Index: branches/5.3.x/core/kernel/db/cat_event_handler.php
===================================================================
diff -u -N -r15938 -r16111
--- branches/5.3.x/core/kernel/db/cat_event_handler.php	(.../cat_event_handler.php)	(revision 15938)
+++ branches/5.3.x/core/kernel/db/cat_event_handler.php	(.../cat_event_handler.php)	(revision 16111)
@@ -1,6 +1,6 @@
 <?php
 /**
-* @version	$Id: cat_event_handler.php 15938 2013-08-14 09:33:06Z alex $
+* @version	$Id: cat_event_handler.php 16111 2014-12-07 14:49:01Z alex $
 * @package	In-Portal
 * @copyright	Copyright (C) 1997 - 2009 Intechnic. All rights reserved.
 * @license      GNU/GPL
@@ -1108,7 +1108,7 @@
 		$event->redirect = false;
 		$search_table = TABLE_PREFIX.'ses_'.$this->Application->GetSID().'_'.TABLE_PREFIX.'Search';
 
-		$keywords = htmlspecialchars_decode( trim($this->Application->GetVar('keywords')) );
+		$keywords = $this->Application->unescapeRequestVariable(trim($this->Application->GetVar('keywords')));
 
 		$query_object = $this->Application->recallObject('HTTPQuery');
 		/* @var $query_object kHTTPQuery */
@@ -1671,14 +1671,14 @@
 		$condition = '';
 		switch ($record['FieldType']) {
 			case 'select':
-				$keywords[$field] = htmlspecialchars_decode( $keywords[$field] );
+				$keywords[$field] = $this->Application->unescapeRequestVariable($keywords[$field]);
 				if ($keywords[$field]) {
 					$condition = sprintf($condition_patterns['is'], $field_name, $this->Conn->qstr( $keywords[$field] ));
 				}
 				break;
 
 			case 'multiselect':
-				$keywords[$field] = htmlspecialchars_decode( $keywords[$field] );
+				$keywords[$field] = $this->Application->unescapeRequestVariable($keywords[$field]);
 				if ($keywords[$field]) {
 					$condition = Array ();
 					$values = explode('|', substr($keywords[$field], 1, -1));
@@ -1690,7 +1690,7 @@
 				break;
 
 			case 'text':
-				$keywords[$field] = htmlspecialchars_decode( $keywords[$field] );
+				$keywords[$field] = $this->Application->unescapeRequestVariable($keywords[$field]);
 
 				if (mb_strlen($keywords[$field]) >= $this->Application->ConfigValue('Search_MinKeyword_Length')) {
 					$highlight_keywords[] = $keywords[$field];
@@ -1960,8 +1960,6 @@
 		$export_object = $this->Application->recallObject('CatItemExportHelper');
 		/* @var $export_object kCatDBItemExportHelper */
 
-		$event = new kEvent($event->getPrefixSpecial().':OnDummy');
-
 		$action_method = 'perform'.ucfirst($event->Special);
 		$field_values = $export_object->$action_method($event);
 
@@ -2027,8 +2025,7 @@
 		$object = $event->getObject();
 		/* @var $object kCatDBItem */
 
-		$has_image_info = $object->GetDBField('ImageAlt') && ($object->GetDBField('ThumbnailImage') || $object->GetDBField('FullImage'));
-		if ( !$has_image_info ) {
+		if ( !$object->GetDBField('ThumbnailImage') && !$object->GetDBField('FullImage') ) {
 			return ;
 		}
 
@@ -2047,7 +2044,9 @@
 			$image->SetDBField('ResourceId', $object->GetDBField('ResourceId'));
 		}
 
-		$image->SetDBField('AltName', $object->GetDBField('ImageAlt'));
+		if ( $object->GetDBField('ImageAlt') ) {
+			$image->SetDBField('AltName', $object->GetDBField('ImageAlt'));
+		}
 
 		if ( $object->GetDBField('ThumbnailImage') ) {
 			$thumbnail_field = $this->isURL($object->GetDBField('ThumbnailImage')) ? 'ThumbUrl' : 'ThumbPath';
@@ -2152,7 +2151,10 @@
 			$object = $event->getObject(Array ('skip_autoload' => true));
 			/* @var $object kDBItem */
 
-			$object->SetFieldsFromHash($field_values, $this->getRequestProtectedFields($field_values));
+			$object->setID($id);
+			$object->SetFieldsFromHash($field_values);
+			$event->setEventParam('form_data', $field_values);
+
 			$field_values['ImportFilename'] = $object->GetDBField('ImportFilename'); //if upload formatter has renamed the file during moving !!!
 			$field_values['ImportSource'] = 2;
 			$field_values['ImportLocalFilename'] = $object->GetDBField('ImportFilename');
@@ -2536,7 +2538,7 @@
 						$cloned_ids = $temp_handler->CloneItems($event->Prefix, $event->Special, Array($original_id), NULL, NULL, NULL, true);
 
 						$object->Load($cloned_ids[0]);
-						$object->SetFieldsFromHash($field_values, $this->getRequestProtectedFields($field_values));
+						$object->SetFieldsFromHash($field_values);
 						$event->setEventParam('form_data', $field_values);
 
 						// 1a. delete record from CategoryItems (about cloned item) that was automatically created during call of Create method of kCatDBItem
@@ -2558,7 +2560,7 @@
 					}
 					else {
 						// 2. user has pending copy of live item -> just update field values
-						$object->SetFieldsFromHash($field_values, $this->getRequestProtectedFields($field_values));
+						$object->SetFieldsFromHash($field_values);
 						$event->setEventParam('form_data', $field_values);
 					}
 
@@ -2567,7 +2569,7 @@
 				}
 				else {
 					// 3. already editing pending copy -> just update field values
-					$object->SetFieldsFromHash($field_values, $this->getRequestProtectedFields($field_values));
+					$object->SetFieldsFromHash($field_values);
 					$event->setEventParam('form_data', $field_values);
 				}
 
@@ -2759,9 +2761,6 @@
 				if ( !$sort_by ) {
 					$this->Application->SetVar('sort_by', 'Relevance,desc|' . $default_sorting);
 				}
-				elseif ( strpos($sort_by, 'Relevance,') !== false ) {
-					$this->Application->SetVar('sort_by', $sort_by . '|' . $default_sorting);
-				}
 			}
 			else {
 				$sorting_settings = $this->getListSetting($event, 'Sortings');
@@ -2770,9 +2769,6 @@
 				if ( !$sort_by ) {
 					$event->setEventParam('sort_by', 'Relevance,desc|' . $default_sorting);
 				}
-				elseif ( strpos($sort_by, 'Relevance,') !== false ) {
-					$event->setEventParam('sort_by', $sort_by . '|' . $default_sorting);
-				}
 			}
 
 			$this->_removeForcedSortings($event);
@@ -3102,4 +3098,4 @@
 			$object->SetDBField('ResourceId', $this->Application->NextResourceId());
 		}
 	}
-}
\ No newline at end of file
+}