THIS IS http://blog.lege.net/serendipity_event_bbcode.php.patch.txt

     VERSION Sat Apr 29 17:20:50 CEST 2006 - UPDATED,
     + ADDED TO ACCEPTABLE URL-CHARACTERS, IS VERY COMMON IN GOOGLE
     SEARCH QUERIES. 

     Previous update(s):
     ________________________________________________________________

     VERSION Fri Apr 28 21:51:20 CEST 2006 - UPDATED,
     () **REMOVED AGAIN* FOR SECURITY REASONS.

     SEE DISCUSSION @
     http://s9y.org/forums/viewtopic.php?p=28585#28585

     THE CURRENT VERSION WILL CORRESPOND WITH THE CHANGES IN
     serendipity 1.0 as concerns the allowed characters in URLs.


  A PATCH FOR UP TO AT LEAST serendipity-0.9.1 (still latest stable
  as of April 28, 2006) THAT MAKES THE BBCode PLUGIN ACCEPT MORE
  COMMONLY USED URL's WITH THE url= TAG.  IT DIDN'T ACCEPT ',%()'
  IN URL:s AND MANY OF THE SITES I COMMONLY WISH TO LINK TO USE THESE
  CHARACTERS IN THE URL-NAMES!  HENCE THIS PATCH:

  *  Save this file as serendipity_event_bbcode.php.patch

  *  Copy this file to the root of your Serendipity installation

  *  Execute:

     cp -p plugins/serendipity_event_bbcode/serendipity_event_bbcode.php \
           plugins/serendipity_event_bbcode/serendipity_event_bbcode.php-the_old_version

     patch -p0 < serendipity_event_bbcode.php.patch

  *  THAT'S ALL - IT ALREADY WORKS!  VISIT THE FILES AND SEE THE CHANGES, ETC:

     cd plugins/serendipity_event_bbcode

     diff serendipity_event_bbcode.php-the_old_version \
          serendipity_event_bbcode.php


*** plugins/serendipity_event_bbcode/serendipity_event_bbcode.php.orig	Sun Oct  2 23:47:56 2005
--- plugins/serendipity_event_bbcode/serendipity_event_bbcode.php	Sat Apr 29 17:15:49 2006
*************** class serendipity_event_bbcode extends s
*** 150,157 ****
          // Only allow strings occuring in emails: .-_@, 0-9, a-z
          static $pattern_mail  = '([\.\-\+~@_0-9a-z]+?)';
  
!         // Only allow strings occuring in URLs: &;?:.-_@/, 0-9, a-z
!         static $pattern_url   = '([@!=~\?:&;0-9a-z#\.\-_\/]+?)';
  
          // Disallow possibly evil HTML characters which may lead to Javascript XSS: '"();
          static $pattern_query = '([^"\'\(\);]+?)';
--- 150,161 ----
          // Only allow strings occuring in emails: .-_@, 0-9, a-z
          static $pattern_mail  = '([\.\-\+~@_0-9a-z]+?)';
  
!         // Only allow strings occuring in URLs: &;?:.-_@/,%+(), 0-9, a-z
!         //Dangerous, can introduce possible javascript:(...) URL XSS injections:
!         //static $pattern_url   = '([@!=~\?:&;0-9a-z#\.\-_\/,%+\(\)]+?)';
! 
!         // Only allow strings occuring in URLs: &;?:.-_@/,%+, 0-9, a-z
!         static $pattern_url   = '([@!=~\?:&;0-9a-z#\.\-_\/,%+]+?)';
  
          // Disallow possibly evil HTML characters which may lead to Javascript XSS: '"();
          static $pattern_query = '([^"\'\(\);]+?)';