<script language="JavaScript">
<!--
function _AN_global_var_init(){
	_AN_this_url = "/prx/000/";
	_AN_base_scheme = "https";
	_AN_base_host = "https://github.com";
	_AN_base_path = "https://github.com/tabimoba/NetCommons2/compare/";
	_AN_encode_urls = 0;
	_AN_mpo = 1;
	_AN_md = 0;
	_AN_rel_urls = 1;
	_AN_nav_switch = 0;
	_AN_nav_allowurl = 1;
	_AN_nav_override = 0;
	_AN_has_iframe = 0;
	_AN_dbg_flags = null;
	_AN_nav_use_aaa = 1;
	_AN_expires_pass = 0;
	_AN_wrap_evthandlers = 0;
	_AN_rewrite_param_exact = 0;
	_AN_obj_params = {};
} 
_AN_global_var_init();
//-->
</script>
<script language="JavaScript" src="/prx/001/http/localh/an_util.js"></script>
<script language="JavaScript" src="/prx/001/http/localh/NSLib.js"></script>

diff --git a/html/maple/nccore/db/DbObjectAdodb.class.php b/html/maple/nccore/db/DbObjectAdodb.class.php
index 81c7e25..8258c9e 100644
--- a/html/maple/nccore/db/DbObjectAdodb.class.php
+++ b/html/maple/nccore/db/DbObjectAdodb.class.php
@@ -916,8 +916,10 @@ function addError($error_no=null, $error_mes=null)
 			$session =& $container->getComponent("Session");
 			if(isset($session) && $session->getParameter("_php_debug") == _ON) {
 				$errorList->add($this->ErrorNo(), $this->ErrorMsg(). ":\n". $this->_bck_sql);
-			} else {
+			} else if (defined('_INVALID_INPUT')) {
 				$errorList->add($this->ErrorNo(), _INVALID_INPUT);
+			} else {
+				$errorList->add($this->ErrorNo(), "Security Error!  Unauthorized input.");
 			}
 		} else {
 			$errorList->add($error_no, $error_mes);
diff --git a/html/webapp/components/escape/Text.class.php b/html/webapp/components/escape/Text.class.php
index c3e1ae6..7572899 100644
--- a/html/webapp/components/escape/Text.class.php
+++ b/html/webapp/components/escape/Text.class.php
@@ -445,6 +445,11 @@ function _escapeWysiwygAllowHtmltag($string) {
 		$script_flag = false;
 		foreach ($parts as $part) {
 			// script-/scriptまではそのまま連結
+			if(preg_match("/<\/script>$/u", $part)) {
+				$script_flag = false;
+				$string .= $part;
+				continue;
+			}
 			if(preg_match("/^<script.*>/u", $part) || $script_flag == true) {
 				$script_flag = true;
 				if (preg_match("/<\!\-\-comment\-\->/u", $part)) {
@@ -453,10 +458,6 @@ function _escapeWysiwygAllowHtmltag($string) {
 				}
 				$string .= $part;
 				continue;
-			} else if(preg_match("/<\/script>$/u", $part)) {
-				$script_flag = false;
-				$string .= $part;
-				continue;
 			}
 
 			if (preg_match("/<\!\-\-comment\-\->/u", $part)) {
diff --git a/html/webapp/modules/room/action/admin/chgdisplay/Chgdisplay.class.php b/html/webapp/modules/room/action/admin/chgdisplay/Chgdisplay.class.php
old mode 100755
new mode 100644
index 173d264..4e7ec24
--- a/html/webapp/modules/room/action/admin/chgdisplay/Chgdisplay.class.php
+++ b/html/webapp/modules/room/action/admin/chgdisplay/Chgdisplay.class.php
@@ -53,10 +53,15 @@ function execute()
     	// ---  準備中->公開中に変更した場合、そのサブグループも公開中にする
     	// ----------------------------------------------------------------------
     	if($this->page['display_flag'] != $display_flag) {
-			$where_params = array(
-				"parent_id" => intval($this->edit_current_page_id)
+			$rooms_where_params = array(
+				"room_id = ".intval($this->edit_current_page_id)." OR parent_id = ".intval($this->edit_current_page_id) => null
 			);
-    		$subgroup_pages_id_arr =& $this->pagesView->getPages($where_params, null, null, null, array($this, "_subpagesFetchcallback"));
+			$rooms_id_arr =& $this->pagesView->getPages($rooms_where_params, null, null, null, array($this, "_roomsFetchcallback"));
+			$pages_where_params = array(
+				" room_id IN (". implode(",", $rooms_id_arr). ") " => null
+			);
+			$subgroup_pages_id_arr =& $this->pagesView->getPages($pages_where_params, null, null, null, array($this, "_subpagesFetchcallback"));
+
     		if(count($subgroup_pages_id_arr) > 0) {
 	    		$params = array(
 						"display_flag" => $display_flag
@@ -71,7 +76,22 @@ function execute()
     		}
     	}
     }
-    
+
+	// add by mutaguchi@opensource-workshop.jp
+	/**
+	 * fetch時コールバックメソッド
+	 * @param result adodb object
+	 * @return array items
+	 * @access	private
+	 */
+	function &_roomsFetchcallback($result) {
+		$ret = array();
+		while ($row = $result->fetchRow()) {
+			$ret[$row['room_id']] = $row['room_id'];
+		}
+		return $ret;
+	}
+
     /**
 	 * fetch時コールバックメソッド
 	 * @param result adodb object
diff --git a/html/webapp/modules/todo/action/dicon.ini b/html/webapp/modules/todo/action/dicon.ini
index a22cc43..d94360c 100644
--- a/html/webapp/modules/todo/action/dicon.ini
+++ b/html/webapp/modules/todo/action/dicon.ini
@@ -1,3 +1,4 @@
 [DIContainer]
 todoAction = "modules://todo.components.action"
-todoView = "modules://todo.components.view"
\ No newline at end of file
+todoView = "modules://todo.components.view"
+calendarPlanAction = "calendar.action"
diff --git a/html/webapp/modules/todo/action/edit/delete/Delete.class.php b/html/webapp/modules/todo/action/edit/delete/Delete.class.php
index bf49ca8..d2d0144 100644
--- a/html/webapp/modules/todo/action/edit/delete/Delete.class.php
+++ b/html/webapp/modules/todo/action/edit/delete/Delete.class.php
@@ -19,6 +19,7 @@ class Todo_Action_Edit_Delete extends Action
     // 使用コンポーネントを受け取るため
     var $todoAction = null;
     var $db = null;
+	var $calendarPlanAction = null;
 
     /**
      * Todo削除アクション
@@ -27,6 +28,19 @@ class Todo_Action_Edit_Delete extends Action
      */
     function execute()
     {
+		$whereParams = array(
+			"todo_id" => $this->todo_id,
+			"calendar_id!=0" => null
+		);
+		$tasks = $this->db->selectExecute('todo_task', $whereParams);
+		if(!empty($tasks)) {
+			foreach($tasks as $task) {
+				if (!$this->calendarPlanAction->deletePlan($task["calendar_id"], CALENDAR_PLAN_EDIT_THIS)) {
+					return false;
+				}
+			}
+		}
+
 		$whereParams = array(
 			"todo_id" => $this->todo_id
 		);
diff --git a/html/webapp/modules/todo/action/edit/delete/maple.ini b/html/webapp/modules/todo/action/edit/delete/maple.ini
index ba8de50..6bf5c35 100644
--- a/html/webapp/modules/todo/action/edit/delete/maple.ini
+++ b/html/webapp/modules/todo/action/edit/delete/maple.ini
@@ -6,6 +6,7 @@ key:room_id,block_id,todo_id.todo.todoExists = "1:lang._invalid_input"
 
 [Action]
 db = "ref:DbObject"
+calendarPlanAction = "ref:calendarPlanAction"
 
 [View]
 success = "action:todo_view_edit_list"
\ No newline at end of file
diff --git a/html/webapp/modules/user/validator/Validator_ItemsInputs.class.php b/html/webapp/modules/user/validator/Validator_ItemsInputs.class.php
index 0d31c3e..dd70479 100644
--- a/html/webapp/modules/user/validator/Validator_ItemsInputs.class.php
+++ b/html/webapp/modules/user/validator/Validator_ItemsInputs.class.php
@@ -36,6 +36,7 @@ function validate($attributes, $errStr, $params)
 		$container =& DIContainerFactory::getContainer();
 		$session =& $container->getComponent("Session");
 		$usersView =& $container->getComponent("usersView");
+		$authoritiesView =& $container->getComponent("authoritiesView");
 		$_system_user_id = $session->getParameter("_system_user_id");
 		
 		if(!isset($attributes['user_id'])) $attributes['user_id'] = "0";
@@ -131,6 +132,19 @@ function validate($attributes, $errStr, $params)
 				//システム管理者の場合、変更不可
 				if($attributes['user_id'] == $_system_user_id && $content != _SYSTEM_ROLE_AUTH_ID) {
 					return $err_prefix._INVALID_INPUT;
+				} else if ($content == _SYSTEM_ROLE_AUTH_ID && $session->getParameter("_user_auth_id") != _AUTH_ADMIN) {
+					// システム管理者へ権限を変更できるのは、管理者だけ
+					return $err_prefix._INVALID_INPUT;
+				}
+				$_user_auth_id = $session->getParameter("_user_auth_id");
+				$_role_auth_id = $session->getParameter("_role_auth_id");
+				$authority = $authoritiesView->getAuthorityByID($content);
+				if ($_user_auth_id == _AUTH_CHIEF && $authority["user_authority_id"] >= _AUTH_CHIEF) {
+					// 事務局が、主担、事務局以上
+					return  $err_prefix._INVALID_INPUT;
+				} else if ($_user_auth_id == _AUTH_ADMIN && $_role_auth_id != _ROLE_AUTH_ADMIN && $authority["role_authority_id"] == _ROLE_AUTH_ADMIN) {
+					// 管理者がシステム管理者へ
+					return  $err_prefix._INVALID_INPUT;
 				}
 			}
 			if($items['type'] == "email" || $items['type'] == "mobile_email") {
diff --git a/html/webapp/templates/main/mobile_smart.html b/html/webapp/templates/main/mobile_smart.html
index 4329aed..f1ef9ec 100644
--- a/html/webapp/templates/main/mobile_smart.html
+++ b/html/webapp/templates/main/mobile_smart.html
@@ -7,6 +7,11 @@
 	<link rel="stylesheet" type="text/css" media="all" href="/prx/000/https/github.com/tabimoba/NetCommons2/compare/<{,_ANDesc=css," |get_image_url><{$smarty.const.INDEX_FILE_NAME}>?action=common_download_css&amp;dir_name=/comp/extension/jquery.mobile-1.0.1.min.css&amp;header=0&amp;vs=<{$smarty.const._CSS_VERSION}>" />
 	<link rel="stylesheet" type="text/css" media="all" href="/prx/000/https/github.com/tabimoba/NetCommons2/compare/<{,_ANDesc=css," |get_image_url><{$smarty.const.INDEX_FILE_NAME}>?action=common_download_css&amp;dir_name=/comp/extension/jquery.mobile_addition.css&amp;header=0&amp;vs=<{$smarty.const._CSS_VERSION}>" />
 	<script type="text/javascript" src="/prx/000/https/github.com/tabimoba/NetCommons2/compare/<{''|get_image_url}><{$smarty.const.INDEX_FILE_NAME}>?action=common_download_js&amp;dir_name=jquery-1.6.4.min&amp;smapho_flag=1&amp;vs=&amp;vs=<{$smarty.const._JS_VERSION}>,_ANDesc=js,"></script>
+	<script type="text/javascript">

+		$(document).bind("mobileinit", function(){
+			$.mobile.hashListeningEnabled = false;
+		});
+	</script>
 	<script type="text/javascript" src="/prx/000/https/github.com/tabimoba/NetCommons2/compare/<{''|get_image_url}><{$smarty.const.INDEX_FILE_NAME}>?action=common_download_js&amp;dir_name=jquery.mobile-1.0.1.min&amp;smapho_flag=1&amp;vs=<{$smarty.const._JS_VERSION}>,_ANDesc=js,"></script>
 	<script type="text/javascript" src="/prx/000/https/github.com/tabimoba/NetCommons2/compare/<{''|get_image_url}><{$smarty.const.INDEX_FILE_NAME}>?action=common_download_js&amp;dir_name=jquery.mobile_addition&amp;smapho_flag=1&amp;vs=<{$smarty.const._JS_VERSION}>,_ANDesc=js,"></script>
 </head>
