diff --git a/AvocadoEdition_Light/bbs/login.php b/AvocadoEdition_Light/bbs/login.php
index 832e594..b447ad8 100644
--- a/AvocadoEdition_Light/bbs/login.php
+++ b/AvocadoEdition_Light/bbs/login.php
@@ -3,8 +3,6 @@ include_once "./_common.php";
 $g5['title'] = '로그인';
 include_once "./_head.sub.php";
 
-$url = $_GET['url'];
-
 check_url_host($url);
 
 if ($is_member) {
diff --git a/AvocadoEdition_Light/bbs/member_confirm.php b/AvocadoEdition_Light/bbs/member_confirm.php
index 66a0d10..28d6cf4 100644
--- a/AvocadoEdition_Light/bbs/member_confirm.php
+++ b/AvocadoEdition_Light/bbs/member_confirm.php
@@ -4,19 +4,9 @@ include_once "./_common.php";
 if ($is_guest)
   alert('로그인 한 회원만 접근하실 수 있습니다.', G5_BBS_URL . '/login.php');
 
-/*
-if ($url)
-    $urlencode = urlencode($url);
-else
-    $urlencode = urlencode($_SERVER[REQUEST_URI]);
-*/
-
 $g5['title'] = '회원 비밀번호 확인';
 include_once "./_head.sub.php";
 
-// gnuboard xss patch - 2457055514
-$url = isset($_GET['url']) ? clean_xss_tags($_GET['url']) : '';
-
 while (1) {
   $tmp = preg_replace('/&#[^;]+;/', '', $url);
   if ($tmp == $url)
diff --git a/AvocadoEdition_Light/common.php b/AvocadoEdition_Light/common.php
index 068ac3e..cc5ccfa 100644
--- a/AvocadoEdition_Light/common.php
+++ b/AvocadoEdition_Light/common.php
@@ -523,7 +523,7 @@ if (isset($_REQUEST['bo_table'])) {
 
 // URL ENCODING
 if (isset($_REQUEST['url'])) {
-  $url = strip_tags(trim($_REQUEST['url']));
+  $url = preg_replace('|[^a-z0-9-~+_.?#=!&;,/:%@$\|*\'()\[\]\\x80-\\xff]|i', '', trim($_REQUEST['url']));
   $urlencode = urlencode($url);
 } else {
   $url = '';