? files
? modules/taxonomy/.taxonomy.module.swp
? modules/taxonomy/.taxonomy.pages.inc.swp
? sites/drumm-laptop.head
? sites/all/modules
Index: includes/common.inc
===================================================================
RCS file: /cvs/drupal/drupal/includes/common.inc,v
retrieving revision 1.688
diff -u -F^f -r1.688 common.inc
--- includes/common.inc	20 Sep 2007 08:30:34 -0000	1.688
+++ includes/common.inc	25 Sep 2007 22:19:36 -0000
@@ -206,7 +206,7 @@ function drupal_query_string_encode($que
   $params = array();
 
   foreach ($query as $key => $value) {
-    $key = drupal_urlencode($key);
+    $key = drupal_urlencode($key, TRUE);
     if ($parent) {
       $key = $parent .'['. $key .']';
     }
@@ -219,7 +219,7 @@ function drupal_query_string_encode($que
       $params[] = drupal_query_string_encode($value, $exclude, $key);
     }
     else {
-      $params[] = $key .'='. drupal_urlencode($value);
+      $params[] = $key .'='. drupal_urlencode($value, TRUE);
     }
   }
 
@@ -238,7 +238,7 @@ function drupal_query_string_encode($que
  */
 function drupal_get_destination() {
   if (isset($_REQUEST['destination'])) {
-    return 'destination='. urlencode($_REQUEST['destination']);
+    return 'destination='. drupal_urlencode($_REQUEST['destination'], TRUE);
   }
   else {
     // Use $_GET here to retrieve the original path in source form.
@@ -247,7 +247,7 @@ function drupal_get_destination() {
     if ($query != '') {
       $path .= '?'. $query;
     }
-    return 'destination='. urlencode($path);
+    return 'destination='. drupal_urlencode($path, TRUE);
   }
 }
 
@@ -1183,20 +1183,20 @@ function format_date($timestamp, $type =
  *   like "http://drupal.org/".
  * @param $options
  *   An associative array of additional options, with the following keys:
- *     'query'
- *       A query string to append to the link, or an array of query key/value
- *       properties.
- *     'fragment'
+ *     - 'query'
+ *       An associative array of query key/value properties or a query string
+ *       to append to the link. Query strings are not filtered for url injection.
+ *     - 'fragment'
  *       A fragment identifier (or named anchor) to append to the link.
  *       Do not include the '#' character.
- *     'absolute' (default FALSE)
+ *     - 'absolute' (default FALSE)
  *       Whether to force the output to be an absolute link (beginning with
  *       http:). Useful for links that will be displayed outside the site, such
  *       as in an RSS feed.
- *     'alias' (default FALSE)
+ *     - 'alias' (default FALSE)
  *       Whether the given path is an alias already.
  * @return
- *   a string containing a URL to the given path.
+ *   A string containing a URL to the given path.
  *
  * When creating links in modules, consider whether l() could be a better
  * alternative than url().
@@ -2175,12 +2175,13 @@ function drupal_json($var = NULL) {
  * Wrapper around urlencode() which avoids Apache quirks.
  *
  * Should be used when placing arbitrary data in an URL. Note that Drupal paths
- * are urlencoded() when passed through url() and do not require urlencoding()
- * of individual components.
+ * are encoded when passed through url() and do not require encoding of
+ * individual components.
  *
  * Notes:
  * - For esthetic reasons, we do not escape slashes. This also avoids a 'feature'
  *   in Apache where it 404s on any path containing '%2F'.
+ * In only the main path, not query string
  * - mod_rewrite unescapes %-encoded ampersands, hashes, and slashes when clean
  *   URLs are used, which are interpreted as delimiters by PHP. These
  *   characters are double escaped so PHP will still see the encoded version.
@@ -2189,9 +2190,11 @@ function drupal_json($var = NULL) {
  *
  * @param $text
  *   String to encode
+ * @param $query_string
+ *   TRUE if encoding for a query string, FALSE if encoding for the main URL.
  */
-function drupal_urlencode($text) {
-  if (variable_get('clean_url', '0')) {
+function drupal_urlencode($text, $query_string = FALSE) {
+  if (!$query_string && variable_get('clean_url', '0')) {
     return str_replace(array('%2F', '%26', '%23', '//'),
                        array('/', '%2526', '%2523', '/%252F'),
                        urlencode($text));
Index: modules/comment/comment.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/comment/comment.module,v
retrieving revision 1.584
diff -u -F^f -r1.584 comment.module
--- modules/comment/comment.module	25 Sep 2007 14:58:43 -0000	1.584
+++ modules/comment/comment.module	25 Sep 2007 22:19:36 -0000
@@ -1913,19 +1913,21 @@ function theme_comment_post_forbidden($n
     return t("you can't post comments");
   }
   else {
-    // we cannot use drupal_get_destination() because these links sometimes appear on /node and taxo listing pages
+    // We cannot use drupal_get_destination() because these links sometimes
+    // appear on /node and taxo listing pages.
+    $query = array();
     if (variable_get('comment_form_location', COMMENT_FORM_SEPARATE_PAGE) == COMMENT_FORM_SEPARATE_PAGE) {
-      $destination = "destination=". drupal_urlencode("comment/reply/$nid#comment-form");
+      $query['destination'] = 'comment/reply/'. $nid .'#comment-form';
     }
     else {
-      $destination = "destination=". drupal_urlencode("node/$nid#comment-form");
+      $query['destination'] = 'node/'. $nid .'#comment-form';
     }
 
     if (variable_get('user_register', 1)) {
-      return t('<a href="@login">Login</a> or <a href="@register">register</a> to post comments', array('@login' => url('user/login', array('query' => $destination)), '@register' => url('user/register', array('query' => $destination))));
+      return t('<a href="@login">Login</a> or <a href="@register">register</a> to post comments', array('@login' => url('user/login', array('query' => $query)), '@register' => url('user/register', array('query' => $query))));
     }
     else {
-      return t('<a href="@login">Login</a> to post comments', array('@login' => url('user/login', array('query' => $destination))));
+      return t('<a href="@login">Login</a> to post comments', array('@login' => url('user/login', array('query' => $query))));
     }
   }
 }
Index: modules/update/update.fetch.inc
===================================================================
RCS file: /cvs/drupal/drupal/modules/update/update.fetch.inc,v
retrieving revision 1.2
diff -u -F^f -r1.2 update.fetch.inc
--- modules/update/update.fetch.inc	11 Aug 2007 07:05:11 -0000	1.2
+++ modules/update/update.fetch.inc	25 Sep 2007 22:19:36 -0000
@@ -80,12 +80,13 @@ function _update_build_fetch_url($projec
   $url .= '/'. $name .'/'. DRUPAL_CORE_COMPATIBILITY;
   if (!empty($site_key)) {
     $url .= (strpos($url, '?') === TRUE) ? '&' : '?';
-    $url .= 'site_key=';
-    $url .= drupal_urlencode($site_key);
+    $query = array(
+      'site_key' => $site_key;
+    );
     if (!empty($project['info']['version'])) {
-      $url .= '&version=';
-      $url .= drupal_urlencode($project['info']['version']);
+      $query['version'] = $project['info']['version'];
     }
+    $url .= drupal_query_string_encode($query);
   }
   return $url;
 }