diff --git a/bbs/logout.php b/bbs/logout.php
index 4d071e428..d2083b11f 100644
--- a/bbs/logout.php
+++ b/bbs/logout.php
@@ -15,8 +15,12 @@ if ($url) {
         $url = 'http:' . $url;
 
     $p = @parse_url(urldecode($url));
-    if ($p['scheme'] || $p['host']) {
-        alert('url에 도메인을 지정할 수 없습니다.');
+    /*
+        // OpenRediect 취약점관련, PHP 5.3 이하버전에서는 parse_url 버그가 있음 ( Safflower 님 제보 ) 아래 url 예제
+        // http://localhost/bbs/logout.php?url=http://sir.kr%23@/
+    */
+    if (preg_match('/^https?:\/\//i', $url) || $p['scheme'] || $p['host']) {
+        alert('url에 도메인을 지정할 수 없습니다.', G5_URL);
     }
 
     $link = $url;
diff --git a/config.php b/config.php
index f97136fb9..9e8782482 100644
--- a/config.php
+++ b/config.php
@@ -5,7 +5,7 @@
 ********************/
 
 define('G5_VERSION', '그누보드5');
-define('G5_GNUBOARD_VER', '5.2.9.8');
+define('G5_GNUBOARD_VER', '5.2.9.8.1');
 
 // 이 상수가 정의되지 않으면 각각의 개별 페이지는 별도로 실행될 수 없음
 define('_GNUBOARD_', true);
diff --git a/plugin/htmlpurifier/extend.video.php b/plugin/htmlpurifier/extend.video.php
index df9f2367e..8ba346a47 100644
--- a/plugin/htmlpurifier/extend.video.php
+++ b/plugin/htmlpurifier/extend.video.php
@@ -21,11 +21,24 @@ if( !class_exists('HTMLPurifier_Filter_Iframevideo') ){
 		 */
 		public function preFilter($html, $config, $context)
 		{
-			$html = preg_replace('#<iframe#i', '<img class="Iframevideo"', $html);
-			$html = preg_replace('#</iframe>#i', '</img>', $html);
+			if (strstr($html, '<iframe')) {
+				$html = preg_replace_callback('/<iframe.*?src="https?:\/\/www\.youtube\.com\/embed\/([^"]*)[^>]*>(.*?)?\/iframe>/si', array($this, 'trust_url_match'), $html);
+				$html = preg_replace_callback('/<iframe.*?src="https?:\/\/player\.vimeo.com\/video\/([^"]*)[^>]*>(.*?)?\/iframe>/si', array($this, 'trust_url_match'), $html);
+				//$html = preg_replace('#<iframe#i', '<img class="Iframevideo"', $html);
+				//$html = preg_replace('#</iframe>#i', '</img>', $html);
+			}
 			return $html;
 		}
 
+		public function trust_url_match($matches)
+		{
+			$str = $matches[0];
+			if( $matches[1] ){
+				$str = preg_replace('#<iframe#i', '<img class="Iframevideo"', $str);
+				$str = preg_replace('#</iframe>#i', '</img>', $str);
+			}
+			return $str;
+		}
 		/**
 		 *
 		 * @param string $html
@@ -48,7 +61,7 @@ if( !class_exists('HTMLPurifier_Filter_Iframevideo') ){
 		{
 			// Domain Whitelist
 			$youTubeMatch = preg_match('#src="https?://www.youtube(-nocookie)?.com/#i', $matches[1]);
-			$vimeoMatch = preg_match('#src="http://player.vimeo.com/#i', $matches[1]);
+			$vimeoMatch = preg_match('#src="https?://player.vimeo.com/#i', $matches[1]);
 			if ($youTubeMatch || $vimeoMatch) {
 				$extra = ' frameborder="0"';
 				if ($youTubeMatch) {