diff --git a/bbs/current_connect.php b/bbs/current_connect.php
index 686522564..5ad0e2a4e 100644
--- a/bbs/current_connect.php
+++ b/bbs/current_connect.php
@@ -12,6 +12,7 @@ $sql = " select a.mb_id, b.mb_nick, b.mb_name, b.mb_email, b.mb_homepage, b.mb_o
             order by a.lo_datetime desc ";
 $result = sql_query($sql);
 for ($i=0; $row=sql_fetch_array($result); $i++) {
+    $row['lo_url'] = get_text($row['lo_url']);
     $list[$i] = $row;
 
     if ($row['mb_id']) {
diff --git a/bbs/member_confirm.php b/bbs/member_confirm.php
index e3f1e9ab6..9f214f289 100644
--- a/bbs/member_confirm.php
+++ b/bbs/member_confirm.php
@@ -14,7 +14,7 @@ else
 $g5['title'] = '회원 비밀번호 확인';
 include_once('./_head.sub.php');
 
-$url = $_GET['url'];
+$url = clean_xss_tags($_GET['url']);
 
 // url 체크
 check_url_host($url);
diff --git a/config.php b/config.php
index 613073dbb..ca8744855 100644
--- a/config.php
+++ b/config.php
@@ -5,7 +5,7 @@
 ********************/
 
 define('G5_VERSION', '그누보드5');
-define('G5_GNUBOARD_VER', '5.0.36');
+define('G5_GNUBOARD_VER', '5.0.37');
 
 // 이 상수가 정의되지 않으면 각각의 개별 페이지는 별도로 실행될 수 없음
 define('_GNUBOARD_', true);
diff --git a/head.php b/head.php
index c27416c4e..cccc0f2db 100644
--- a/head.php
+++ b/head.php
@@ -1,6 +1,12 @@
 <?php
 if (!defined('_GNUBOARD_')) exit; // 개별 페이지 접근 불가
 
+// 상단 파일 경로 지정 : 이 코드는 가능한 삭제하지 마십시오.
+if ($config['cf_include_head'] && is_file(G5_PATH.'/'.$config['cf_include_head'])) {
+    include_once(G5_PATH.'/'.$config['cf_include_head']);
+    return; // 이 코드의 아래는 실행을 하지 않습니다.
+}
+
 include_once(G5_PATH.'/head.sub.php');
 include_once(G5_LIB_PATH.'/latest.lib.php');
 include_once(G5_LIB_PATH.'/outlogin.lib.php');
@@ -9,12 +15,6 @@ include_once(G5_LIB_PATH.'/visit.lib.php');
 include_once(G5_LIB_PATH.'/connect.lib.php');
 include_once(G5_LIB_PATH.'/popular.lib.php');
 
-// 상단 파일 경로 지정 : 이 코드는 가능한 삭제하지 마십시오.
-if ($config['cf_include_head'] && is_file(G5_PATH.'/'.$config['cf_include_head'])) {
-    include_once(G5_PATH.'/'.$config['cf_include_head']);
-    return; // 이 코드의 아래는 실행을 하지 않습니다.
-}
-
 if (G5_IS_MOBILE) {
     include_once(G5_MOBILE_PATH.'/head.php');
     return;
diff --git a/head.sub.php b/head.sub.php
index bcfb4b9c2..96a8d8d27 100644
--- a/head.sub.php
+++ b/head.sub.php
@@ -23,8 +23,8 @@ else {
 // 게시판 제목에 ' 포함되면 오류 발생
 $g5['lo_location'] = addslashes($g5['title']);
 if (!$g5['lo_location'])
-    $g5['lo_location'] = addslashes($_SERVER['REQUEST_URI']);
-$g5['lo_url'] = addslashes($_SERVER['REQUEST_URI']);
+    $g5['lo_location'] = addslashes(clean_xss_tags($_SERVER['REQUEST_URI']));
+$g5['lo_url'] = addslashes(clean_xss_tags($_SERVER['REQUEST_URI']));
 if (strstr($g5['lo_url'], '/'.G5_ADMIN_DIR.'/') || $is_admin == 'super') $g5['lo_url'] = '';
 
 /*
diff --git a/lib/common.lib.php b/lib/common.lib.php
index 5ee99b547..526d36f4f 100644
--- a/lib/common.lib.php
+++ b/lib/common.lib.php
@@ -2881,7 +2881,7 @@ function clean_query_string($query, $amp=true)
         $q = array();
 
         foreach($out as $key=>$val) {
-            $key = trim($key);
+            $key = strip_tags(trim($key));
             $val = trim($val);
 
             switch($key) {
@@ -2953,4 +2953,38 @@ function clean_query_string($query, $amp=true)
 
     return $str;
 }
+
+function get_device_change_url()
+{
+    $p = parse_url(G5_URL);
+    $href = $p['scheme'].'://'.$p['host'];
+    if(isset($p['port']) && $p['port'])
+        $href .= ':'.$p['port'];
+    $href .= $_SERVER['SCRIPT_NAME'];
+
+    $q = array();
+    $device = 'device='.(G5_IS_MOBILE ? 'pc' : 'mobile');
+
+    if($_SERVER['QUERY_STRING']) {
+        foreach($_GET as $key=>$val) {
+            if($key == 'device')
+                continue;
+
+            $key = strip_tags($key);
+            $val = strip_tags($val);
+
+            if($key && $val)
+                $q[$key] = $val;
+        }
+    }
+
+    if(!empty($q)) {
+        $query = http_build_query($q, '', '&amp;');
+        $href .= '?'.$query.'&amp;'.$device;
+    } else {
+        $href .= '?'.$device;
+    }
+
+    return $href;
+}
 ?>
\ No newline at end of file
diff --git a/mobile/tail.php b/mobile/tail.php
index ceecca3fd..44d88ff22 100644
--- a/mobile/tail.php
+++ b/mobile/tail.php
@@ -25,30 +25,8 @@ if (!defined('_GNUBOARD_')) exit; // 개별 페이지 접근 불가
 </div>
 
 <?php
-if(G5_DEVICE_BUTTON_DISPLAY && G5_IS_MOBILE) {
-    $seq = 0;
-    $p = parse_url(G5_URL);
-    $href = $p['scheme'].'://'.$p['host'];
-    if(isset($p['port']) && $p['port'])
-        $href .= ':'.$p['port'];
-    $href .= $_SERVER['PHP_SELF'];
-    if($_SERVER['QUERY_STRING']) {
-        $sep = '?';
-        foreach($_GET as $key=>$val) {
-            if($key == 'device')
-                continue;
-
-            $href .= $sep.$key.'='.$val;
-            $sep = '&amp;';
-            $seq++;
-        }
-    }
-    if($seq)
-        $href .= '&amp;device=pc';
-    else
-        $href .= '?device=pc';
-?>
-<a href="<?php echo $href; ?>" id="device_change">PC 버전으로 보기</a>
+if(G5_DEVICE_BUTTON_DISPLAY && G5_IS_MOBILE) { ?>
+<a href="<?php echo get_device_change_url(); ?>" id="device_change">PC 버전으로 보기</a>
 <?php
 }
 
diff --git a/tail.php b/tail.php
index 8418253c6..48c1e7103 100644
--- a/tail.php
+++ b/tail.php
@@ -38,30 +38,8 @@ if (G5_IS_MOBILE) {
 </div>
 
 <?php
-if(G5_DEVICE_BUTTON_DISPLAY && !G5_IS_MOBILE) {
-    $seq = 0;
-    $p = parse_url(G5_URL);
-    $href = $p['scheme'].'://'.$p['host'];
-    if(isset($p['port']) && $p['port'])
-        $href .= ':'.$p['port'];
-    $href .= $_SERVER['PHP_SELF'];
-    if($_SERVER['QUERY_STRING']) {
-        $sep = '?';
-        foreach($_GET as $key=>$val) {
-            if($key == 'device')
-                continue;
-
-            $href .= $sep.$key.'='.strip_tags($val);
-            $sep = '&amp;';
-            $seq++;
-        }
-    }
-    if($seq)
-        $href .= '&amp;device=mobile';
-    else
-        $href .= '?device=mobile';
-?>
-<a href="<?php echo $href; ?>" id="device_change">모바일 버전으로 보기</a>
+if(G5_DEVICE_BUTTON_DISPLAY && !G5_IS_MOBILE) { ?>
+<a href="<?php echo get_device_change_url(); ?>" id="device_change">모바일 버전으로 보기</a>
 <?php
 }