBALS['__Context__'];
 		$__Context->tpl_path = $filepath;
+		global $lang;

+		// Start the output buffer.
+		$__ob_level_before_fetch = ob_get_level();
 		ob_start();
-		include($cache_file);
+		
+		// Include the compiled template.
+		include $cache_file;

+		// Fetch contents of the output buffer until the buffer level is the same as before.
 		$contents = '';
-		while (ob_get_level() - $level > 0) {
-			$contents .= ob_get_contents();
-			ob_end_clean();
+		while (ob_get_level() > $__ob_level_before_fetch)
+		{
+			$contents .= ob_get_clean();
 		}
+		
+		// Insert template path comment tag.
+		if(Rhymix\Framework\Debug::isEnabledForCurrentUser() && Context::getResponseMethod() === 'HTML' && !starts_with('<!DOCTYPE', $contents) && !starts_with('<?xml', $contents))
+		{
+			$sign = PHP_EOL . '<!-- Template %s : ' . $target_file . ' -->' . PHP_EOL;
+			$contents = sprintf($sign, 'start') . $contents . sprintf($sign, 'end');
+		}
+		
 		return $contents;
 	}

--- a/modules/spamfilter/spamfilter.controller.php
+++ b/modules/spamfilter/spamfilter.controller.php
@ -53,7 +53,6 @@ class spamfilterController extends spamfilter
 		{
 			$text = $obj->title . ' ' . $obj->content . ' ' . $obj->nick_name . ' ' . $obj->homepage . ' ' . $obj->tags;	
 		}
-		$text = utf8_trim(utf8_normalize_spaces(htmlspecialchars_decode(strip_tags($text))));
 		$output = $oFilterModel->isDeniedWord($text);
 		if(!$output->toBool())
 		{
@ -99,7 +98,6 @@ class spamfilterController extends spamfilter
 		{
 			$text = $obj->content . ' ' . $obj->nick_name . ' ' . $obj->homepage;	
 		}
-		$text = utf8_trim(utf8_normalize_spaces(htmlspecialchars_decode(strip_tags($text))));
 		$output = $oFilterModel->isDeniedWord($text);
 		if(!$output->toBool()) return $output;
 		// If the specified time check is not modified
--- a/modules/spamfilter/spamfilter.model.php
+++ b/modules/spamfilter/spamfilter.model.php
@ -80,6 +80,7 @@ class spamfilterModel extends spamfilter
 		$word_list = $this->getDeniedWordList();
 		if(!count($word_list)) return new BaseObject();

+		$text = utf8_trim(utf8_normalize_spaces(htmlspecialchars_decode(strip_tags($text, '<a><img>'))));
 		foreach ($word_list as $word_item)
 		{
 			$word = $word_item->word;
--- a/tests/unit/classes/FrontEndFileHandlerTest.php
+++ b/tests/unit/classes/FrontEndFileHandlerTest.php
@ -38,17 +38,13 @@ class FrontEndFileHandlerTest extends \Codeception\TestCase\Test
 			$this->assertEquals($expected, $handler->getJsFileList('body'));
 		});

-		$this->specify("css and scss", function() {
+		$this->specify("css and less", function() {
 			$handler = new FrontEndFileHandler();
 			$handler->loadFile(array('./common/css/rhymix.less'));
-			$handler->loadFile(array('./common/css/mobile.css'));
 			$result = $handler->getCssFileList(true);
 			$this->assertRegexp('/\.rhymix\.less\.css\?\d+$/', $result[0]['file']);
 			$this->assertEquals('all', $result[0]['media']);
 			$this->assertEmpty($result[0]['targetie']);
-			$this->assertEquals('/rhymix/common/css/mobile.css' . $this->_filemtime('common/css/mobile.css'), $result[1]['file']);
-			$this->assertEquals('all', $result[1]['media']);
-			$this->assertEmpty($result[1]['targetie']);
 		});

 		$this->specify("order (duplicate)", function() {
@ -157,14 +153,10 @@ class FrontEndFileHandlerTest extends \Codeception\TestCase\Test
 		$this->specify("minify (css)", function() {
 			$handler = new FrontEndFileHandler();
 			$handler->loadFile(array('./common/css/rhymix.less'));
-			$handler->loadFile(array('./common/css/mobile.css'));
 			$result = $handler->getCssFileList(true);
 			$this->assertRegexp('/\.rhymix\.less\.min\.css\b/', $result[0]['file']);
 			$this->assertEquals('all', $result[0]['media']);
 			$this->assertEmpty($result[0]['targetie']);
-			$this->assertRegexp('/minified\/common\.css\.mobile\.min\.css\?\d+$/', $result[1]['file']);
-			$this->assertEquals('all', $result[1]['media']);
-			$this->assertEmpty($result[1]['targetie']);
 		});
 		
 		$this->specify("minify (js)", function() {
@ -182,7 +174,7 @@ class FrontEndFileHandlerTest extends \Codeception\TestCase\Test
 		$this->specify("concat (css)", function() {
 			$handler = new FrontEndFileHandler();
 			$handler->loadFile(array('./common/css/rhymix.less'));
-			$handler->loadFile(array('./common/css/mobile.css'));
+			$handler->loadFile(array('./common/css/bootstrap-responsive.css'));
 			$handler->loadFile(array('http://external.host/style.css'));
 			$handler->loadFile(array('./common/css/bootstrap.css', null, 'IE'));
 			$handler->loadFile(array('./tests/_data/formatter/concat.source1.css'));
@ -257,7 +249,6 @@ class FrontEndFileHandlerTest extends \Codeception\TestCase\Test
 		
 		$this->specify("blocked scripts", function() {
 			$handler = new FrontEndFileHandler();
-			$handler->loadFile(array('./common/css/mobile.css'));
 			$handler->loadFile(array('./common/css/xe.min.css'));
 			$handler->loadFile(array('./common/js/common.js'));
 			$handler->loadFile(array('./common/js/xe.js'));
--- a/tests/unit/framework/UATest.php
+++ b/tests/unit/framework/UATest.php
@ -277,10 +277,10 @@ class UATest extends \Codeception\TestCase\Test
 	
 	public function testEncodeFilenameForDownload()
 	{
-		$this->assertEquals('filename*=UTF-8\'\'%ED%95%9C%EA%B8%80%20filename.jpg; filename="%ED%95%9C%EA%B8%80%20filename.jpg"', Rhymix\Framework\UA::encodeFilenameForDownload('한글 filename.jpg', 'Chrome/50.0'));
-		$this->assertEquals('filename*=UTF-8\'\'%ED%95%9C%EA%B8%80%20filename.jpg; filename="%ED%95%9C%EA%B8%80%20filename.jpg"', Rhymix\Framework\UA::encodeFilenameForDownload('한글 filename.jpg', 'Firefox/46.0'));
-		$this->assertEquals('filename*=UTF-8\'\'%ED%95%9C%EA%B8%80%20filename.jpg; filename="%ED%95%9C%EA%B8%80%20filename.jpg"', Rhymix\Framework\UA::encodeFilenameForDownload('한글 filename.jpg', 'Edge/12.10240'));
-		$this->assertEquals('filename*=UTF-8\'\'%ED%95%9C%EA%B8%80%20filename.jpg; filename="%ED%95%9C%EA%B8%80%20filename.jpg"', Rhymix\Framework\UA::encodeFilenameForDownload('한글 filename.jpg', 'MSIE/7.0 Trident/7.0'));
+		$this->assertEquals('filename*=UTF-8\'\'%ED%95%9C%EA%B8%80%20filename.jpg', Rhymix\Framework\UA::encodeFilenameForDownload('한글 filename.jpg', 'Chrome/50.0'));
+		$this->assertEquals('filename*=UTF-8\'\'%ED%95%9C%EA%B8%80%20filename.jpg', Rhymix\Framework\UA::encodeFilenameForDownload('한글 filename.jpg', 'Firefox/46.0'));
+		$this->assertEquals('filename*=UTF-8\'\'%ED%95%9C%EA%B8%80%20filename.jpg', Rhymix\Framework\UA::encodeFilenameForDownload('한글 filename.jpg', 'Edge/12.10240'));
+		$this->assertEquals('filename*=UTF-8\'\'%ED%95%9C%EA%B8%80%20filename.jpg', Rhymix\Framework\UA::encodeFilenameForDownload('한글 filename.jpg', 'MSIE/7.0 Trident/7.0'));
 		$this->assertEquals('filename="%ED%95%9C%EA%B8%80%20filename.jpg"', Rhymix\Framework\UA::encodeFilenameForDownload('한글 filename.jpg', 'MSIE 8.0'));
 		$this->assertEquals('filename="%ED%95%9C%EA%B8%80%20filename.jpg"', Rhymix\Framework\UA::encodeFilenameForDownload('한글 filename.jpg', 'Unknown Browser'));
 		$this->assertEquals('filename="한글 filename.jpg"', Rhymix\Framework\UA::encodeFilenameForDownload('한글 filename.jpg', 'Safari/5.0 Version/5.0'));
--- a/tests/unit/framework/URLTest.php
+++ b/tests/unit/framework/URLTest.php
@ -9,7 +9,7 @@ class URLTest extends \Codeception\TestCase\Test
 		
 		// Getting the current URL
 		$this->assertEquals('https://www.rhymix.org/rhymix/index.php?foo=bar&xe=sucks', Rhymix\Framework\URL::getCurrentURL());
-		
+
 		// Adding items to the query string
 		$this->assertEquals('https://www.rhymix.org/rhymix/index.php?foo=bar&xe=sucks&var=1&arr%5B0%5D=2&arr%5B1%5D=3', Rhymix\Framework\URL::getCurrentURL(array('var' => '1', 'arr' => array(2, 3))));
 		
@ -22,6 +22,13 @@ class URLTest extends \Codeception\TestCase\Test
 		// Adding and removing parameters at the same time
 		$this->assertEquals('https://www.rhymix.org/rhymix/index.php?xe=sucks&l=ko', Rhymix\Framework\URL::getCurrentURL(array('l' => 'ko', 'foo' => null)));
 		
+		// Removing invalid characters in the current URL
+		$_SERVER['REQUEST_URI'] = '/rhymix/?foo="bar"';
+		$this->assertEquals('https://www.rhymix.org/rhymix/?foo=bar', Rhymix\Framework\URL::getCurrentURL());
+		$_SERVER['REQUEST_URI'] = '/rhymix/?foo=<bar&baz=rhymix>';
+		$this->assertEquals('https://www.rhymix.org/rhymix/?foo=bar&baz=rhymix', Rhymix\Framework\URL::getCurrentURL());
+		$this->assertEquals('https://www.rhymix.org/rhymix/?baz=rhymix&l=ko', Rhymix\Framework\URL::getCurrentURL(array('l' => 'ko', 'foo' => null)));
+		
 		$_SERVER['REQUEST_URI'] = $old_request_uri;
 	}
 	
--- a/widgets/login_info/skins/ncenter_login/js/ncenter.js
+++ b/widgets/login_info/skins/ncenter_login/js/ncenter.js
@ -8,7 +8,7 @@
 				dt.setTime(dt.getTime() + (d * 24 * 60 * 60000));
 				e = "; expires=" + dt.toGMTString();
 			}
-			document.cookie = n + "=" + v + e + "; path=/";
+			document.cookie = n + "=" + v + e + "; path=/" + ((cookies_ssl) ? ";secure" : "");
 		}

 		var n = $('#nc_container');