--- a/plugins/SpecialPageFuncs.php	Tue Jun 26 17:28:18 2007 -0400
+++ b/plugins/SpecialPageFuncs.php	Tue Jun 26 20:48:44 2007 -0400
@@ -62,7 +62,8 @@
 
 // function names are IMPORTANT!!! The name pattern is: page_<namespace ID>_<page URLname, without namespace>
 
-function page_Special_CreatePage() {
+function page_Special_CreatePage()
+{
   global $db, $session, $paths, $template, $plugins; // Common objects
   if ( isset($_POST['do']) )
   {
@@ -88,7 +89,7 @@
       exit;
     }
     $name = $db->escape(str_replace('_', ' ', $p));
-    $urlname = $db->escape(str_replace(' ', '_', $p));
+    $urlname = str_replace(' ', '_', $p);
     $namespace = $_POST['namespace'];
     if ( $namespace == 'Special' || ( $namespace == 'System' && $session->user_level < USER_LEVEL_ADMIN ) || $namespace == 'Admin')
     {
@@ -119,6 +120,9 @@
       $db->_die('An SQL injection attempt was caught at '.dirname(__FILE__).':'.__LINE__.'.');
     }
     
+    $urlname = sanitize_page_id($urlname);
+    $urlname = $db->escape($urlname);
+    
     $perms = $session->fetch_page_acl($urlname, $namespace);
     if ( !$perms->get_permissions('create_page') )
       die_friendly('Error creating page', '<p>An access control rule is preventing you from creating pages.</p>');
@@ -140,7 +144,7 @@
       $db->_die('The page text entry could not be inserted.');
     }
     
-    header('Location: '.makeUrl($paths->nslist[$_POST['namespace']].$p));
+    header('Location: '.makeUrlNS($_POST['namespace'], sanitize_page_id($p)));
     exit;
   }
   $template->header();