diff --git a/oauth2/__init__.py b/oauth2/__init__.py
index 835270e3..97099114 100644
--- a/oauth2/__init__.py
+++ b/oauth2/__init__.py
@@ -420,7 +420,11 @@ def to_url(self):
             query = base_url[4]
         query = parse_qs(query)
         for k, v in self.items():
-            query.setdefault(k, []).append(v)
+            # deal with multivalued parameters properly
+            if hasattr(v, "__iter__"):
+                query.setdefault(k, []).extend(v)
+            else:
+                query.setdefault(k, []).append(v)     
         
         try:
             scheme = base_url.scheme
@@ -484,7 +488,7 @@ def get_normalized_parameters(self):
     def sign_request(self, signature_method, consumer, token):
         """Set the signature parameter to the result of sign."""
 
-        if not self.is_form_encoded:
+        if self.method not in ["GET", "HEAD"] and not self.is_form_encoded:
             # according to
             # http://oauth.googlecode.com/svn/spec/ext/body_hash/1.0/oauth-bodyhash.html
             # section 4.1.1 "OAuth Consumers MUST NOT include an