1 files changed, 18 insertions, 15 deletions

diff --git a/include/zid.php b/include/zid.php
index 159a3b834..b74e82930 100644
--- a/include/zid.php
+++ b/include/zid.php
@@ -150,6 +150,9 @@ function clean_query_string($s = '') {
  */
 
 function drop_query_params($s, $p) {
+
+		$s = unescape_tags($s);
+
 		$parsed = parse_url($s);
 		$query = '';
 		$query_args = null;
@@ -172,7 +175,7 @@ function drop_query_params($s, $p) {
 			$parsed['query'] = $query;
 		}
 
-		return unparse_url($parsed);
+		return escape_tags(unparse_url($parsed));
 }
 
 
@@ -261,25 +264,25 @@ function zidify_text($s) {
  */
 function red_zrl_callback($matches) {
 
-    // Catch and exclude trailing punctuation
-    preg_match("/[.,;:!?)]*$/i", $matches[2], $pts);
-    $matches[2] = substr($matches[2], 0, strlen($matches[2])-strlen($pts[0]));
+	// Catch and exclude trailing punctuation
+	preg_match("/[.,;:!?)]*$/i", $matches[2], $pts);
+	$matches[2] = substr($matches[2], 0, strlen($matches[2])-strlen($pts[0]));
 
-    $zrl = is_matrix_url($matches[2]);
+	$zrl = is_matrix_url($matches[2]);
 
-    $t = strip_zids($matches[2]);
-    if($t !== $matches[2]) {
-        $zrl = true;
-        $matches[2] = $t;
-    }
+	$t = strip_zids($matches[2]);
+	if($t !== $matches[2]) {
+		$zrl = true;
+		$matches[2] = $t;
+	}
 
-    if($matches[1] === '#^')
-        $matches[1] = '';
+	if($matches[1] === '#^')
+		$matches[1] = '';
 
-    if($zrl)
-        return $matches[1] . '#^[zrl=' . $matches[2] . ']' . $matches[2] . '[/zrl]' . $pts[0];
+	if($zrl)
+		return $matches[1] . '#^[zrl=' . $matches[2] . ']' . $matches[2] . '[/zrl]' . $pts[0];
 
-    return $matches[1] . '#^[url=' . $matches[2] . ']' . $matches[2] . '[/url]' . $pts[0];
+	return $matches[1] . '#^[url=' . $matches[2] . ']' . $matches[2] . '[/url]' . $pts[0];
 }
 
 /**