Index: branches/5.3.x/core/kernel/db/cat_event_handler.php
===================================================================
diff -u -N -r16321 -r16395
--- branches/5.3.x/core/kernel/db/cat_event_handler.php	(.../cat_event_handler.php)	(revision 16321)
+++ branches/5.3.x/core/kernel/db/cat_event_handler.php	(.../cat_event_handler.php)	(revision 16395)
@@ -1,6 +1,6 @@
 <?php
 /**
-* @version	$Id: cat_event_handler.php 16321 2016-01-23 19:01:11Z alex $
+* @version	$Id: cat_event_handler.php 16395 2016-11-12 12:43:14Z alex $
 * @package	In-Portal
 * @copyright	Copyright (C) 1997 - 2009 Intechnic. All rights reserved.
 * @license      GNU/GPL
@@ -128,10 +128,14 @@
 			return $perm_helper->finalizePermissionCheck($event, $perm_value);
 		}
 
-		$export_events = Array ('OnSaveSettings', 'OnResetSettings', 'OnExportBegin');
-		if ( in_array($event->Name, $export_events) ) {
-			// when import settings before selecting target import category
-			return $this->Application->CheckPermission('in-portal:main_import.view');
+		$export_events = array('OnSaveSettings', 'OnResetSettings', 'OnExportBegin');
+
+		if ( in_array($event->Name, $export_events) || ($event->Special == 'export' && $event->Name == 'OnNew') ) {
+			/** @var kPermissionsHelper $perm_helper */
+			$perm_helper = $this->Application->recallObject('PermissionsHelper');
+			$perm_value = $this->Application->CheckPermission('in-portal:main_import.view');
+
+			return $perm_helper->finalizePermissionCheck($event, $perm_value);
 		}
 
 		if ( $event->Name == 'OnProcessSelected' ) {
@@ -442,7 +446,10 @@
 			$object = $event->getObject();
 			/* @var $object kDBList */
 
-			$search_sql = '	FROM ' . TABLE_PREFIX . 'ses_' . $this->Application->GetSID() . '_' . TABLE_PREFIX . 'Search search_result
+			/** @var kSearchHelper $search_helper */
+			$search_helper = $this->Application->recallObject('SearchHelper');
+
+			$search_sql = '	FROM ' . $search_helper->getSearchTable() . ' search_result
 							JOIN %1$s ON %1$s.ResourceId = search_result.ResourceId';
 			$sql = str_replace('FROM %1$s', $search_sql, $object->GetPlainSelectSQL());
 
@@ -1106,13 +1113,16 @@
 	function OnSimpleSearch($event)
 	{
 		$event->redirect = false;
-		$search_table = TABLE_PREFIX.'ses_'.$this->Application->GetSID().'_'.TABLE_PREFIX.'Search';
 
 		$keywords = $this->Application->unescapeRequestVariable(trim($this->Application->GetVar('keywords')));
 
 		$query_object = $this->Application->recallObject('kHTTPQuery');
 		/* @var $query_object kHTTPQuery */
 
+		/** @var kSearchHelper $search_helper */
+		$search_helper = $this->Application->recallObject('SearchHelper');
+
+		$search_table = $search_helper->getSearchTable();
 		$sql = 'SHOW TABLES LIKE "'.$search_table.'"';
 
 		if(!isset($query_object->Get['keywords']) &&
@@ -1123,7 +1133,7 @@
 		}
 		if(!$keywords || strlen($keywords) < $this->Application->ConfigValue('Search_MinKeyword_Length'))
 		{
-			$this->Conn->Query('DROP TABLE IF EXISTS '.$search_table);
+			$search_helper->ensureEmptySearchTable();
 			$this->Application->SetVar('keywords_too_short', 1);
 			return; // if no or too short keyword entered, doing nothing
 		}
@@ -1242,10 +1252,7 @@
 			}
 		}
 
-		// keyword string processing
-		$search_helper = $this->Application->recallObject('SearchHelper');
-		/* @var $search_helper kSearchHelper */
-
+		// Keyword string processing.
 		$where_clause = Array ();
 		foreach ($field_list as $field) {
 			if (preg_match('/^' . preg_quote($items_table, '/') . '\.(.*)/', $field, $regs)) {
@@ -1396,9 +1403,12 @@
 		// keep search results from other items after doing a sub-search on current item type
 		$this->Application->SetVar('do_not_drop_search_table', true);
 
-		$ids = Array ();
-		$search_table = TABLE_PREFIX . 'ses_' . $this->Application->GetSID() . '_' . TABLE_PREFIX . 'Search';
+		/** @var kSearchHelper $search_helper */
+		$search_helper = $this->Application->recallObject('SearchHelper');
+
+		$search_table = $search_helper->getSearchTable();
 		$sql = 'SHOW TABLES LIKE "' . $search_table . '"';
+		$ids = array();
 
 		if ( $this->Conn->Query($sql) ) {
 			$item_type = $event->getUnitConfig()->getItemType();
@@ -1637,9 +1647,11 @@
 		}
 		$where_clause .= ' AND '.$items_table.'.Status = 1';
 
-		// building final search query
-		$search_table = TABLE_PREFIX.'ses_'.$this->Application->GetSID().'_'.TABLE_PREFIX.'Search';
+		/** @var kSearchHelper $search_helper */
+		$search_helper = $this->Application->recallObject('SearchHelper');
 
+		// Building final search query.
+		$search_table = $search_helper->getSearchTable();
 		$this->Conn->Query('DROP TABLE IF EXISTS '.$search_table);
 
 		$id_field = $config->getIDField();
@@ -1657,7 +1669,7 @@
 					GROUP BY '.$items_table.'.'.$id_field.
 					$having_clause;
 
-		$res = $this->Conn->Query($sql);
+		$this->Conn->Query($sql);
 	}
 
 	function getAdvancedSearchCondition($field_name, $record, $keywords, $verbs, &$highlight_keywords)
@@ -1804,7 +1816,7 @@
 		/* @var $value string */
 
 		$type = ucfirst(strtolower($type));
-		extract($search_data);
+		extract($search_data, EXTR_SKIP);
 
 		switch ($type) {
 			case 'Field':
@@ -2364,11 +2376,15 @@
 		$object = $event->getObject();
 		/* @var $object kCatDBItem */
 
-		$is_admin = $this->Application->isAdminUser;
 		$owner_field = $this->getOwnerField($event->Prefix);
 
-		if ( (!$object->IsTempTable() && !$is_admin) || ($is_admin && !$object->GetDBField($owner_field)) ) {
-			// Front-end OR owner not specified -> set to currently logged-in user
+		// Don't allow creating records on behalf of another user.
+		if ( !$this->Application->isAdminUser && !defined('CRON') ) {
+			$object->SetDBField($owner_field, $object->GetOriginalField($owner_field));
+		}
+
+		// Auto-assign records to currently logged-in user.
+		if ( !$object->GetDBField($owner_field) ) {
 			$object->SetDBField($owner_field, $this->Application->RecallVar('user_id'));
 		}