diff --git a/src/main/scala/plugin/package.scala b/src/main/scala/plugin/package.scala
index ac4dcc0..56c1b4a 100644
--- a/src/main/scala/plugin/package.scala
+++ b/src/main/scala/plugin/package.scala
@@ -1,13 +1,17 @@
+import java.sql.PreparedStatement
 import util.ControlUtil._
 import scala.collection.mutable.ListBuffer
 
 package object plugin {
 
+  case class Redirect(path: String)
+
   object db {
-    // TODO Use JavaScript Map instead of java.util.Map
-    def select(sql: String): Seq[Map[String, String]] = {
+    // TODO labelled place holder support
+    def select(sql: String, params: Any*): Seq[Map[String, String]] = {
       defining(PluginConnectionHolder.threadLocal.get){ conn =>
         using(conn.prepareStatement(sql)){ stmt =>
+          setParams(stmt, params: _*)
           using(stmt.executeQuery()){ rs =>
             val list = new ListBuffer[Map[String, String]]()
             while(rs.next){
@@ -25,13 +29,25 @@
       }
     }
 
-    def update(sql: String): Int = {
+    // TODO labelled place holder support
+    def update(sql: String, params: Any*): Int = {
       defining(PluginConnectionHolder.threadLocal.get){ conn =>
         using(conn.prepareStatement(sql)){ stmt =>
+          setParams(stmt, params: _*)
           stmt.executeUpdate()
         }
       }
     }
+
+    private def setParams(stmt: PreparedStatement, params: Any*): Unit = {
+      params.zipWithIndex.foreach { case (p, i) =>
+        p match {
+          case x: String  => stmt.setString(i + 1, x)
+          case x: Int     => stmt.setInt(i + 1, x)
+          case x: Boolean => stmt.setBoolean(i + 1, x)
+        }
+      }
+    }
   }
 
 }
diff --git a/src/main/scala/servlet/PluginActionInvokeFilter.scala b/src/main/scala/servlet/PluginActionInvokeFilter.scala
index 8bfc49d..a3273ab 100644
--- a/src/main/scala/servlet/PluginActionInvokeFilter.scala
+++ b/src/main/scala/servlet/PluginActionInvokeFilter.scala
@@ -10,6 +10,7 @@
 import plugin.PluginConnectionHolder
 import service.RepositoryService.RepositoryInfo
 import plugin.Security._
+import plugin.Redirect
 
 class PluginActionInvokeFilter extends Filter with SystemSettingsService with RepositoryService with AccountService {
 
@@ -33,18 +34,24 @@
   private def processGlobalAction(path: String, request: HttpServletRequest, response: HttpServletResponse)
                                  (implicit session: Session): Boolean = {
     plugin.PluginSystem.globalActions.find(x =>
-      x.method.toLowerCase == request.getMethod.toLowerCase && x.path == path
+      x.method.toLowerCase == request.getMethod.toLowerCase && path.matches(x.path)
     ).map { action =>
       val loginAccount = request.getSession.getAttribute(Keys.Session.LoginAccount).asInstanceOf[Account]
       val systemSettings = loadSystemSettings()
       implicit val context = app.Context(systemSettings, Option(loginAccount), request)
 
       if(authenticate(action.security, context)){
-        val result = action.function(request, response, context)
+        val result = try {
+          PluginConnectionHolder.threadLocal.set(session.conn)
+          action.function(request, response, context)
+        } finally {
+          PluginConnectionHolder.threadLocal.remove()
+        }
         result match {
-          case x: String => renderGlobalHtml(request, response, context, x)
-          case x: Html   => renderGlobalHtml(request, response, context, x.toString)
-          case x: AnyRef => renderJson(request, response, x)
+          case x: String   => renderGlobalHtml(request, response, context, x)
+          case x: Html     => renderGlobalHtml(request, response, context, x.toString)
+          case x: Redirect => response.sendRedirect(x.path)
+          case x: AnyRef   => renderJson(request, response, x)
         }
       } else {
         // TODO NotFound or Error?
@@ -66,7 +73,7 @@
       implicit val context = app.Context(systemSettings, Option(loginAccount), request)
 
       getRepository(owner, name, systemSettings.baseUrl(request)).flatMap { repository =>
-        plugin.PluginSystem.repositoryActions.find(_.path == remain).map { action =>
+        plugin.PluginSystem.repositoryActions.find(x => remain.matches(x.path)).map { action =>
           if(authenticate(action.security, context, repository)){
             val result = try {
               PluginConnectionHolder.threadLocal.set(session.conn)
@@ -75,9 +82,10 @@
               PluginConnectionHolder.threadLocal.remove()
             }
             result match {
-              case x: String => renderRepositoryHtml(request, response, context, repository, x)
-              case x: Html   => renderGlobalHtml(request, response, context, x.toString)
-              case x: AnyRef => renderJson(request, response, x)
+              case x: String   => renderRepositoryHtml(request, response, context, repository, x)
+              case x: Html     => renderGlobalHtml(request, response, context, x.toString)
+              case x: Redirect => response.sendRedirect(x.path)
+              case x: AnyRef   => renderJson(request, response, x)
             }
           } else {
             // TODO NotFound or Error?