=== modified file 'includes/path.inc'
--- includes/path.inc	
+++ includes/path.inc	
@@ -144,6 +144,9 @@ function arg($index) {
 
   if (empty($arguments) || $q != $_GET['q']) {
     $arguments = explode('/', $_GET['q']);
+    foreach ($arguments as $k => $v) {
+      $arguments[$k] = preg_replace('/[^a-zA-Z0-9_]/', '', $v);
+    }
     $q = $_GET['q'];
   }