Index: branches/5.3.x/core/units/helpers/upload_helper.php
===================================================================
diff -u -N -r16002 -r16111
--- branches/5.3.x/core/units/helpers/upload_helper.php	(.../upload_helper.php)	(revision 16002)
+++ branches/5.3.x/core/units/helpers/upload_helper.php	(.../upload_helper.php)	(revision 16111)
@@ -61,9 +61,7 @@
 			throw new kUploaderException('File size exceeds allowed limit.', 413);
 		}
 
-		if ( !$this->Application->isAdmin ) {
-			$value = array_map('htmlspecialchars_decode', $value);
-		}
+		$value = $this->Application->HttpQuery->unescapeRequestVariable($value);
 
 		$tmp_path = WRITEABLE . '/tmp/';
 		$filename = $this->getUploadedFilename() . '.tmp';
@@ -316,11 +314,8 @@
 	protected function getSafeFilename()
 	{
 		$filename = $this->Application->GetVar('file');
+		$filename = $this->Application->unescapeRequestVariable($filename);
 
-		if ( !$this->Application->isAdmin ) {
-			$filename = htmlspecialchars_decode($filename);
-		}
-
 		if ( (strpos($filename, '../') !== false) || (trim($filename) !== $filename) ) {
 			// when relative paths or special chars are found template names from url, then it's hacking attempt
 			return false;