Sounds like a bug. Since this is such a small change I'll probably just post the change here for the immediate future.
Unfortunately I tried the htmlentities() function in place of stripslashes() in reserve.php
$res->summary = stripslashes($_POST['summary']);
but it didn't seem to work for me. I would say that the summary text should be encoded into HTML entities and stored that way in the database, then converted back after its read from the database.
The reason I'm asking about this is because I want users to be able to put in windows style paths into the summary box, like
without having to escape the "\" with "\\", like
Thanks in advance.