Index: modules/shortcut/shortcut.admin.inc
===================================================================
RCS file: /cvs/drupal/drupal/modules/shortcut/shortcut.admin.inc,v
retrieving revision 1.1
diff -u -p -r1.1 shortcut.admin.inc
--- modules/shortcut/shortcut.admin.inc	17 Oct 2009 00:51:52 -0000	1.1
+++ modules/shortcut/shortcut.admin.inc	23 Oct 2009 19:20:46 -0000
@@ -519,18 +519,21 @@ function shortcut_link_delete_submit($fo
  *   Returned from shortcut_set_load().
  */
 function shortcut_link_add_inline($shortcut_set) {
-  if (isset($_REQUEST['token']) && drupal_valid_token($_REQUEST['token'], 'shortcut-add-link') && shortcut_valid_link($_GET['link'])) {
-    $link = array(
-      'link_title' => $_GET['name'],
-      'link_path' => $_GET['link'],
-    );
-    shortcut_admin_add_link($link, $shortcut_set, shortcut_max_slots());
-    if (shortcut_set_save($shortcut_set)) {
-      drupal_set_message(t('Added a shortcut for %title.', array('%title' => $link['link_title'])));
-    }
-    else {
-      drupal_set_message(t('Unable to add a shortcut for %title.', array('%title' => $link['link_title'])));
+  if (isset($_REQUEST['token']) && drupal_valid_token($_REQUEST['token'], 'shortcut-add-link')) {
+    // Get rid of any possible query string values which might be on the URL.
+    list($link_path) = explode('?', $_GET['link']);
+    if (shortcut_valid_link($link_path)) {
+      $link = array(
+        'link_title' => $_GET['name'],
+        'link_path' => $link_path,
+      );
+      shortcut_admin_add_link($link, $shortcut_set, shortcut_max_slots());
+      if (shortcut_set_save($shortcut_set)) {
+        drupal_set_message(t('Added a shortcut for %title.', array('%title' => $link['link_title'])));
+        drupal_goto();
+      }
     }
+    drupal_set_message(t('Unable to add a shortcut for %title.', array('%title' => $link['link_title'])));
     drupal_goto();
   }
   return drupal_access_denied();