Thank you for taking the time to report this bug and helping to make
Ubuntu better.
The url_encode calls were added in 3.0.2 to fix XSS security issues,
however the implementation was buggy, as you saw.
It was later fixed in 3.0.4 by using a new "escape_string" function. We
need to pull that one
Here's a diff for the changes necessary. I apologize if this isn't in
the preferred format; I couldn't find clear documentation detailing how
patches like this should be submitted.
** Attachment added: "A patch that fixes bug #322952."
http://launchpadlibrarian.net/21787668/nagios3.0.2-1ubuntu1