1 files changed, 10 insertions, 3 deletions

diff --git a/it_html.class b/it_html.class
index 536ba05..039f649 100644
--- a/it_html.class
+++ b/it_html.class
@@ -440,10 +440,17 @@ function u(/* ... */)
 	list($base, $params) = it_html::_parse_args($args);
 
 	if (!isset($base))
-		$base = $_SERVER['PHP_SELF'];
+		$base = preg_replace('/\?.*/', '', $_SERVER['REQUEST_URI']);
 
-	$base = preg_replace('|\0|', '', $base);
-	$base = preg_replace('|[^\w.+!*(),:?@&=/~$-]|e', 'urlencode(stripslashes("$0"))', $base);	# Single quotes are escaped with slash by preg_replace, remove it for urlencode
+	$base = preg_replace(array('|\0|', '/\\\\/'), array('', '/'), $base);
+
+	# hack: encode % if not followed by two hex digits
+	$parts = preg_split('/%([^%]{0,2})/', $base, -1, PREG_SPLIT_DELIM_CAPTURE);
+	for ($i = 1; $i < count($parts); $i+=2)
+		$parts[$i] = (preg_match('/[0-9a-f][0-9a-f]/i', $parts[$i]) ? "%" : "%25") . $parts[$i];
+	$base = join("", $parts);
+
+	$base = preg_replace('|[^-\w.+!*(),:?@&=/~$%]|e', 'urlencode(stripslashes("$0"))', $base);	# Single quotes are escaped with slash by preg_replace, remove it for urlencode
 	$base = preg_replace('|^(\w+:)?//[^/]*$|', '$0/', $base);	# Add slash if absolute url without a path, e.g. http://gna.ch
 	$queryparams = it_url::params($params);
 	$separator = strpos($base, "?") === false ? "?" : "&";