Index: branches/RC/core/kernel/db/db_event_handler.php
===================================================================
diff -u -N -r10599 -r10621
--- branches/RC/core/kernel/db/db_event_handler.php	(.../db_event_handler.php)	(revision 10599)
+++ branches/RC/core/kernel/db/db_event_handler.php	(.../db_event_handler.php)	(revision 10621)
@@ -2141,8 +2141,15 @@
 			}
 		}
 
+		/**
+		 * Used to save files uploaded via swfuploader
+		 *
+		 * @param kEvent $event
+		 */
 		function OnUploadFile(&$event)
 		{
+			$event->status = erSTOP;
+
 			// Flash uploader does NOT send correct cookies, so we need to make our own check
 			$cookie_name = 'adm_'.$this->Application->ConfigValue('SessionCookieName');
 			$this->Application->HttpQuery->Cookie['cookies_on'] = 1;
@@ -2152,18 +2159,18 @@
 			$admin_ses =& $this->Application->recallObject('Session.admin');
 			/* @var $admin_ses Session */
 
-			$user = $admin_ses->RecallVar('user_id');
-
 			$perm_helper =& $this->Application->recallObject('PermissionsHelper');
 			/* @var $perm_helper kPermissionsHelper */
 
 			$section = $event->getSection();
+			$user_id = $admin_ses->RecallVar('user_id');
 
-			if (!$perm_helper->CheckUserPermission($user, $section.'.add') && !$perm_helper->CheckUserPermission($user, $section.'.edit')) {
+			if (!$perm_helper->CheckUserPermission($user_id, $section.'.add') && !$perm_helper->CheckUserPermission($user_id, $section.'.edit')) {
 				$event->status = erPERM_FAIL;
+				// 403 Forbidden
 				header('HTTP/1.0 403 You don\'t have permissions to upload');
 				exit;
-				return;
+				return ;
 			}
 
 			if (!$cookie_name) {
@@ -2172,21 +2179,29 @@
 
 			$value = $this->Application->GetVar('Filedata');
 			if (!$value) {
-				return ;
+				$event->status = erFAIL;
+				// 413 Request Entity Too Large (when uploaded file was to large for web server to accept)
+				header('HTTP/1.0 413 File size exceeds allowed limit');
+				exit;
 			}
 
 			$tmp_path = defined('WRITEABLE') ? WRITEABLE.'/tmp/' : FULL_PATH.'/kernel/cache/';
 			$fname = $value['name'];
 			$id = $this->Application->GetVar('id');
-			if ($id) $fname = $id.'_'.$fname;
+			if ($id) {
+				$fname = $id.'_'.$fname;
+			}
 
 			if (!is_writable($tmp_path)) {
+				$event->status = erFAIL;
+				// 500 Internal Server Error
 				header('HTTP/1.0 500 Write permissions not set on the server');
 				exit;
 			}
 
 			move_uploaded_file($value['tmp_name'], $tmp_path.$fname);
-			exit;
+
+			die("Flash requires that we output something or it won't fire the uploadSuccess event");
 		}
 
 		/**
@@ -2196,8 +2211,13 @@
 		 */
 		function OnDeleteFile(&$event)
 		{
-			if (strpos($this->Application->GetVar('file'), '../') !== false) return ;
-			$object =& $event->getObject(array('skip_autoload'=>true));
+			$event->status = erSTOP;
+
+			if (strpos($this->Application->GetVar('file'), '../') !== false) {
+				return ;
+			}
+
+			$object =& $event->getObject( Array ('skip_autoload' => true)) ;
 			$options = $object->GetFieldOptions($this->Application->GetVar('field'));
 
 			$var_name = $event->getPrefixSpecial().'_file_pending_actions'.$this->Application->GetVar('m_wid');