Index: /branches/rel/html/frontparts/login_check.php
===================================================================
--- /branches/rel/html/frontparts/login_check.php	(revision 15048)
+++ /branches/rel/html/frontparts/login_check.php	(revision 15053)
@@ -81,15 +81,15 @@
 /* POST¤µ¤ì¤ëURL¤Î¥Á¥§¥Ã¥¯*/
 function lfIsValidURL() {
-    //$site_url  = sfIsHTTPS() ? SSL_URL : SITE_URL;
+    $site_url  = sfIsHTTPS() ? SSL_URL : SITE_URL;
     $check_url = trim($_POST['url']);
     
     // ¥É¥á¥¤¥ó¥Á¥§¥Ã¥¯
-    //$pattern = "|^$site_url|";
-    //if (!preg_match($pattern, $check_url)) {
-    //    return false;
-    //}
+    $pattern = "|^$site_url|";
+    if (!preg_match($pattern, $check_url)) {
+        return false;
+    }
 
-    // ²þ¹Ô¥³¡¼¥É(CR¡¦LF)¥Á¥§¥Ã¥¯
-    $pattern = '/\r|\n|%0D|%0A/';
+    // ²þ¹Ô¥³¡¼¥É(CR¡¦LF)¡¦NULL¥Ð¥¤¥È¥Á¥§¥Ã¥¯
+    $pattern = '/\r|\n|\0|%0D|%0A|%00/';
     if (preg_match_all($pattern, $check_url, $matches)) {
         return false;
Index: /branches/rel/html/install/user_data/templates/default1/include/bloc/login.tpl
===================================================================
--- /branches/rel/html/install/user_data/templates/default1/include/bloc/login.tpl	(revision 12157)
+++ /branches/rel/html/install/user_data/templates/default1/include/bloc/login.tpl	(revision 15053)
@@ -6,5 +6,9 @@
 <!--¢§¥í¥°¥¤¥ó¤³¤³¤«¤é-->
 <!--{if $smarty.post.url == ""}-->
-	<!--{assign var=url value="`$smarty.server.REQUEST_URI`"}-->
+	<!--{if sfIsHTTPS()}-->
+		<!--{assign var=url value="https://`$smarty.server.HTTP_HOST``$smarty.server.REQUEST_URI`"}-->
+	<!--else}-->
+		<!--{assign var=url value="http://`$smarty.server.HTTP_HOST``$smarty.server.REQUEST_URI`"}-->
+	<!--{/if}-->
 <!--{else}-->
 	<!--{assign var=url value="`$smarty.post.url`"}-->
Index: /branches/rel/html/install/user_data/include/bloc/login.tpl
===================================================================
--- /branches/rel/html/install/user_data/include/bloc/login.tpl	(revision 12157)
+++ /branches/rel/html/install/user_data/include/bloc/login.tpl	(revision 15053)
@@ -6,5 +6,9 @@
 <!--¢§¥í¥°¥¤¥ó¤³¤³¤«¤é-->
 <!--{if $smarty.post.url == ""}-->
-	<!--{assign var=url value="`$smarty.server.REQUEST_URI`"}-->
+	<!--{if sfIsHTTPS()}-->
+		<!--{assign var=url value="https://`$smarty.server.HTTP_HOST``$smarty.server.REQUEST_URI`"}-->
+	<!--else}-->
+		<!--{assign var=url value="http://`$smarty.server.HTTP_HOST``$smarty.server.REQUEST_URI`"}-->
+	<!--{/if}-->
 <!--{else}-->
 	<!--{assign var=url value="`$smarty.post.url`"}-->
Index: /branches/rel/data/class/SC_View.php
===================================================================
--- /branches/rel/data/class/SC_View.php	(revision 14488)
+++ /branches/rel/data/class/SC_View.php	(revision 15053)
@@ -44,4 +44,5 @@
 		$this->_smarty->register_function("sfPrintEbisTag","sfPrintEbisTag");
 		$this->_smarty->register_function("sfPrintAffTag","sfPrintAffTag");
+        $this->_smarty->register_function("sfIsHTTPS","sfIsHTTPS");
         $this->_smarty->default_modifiers = array('script_escape');