Index: branches/5.2.x/core/kernel/db/db_event_handler.php
===================================================================
diff -u -N -r16016 -r16027
--- branches/5.2.x/core/kernel/db/db_event_handler.php	(.../db_event_handler.php)	(revision 16016)
+++ branches/5.2.x/core/kernel/db/db_event_handler.php	(.../db_event_handler.php)	(revision 16027)
@@ -1,6 +1,6 @@
 <?php
 /**
-* @version	$Id: db_event_handler.php 16016 2014-03-19 20:18:21Z alex $
+* @version	$Id: db_event_handler.php 16027 2014-04-29 13:00:46Z alex $
 * @package	In-Portal
 * @copyright	Copyright (C) 1997 - 2009 Intechnic. All rights reserved.
 * @license      GNU/GPL
@@ -3145,9 +3145,7 @@
 				return;
 			}
 
-			if ( !$this->Application->isAdmin ) {
-				$value = array_map('htmlspecialchars_decode', $value);
-			}
+			$value = $this->Application->HttpQuery->unescapeRequestVariable($value);
 
 			$tmp_path = WRITEABLE . '/tmp/';
 			$filename = $value['name'] . '.tmp';
@@ -3375,11 +3373,8 @@
 		protected function _getSafeFilename()
 		{
 			$filename = $this->Application->GetVar('file');
+			$filename = $this->Application->unescapeRequestVariable($filename);
 
-			if ( !$this->Application->isAdmin ) {
-				$filename = htmlspecialchars_decode($filename);
-			}
-
 			if ( (strpos($filename, '../') !== false) || (trim($filename) !== $filename) ) {
 				// when relative paths or special chars are found template names from url, then it's hacking attempt
 				return false;