Index: zabbix-1.8.2/frontends/php/include/classes/class.curl.php
===================================================================
--- zabbix-1.8.2.orig/frontends/php/include/classes/class.curl.php	2010-10-26 21:42:37.463217851 +0200
+++ zabbix-1.8.2/frontends/php/include/classes/class.curl.php	2010-10-26 21:42:43.243217411 +0200
@@ -49,7 +49,7 @@
 		$this->arguments =	array();
 
 		if(empty($url)){
-			$this->formatArguments();
+			$this->formatGetArguments();
 
 			// $protocol = (zbx_strpos(zbx_strtolower($_SERVER['SERVER_PROTOCOL']), 'shttp') !== false)?'shttp':'http';
 			$protocol = ((isset($_SERVER['HTTPS']) && ($_SERVER['HTTPS'] == 'on')) || ($_SERVER['SERVER_PORT'] == 443)) ? 'https' : 'http';
@@ -57,7 +57,7 @@
 			$this->url = $url = $protocol.'://'.$_SERVER['SERVER_NAME'].':'.$_SERVER['SERVER_PORT'].$_SERVER['SCRIPT_NAME'].'?'.$this->getQuery();
 		}
 		else{
-			$this->url=urldecode($url);
+			$this->url = $url;
 
 			$tmp_pos = zbx_strpos($this->url,'?');
 			$this->query=($tmp_pos!==false)?(substr($this->url,$tmp_pos+1)):'';
@@ -141,23 +141,26 @@
 	}
 
 	public function formatQuery(){
-		$query = '';
+		$query = Array();
 		foreach($this->arguments as $key => $value){
 			if(is_null($value)) continue;
 			if(is_array($value)){
 				foreach($value as $vkey => $vvalue){
-					$query.= $key.'['.$vkey.']='.$vvalue.'&';
+                   if(is_array($vvalue)) continue;
+                   $query[] = $key.'['.$vkey.']='.rawurlencode($vvalue);
 				}
 			}
 			else{
-				$query.= $key.'='.$value.'&';
+                $query[] = $key.'='.rawurlencode($value);
 			}
 		}
-		$this->query = rtrim($query,'&');
+        $this->query = implode('&', $query);
 	}
 
 	public function formatGetArguments(){
 		$this->arguments = $_GET;
+        if(isset($_COOKIE['zbx_sessionid']))
+                $this->setArgument('sid', substr($_COOKIE['zbx_sessionid'],16,16));
 		$this->formatQuery();
 	}
 
@@ -171,8 +174,8 @@
 			foreach($args as $id => $arg){
 				if(empty($arg)) continue;
 
-				$tmp = explode('=',$arg);
-				$this->arguments[$tmp[0]] = isset($tmp[1])?$tmp[1]:'';
+                list($name, $value) = explode('=',$arg);
+                $this->arguments[$name] = isset($value) ? urldecode($value):'';
 			}
 		}
 		$this->formatQuery();
@@ -201,7 +204,6 @@
 
 	public function setArgument($key,$value=''){
 		$this->arguments[$key] = $value;
-		$this->formatQuery();
 	}
 
 	public function getArgument($key){
@@ -216,6 +218,7 @@
 	}
 
 	public function getQuery(){
+		$this->formatQuery();
 		return $this->query;
 	}
 
Index: zabbix-1.8.2/frontends/php/js/class.curl.js
===================================================================
--- zabbix-1.8.2.orig/frontends/php/js/class.curl.js	2010-10-26 21:56:29.095228013 +0200
+++ zabbix-1.8.2/frontends/php/js/class.curl.js	2010-10-26 21:56:57.623218660 +0200
@@ -96,34 +96,49 @@
 	
 	if(this.file.indexOf('?')>=0) this.file=this.file.substring(0, this.file.indexOf('?'));
 
-	var refSepIndex=this.url.indexOf('#');
+	var refSepIndex=this.file.indexOf('#');
 	if(refSepIndex>=0){
 		this.file=this.file.substring(0,refSepIndex);
-		this.reference=this.url.substring(refSepIndex+1);
+		this.reference=this.file.substring(refSepIndex+1);
 	}
 
 	this.path=this.file;
 	if(this.query.length>0) this.file+='?'+this.query;
 	if(this.query.length > 0)	this.formatArguments();
 
-	var sid = cookie.read('zbx_sessionid');
-	if(!is_null(sid)) this.setArgument('sid', sid.substring(16));
+	this.addSID();
 },
 
+addSID: function(){
+	var sid = '';
+	var possition = parseInt(location.href.indexOf('sid='));
+
+	if(possition > -1){
+		sid = location.href.substr(possition+4, 16);
+	}
+	else{
+		sid = cookie.read('zbx_sessionid');
+		if(!is_null(sid)) sid = sid.substr(16,16);
+	}
+
+	if((/[\da-z]{16}/i).test(sid))	this.setArgument('sid', sid);
+},
 
 formatQuery: function(){
 	if(this.args.lenght < 1) return;
 	
-	var query = '';
+	var query = new Array();
 	for(var key in this.args){
 		if((typeof(this.args[key]) != 'undefined') && !is_null(this.args[key])){
-			query+=key+'='+this.args[key]+'&';
+			query.push(key+'='+encodeURIComponent(this.args[key]));
 		}
 	}
-	this.query = query.substring(0,query.length-1);
+	this.query = query.join('&');
 },
 
 formatArguments: function(){
+	this.args = {};
+
 	var args=this.query.split('&');
 	var keyval='';
 
@@ -131,7 +146,18 @@
 	
 	for(var i=0; i<args.length; i++){
 		keyval = args[i].split('=');
-		this.args[keyval[0]] = (keyval.length>1)?keyval[1]:'';
+		if(keyval.length > 1){
+			try{
+				var tmp = keyval[1].replace('+','%20');
+				this.args[keyval[0]] = decodeURIComponent(tmp);
+			}
+			catch(exc){
+				this.args[keyval[0]] = keyval[1];
+			}
+		}
+		else{
+			this.args[keyval[0]] = '';
+		}
 	}
 },
 
@@ -157,15 +183,15 @@
 getUrl: function(){
 	this.formatQuery();
  
-	var url = (this.protocol.length > 0)?(this.protocol+'://'):'';
-	url +=  encodeURI((this.username.length > 0)?(this.username):'');
-	url +=  encodeURI((this.password.length > 0)?(':'+this.password):'');
-	url +=  (this.host.length > 0)?(this.host):'';
-	url +=  (this.port.length > 0)?(':'+this.port):'';
-	url +=  encodeURI((this.path.length > 0)?(this.path):'');
-	url +=  encodeURI((this.query.length > 0)?('?'+this.query):'');
-	url +=  encodeURI((this.reference.length > 0)?('#'+this.reference):'');
-//alert(url);
+	var url = this.protocol.length > 0 ? this.protocol+'://':'';
+	url +=  this.username.length > 0 ? encodeURI(this.username):'';
+	url +=  this.password.length > 0 ? encodeURI(':'+this.password):'';
+	url +=  this.host.length > 0 ? this.host:'';
+	url +=  this.port.length > 0 ? ':'+this.port:'';
+	url +=  this.path.length > 0 ? encodeURI(this.path):'';
+	url +=  this.query.length > 0 ? '?'+this.query:'';
+	url +=  this.reference.length > 0 ? encodeURI('#'+this.reference):'';
+	
 return url;
 },
 
@@ -184,9 +210,8 @@
 	}
 	
 	this.formatArguments();
-	
-	var sid = cookie.read('zbx_sessionid');
-	this.setArgument('sid', sid.substring(16));
+
+	this.addSID();
 },
 
 getQuery: function(){ 
