Index: branches/5.2.x/core/kernel/utility/http_query.php
===================================================================
diff -u -N -r15707 -r15856
--- branches/5.2.x/core/kernel/utility/http_query.php	(.../http_query.php)	(revision 15707)
+++ branches/5.2.x/core/kernel/utility/http_query.php	(.../http_query.php)	(revision 15856)
@@ -1,6 +1,6 @@
 <?php
 /**
-* @version	$Id: http_query.php 15707 2013-03-15 15:54:58Z alex $
+* @version	$Id: http_query.php 15856 2013-07-02 14:56:00Z alex $
 * @package	In-Portal
 * @copyright	Copyright (C) 1997 - 2009 Intechnic. All rights reserved.
 * @license      GNU/GPL
@@ -633,7 +633,8 @@
 				}
 
 				if (!$this->Application->isAdmin) {
-					$value = htmlspecialchars($value, null, CHARSET);
+					// TODO: always escape output instead of input
+					$value = kUtil::escape($value, kUtil::ESCAPE_HTML);
 				}
 
 				$array[$key] = $value;