Index: branches/5.2.x/core/kernel/db/cat_event_handler.php =================================================================== diff -u -N -r16016 -r16027 --- branches/5.2.x/core/kernel/db/cat_event_handler.php (.../cat_event_handler.php) (revision 16016) +++ branches/5.2.x/core/kernel/db/cat_event_handler.php (.../cat_event_handler.php) (revision 16027) @@ -1,6 +1,6 @@ redirect = false; $search_table = TABLE_PREFIX.'ses_'.$this->Application->GetSID().'_'.TABLE_PREFIX.'Search'; - $keywords = htmlspecialchars_decode( trim($this->Application->GetVar('keywords')) ); + $keywords = $this->Application->unescapeRequestVariable(trim($this->Application->GetVar('keywords'))); $query_object = $this->Application->recallObject('HTTPQuery'); /* @var $query_object kHTTPQuery */ @@ -1664,14 +1664,14 @@ $condition = ''; switch ($record['FieldType']) { case 'select': - $keywords[$field] = htmlspecialchars_decode( $keywords[$field] ); + $keywords[$field] = $this->Application->unescapeRequestVariable($keywords[$field]); if ($keywords[$field]) { $condition = sprintf($condition_patterns['is'], $field_name, $this->Conn->qstr( $keywords[$field] )); } break; case 'multiselect': - $keywords[$field] = htmlspecialchars_decode( $keywords[$field] ); + $keywords[$field] = $this->Application->unescapeRequestVariable($keywords[$field]); if ($keywords[$field]) { $condition = Array (); $values = explode('|', substr($keywords[$field], 1, -1)); @@ -1683,7 +1683,7 @@ break; case 'text': - $keywords[$field] = htmlspecialchars_decode( $keywords[$field] ); + $keywords[$field] = $this->Application->unescapeRequestVariable($keywords[$field]); if (mb_strlen($keywords[$field]) >= $this->Application->ConfigValue('Search_MinKeyword_Length')) { $highlight_keywords[] = $keywords[$field];