Index: branches/5.3.x/core/units/helpers/permissions_helper.php
===================================================================
diff -u -N -r15698 -r15902
--- branches/5.3.x/core/units/helpers/permissions_helper.php	(.../permissions_helper.php)	(revision 15698)
+++ branches/5.3.x/core/units/helpers/permissions_helper.php	(.../permissions_helper.php)	(revision 15902)
@@ -1,6 +1,6 @@
 <?php
 /**
-* @version	$Id: permissions_helper.php 15698 2013-02-19 11:33:17Z alex $
+* @version	$Id: permissions_helper.php 15902 2013-07-12 15:37:15Z alex $
 * @package	In-Portal
 * @copyright	Copyright (C) 1997 - 2009 Intechnic. All rights reserved.
 * @license      GNU/GPL
@@ -283,7 +283,7 @@
 			if (!$perm_status) {
 				if (MOD_REWRITE) {
 //					$event->SetRedirectParam('m_cat_id', 0); // category means nothing on admin login screen
-					$event->SetRedirectParam('next_template', urlencode('external:' . $_SERVER['REQUEST_URI']));
+					$event->SetRedirectParam('next_template', kUtil::escape('external:' . $_SERVER['REQUEST_URI'], kUtil::ESCAPE_URL));
 				}
 				else {
 					$event->SetRedirectParam('next_template', $this->Application->GetVar('t'));
@@ -500,7 +500,7 @@
 				// TODO: $next_t variable is ignored !!! (is anyone using m_RequireLogin tag with "next_template" parameter?)
 				$redirect_params = Array (
 					'm_cat_id' => 0, // category means nothing on admin login screen
-					'next_template' => urlencode('external:' . $_SERVER['REQUEST_URI']),
+					'next_template' => kUtil::escape('external:' . $_SERVER['REQUEST_URI'], kUtil::ESCAPE_URL),
 				);
 			}
 			else {
@@ -627,26 +627,31 @@
 
 			if ( preg_match('/(.*)\.VIEW$/', $name) && ($type == 0) ) {
 				// cached view permission of category: begin
-				if ( strpos($cat_id, '|') !== false ) {
-					$category_path = explode('|', substr($cat_id, 1, -1));
-					$cat_id = end($category_path);
-				}
+				if ( $this->Application->ConfigValue('CheckViewPermissionsInCatalog') ) {
+					if ( strpos($cat_id, '|') !== false ) {
+						$category_path = explode('|', substr($cat_id, 1, -1));
+						$cat_id = end($category_path);
+					}
 
-				$sql = 'SELECT PermissionConfigId
-						FROM ' . TABLE_PREFIX . 'CategoryPermissionsConfig
-						WHERE PermissionName = ' . $this->Conn->qstr($name);
-				$perm_id = $this->Conn->GetOne($sql);
+					$sql = 'SELECT PermissionConfigId
+							FROM ' . TABLE_PREFIX . 'CategoryPermissionsConfig
+							WHERE PermissionName = ' . $this->Conn->qstr($name);
+					$perm_id = $this->Conn->GetOne($sql);
 
-				$sql = 'SELECT PermId
-						FROM ' . TABLE_PREFIX . 'CategoryPermissionsCache
-						WHERE (PermId = ' . $perm_id . ') AND (CategoryId = ' . (int)$cat_id . ')';
+					$sql = 'SELECT PermId
+							FROM ' . TABLE_PREFIX . 'CategoryPermissionsCache
+							WHERE (PermId = ' . $perm_id . ') AND (CategoryId = ' . (int)$cat_id . ')';
 
-				$view_filters = Array ();
-				foreach ($groups as $group) {
-					$view_filters[] = 'FIND_IN_SET(' . $group . ', ACL)';
+					$view_filters = Array ();
+					foreach ($groups as $group) {
+						$view_filters[] = 'FIND_IN_SET(' . $group . ', ACL)';
+					}
+					$sql .= ' AND (' . implode(' OR ', $view_filters) . ')';
+					$perm_value = $this->Conn->GetOne($sql) ? 1 : 0;
 				}
-				$sql .= ' AND (' . implode(' OR ', $view_filters) . ')';
-				$perm_value = $this->Conn->GetOne($sql) ? 1 : 0;
+				else {
+					$perm_value = 1;
+				}
 
 				$this->Application->setCache('permissions[%CPermSerial%]:' . $cache_key, $perm_value);
 				return $perm_value;