diff --git a/config/config.inc.php b/config/config.inc.php
index 19e086d61..6304f6245 100644
--- a/config/config.inc.php
+++ b/config/config.inc.php
@@ -29,7 +29,7 @@ define('__ZBXE__', __XE__);
 /**
  * Display XE's full version.
  */
-define('__XE_VERSION__', '1.7.4');
+define('__XE_VERSION__', '1.7.4.1');
 
 /**
  * @deprecated __ZBXE_VERSION__ will be removed. Use __XE_VERSION__ instead.
diff --git a/modules/comment/comment.controller.php b/modules/comment/comment.controller.php
index 18e86394c..0a64b1c06 100644
--- a/modules/comment/comment.controller.php
+++ b/modules/comment/comment.controller.php
@@ -266,9 +266,13 @@ class commentController extends comment
 				return new Object(-1, 'msg_invalid_request');
 			}
 
-			if($obj->homepage && !preg_match('/^[a-z]+:\/\//i', $obj->homepage))
+			if($obj->homepage)
 			{
-				$obj->homepage = 'http://' . $obj->homepage;
+				$obj->homepage = removeHackTag($obj->homepage);
+				if(!preg_match('/^[a-z]+:\/\//i',$obj->homepage))
+				{
+					$obj->homepage = 'http://'.$obj->homepage;
+				}
 			}
 
 			// input the member's information if logged-in
@@ -655,9 +659,13 @@ class commentController extends comment
 			$obj->password = md5($obj->password);
 		}
 
-		if($obj->homepage && !preg_match('/^[a-z]+:\/\//i', $obj->homepage))
+		if($obj->homepage) 
 		{
-			$obj->homepage = 'http://' . $obj->homepage;
+			$obj->homepage = removeHackTag($obj->homepage);
+			if(!preg_match('/^[a-z]+:\/\//i',$obj->homepage))
+			{
+				$obj->homepage = 'http://'.$obj->homepage;
+			}
 		}
 
 		// set modifier's information if logged-in and posting author and modifier are matched.
diff --git a/modules/document/document.controller.php b/modules/document/document.controller.php
index 87220649c..338f082d4 100644
--- a/modules/document/document.controller.php
+++ b/modules/document/document.controller.php
@@ -398,7 +398,15 @@ class documentController extends document
 		if(!$obj->commentStatus) $obj->commentStatus = 'DENY';
 		if($obj->commentStatus == 'DENY') $this->_checkCommentStatusForOldVersion($obj);
 		if($obj->allow_trackback!='Y') $obj->allow_trackback = 'N';
-		if($obj->homepage &&  !preg_match('/^[a-z]+:\/\//i',$obj->homepage)) $obj->homepage = 'http://'.$obj->homepage;
+		if($obj->homepage)
+		{
+			$obj->homepage = removeHackTag($obj->homepage);
+			if(!preg_match('/^[a-z]+:\/\//i',$obj->homepage))
+			{
+				$obj->homepage = 'http://'.$obj->homepage;
+			}
+		}
+		
 		if($obj->notify_message != 'Y') $obj->notify_message = 'N';
 		
 		// can modify regdate only manager