Index: branches/5.2.x/core/units/categories/categories_tag_processor.php
===================================================================
diff -u -N -r15734 -r15856
--- branches/5.2.x/core/units/categories/categories_tag_processor.php	(.../categories_tag_processor.php)	(revision 15734)
+++ branches/5.2.x/core/units/categories/categories_tag_processor.php	(.../categories_tag_processor.php)	(revision 15856)
@@ -1,6 +1,6 @@
 <?php
 /**
-* @version	$Id: categories_tag_processor.php 15734 2013-04-23 12:22:01Z alex $
+* @version	$Id: categories_tag_processor.php 15856 2013-07-02 14:56:00Z alex $
 * @package	In-Portal
 * @copyright	Copyright (C) 1997 - 2011 Intechnic. All rights reserved.
 * @license      GNU/GPL
@@ -993,7 +993,7 @@
 		$curl_helper = $this->Application->recallObject('CurlHelper');
 		/* @var $curl_helper kCurlHelper */
 
-		$xml_data = $curl_helper->Send( $url . urlencode($keywords) );
+		$xml_data = $curl_helper->Send( $url . kUtil::escape($keywords, kUtil::ESCAPE_URL) );
 
 		$xml_helper = $this->Application->recallObject('kXMLHelper');
 		/* @var $xml_helper kXMLHelper */
@@ -1461,8 +1461,9 @@
 			'editingMode' => (int)EDITING_MODE,
 		);
 
+		$site_name = strip_tags($this->Application->ConfigValue('Site_Name'));
 		$ret .= "var aTemplateManager = new TemplateManager(" . json_encode($class_params) . ");\n";
-		$ret .= "var main_title = '" . addslashes( $this->Application->ConfigValue('Site_Name') ) . "';" . "\n";
+		$ret .= "var main_title = '" . kUtil::escape($site_name, kUtil::ESCAPE_JS) . "';" . "\n";
 
 		$use_popups = (int)$this->Application->ConfigValue('UsePopups');
 		$ret .= "var \$use_popups = " . ($use_popups > 0 ? 'true' : 'false') . ";\n";
@@ -1479,8 +1480,10 @@
 			$browse_url = $this->Application->HREF('catalog/catalog', ADMIN_DIRECTORY, $url_params, 'index.php');
 			$browse_url = preg_replace('/&(admin|editing_mode)=[\d]/', '', $browse_url);
 
+			$admin_title = strip_tags($this->Application->Phrase('la_AdministrativeConsole', false));
+
 			$ret .= '
-				set_window_title(document.title + \' - ' . addslashes($this->Application->Phrase('la_AdministrativeConsole', false)) . '\');
+				set_window_title(document.title + \' - ' . kUtil::escape($admin_title, kUtil::ESCAPE_JS) . '\');
 
 				t = \'' . $this->Application->GetVar('t') . '\';
 
@@ -1708,7 +1711,7 @@
 	{
 		$phrase = $this->Application->Phrase($title, false, true);
 
-		return $tabs . 'a_toolbar.AddButton( new ToolBarButton("' . $name . '", "' . htmlspecialchars($phrase, null, CHARSET) . '") );';
+		return $tabs . 'a_toolbar.AddButton( new ToolBarButton("' . $name . '", "' . kUtil::escape($phrase, kUtil::ESCAPE_HTML . '+' . kUtil::ESCAPE_JS) . '") );';
 	}
 
 	function _getThemeFileId()