Index: includes/common.inc
===================================================================
--- includes/common.inc	(revision 265)
+++ includes/common.inc	(working copy)
@@ -2345,8 +2345,7 @@
  * Notes:
  * - For esthetic reasons, we do not escape slashes. This also avoids a 'feature'
  *   in Apache where it 404s on any path containing '%2F'.
- * - mod_rewrite unescapes %-encoded ampersands, hashes, and slashes when clean
- *   URLs are used, which are interpreted as delimiters by PHP. These
+ * - mod_rewrite unescapes %-encoded characters when clean URLs are used. These
  *   characters are double escaped so PHP will still see the encoded version.
  * - With clean URLs, Apache changes '//' to '/', so every second slash is
  *   double escaped.
@@ -2356,9 +2355,9 @@
  */
 function drupal_urlencode($text) {
   if (variable_get('clean_url', '0')) {
-    return str_replace(array('%2F', '%26', '%23', '//'),
-                       array('/', '%2526', '%2523', '/%252F'),
-                       rawurlencode($text));
+    return str_replace(array('%2F', '%', '//'),
+                     array('/', '%25', '/%252F'),
+                     rawurlencode($text));
   }
   else {
     return str_replace('%2F', '/', rawurlencode($text));