Index: branches/5.1.x/core/kernel/db/db_tag_processor.php
===================================================================
diff -u -N -r12657 -r13086
--- branches/5.1.x/core/kernel/db/db_tag_processor.php	(.../db_tag_processor.php)	(revision 12657)
+++ branches/5.1.x/core/kernel/db/db_tag_processor.php	(.../db_tag_processor.php)	(revision 13086)
@@ -1,6 +1,6 @@
 <?php
 /**
-* @version	$Id: db_tag_processor.php 12657 2009-10-04 20:07:31Z alex $
+* @version	$Id: db_tag_processor.php 13086 2010-01-12 19:47:40Z alex $
 * @package	In-Portal
 * @copyright	Copyright (C) 1997 - 2009 Intechnic. All rights reserved.
 * @license      GNU/GPL
@@ -9,7 +9,7 @@
 * the GNU General Public License, and as distributed it includes
 * or is derivative of works licensed under the GNU General Public License
 * or other free or open source software licenses.
-* See http://www.in-portal.net/license/ for copyright notices and details.
+* See http://www.in-portal.org/license for copyright notices and details.
 */
 
 defined('FULL_PATH') or die('restricted access!');
@@ -69,7 +69,8 @@
 	function SearchKeyword($params)
 	{
 		$list =& $this->GetList($params);
-		return $this->Application->RecallVar($list->getPrefixSpecial().'_search_keyword');
+
+		return $this->Application->RecallVar($list->getPrefixSpecial() . '_search_keyword');
 	}
 
 	/**
@@ -670,11 +671,6 @@
 	 */
 	function prepareTagParams($tag_params = Array())
 	{
-		/*if (isset($tag_params['list_name'])) {
-			$list =& $this->GetList($tag_params);
-			$this->Init($list->Prefix, $list->Special);
-		}*/
-
 		$ret = $tag_params;
 		$ret['Prefix'] = $this->Prefix;
 		$ret['Special'] = $this->Special;
@@ -731,7 +727,10 @@
 	{
 		$field = $this->SelectParam($params, 'name,field');
 
-		if( !$this->Application->IsAdmin() ) $params['no_special'] = 'no_special';
+		if (!$this->Application->isAdmin) {
+			// apply htmlspecialchars on all field values on Front-End
+			$params['no_special'] = 'no_special';
+		}
 
 		$object =& $this->getObject($params);
 
@@ -770,6 +769,7 @@
 		}
 
 		if (!array_key_exists('no_special', $params) || !$params['no_special']) {
+			// when no_special parameter NOT SET apply htmlspecialchars
 			$value = htmlspecialchars($value);
 		}
 
@@ -2145,9 +2145,16 @@
 		if (!isset($language_code)) {
 			$language_code = 'en'; // defaut value
 
+			if ($this->Application->isAdmin) {
+				$language_id = $this->Application->Phrases->LanguageId;
+			}
+			else {
+				$language_id = $this->Application->GetDefaultLanguageId(); // $this->Application->GetVar('m_lang');
+			}
+
 			$sql = 'SELECT Locale
 					FROM '. $this->Application->getUnitOption('lang', 'TableName') . '
-					WHERE LanguageId = ' . $this->Application->GetDefaultLanguageId(); // $this->Application->GetVar('m_lang');
+					WHERE LanguageId = ' . $language_id;
 			$locale = strtolower( $this->Conn->GetOne($sql) );
 
 			if (file_exists(FULL_PATH . EDITOR_PATH . 'editor/lang/' . $locale . '.js')) {