Index: branches/5.2.x/core/units/thesaurus/thesaurus_eh.php
===================================================================
diff -u -N -r15314 -r16027
--- branches/5.2.x/core/units/thesaurus/thesaurus_eh.php	(.../thesaurus_eh.php)	(revision 15314)
+++ branches/5.2.x/core/units/thesaurus/thesaurus_eh.php	(.../thesaurus_eh.php)	(revision 16027)
@@ -1,6 +1,6 @@
 <?php
 /**
-* @version	$Id: thesaurus_eh.php 15314 2012-04-20 12:30:48Z alex $
+* @version	$Id: thesaurus_eh.php 16027 2014-04-29 13:00:46Z alex $
 * @package	In-Portal
 * @copyright	Copyright (C) 1997 - 2009 Intechnic. All rights reserved.
 * @license      GNU/GPL
@@ -32,8 +32,8 @@
 			/* @var $object kDBList */
 
 			if ( !$this->Application->isAdminUser ) {
-				$keywords = htmlspecialchars_decode(trim($this->Application->GetVar('keywords')));
+				$keywords = $this->Application->unescapeRequestVariable(trim($this->Application->GetVar('keywords')));
 				$object->addFilter('search_filter', '%1$s.SearchTerm LIKE ' . $this->Conn->qstr($keywords) . ' OR %1$s.SearchTerm LIKE ' . $this->Conn->qstr($keywords . '_'));
 			}
 		}
-	}
\ No newline at end of file
+	}
Index: branches/5.2.x/core/kernel/db/cat_event_handler.php
===================================================================
diff -u -N -r16016 -r16027
--- branches/5.2.x/core/kernel/db/cat_event_handler.php	(.../cat_event_handler.php)	(revision 16016)
+++ branches/5.2.x/core/kernel/db/cat_event_handler.php	(.../cat_event_handler.php)	(revision 16027)
@@ -1,6 +1,6 @@
 <?php
 /**
-* @version	$Id: cat_event_handler.php 16016 2014-03-19 20:18:21Z alex $
+* @version	$Id: cat_event_handler.php 16027 2014-04-29 13:00:46Z alex $
 * @package	In-Portal
 * @copyright	Copyright (C) 1997 - 2009 Intechnic. All rights reserved.
 * @license      GNU/GPL
@@ -1103,7 +1103,7 @@
 		$event->redirect = false;
 		$search_table = TABLE_PREFIX.'ses_'.$this->Application->GetSID().'_'.TABLE_PREFIX.'Search';
 
-		$keywords = htmlspecialchars_decode( trim($this->Application->GetVar('keywords')) );
+		$keywords = $this->Application->unescapeRequestVariable(trim($this->Application->GetVar('keywords')));
 
 		$query_object = $this->Application->recallObject('HTTPQuery');
 		/* @var $query_object kHTTPQuery */
@@ -1664,14 +1664,14 @@
 		$condition = '';
 		switch ($record['FieldType']) {
 			case 'select':
-				$keywords[$field] = htmlspecialchars_decode( $keywords[$field] );
+				$keywords[$field] = $this->Application->unescapeRequestVariable($keywords[$field]);
 				if ($keywords[$field]) {
 					$condition = sprintf($condition_patterns['is'], $field_name, $this->Conn->qstr( $keywords[$field] ));
 				}
 				break;
 
 			case 'multiselect':
-				$keywords[$field] = htmlspecialchars_decode( $keywords[$field] );
+				$keywords[$field] = $this->Application->unescapeRequestVariable($keywords[$field]);
 				if ($keywords[$field]) {
 					$condition = Array ();
 					$values = explode('|', substr($keywords[$field], 1, -1));
@@ -1683,7 +1683,7 @@
 				break;
 
 			case 'text':
-				$keywords[$field] = htmlspecialchars_decode( $keywords[$field] );
+				$keywords[$field] = $this->Application->unescapeRequestVariable($keywords[$field]);
 
 				if (mb_strlen($keywords[$field]) >= $this->Application->ConfigValue('Search_MinKeyword_Length')) {
 					$highlight_keywords[] = $keywords[$field];
Index: branches/5.2.x/core/kernel/utility/http_query.php
===================================================================
diff -u -N -r15856 -r16027
--- branches/5.2.x/core/kernel/utility/http_query.php	(.../http_query.php)	(revision 15856)
+++ branches/5.2.x/core/kernel/utility/http_query.php	(.../http_query.php)	(revision 16027)
@@ -1,6 +1,6 @@
 <?php
 /**
-* @version	$Id: http_query.php 15856 2013-07-02 14:56:00Z alex $
+* @version	$Id: http_query.php 16027 2014-04-29 13:00:46Z alex $
 * @package	In-Portal
 * @copyright	Copyright (C) 1997 - 2009 Intechnic. All rights reserved.
 * @license      GNU/GPL
@@ -645,6 +645,32 @@
 	}
 
 	/**
+	 * Removes forceful escaping done to the variable upon Front-End submission.
+	 *
+	 * @param string|array $value Value.
+	 *
+	 * @return string|array
+	 * @see    StripSlashes
+	 */
+	public function unescapeRequestVariable($value)
+	{
+		if ( $this->Application->isAdmin ) {
+			return $value;
+		}
+
+		// This allows to revert kUtil::escape() call for each field submitted on front-end.
+		if ( is_array($value) ) {
+			foreach ( $value as $param_name => $param_value ) {
+				$value[$param_name] = $this->unescapeRequestVariable($param_value);
+			}
+
+			return $value;
+		}
+
+		return kUtil::unescape($value, kUtil::ESCAPE_HTML);
+	}
+
+	/**
 	 * Returns all $_GET array excluding system parameters, that are not allowed to be passed through generated urls
 	 *
 	 * @param bool $access_error Method is called during no_permission, require login, session expiration link preparation
@@ -800,4 +826,4 @@
 
 		return isset($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : '';
 	}
-}
\ No newline at end of file
+}
Index: branches/5.2.x/core/kernel/globals.php
===================================================================
diff -u -N -r16000 -r16027
--- branches/5.2.x/core/kernel/globals.php	(.../globals.php)	(revision 16000)
+++ branches/5.2.x/core/kernel/globals.php	(.../globals.php)	(revision 16027)
@@ -1,6 +1,6 @@
 <?php
 /**
-* @version	$Id: globals.php 16000 2013-11-05 08:58:29Z alex $
+* @version	$Id: globals.php 16027 2014-04-29 13:00:46Z alex $
 * @package	In-Portal
 * @copyright	Copyright (C) 1997 - 2009 Intechnic. All rights reserved.
 * @license      GNU/GPL
@@ -901,6 +901,64 @@
 		throw new InvalidArgumentException(sprintf('Unknown escape strategy "%s"', $strategy));
 	}
 
+	/**
+	 * Unescapes a string.
+	 *
+	 * @param string $text     Text to unescape.
+	 * @param string $strategy Escape strategy.
+	 *
+	 * @return string
+	 * @throws InvalidArgumentException When unknown escape strategy is given.
+	 */
+	public static function unescape($text, $strategy = null)
+	{
+		if ( !isset($strategy) ) {
+			$strategy = self::$escapeStrategy;
+		}
+
+		if ( strpos($strategy, '+') !== false ) {
+			$previous_strategy = '';
+			$strategies = explode('+', $strategy);
+
+			foreach ($strategies as $current_strategy) {
+				// apply default strategy
+				if ( $current_strategy == '' ) {
+					$current_strategy = self::$escapeStrategy;
+				}
+
+				// don't double-unescape
+				if ( $current_strategy != $previous_strategy ) {
+					$text = self::unescape($text, $current_strategy);
+					$previous_strategy = $current_strategy;
+				}
+			}
+
+			return $text;
+		}
+
+		if ( $strategy == self::ESCAPE_HTML ) {
+			return htmlspecialchars_decode($text, ENT_QUOTES);
+		}
+
+		if ( $strategy == self::ESCAPE_JS ) {
+			// TODO: consider using "stripcslashes", because "stripslashes" isn't really for JavaScript unescaping (according to docs)
+			$text = str_replace("</'+'script>", '</script>', $text);
+			$text = str_replace(array('\r', '\n'), array("\r", "\n"), $text);
+			$text = stripslashes($text);
+
+			return $text;
+		}
+
+		if ( $strategy == self::ESCAPE_URL ) {
+			return rawurldecode($text);
+		}
+
+		if ( $strategy == self::ESCAPE_RAW ) {
+			return $text;
+		}
+
+		throw new InvalidArgumentException(sprintf('Unknown escape strategy "%s"', $strategy));
+	}
 }
 
 /**
@@ -1046,4 +1104,4 @@
 
 		return $res;
 	}
-}
\ No newline at end of file
+}
Index: branches/5.2.x/core/units/images/image_tag_processor.php
===================================================================
diff -u -N -r16023 -r16027
--- branches/5.2.x/core/units/images/image_tag_processor.php	(.../image_tag_processor.php)	(revision 16023)
+++ branches/5.2.x/core/units/images/image_tag_processor.php	(.../image_tag_processor.php)	(revision 16027)
@@ -1,6 +1,6 @@
 <?php
 /**
-* @version	$Id: image_tag_processor.php 16023 2014-03-27 09:54:40Z alex $
+* @version	$Id: image_tag_processor.php 16027 2014-04-29 13:00:46Z alex $
 * @package	In-Portal
 * @copyright	Copyright (C) 1997 - 2011 Intechnic. All rights reserved.
 * @license      GNU/GPL
@@ -400,7 +400,7 @@
 		// TODO: change to urlToPath usage later
 		// relative url (we add sort of <inp2:m_TemplatesBase/> does
 
-		return FULL_PATH . '/' . mb_substr(THEMES_PATH, 1) . '/' . rawurldecode($path);
+		return FULL_PATH . '/' . mb_substr(THEMES_PATH, 1) . '/' . kUtil::unescape($path, kUtil::ESCAPE_URL);
 	}
 
 	/**
Index: branches/5.2.x/core/units/categories/categories_tag_processor.php
===================================================================
diff -u -N -r15858 -r16027
--- branches/5.2.x/core/units/categories/categories_tag_processor.php	(.../categories_tag_processor.php)	(revision 15858)
+++ branches/5.2.x/core/units/categories/categories_tag_processor.php	(.../categories_tag_processor.php)	(revision 16027)
@@ -1,6 +1,6 @@
 <?php
 /**
-* @version	$Id: categories_tag_processor.php 15858 2013-07-03 11:26:48Z alex $
+* @version	$Id: categories_tag_processor.php 16027 2014-04-29 13:00:46Z alex $
 * @package	In-Portal
 * @copyright	Copyright (C) 1997 - 2011 Intechnic. All rights reserved.
 * @license      GNU/GPL
@@ -958,7 +958,7 @@
 	 */
 	protected function SpellingSuggestions($params)
 	{
-		$keywords = htmlspecialchars_decode( trim($this->Application->GetVar('keywords')) );
+		$keywords = $this->Application->unescapeRequestVariable(trim($this->Application->GetVar('keywords')));
 		if ( !$keywords ) {
 			return '';
 		}
@@ -2256,4 +2256,4 @@
 
 		return $this->Application->ParseBlock($block_params);
 	}
-}
\ No newline at end of file
+}
Index: branches/5.2.x/core/units/user_profile/user_profile_eh.php
===================================================================
diff -u -N -r15314 -r16027
--- branches/5.2.x/core/units/user_profile/user_profile_eh.php	(.../user_profile_eh.php)	(revision 15314)
+++ branches/5.2.x/core/units/user_profile/user_profile_eh.php	(.../user_profile_eh.php)	(revision 16027)
@@ -1,6 +1,6 @@
 <?php
 /**
-* @version	$Id: user_profile_eh.php 15314 2012-04-20 12:30:48Z alex $
+* @version	$Id: user_profile_eh.php 16027 2014-04-29 13:00:46Z alex $
 * @package	In-Portal
 * @copyright	Copyright (C) 1997 - 2009 Intechnic. All rights reserved.
 * @license      GNU/GPL
@@ -67,7 +67,7 @@
 					}
 				}
 				else {
-					$this->Application->StorePersistentVar($variable_name, htmlspecialchars_decode($variable_value));
+					$this->Application->StorePersistentVar($variable_name, $this->Application->unescapeRequestVariable($variable_value));
 				}
 			}
 
@@ -90,4 +90,4 @@
 				}
 			}
 		}
-	}
\ No newline at end of file
+	}
Index: branches/5.2.x/core/kernel/utility/formatters/formatter.php
===================================================================
diff -u -N -r15856 -r16027
--- branches/5.2.x/core/kernel/utility/formatters/formatter.php	(.../formatter.php)	(revision 15856)
+++ branches/5.2.x/core/kernel/utility/formatters/formatter.php	(.../formatter.php)	(revision 16027)
@@ -1,6 +1,6 @@
 <?php
 /**
-* @version	$Id: formatter.php 15856 2013-07-02 14:56:00Z alex $
+* @version	$Id: formatter.php 16027 2014-04-29 13:00:46Z alex $
 * @package	In-Portal
 * @copyright	Copyright (C) 1997 - 2011 Intechnic. All rights reserved.
 * @license      GNU/GPL
@@ -73,9 +73,8 @@
 				$field_type = 'float';
 			}
 			elseif ( $field_type == 'string' ) {
-				if ( !$this->Application->isAdmin && isset($options['allow_html']) && $options['allow_html'] ) {
-					// this allows to revert kUtil::escape() call for each field submitted on Front-End
-					$value = htmlspecialchars_decode($value);
+				if ( isset($options['allow_html']) && $options['allow_html'] ) {
+					$value = $this->Application->unescapeRequestVariable($value);
 				}
 
 				return $value;
@@ -300,4 +299,4 @@
 		return isset($options['sample_value']) ? $options['sample_value'] : '';
 	}
 
-}
\ No newline at end of file
+}
Index: branches/5.2.x/core/kernel/application.php
===================================================================
diff -u -N -r15856 -r16027
--- branches/5.2.x/core/kernel/application.php	(.../application.php)	(revision 15856)
+++ branches/5.2.x/core/kernel/application.php	(.../application.php)	(revision 16027)
@@ -1,6 +1,6 @@
 <?php
 /**
-* @version	$Id: application.php 15856 2013-07-02 14:56:00Z alex $
+* @version	$Id: application.php 16027 2014-04-29 13:00:46Z alex $
 * @package	In-Portal
 * @copyright	Copyright (C) 1997 - 2009 Intechnic. All rights reserved.
 * @license      GNU/GPL
@@ -1381,6 +1381,20 @@
 	}
 
 	/**
+	 * Removes forceful escaping done to the variable upon Front-End submission.
+	 *
+	 * @param string|array $value Value.
+	 *
+	 * @return string|array
+	 * @see    kHttpQuery::StripSlashes
+	 * @todo   Temporary method for marking problematic places to take care of, when forceful escaping will be removed.
+	 */
+	public function unescapeRequestVariable($value)
+	{
+		return $this->HttpQuery->unescapeRequestVariable($value);
+	}
+
+	/**
 	 * Returns variable passed to the script as $type
 	 *
 	 * @param string $name Name of variable to retrieve
@@ -3054,4 +3068,4 @@
 	{
 		return $this->HttpQuery->getClientIp();
 	}
-}
\ No newline at end of file
+}
Index: branches/5.2.x/core/units/categories/categories_event_handler.php
===================================================================
diff -u -N -r15861 -r16027
--- branches/5.2.x/core/units/categories/categories_event_handler.php	(.../categories_event_handler.php)	(revision 15861)
+++ branches/5.2.x/core/units/categories/categories_event_handler.php	(.../categories_event_handler.php)	(revision 16027)
@@ -1,6 +1,6 @@
 <?php
 /**
-* @version	$Id: categories_event_handler.php 15861 2013-07-03 15:34:01Z alex $
+* @version	$Id: categories_event_handler.php 16027 2014-04-29 13:00:46Z alex $
 * @package	In-Portal
 * @copyright	Copyright (C) 1997 - 2009 Intechnic. All rights reserved.
 * @license      GNU/GPL
@@ -2431,7 +2431,7 @@
 		function OnUpdatePreviewBlock($event)
 		{
 			$event->status = kEvent::erSTOP;
-			$string = htmlspecialchars_decode($this->Application->GetVar('preview_content'));
+			$string = $this->Application->unescapeRequestVariable($this->Application->GetVar('preview_content'));
 
 			$category_helper = $this->Application->recallObject('CategoryHelper');
 			/* @var $category_helper CategoryHelper */
@@ -2452,7 +2452,7 @@
 			$event->redirect = false;
 			$search_table = TABLE_PREFIX.'ses_'.$this->Application->GetSID().'_'.TABLE_PREFIX.'Search';
 
-			$keywords = htmlspecialchars_decode( trim($this->Application->GetVar('keywords')) );
+			$keywords = $this->Application->unescapeRequestVariable(trim($this->Application->GetVar('keywords')));
 
 			$query_object = $this->Application->recallObject('HTTPQuery');
 			/* @var $query_object kHTTPQuery */
@@ -3137,4 +3137,4 @@
 			$object->SetDBField('ResourceId', 0); // this will reset it
 
 		}
-	}
\ No newline at end of file
+	}
Index: branches/5.2.x/core/kernel/db/db_event_handler.php
===================================================================
diff -u -N -r16016 -r16027
--- branches/5.2.x/core/kernel/db/db_event_handler.php	(.../db_event_handler.php)	(revision 16016)
+++ branches/5.2.x/core/kernel/db/db_event_handler.php	(.../db_event_handler.php)	(revision 16027)
@@ -1,6 +1,6 @@
 <?php
 /**
-* @version	$Id: db_event_handler.php 16016 2014-03-19 20:18:21Z alex $
+* @version	$Id: db_event_handler.php 16027 2014-04-29 13:00:46Z alex $
 * @package	In-Portal
 * @copyright	Copyright (C) 1997 - 2009 Intechnic. All rights reserved.
 * @license      GNU/GPL
@@ -3145,9 +3145,7 @@
 				return;
 			}
 
-			if ( !$this->Application->isAdmin ) {
-				$value = array_map('htmlspecialchars_decode', $value);
-			}
+			$value = $this->Application->HttpQuery->unescapeRequestVariable($value);
 
 			$tmp_path = WRITEABLE . '/tmp/';
 			$filename = $value['name'] . '.tmp';
@@ -3375,11 +3373,8 @@
 		protected function _getSafeFilename()
 		{
 			$filename = $this->Application->GetVar('file');
+			$filename = $this->Application->unescapeRequestVariable($filename);
 
-			if ( !$this->Application->isAdmin ) {
-				$filename = htmlspecialchars_decode($filename);
-			}
-
 			if ( (strpos($filename, '../') !== false) || (trim($filename) !== $filename) ) {
 				// when relative paths or special chars are found template names from url, then it's hacking attempt
 				return false;
Index: branches/5.2.x/core/units/helpers/file_helper.php
===================================================================
diff -u -N -r15856 -r16027
--- branches/5.2.x/core/units/helpers/file_helper.php	(.../file_helper.php)	(revision 15856)
+++ branches/5.2.x/core/units/helpers/file_helper.php	(.../file_helper.php)	(revision 16027)
@@ -1,6 +1,6 @@
 <?php
 /**
-* @version	$Id: file_helper.php 15856 2013-07-02 14:56:00Z alex $
+* @version	$Id: file_helper.php 16027 2014-04-29 13:00:46Z alex $
 * @package	In-Portal
 * @copyright	Copyright (C) 1997 - 2009 Intechnic. All rights reserved.
 * @license      GNU/GPL
@@ -414,7 +414,7 @@
 			$full_path = preg_replace('/(\\\[\d]+)/', '\\\\\1', FULL_PATH);
 			$path = preg_replace('/^' . preg_quote($base_url, '/') . '(.*)/', $full_path . '\\1', $url, 1);
 
-			return str_replace('/', DIRECTORY_SEPARATOR, rawurldecode($path));
+			return str_replace('/', DIRECTORY_SEPARATOR, kUtil::unescape($path, kUtil::ESCAPE_URL));
 		}
 
 		/**
@@ -460,4 +460,4 @@
 
 			return $new_name;
 		}
-	}
\ No newline at end of file
+	}
Index: branches/5.2.x/core/units/forms/form_submissions/form_submissions_eh.php
===================================================================
diff -u -N -r15856 -r16027
--- branches/5.2.x/core/units/forms/form_submissions/form_submissions_eh.php	(.../form_submissions_eh.php)	(revision 15856)
+++ branches/5.2.x/core/units/forms/form_submissions/form_submissions_eh.php	(.../form_submissions_eh.php)	(revision 16027)
@@ -1,6 +1,6 @@
 <?php
 /**
-* @version	$Id: form_submissions_eh.php 15856 2013-07-02 14:56:00Z alex $
+* @version	$Id: form_submissions_eh.php 16027 2014-04-29 13:00:46Z alex $
 * @package	In-Portal
 * @copyright	Copyright (C) 1997 - 2009 Intechnic. All rights reserved.
 * @license      GNU/GPL
@@ -262,7 +262,7 @@
 			$theme = $this->Application->recallObject('theme.current');
 			/* @var $theme kDBItem */
 
-			$template = htmlspecialchars_decode($this->Application->GetVar('success_template')); // kHTTPQuery do kUtil::escape() on everything on Front-End
+			$template = $this->Application->unescapeRequestVariable($this->Application->GetVar('success_template'));
 			$alias_template = $theme->GetField('TemplateAliases', $template);
 
 			$event->redirect = $alias_template ? $alias_template : $template;
@@ -549,4 +549,4 @@
 				}
 			}
 		}
-	}
\ No newline at end of file
+	}
Index: branches/5.2.x/core/kernel/utility/formatters/upload_formatter.php
===================================================================
diff -u -N -r15856 -r16027
--- branches/5.2.x/core/kernel/utility/formatters/upload_formatter.php	(.../upload_formatter.php)	(revision 15856)
+++ branches/5.2.x/core/kernel/utility/formatters/upload_formatter.php	(.../upload_formatter.php)	(revision 16027)
@@ -1,6 +1,6 @@
 <?php
 /**
-* @version	$Id: upload_formatter.php 15856 2013-07-02 14:56:00Z alex $
+* @version	$Id: upload_formatter.php 16027 2014-04-29 13:00:46Z alex $
 * @package	In-Portal
 * @copyright	Copyright (C) 1997 - 2011 Intechnic. All rights reserved.
 * @license      GNU/GPL
@@ -62,11 +62,7 @@
 	 */
 	public function Parse($value, $field_name, &$object)
 	{
-		if ( !$this->Application->isAdmin ) {
-			// this allows to revert kUtil::escape() call for each field submitted on front-end
-			$value = is_array($value) ? array_map('htmlspecialchars_decode', $value) : htmlspecialchars_decode($value);
-		}
-
+		$value = $this->Application->HttpQuery->unescapeRequestVariable($value);
 		$options = $object->GetFieldOptions($field_name);
 
 		if ( getArrayValue($options, 'upload_dir') ) {
@@ -628,4 +624,4 @@
 
 		return parent::GetFormatted($value, $field_name, $object, $format);
 	}
-}
\ No newline at end of file
+}
Index: branches/5.2.x/core/units/thesaurus/thesaurus_tp.php
===================================================================
diff -u -N -r15314 -r16027
--- branches/5.2.x/core/units/thesaurus/thesaurus_tp.php	(.../thesaurus_tp.php)	(revision 15314)
+++ branches/5.2.x/core/units/thesaurus/thesaurus_tp.php	(.../thesaurus_tp.php)	(revision 16027)
@@ -1,6 +1,6 @@
 <?php
 /**
-* @version	$Id: thesaurus_tp.php 15314 2012-04-20 12:30:48Z alex $
+* @version	$Id: thesaurus_tp.php 16027 2014-04-29 13:00:46Z alex $
 * @package	In-Portal
 * @copyright	Copyright (C) 1997 - 2009 Intechnic. All rights reserved.
 * @license      GNU/GPL
@@ -30,7 +30,7 @@
 
 		function _getThesaurusRecords()
 		{
-			$keywords = htmlspecialchars_decode( trim($this->Application->GetVar('keywords')) );
+			$keywords = $this->Application->unescapeRequestVariable(trim($this->Application->GetVar('keywords')));
 			$table_name = $this->Application->getUnitOption($this->Prefix, 'TableName');
 
 			$sql = 'SELECT *
Index: branches/5.2.x/core/kernel/processors/main_processor.php
===================================================================
diff -u -N -r15905 -r16027
--- branches/5.2.x/core/kernel/processors/main_processor.php	(.../main_processor.php)	(revision 15905)
+++ branches/5.2.x/core/kernel/processors/main_processor.php	(.../main_processor.php)	(revision 16027)
@@ -1,6 +1,6 @@
 <?php
 /**
-* @version	$Id: main_processor.php 15905 2013-07-16 13:04:20Z alex $
+* @version	$Id: main_processor.php 16027 2014-04-29 13:00:46Z alex $
 * @package	In-Portal
 * @copyright	Copyright (C) 1997 - 2009 Intechnic. All rights reserved.
 * @license      GNU/GPL
@@ -412,7 +412,7 @@
 		}
 
 		if (array_key_exists('no_html_escape', $params) && $params['no_html_escape']) {
-			return htmlspecialchars_decode($ret);
+			return kUtil::unescape($ret, kUtil::ESCAPE_HTML);
 		}
 
 		return $ret;