3 files changed, 21 insertions, 10 deletions

diff --git a/.htaccess b/.htaccess
index 8c2e3793..1d8bcb34 100644
--- a/.htaccess
+++ b/.htaccess
@@ -1,12 +1,13 @@
 <IfModule mod_php5.c>
-  php_value short_open_tag        1
-  php_value magic_quotes_gpc      0
-  php_value magic_quotes_sybase   0
-  php_value magic_quotes_runtime  0
-  php_value register_globals      0
-  php_value session.auto_start    0
-  php_value upload_max_filesize   20M
-  php_value post_max_size 	  100M
+  php_flag short_open_tag            On
+  php_flag magic_quotes_gpc          Off
+  php_flag magic_quotes_sybase       Off
+  php_flag magic_quotes_runtime      Off
+  php_flag register_globals          Off
+  php_flag session.auto_start        Off
+  php_flag suhosin.session.encrypt   Off
+  php_value upload_max_filesize      20M
+  php_value post_max_size 	     100M
 </IfModule>
 
 # Try to disable the parts of mod_security that interfere with the Flash uploader
diff --git a/modules/gallery/models/item.php b/modules/gallery/models/item.php
index da1f6959..a87997c6 100644
--- a/modules/gallery/models/item.php
+++ b/modules/gallery/models/item.php
@@ -284,8 +284,8 @@ class Item_Model extends ORM_MPTT {
              ->where("id <>", 1)
              ->orderby("left_ptr", "ASC")
              ->get() as $row) {
-      $names[] = urlencode($row->name);
-      $slugs[] = urlencode($row->slug);
+      $names[] = rawurlencode($row->name);
+      $slugs[] = rawurlencode($row->slug);
     }
     $this->relative_path_cache = implode($names, "/");
     $this->relative_url_cache = implode($slugs, "/");
diff --git a/modules/gallery/tests/Item_Model_Test.php b/modules/gallery/tests/Item_Model_Test.php
index 585e247c..84210e4c 100644
--- a/modules/gallery/tests/Item_Model_Test.php
+++ b/modules/gallery/tests/Item_Model_Test.php
@@ -150,4 +150,14 @@ class Item_Model_Test extends Unit_Test_Case {
     $this->assert_same("ORIGINAL_VALUE", $item->original()->title);
     $this->assert_same("NEW_VALUE", $item->title);
   }
+
+  public function urls_are_rawurlencoded_test() {
+    $item = self::_create_random_item();
+    $item->slug = "foo bar";
+    $item->name = "foo bar.jpg";
+    $item->save();
+
+    $this->assert_equal("foo%20bar", $item->relative_url());
+    $this->assert_equal("foo%20bar.jpg", $item->relative_path());
+  }
 }