Index: branches/5.2.x/core/kernel/processors/main_processor.php
===================================================================
diff -u -r16273 -r16339
--- branches/5.2.x/core/kernel/processors/main_processor.php	(.../main_processor.php)	(revision 16273)
+++ branches/5.2.x/core/kernel/processors/main_processor.php	(.../main_processor.php)	(revision 16339)
@@ -1,6 +1,6 @@
 <?php
 /**
-* @version	$Id: main_processor.php 16273 2015-09-27 10:18:20Z alex $
+* @version	$Id: main_processor.php 16339 2016-04-02 13:45:52Z alex $
 * @package	In-Portal
 * @copyright	Copyright (C) 1997 - 2009 Intechnic. All rights reserved.
 * @license      GNU/GPL
@@ -140,7 +140,22 @@
 
 		unset($params['t'], $params['template'], $params['prefix']);
 
-		return $this->Application->HREF($template, $prefix, $params);
+		$no_html_escape = false;
+
+		if ( isset($params['no_amp']) ) {
+			$no_html_escape = $params['no_amp'];
+			unset($params['no_amp']);
+		}
+
+		$ret = $this->Application->HREF($template, $prefix, $params);
+
+		if ( !$no_html_escape ) {
+			// most of the time links are placed into HTML document
+			// TODO: in future always do escaping according to current "escape context"
+			$ret = kUtil::escape($ret, kUtil::ESCAPE_HTML);
+		}
+
+		return $ret;
 	}
 
 	function Link($params)
@@ -910,7 +925,7 @@
 				// TODO: $next_t variable is ignored !!! (is anyone using m_RequireLogin tag with "next_template" parameter?)
 				$redirect_params = Array (
 					'm_cat_id' => 0,
-					'next_template' => kUtil::escape('external:' . $_SERVER['REQUEST_URI'], kUtil::ESCAPE_URL),
+					'next_template' => 'external:' . $_SERVER['REQUEST_URI'],
 				);
 			}
 			else {
Index: branches/5.2.x/core/units/admin/admin_tag_processor.php
===================================================================
diff -u -r15906 -r16339
--- branches/5.2.x/core/units/admin/admin_tag_processor.php	(.../admin_tag_processor.php)	(revision 15906)
+++ branches/5.2.x/core/units/admin/admin_tag_processor.php	(.../admin_tag_processor.php)	(revision 16339)
@@ -1,6 +1,6 @@
 <?php
 /**
-* @version	$Id: admin_tag_processor.php 15906 2013-07-16 13:49:20Z alex $
+* @version	$Id: admin_tag_processor.php 16339 2016-04-02 13:45:52Z alex $
 * @package	In-Portal
 * @copyright	Copyright (C) 1997 - 2009 Intechnic. All rights reserved.
 * @license      GNU/GPL
@@ -91,7 +91,6 @@
 			$params['deep_level'] = $deep_level++;
 			$template = $section_data['url']['t'];
 			unset($section_data['url']['t']);
-			$section_data['url']['__URLENCODE__'] = 1;
 
 			$section_data['section_url'] = $this->Application->HREF($template, '', $section_data['url']);
 			$ret .= $this->Application->ParseBlock( array_merge($params, $section_data) );
@@ -207,7 +206,6 @@
 
 			$url_params = $section_data['url'];
 			unset($url_params['t']);
-			$url_params['__URLENCODE__'] = 1;
 
 			$section_data['section_url'] = $this->Application->HREF($section_data['url']['t'], '', $url_params);
 			$ret = $this->Application->ParseBlock( array_merge($params, $section_data) );
@@ -286,7 +284,6 @@
 				// remove template, so it doesn't appear as additional parameter in url
 				$template = $section_data['url']['t'];
 				unset($section_data['url']['t']);
-				$section_data['url']['__URLENCODE__'] = 1;
 
 				$section_data['section_url'] = $this->Application->HREF($template, '', $section_data['url']);
 
@@ -465,7 +462,7 @@
 			$params['t'] = 'catalog/item_selector/item_selector_'.$mode;
 			$params['m_cat_id'] = $this->Application->getBaseCategory();
 
-			$default_params = Array('no_amp' => 1, 'pass' => 'all,'.$params['prefix']);
+			$default_params = Array('pass' => 'all,'.$params['prefix']);
 			unset($params['prefix']);
 
 			$pass_through = Array();
@@ -1115,4 +1112,4 @@
 		{
 			return $this->Application->isCachingType(CACHING_TYPE_MEMORY);
 		}
-	}
\ No newline at end of file
+	}
Index: branches/5.2.x/core/units/helpers/permissions_helper.php
===================================================================
diff -u -r15856 -r16339
--- branches/5.2.x/core/units/helpers/permissions_helper.php	(.../permissions_helper.php)	(revision 15856)
+++ branches/5.2.x/core/units/helpers/permissions_helper.php	(.../permissions_helper.php)	(revision 16339)
@@ -1,6 +1,6 @@
 <?php
 /**
-* @version	$Id: permissions_helper.php 15856 2013-07-02 14:56:00Z alex $
+* @version	$Id: permissions_helper.php 16339 2016-04-02 13:45:52Z alex $
 * @package	In-Portal
 * @copyright	Copyright (C) 1997 - 2009 Intechnic. All rights reserved.
 * @license      GNU/GPL
@@ -283,7 +283,7 @@
 			if (!$perm_status) {
 				if (MOD_REWRITE) {
 //					$event->SetRedirectParam('m_cat_id', 0); // category means nothing on admin login screen
-					$event->SetRedirectParam('next_template', kUtil::escape('external:' . $_SERVER['REQUEST_URI'], kUtil::ESCAPE_URL));
+					$event->SetRedirectParam('next_template', 'external:' . $_SERVER['REQUEST_URI']);
 				}
 				else {
 					$event->SetRedirectParam('next_template', $this->Application->GetVar('t'));
@@ -500,7 +500,7 @@
 				// TODO: $next_t variable is ignored !!! (is anyone using m_RequireLogin tag with "next_template" parameter?)
 				$redirect_params = Array (
 					'm_cat_id' => 0, // category means nothing on admin login screen
-					'next_template' => kUtil::escape('external:' . $_SERVER['REQUEST_URI'], kUtil::ESCAPE_URL),
+					'next_template' => 'external:' . $_SERVER['REQUEST_URI'],
 				);
 			}
 			else {
Index: branches/5.2.x/core/kernel/managers/plain_url_processor.php
===================================================================
diff -u -r15856 -r16339
--- branches/5.2.x/core/kernel/managers/plain_url_processor.php	(.../plain_url_processor.php)	(revision 15856)
+++ branches/5.2.x/core/kernel/managers/plain_url_processor.php	(.../plain_url_processor.php)	(revision 16339)
@@ -1,6 +1,6 @@
 <?php
 /**
-* @version	$Id: plain_url_processor.php 15856 2013-07-02 14:56:00Z alex $
+* @version	$Id: plain_url_processor.php 16339 2016-04-02 13:45:52Z alex $
 * @package	In-Portal
 * @copyright	Copyright (C) 1997 - 2011 Intechnic. All rights reserved.
 * @license      GNU/GPL
@@ -31,14 +31,10 @@
 			return Array ('t' => $this->manager->getTemplateName());
 		}
 
-		$vars = Array ();
-		$more_vars = strpos($env_var, '&');
+		parse_str(ENV_VAR_NAME . '=' . $env_var, $vars);
+		$env_var = $vars[ENV_VAR_NAME];
+		unset($vars[ENV_VAR_NAME]);
 
-		if ( $more_vars !== false ) {
-			parse_str(substr($env_var, $more_vars + 1), $vars);
-			$env_var = substr($env_var, 0, $more_vars);
-		}
-
 		// replace escaped ":" symbol not to explode by it
 		$env_var = str_replace('\:', '_&+$$+&_', $env_var); // replace escaped "=" with spec-chars :)
 		$parts = explode(':', $env_var);
@@ -160,19 +156,6 @@
 		$ssl = isset($params['__SSL__']) ? $params['__SSL__'] : 0;
 		$sid = isset($params['sid']) && !$this->Application->RewriteURLs($ssl) ? $params['sid'] : '';
 
-		$ret = '';
-		if ( $env_var ) {
-			$ret = ENV_VAR_NAME . '=';
-		}
-
-		$ret .= $sid . '-'; // SID-TEMPLATE
-
-		$encode = false;
-		if ( isset($params['__URLENCODE__']) ) {
-			$encode = $params['__URLENCODE__'];
-			unset($params['__URLENCODE__']);
-		}
-
 		if ( isset($params['__SSL__']) ) {
 			unset($params['__SSL__']);
 		}
@@ -214,31 +197,17 @@
 			}
 		}
 
-		$ret .= $t . ':' . $this->BuildModuleEnv('m', $params, $pass_events) . $env_string;
-
+		$env_string = $sid . '-' . $t . ':' . $this->BuildModuleEnv('m', $params, $pass_events) . $env_string;
 		unset($params['pass'], $params['opener'], $params['m_event']);
+		$params = array(ENV_VAR_NAME => $env_string) + $params;
 
-		// TODO: tag, which uses resulting url should do escaping
-		if ( array_key_exists('escape', $params) && $params['escape'] ) {
-			$ret = kUtil::escape($ret, kUtil::ESCAPE_JS);
-			unset($params['escape']);
-		}
+		$params_str = http_build_query($params);
+		$ret = str_replace('%23', '#', $params_str);
 
-		if ( $params ) {
-			$params_str = '';
-			$join_string = $encode ? '&' : '&amp;';
-
-			foreach ($params as $param => $value) {
-				$params_str .= $join_string . $param . '=' . $value;
-			}
-
-			$ret .= $params_str;
+		if ( !$env_var ) {
+			$ret = substr($ret, strlen(ENV_VAR_NAME) + 1);
 		}
 
-		if ( $encode ) {
-			$ret = str_replace('\\', '%5C', $ret);
-		}
-
 		return $ret;
 	}
 
Index: branches/5.2.x/core/units/helpers/geocode_helper.php
===================================================================
diff -u -r15856 -r16339
--- branches/5.2.x/core/units/helpers/geocode_helper.php	(.../geocode_helper.php)	(revision 15856)
+++ branches/5.2.x/core/units/helpers/geocode_helper.php	(.../geocode_helper.php)	(revision 16339)
@@ -1,6 +1,6 @@
 <?php
 /**
-* @version	$Id: geocode_helper.php 15856 2013-07-02 14:56:00Z alex $
+* @version	$Id: geocode_helper.php 16339 2016-04-02 13:45:52Z alex $
 * @package	In-Portal
 * @copyright	Copyright (C) 1997 - 2009 Intechnic. All rights reserved.
 * @license      GNU/GPL
@@ -81,22 +81,26 @@
 		// http://maps.google.com/maps/geo?
 		// ABQIAAAAzNbTbxHki-PAnXzsrA7z2hR0fs2_a3JecCfKmMFhGT8VtEjV7xRV8rMK1czaEH2ZG3eiYJMuej_vnQ
 
-		    $qaddress = $address.', '.$city.', '.$state;
-		    $request_url = $this->Application->ConfigValue('GoogleMapsURL').'output=xml&key='.
-		    	$this->Application->ConfigValue('GoogleMapsKey').'&q='.kUtil::escape($qaddress, kUtil::ESCAPE_URL);
+			$delay = 0;
+			$query_address = $address . ', ' . $city . ', ' . $state;
 
-		    $curl_helper = $this->Application->recallObject('CurlHelper');
+			$curl_helper = $this->Application->recallObject('CurlHelper');
 			/* @var $curl_helper kCurlHelper */
 
-		    $delay = 0;
-		    while (true)
-		    {
-			    $xml = $curl_helper->Send($request_url);
+			while ( true ) {
+				$curl_helper->SetRequestData(array(
+					'output' => 'xml',
+					'key' => $this->Application->ConfigValue('GoogleMapsKey'),
+					'q' => $query_address
+				));
 
-			    if (strpos($xml, '<code>620</code>')) {
-			    	$delay += 100000;
-			    } elseif (strpos($xml, '<code>200</code>')) {
-			    	// get latitude, longitude and zip  from xml-answer
+				$xml = $curl_helper->Send($this->Application->ConfigValue('GoogleMapsURL'));
+
+				if ( strpos($xml, '<code>620</code>') ) {
+					$delay += 100000;
+				}
+				elseif ( strpos($xml, '<code>200</code>') ) {
+					// get latitude, longitude and zip  from xml-answer
 					$a_coords = explode(',', $this->getTag('coordinates', $xml));
 					$lat = $a_coords[1];
 					$lon = abs($a_coords[0]); // set to positive, because required by SQL formula
@@ -105,20 +109,21 @@
 					$carrier = '';
 					$assoc_data = Array();
 					break;
-			    } else {
+				}
+				else {
 					$lon = '';
 					$lat = '';
 					$zip4 = '';
 					$dpbc = '';
 					$carrier = '';
 					$assoc_data = Array();
 					break;
-			    }
-		    	usleep($delay);
-		    }
+				}
 
-			return Array($lon, $lat, $zip4, $dpbc, $carrier, serialize($assoc_data));
+				usleep($delay);
+			}
 
+			return Array($lon, $lat, $zip4, $dpbc, $carrier, serialize($assoc_data));
 		}
 
 		/**
Index: branches/5.2.x/core/admin_templates/catalog/advanced_view.tpl
===================================================================
diff -u -r15906 -r16339
--- branches/5.2.x/core/admin_templates/catalog/advanced_view.tpl	(.../advanced_view.tpl)	(revision 15906)
+++ branches/5.2.x/core/admin_templates/catalog/advanced_view.tpl	(.../advanced_view.tpl)	(revision 16339)
@@ -23,7 +23,7 @@
 	  				$(document).ready(
 	  					function() {
 	  						Application.SetVar('continue', 1);
-	  						openSelector('c', '<inp2:m_t t="categories/cache_updater" pass="m"/>');
+	  						openSelector('c', '<inp2:m_t t="categories/cache_updater" pass="m" no_amp="1" js_escape="1"/>');
 	  					}
 	  				);
 	  			</inp2:m_if>
@@ -38,7 +38,7 @@
 	  				this.switchTab();
 	  			}
 
-	  			var $Catalog = new Catalog('<inp2:m_Link template="#TEMPLATE_NAME#" pass_through="ts,td" ts="showall" td="no" m_cat_id="#CATEGORY_ID#" no_amp="1"/>', 'advanced_view_', 'AdvancedView');
+	  			var $Catalog = new Catalog('<inp2:m_Link template="#TEMPLATE_NAME#" pass_through="ts,td" ts="showall" td="no" m_cat_id="#CATEGORY_ID#" no_amp="1" js_escape="1"/>', 'advanced_view_', 'AdvancedView');
 				var a_toolbar = new ToolBar();
 
 					<inp2:m_set ts="showall" td="no"/>
@@ -87,7 +87,7 @@
 						var $kf = document.getElementById($form_name);
 
 						var $prev_action = $kf.action;
-						$kf.action = '<inp2:m_t pass="all" no_pass_through="1"/>';
+						$kf.action = '<inp2:m_t pass="all" no_pass_through="1" no_amp="1" js_escape="1"/>';
 
 						set_hidden_field('remove_specials[' + $Catalog.ActivePrefix + ']', 1);
 						std_edit_item(
@@ -103,7 +103,7 @@
 						var $kf = document.getElementById($form_name);
 
 						var $prev_action = $kf.action;
-						$kf.action = '<inp2:m_t pass="all" no_pass_through="1"/>';
+						$kf.action = '<inp2:m_t pass="all" no_pass_through="1" no_amp="1" js_escape="1"/>';
 
 						set_hidden_field('remove_specials[' + $Catalog.ActivePrefix + ']', 1);
 						std_precreate_item(
@@ -130,7 +130,7 @@
 	var $menu_frame = getFrame('menu');
 	if (typeof $menu_frame.ShowStructure != 'undefined') {
 		<inp2:m_DefineElement name="structure_node"><inp2:m_param name="section_url"/></inp2:m_DefineElement>
-		$menu_frame.ShowStructure('<inp2:adm_PrintSection js_escape="1" render_as="structure_node" section_name="in-portal:browse"/>', false);
+		$menu_frame.ShowStructure('<inp2:adm_PrintSection render_as="structure_node" section_name="in-portal:browse" js_escape="1"/>', false);
 	}
 
 	Application.setHook(
Index: branches/5.2.x/core/units/content/content_eh.php
===================================================================
diff -u -r16016 -r16339
--- branches/5.2.x/core/units/content/content_eh.php	(.../content_eh.php)	(revision 16016)
+++ branches/5.2.x/core/units/content/content_eh.php	(.../content_eh.php)	(revision 16339)
@@ -1,6 +1,6 @@
 <?php
 /**
-* @version	$Id: content_eh.php 16016 2014-03-19 20:18:21Z alex $
+* @version	$Id: content_eh.php 16339 2016-04-02 13:45:52Z alex $
 * @package	In-Portal
 * @copyright	Copyright (C) 1997 - 2009 Intechnic. All rights reserved.
 * @license      GNU/GPL
@@ -74,7 +74,7 @@
 			$transit_params = $fck_helper->getTransitParams();
 
 			foreach ($transit_params as $param_name => $param_value) {
-				$event->SetRedirectParam($param_name, kUtil::escape($param_value, kUtil::ESCAPE_URL));
+				$event->SetRedirectParam($param_name, $param_value);
 			}
 		}
 
Index: branches/5.2.x/core/kernel/managers/request_manager.php
===================================================================
diff -u -r15252 -r16339
--- branches/5.2.x/core/kernel/managers/request_manager.php	(.../request_manager.php)	(revision 15252)
+++ branches/5.2.x/core/kernel/managers/request_manager.php	(.../request_manager.php)	(revision 16339)
@@ -1,6 +1,6 @@
 <?php
 /**
-* @version	$Id: request_manager.php 15252 2012-03-30 17:49:37Z alex $
+* @version	$Id: request_manager.php 16339 2016-04-02 13:45:52Z alex $
 * @package	In-Portal
 * @copyright	Copyright (C) 1997 - 2010 Intechnic. All rights reserved.
 * @license      GNU/GPL
@@ -432,7 +432,7 @@
 		/* @var $opener_stack kOpenerStack */
 
 		// change opener stack
-		$default_params = Array ('m_opener' => 'u', '__URLENCODE__' => 1);
+		$default_params = Array ('m_opener' => 'u');
 
 		if ( !$this->Application->ConfigValue('UsePopups') && $opener_stack->getWindowID() ) {
 			// remove wid to show combined header block in editing window
Index: branches/5.2.x/core/admin_templates/promo_blocks/promo_block_list.tpl
===================================================================
diff -u -r15373 -r16339
--- branches/5.2.x/core/admin_templates/promo_blocks/promo_block_list.tpl	(.../promo_block_list.tpl)	(revision 15373)
+++ branches/5.2.x/core/admin_templates/promo_blocks/promo_block_list.tpl	(.../promo_block_list.tpl)	(revision 16339)
@@ -119,7 +119,7 @@
 						'tools',
 						'<inp2:m_phrase label="la_ToolTip_Settings" escape="1"/>',
 						function () {
-							direct_edit('promo-block', '<inp2:promo-block-group_EditLink edit_template="promo_block_groups/promo_block_group_edit" js_escape="1" no_amp="1"/>');
+							direct_edit('promo-block', '<inp2:promo-block-group_EditLink edit_template="promo_block_groups/promo_block_group_edit" js_escape="1"/>');
 						}
 					)
 				);
Index: branches/5.2.x/core/admin_templates/users/users_list.tpl
===================================================================
diff -u -r14663 -r16339
--- branches/5.2.x/core/admin_templates/users/users_list.tpl	(.../users_list.tpl)	(revision 14663)
+++ branches/5.2.x/core/admin_templates/users/users_list.tpl	(.../users_list.tpl)	(revision 16339)
@@ -33,7 +33,7 @@
 						'setprimary',
 						'<inp2:m_phrase label="la_ToolTip_PrimaryGroup" escape="1"/>::<inp2:m_phrase label="la_ShortToolTip_SetPrimary" escape="1"/>',
 						function() {
-							openSelector('u.regular', '<inp2:m_Link t="users/group_selector" pass="m,u"/>', 'PrimaryGroupId', '800x600', 'OnSaveSelected');
+							openSelector('u.regular', '<inp2:m_Link t="users/group_selector" pass="m,u" no_amp="1" js_escape="1"/>', 'PrimaryGroupId', '800x600', 'OnSaveSelected');
 						}
 					)
 				);*/
@@ -79,7 +79,7 @@
 							function() {
 								Application.SetVar('remove_specials[u.regular]', 1);
 								Application.SetVar('mailing_recipient_type', 'u');
-								openSelector('mailing-list', '<inp2:m_Link template="mailing_lists/mailing_list_edit"/>', 'UserEmail', null, 'OnNew');
+								openSelector('mailing-list', '<inp2:m_Link template="mailing_lists/mailing_list_edit" no_amp="1" js_escape="1"/>', 'UserEmail', null, 'OnNew');
 							}
 						)
 					);
Index: branches/5.2.x/core/admin_templates/tools/backup3.tpl
===================================================================
diff -u -r14244 -r16339
--- branches/5.2.x/core/admin_templates/tools/backup3.tpl	(.../backup3.tpl)	(revision 14244)
+++ branches/5.2.x/core/admin_templates/tools/backup3.tpl	(.../backup3.tpl)	(revision 16339)
@@ -9,7 +9,7 @@
   		<script type="text/javascript">
 				a_toolbar = new ToolBar();
 				a_toolbar.AddButton( new ToolBarButton('prev', '<inp2:m_phrase label="la_ToolTip_Prev" escape="1"/>', function() {
-							location.href = '<inp2:m_Link t="tools/backup1"/>';;
+							location.href = '<inp2:m_Link t="tools/backup1" no_amp="1" js_escape="1"/>';
 						}
 					) );
 				a_toolbar.AddButton( new ToolBarButton('next', '<inp2:m_phrase label="la_ToolTip_Next" escape="1"/>', function() {
Index: branches/5.2.x/core/admin_templates/browser/frmresourceslist.tpl
===================================================================
diff -u -r14244 -r16339
--- branches/5.2.x/core/admin_templates/browser/frmresourceslist.tpl	(.../frmresourceslist.tpl)	(revision 14244)
+++ branches/5.2.x/core/admin_templates/browser/frmresourceslist.tpl	(.../frmresourceslist.tpl)	(revision 16339)
@@ -432,12 +432,12 @@
 //	'admin/index.php?env=-dummy:fck--OnLoadCmsTree---&admin=1'
 
 
-	var files_list_url = '<inp2:m_Link template="dummy" sort_by="#SORT_BY#" order_by="#ORDER_BY#" folder="#FOLDER#" pass="m,fck" fck_event="OnGetFoldersFilesList" no_amp="1"/>'
-	// '<inp2:m_Link template="core/browser/xml/files_list" sort_by="#SORT_BY#" order_by="#ORDER_BY#" folder="#FOLDER#" no_amp="1"/>'
+	var files_list_url = '<inp2:m_Link template="dummy" sort_by="#SORT_BY#" order_by="#ORDER_BY#" folder="#FOLDER#" pass="m,fck" fck_event="OnGetFoldersFilesList" no_amp="1" js_escape="1"/>'
+	// '<inp2:m_Link template="core/browser/xml/files_list" sort_by="#SORT_BY#" order_by="#ORDER_BY#" folder="#FOLDER#" no_amp="1" js_escape="1"/>'
 	var files_list = new AjaxFilesList(files_list_url);
-	var rename_url = '<inp2:m_Link template="dummy" old_name="#OLD_NAME#" new_name="#NEW_NAME#" folder="#FOLDER#" pass="m,fck" fck_event="OnRenameFile" no_amp="1"/>';
-	var delete_url = '<inp2:m_Link template="dummy" files="#FILES#" folder="#FOLDER#" pass="m,fck" fck_event="OnDeleteFiles" no_amp="1"/>';
-	var create_folder_url = '<inp2:m_Link template="dummy" current_folder="#CURRENT_FOLDER#" new_folder="#FOLDER#" pass="m,fck" fck_event="OnCreateFolder" no_amp="1"/>';
+	var rename_url = '<inp2:m_Link template="dummy" old_name="#OLD_NAME#" new_name="#NEW_NAME#" folder="#FOLDER#" pass="m,fck" fck_event="OnRenameFile" no_amp="1" js_escape="1"/>';
+	var delete_url = '<inp2:m_Link template="dummy" files="#FILES#" folder="#FOLDER#" pass="m,fck" fck_event="OnDeleteFiles" no_amp="1" js_escape="1"/>';
+	var create_folder_url = '<inp2:m_Link template="dummy" current_folder="#CURRENT_FOLDER#" new_folder="#FOLDER#" pass="m,fck" fck_event="OnCreateFolder" no_amp="1" js_escape="1"/>';
 
 	window.onload = function()
 	{
Index: branches/5.2.x/core/admin_templates/users/user_edit_items.tpl
===================================================================
diff -u -r14726 -r16339
--- branches/5.2.x/core/admin_templates/users/user_edit_items.tpl	(.../user_edit_items.tpl)	(revision 14726)
+++ branches/5.2.x/core/admin_templates/users/user_edit_items.tpl	(.../user_edit_items.tpl)	(revision 16339)
@@ -42,7 +42,7 @@
 					}
 				}*/
 
-	  			var $Catalog = new Catalog('<inp2:m_Link template="#TEMPLATE_NAME#" pass_through="ts" ts="user" pass="m,u" no_amp="1"/>', 'useritems_', 'UserItemEditor');
+	  			var $Catalog = new Catalog('<inp2:m_Link template="#TEMPLATE_NAME#" pass_through="ts" ts="user" pass="m,u" no_amp="1" js_escape="1"/>', 'useritems_', 'UserItemEditor');
 
 				a_toolbar = new ToolBar();
 				a_toolbar.AddButton( new ToolBarButton('select', '<inp2:m_phrase label="la_ToolTip_Save" escape="1"/>', function() {
@@ -90,7 +90,7 @@
 					var $kf = document.getElementById($form_name);
 
 					var $prev_action = $kf.action;
-					$kf.action = '<inp2:m_t pass="all" no_pass_through="1"/>';
+					$kf.action = '<inp2:m_t pass="all" no_pass_through="1" no_amp="1" js_escape="1"/>';
 
 					set_hidden_field('remove_specials[' + $Catalog.ActivePrefix + ']', 1);
 					std_edit_item(
Index: branches/5.2.x/core/admin_templates/no_permission.tpl
===================================================================
diff -u -r14244 -r16339
--- branches/5.2.x/core/admin_templates/no_permission.tpl	(.../no_permission.tpl)	(revision 14244)
+++ branches/5.2.x/core/admin_templates/no_permission.tpl	(.../no_permission.tpl)	(revision 16339)
@@ -42,7 +42,7 @@
 				<inp2:m_ifnot check="m_LoggedIn">
 					$(document).ready(
 						function () {
-							window.location.href = '<inp2:m_t t="index" expired="1" escape="1" no_amp="1" m_wid=""/>';
+							window.location.href = '<inp2:m_t t="index" expired="1" m_wid="" no_amp="1" js_escape="1"/>';
 						}
 					);
 				</inp2:m_ifnot>
Index: branches/5.2.x/core/kernel/languages/phrases_cache.php
===================================================================
diff -u -r15905 -r16339
--- branches/5.2.x/core/kernel/languages/phrases_cache.php	(.../phrases_cache.php)	(revision 15905)
+++ branches/5.2.x/core/kernel/languages/phrases_cache.php	(.../phrases_cache.php)	(revision 16339)
@@ -1,6 +1,6 @@
 <?php
 /**
-* @version	$Id: phrases_cache.php 15905 2013-07-16 13:04:20Z alex $
+* @version	$Id: phrases_cache.php 16339 2016-04-02 13:45:52Z alex $
 * @package	In-Portal
 * @copyright	Copyright (C) 1997 - 2009 Intechnic. All rights reserved.
 * @license      GNU/GPL
@@ -113,8 +113,7 @@
 					'm_opener' => 'd',
 					'phrases_label' => '#LABEL#',
 					'phrases_event' => 'OnPreparePhrase',
-					'next_template' => kUtil::escape('external:' . $_SERVER['REQUEST_URI'], kUtil::ESCAPE_URL),
-					'__URLENCODE__' => 1,
+					'next_template' => 'external:' . $_SERVER['REQUEST_URI'],
 					'pass' => 'm,phrases'
 				);
 
Index: branches/5.2.x/core/admin_templates/tools/restore3.tpl
===================================================================
diff -u -r14244 -r16339
--- branches/5.2.x/core/admin_templates/tools/restore3.tpl	(.../restore3.tpl)	(revision 14244)
+++ branches/5.2.x/core/admin_templates/tools/restore3.tpl	(.../restore3.tpl)	(revision 16339)
@@ -14,7 +14,7 @@
 		}
 	);
 
-	$Restore = new AjaxProgressBar('<inp2:m_t t="dummy" adm.restore_event="OnRestoreProgress" pass="m,adm.restore" js_escape="1"/>');
+	$Restore = new AjaxProgressBar('<inp2:m_t t="dummy" adm.restore_event="OnRestoreProgress" pass="m,adm.restore" no_amp="1" js_escape="1"/>');
 </script>
 
 <inp2:m_include t="incs/footer"/>
\ No newline at end of file
Index: branches/5.2.x/core/admin_templates/modules/modules_list.tpl
===================================================================
diff -u -r14244 -r16339
--- branches/5.2.x/core/admin_templates/modules/modules_list.tpl	(.../modules_list.tpl)	(revision 14244)
+++ branches/5.2.x/core/admin_templates/modules/modules_list.tpl	(.../modules_list.tpl)	(revision 16339)
@@ -17,7 +17,7 @@
   				$(document).ready(
   					function() {
   						Application.SetVar('continue', 1);
-  						openSelector('c', '<inp2:m_t t="categories/cache_updater" pass="m"/>');
+  						openSelector('c', '<inp2:m_t t="categories/cache_updater" pass="m" no_amp="1" js_escape="1"/>');
   					}
   				);
   			</inp2:m_if>
Index: branches/5.2.x/core/admin_templates/login.tpl
===================================================================
diff -u -r15459 -r16339
--- branches/5.2.x/core/admin_templates/login.tpl	(.../login.tpl)	(revision 15459)
+++ branches/5.2.x/core/admin_templates/login.tpl	(.../login.tpl)	(revision 16339)
@@ -245,7 +245,7 @@
 			}
 
 			function close_windows() {
-				page = '<inp2:m_t t="index" expired="1" escape="1" no_amp="1" m_wid=""/>'; // a_parent.location.href + '?expired=1';
+				page = '<inp2:m_t t="index" expired="1" m_wid="" no_amp="1" js_escape="1"/>'; // a_parent.location.href + '?expired=1';
 	//			alert('redirecting ' + a_parent.name + ' to ' + page);
 				a_parent.location.href = page;
 
Index: branches/5.2.x/core/kernel/utility/formatters/upload_formatter.php
===================================================================
diff -u -r16029 -r16339
--- branches/5.2.x/core/kernel/utility/formatters/upload_formatter.php	(.../upload_formatter.php)	(revision 16029)
+++ branches/5.2.x/core/kernel/utility/formatters/upload_formatter.php	(.../upload_formatter.php)	(revision 16339)
@@ -1,6 +1,6 @@
 <?php
 /**
-* @version	$Id: upload_formatter.php 16029 2014-05-16 09:57:00Z alex $
+* @version	$Id: upload_formatter.php 16339 2016-04-02 13:45:52Z alex $
 * @package	In-Portal
 * @copyright	Copyright (C) 1997 - 2011 Intechnic. All rights reserved.
 * @license      GNU/GPL
@@ -481,9 +481,9 @@
 				}
 				else {
 					$url_params = Array (
-						'no_amp' => 1, 'pass' => 'm,'.$object->Prefix,
+						'pass' => 'm,'.$object->Prefix,
 						$object->Prefix . '_event' => 'OnViewFile',
-						'file' => kUtil::escape($value, kUtil::ESCAPE_URL), 'field' => $field_name
+						'file' => $value, 'field' => $field_name
 					);
 
 					return $this->Application->HREF('', '', $url_params);
Index: branches/5.2.x/core/admin_templates/head.tpl
===================================================================
diff -u -r16062 -r16339
--- branches/5.2.x/core/admin_templates/head.tpl	(.../head.tpl)	(revision 16062)
+++ branches/5.2.x/core/admin_templates/head.tpl	(.../head.tpl)	(revision 16339)
@@ -5,7 +5,7 @@
 <inp2:m_Set skip_last_template="1"/>
 
 <script type="text/javascript">
-	$popup_manager = new AjaxPopupManager('<inp2:m_Link template="index" js_escape="1"/>');
+	$popup_manager = new AjaxPopupManager('<inp2:m_Link template="index" no_amp="1" js_escape="1"/>');
 	grid_widths_cache = new Array();
 </script>
 
@@ -22,7 +22,7 @@
 		<table class="head-table" style="width: 100%;" cellpadding="0" cellspacing="0">
 			<td style="height: 95px; text-align: left;">
 				<div class="layout" style="top: 0px; left: 0px; vertical-align: top;">
-					<a href="<inp2:adm_PrintSection render_as='root_node' section_name='in-portal:browse_site'/>" target="main">
+					<a href="<inp2:adm_PrintSection render_as='root_node' section_name='in-portal:browse_site' html_escape='1'/>" target="main">
 						<img src="<inp2:adm_AdminSkin type='logo'/>" alt="" border="0"/>
 					</a>
 				</div>
@@ -50,7 +50,7 @@
 					</a>##-->
 
 					<inp2:m_if check="adm_AdminSkin" type="DisplaySiteNameInHeader">
-						<a href="<inp2:adm_PrintSection render_as='root_node' section_name='in-portal:browse_site'/>" target="main">
+						<a href="<inp2:adm_PrintSection render_as='root_node' section_name='in-portal:browse_site' html_escape='1'/>" target="main">
 							<inp2:m_GetConfig var="Site_Name"/>
 						</a>
 					</inp2:m_if>
@@ -81,10 +81,10 @@
 							<td class="kx-block-header" style="background-image: none;">
 								<inp2:m_phrase name="la_Logged_in_as"/> <strong><a href="javascript:change_password();" class="kx-header-link"><inp2:u.current_LoginName/></strong></a>
 								|
-								<a href="<inp2:m_t t="index" u_event="OnLogout" pass="m,u"/>" target="_parent" class="kx-header-link"><strong><inp2:m_Phrase label="la_Logout"/></strong></a>
+								<a href="<inp2:m_t t='index' u_event='OnLogout' pass='m,u'/>" target="_parent" class="kx-header-link"><strong><inp2:m_Phrase label="la_Logout"/></strong></a>
 							</td>
 							<td>
-								<a href="<inp2:m_t t="index" u_event="OnLogout" pass="m,u"/>" target="_parent"><img src="<inp2:adm_ModulePath module='core'/>img/x.gif" alt="" width="15" height="15" /></a>
+								<a href="<inp2:m_t t='index' u_event='OnLogout' pass='m,u'/>" target="_parent"><img src="<inp2:adm_ModulePath module='core'/>img/x.gif" alt="" width="15" height="15" /></a>
 							</td>
 						</tr>
 						</table>
@@ -119,7 +119,7 @@
 		</inp2:m_if>
 	}
 
-	$FrameResizer = new FrameResizer('<inp2:m_Phrase name="la_ToolTip_ShowMenu" js_escape="1"/>', '<inp2:m_Phrase name="la_ToolTip_HideMenu" js_escape="1"/>', window.parent, '<inp2:m_Link pass="m,adm" adm_event="OnSaveSetting" var_name="#NAME#" var_value="#VALUE#" no_amp="1"/>', <inp2:adm_MenuFrameWidth/>);
+	$FrameResizer = new FrameResizer('<inp2:m_Phrase name="la_ToolTip_ShowMenu" js_escape="1"/>', '<inp2:m_Phrase name="la_ToolTip_HideMenu" js_escape="1"/>', window.parent, '<inp2:m_Link pass="m,adm" adm_event="OnSaveSetting" var_name="#NAME#" var_value="#VALUE#" no_amp="1" js_escape="1"/>', <inp2:adm_MenuFrameWidth/>);
 	$FrameResizer.InitControls($FrameResizer);
 	$FrameResizer.SetStatus(<inp2:m_if check="m_RecallEquals" name="ShowAdminMenu" value="0" persistent="1">0<inp2:m_else/>1</inp2:m_if>);
 </script>
Index: branches/5.2.x/core/units/admin/admin_config.php
===================================================================
diff -u -r15718 -r16339
--- branches/5.2.x/core/units/admin/admin_config.php	(.../admin_config.php)	(revision 15718)
+++ branches/5.2.x/core/units/admin/admin_config.php	(.../admin_config.php)	(revision 16339)
@@ -1,6 +1,6 @@
 <?php
 /**
-* @version	$Id: admin_config.php 15718 2013-03-25 17:18:24Z alex $
+* @version	$Id: admin_config.php 16339 2016-04-02 13:45:52Z alex $
 * @package	In-Portal
 * @copyright	Copyright (C) 1997 - 2009 Intechnic. All rights reserved.
 * @license      GNU/GPL
@@ -60,7 +60,7 @@
 				'parent'		=>	null,
 				'icon'			=>	'site',
 				'label'			=>	'SITE_NAME',
-				'url'			=>	Array ('t' => 'index', 'pass' => 'm', 'pass_section' => true, 'no_amp' => 1),
+				'url'			=>	Array ('t' => 'index', 'pass' => 'm'),
 				'permissions'	=>	Array ('view'),
 				'priority'		=>	0,
 				'container'		=>	true,
Index: branches/5.2.x/core/admin_templates/catalog/catalog.tpl
===================================================================
diff -u -r15906 -r16339
--- branches/5.2.x/core/admin_templates/catalog/catalog.tpl	(.../catalog.tpl)	(revision 15906)
+++ branches/5.2.x/core/admin_templates/catalog/catalog.tpl	(.../catalog.tpl)	(revision 16339)
@@ -24,7 +24,7 @@
 	  				$(document).ready(
 	  					function() {
 	  						Application.SetVar('continue', 1);
-	  						openSelector('c', '<inp2:m_t t="categories/cache_updater" pass="m"/>');
+	  						openSelector('c', '<inp2:m_t t="categories/cache_updater" pass="m" no_amp="1" js_escape="1"/>');
 	  					}
 	  				);
 	  			</inp2:m_if>
@@ -35,7 +35,7 @@
 
 	  			Request.progressText = '<inp2:m_phrase name="la_title_Loading" no_editing="1" escape="1"/>';
 	  			var $is_catalog = true;
-	  			var $Catalog = new Catalog('<inp2:m_Link template="#TEMPLATE_NAME#" m_cat_id="#CATEGORY_ID#" no_amp="1"/>', 'catalog_', 'Catalog');
+	  			var $Catalog = new Catalog('<inp2:m_Link template="#TEMPLATE_NAME#" m_cat_id="#CATEGORY_ID#" no_amp="1" js_escape="1"/>', 'catalog_', 'Catalog');
 				$Catalog.TabByCategory = <inp2:m_if check="m_GetConfig" name="Catalog_PreselectModuleTab">true<inp2:m_else/>false</inp2:m_if>;
 
 				var a_toolbar = new ToolBar();
@@ -220,7 +220,7 @@
 				function executeButton($button_name) {
 					switch ($button_name) {
 						case 'editcat':
-							var $edit_url = '<inp2:m_t t="#TEMPLATE#" m_opener="d" c_mode="t" c_event="OnEdit" c_id="#CATEGORY_ID#" pass="all,c" no_amp="1"/>';
+							var $edit_url = '<inp2:m_t t="#TEMPLATE#" m_opener="d" c_mode="t" c_event="OnEdit" c_id="#CATEGORY_ID#" pass="all,c" no_amp="1" js_escape="1"/>';
 							var $category_id = get_hidden_field('m_cat_id');
 							var $redirect_url = $edit_url.replace('#CATEGORY_ID#', $category_id);
 							$redirect_url = $redirect_url.replace('#TEMPLATE#', $category_id == 0 || $category_id == <inp2:c_HomeCategory/> ? 'categories/categories_edit_permissions' : 'categories/categories_edit');
@@ -241,7 +241,7 @@
 							break;
 
 						case 'rebuild_cache':
-							openSelector('c', '<inp2:m_t t="categories/cache_updater" pass="m"/>');
+							openSelector('c', '<inp2:m_t t="categories/cache_updater" pass="m" no_amp="1" js_escape="1"/>');
 							break;
 
 						case 'recalculate_priorities':
@@ -290,7 +290,7 @@
 	var $menu_frame = getFrame('menu');
 	if (typeof $menu_frame.ShowStructure != 'undefined') {
 		<inp2:m_DefineElement name="structure_node"><inp2:m_param name="section_url"/></inp2:m_DefineElement>
-		$menu_frame.ShowStructure('<inp2:adm_PrintSection js_escape="1" render_as="structure_node" section_name="in-portal:browse"/>', true);
+		$menu_frame.ShowStructure('<inp2:adm_PrintSection render_as="structure_node" section_name="in-portal:browse" js_escape="1"/>', true);
 	}
 
 	Application.setHook(
Index: branches/5.2.x/core/admin_templates/categories/categories_edit_relations.tpl
===================================================================
diff -u -r14244 -r16339
--- branches/5.2.x/core/admin_templates/categories/categories_edit_relations.tpl	(.../categories_edit_relations.tpl)	(revision 14244)
+++ branches/5.2.x/core/admin_templates/categories/categories_edit_relations.tpl	(.../categories_edit_relations.tpl)	(revision 16339)
@@ -37,7 +37,7 @@
 				//Relations related:
 				a_toolbar.AddButton( new ToolBarButton('new_item', '<inp2:m_phrase label="la_ToolTip_New_Relation" escape="1"/>::<inp2:m_phrase label="la_ToolTip_Add" escape="1"/>',
 						function() {
-							openSelector('c-rel', '<inp2:adm_SelectorLink prefix="c-rel" selection_mode="single" tab_prefixes="all"/>', 'TargetId', '950x600');
+							openSelector('c-rel', '<inp2:adm_SelectorLink prefix="c-rel" selection_mode="single" tab_prefixes="all" no_amp="1" js_escape="1"/>', 'TargetId', '950x600');
 						} ) );
 
 				function edit()
Index: branches/5.2.x/core/units/categories/categories_tag_processor.php
===================================================================
diff -u -r16308 -r16339
--- branches/5.2.x/core/units/categories/categories_tag_processor.php	(.../categories_tag_processor.php)	(revision 16308)
+++ branches/5.2.x/core/units/categories/categories_tag_processor.php	(.../categories_tag_processor.php)	(revision 16339)
@@ -1,6 +1,6 @@
 <?php
 /**
-* @version	$Id: categories_tag_processor.php 16308 2016-01-17 11:36:43Z alex $
+* @version	$Id: categories_tag_processor.php 16339 2016-04-02 13:45:52Z alex $
 * @package	In-Portal
 * @copyright	Copyright (C) 1997 - 2011 Intechnic. All rights reserved.
 * @license      GNU/GPL
@@ -473,7 +473,7 @@
 		list($index_file, $env) = explode('|', $this->Application->RecallVar(rtrim('last_template_'.$wid, '_')), 2);
 
 		$vars_backup = Array ();
-		$vars = $this->Application->processQueryString( str_replace('%5C', '\\', $env) );
+		$vars = $this->Application->processQueryString($env);
 
 		foreach ($vars as $var_name => $var_value) {
 			$vars_backup[$var_name] = $this->Application->GetVar($var_name);
@@ -1010,14 +1010,16 @@
 		}
 
 		// 3. suggestion not found in database, ask webservice
-		$app_id = $this->Application->ConfigValue('YahooApplicationId');
-		$url = 'http://search.yahooapis.com/WebSearchService/V1/spellingSuggestion?appid=' . $app_id . '&query=';
-
 		$curl_helper = $this->Application->recallObject('CurlHelper');
 		/* @var $curl_helper kCurlHelper */
 
-		$xml_data = $curl_helper->Send( $url . kUtil::escape($keywords, kUtil::ESCAPE_URL) );
+		$curl_helper->SetRequestData(array(
+			'appid' => $this->Application->ConfigValue('YahooApplicationId'),
+			'query' => $keywords,
+		));
 
+		$xml_data = $curl_helper->Send('http://search.yahooapis.com/WebSearchService/V1/spellingSuggestion');
+
 		$xml_helper = $this->Application->recallObject('kXMLHelper');
 		/* @var $xml_helper kXMLHelper */
 
@@ -1464,10 +1466,10 @@
 		$template = $this->Application->GetVar('t');
 		$theme_id = $this->Application->GetVar('m_theme');
 
-		$url_params = Array ('block' => '#BLOCK#', 'theme-file_event' => '#EVENT#', 'theme_id' => $theme_id, 'source' => $template, 'pass' => 'all,theme-file', 'front' => 1, 'm_opener' => 'd', '__NO_REWRITE__' => 1, 'no_amp' => 1);
+		$url_params = Array ('block' => '#BLOCK#', 'theme-file_event' => '#EVENT#', 'theme_id' => $theme_id, 'source' => $template, 'pass' => 'all,theme-file', 'front' => 1, 'm_opener' => 'd', '__NO_REWRITE__' => 1);
 		$edit_template_url = $this->Application->HREF('themes/template_edit', ADMIN_DIRECTORY, $url_params, 'index.php');
 
-		$url_params = Array ('theme-file_event' => 'OnSaveLayout', 'source' => $template, 'pass' => 'all,theme-file', '__NO_REWRITE__' => 1, 'no_amp' => 1);
+		$url_params = Array ('theme-file_event' => 'OnSaveLayout', 'source' => $template, 'pass' => 'all,theme-file', '__NO_REWRITE__' => 1);
 		$save_layout_url = $this->Application->HREF('index', '', $url_params);
 
 		$page =& $this->_getPage($params);
@@ -1479,7 +1481,7 @@
 			'pageId' => $page->GetID(),
 			'pageInfo' => $page->isLoaded() ? $page_helper->getPageInfo( $page->GetID() ) : Array (),
 			'editUrl' => $edit_template_url,
-			'browseUrl' => $this->Application->HREF('', '', Array ('editing_mode' => '#EDITING_MODE#', '__NO_REWRITE__' => 1, 'no_amp' => 1)),
+			'browseUrl' => $this->Application->HREF('', '', Array ('editing_mode' => '#EDITING_MODE#', '__NO_REWRITE__' => 1)),
 			'saveLayoutUrl' => $save_layout_url,
 			'editingMode' => (int)EDITING_MODE,
 		);
@@ -1499,7 +1501,7 @@
 			$ret .= "var base_url = '" . $this->Application->BaseURL() . "';" . "\n";
 			$ret .= 'TB.closeHtml = \'<img src="' . $js_url . '/../img/close_window15.gif" width="15" height="15" style="border-width: 0px;" alt="close"/><br/>\';' . "\n";
 
-			$url_params = Array ('m_theme' => '', 'pass' => 'm', 'm_opener' => 'r', '__NO_REWRITE__' => 1, 'no_amp' => 1);
+			$url_params = Array ('m_theme' => '', 'pass' => 'm', 'm_opener' => 'r', '__NO_REWRITE__' => 1);
 			$browse_url = $this->Application->HREF('catalog/catalog', ADMIN_DIRECTORY, $url_params, 'index.php');
 			$browse_url = preg_replace('/&(admin|editing_mode)=[\d]/', '', $browse_url);
 
@@ -1584,7 +1586,6 @@
 					'theme_event'	=>	'OnEdit',
 					'theme-file_id' =>	$this->_getThemeFileId(),
 					'front'			=>	1,
-					'__URLENCODE__'	=>	1,
 					'__NO_REWRITE__'=>	1,
 					'index_file' => 'index.php',
 				);
@@ -1701,7 +1702,6 @@
 					'pass'			=>	'm',
 					'm_opener'		=>	'd',
 					'm_cat_id'		=>	$page->GetID(),
-					'__URLENCODE__'	=>	1,
 					'__NO_REWRITE__'=>	1,
 					'front'			=>	1,
 					'index_file' => 'index.php',
Index: branches/5.2.x/core/admin_templates/incs/grid_blocks.tpl
===================================================================
diff -u -r16307 -r16339
--- branches/5.2.x/core/admin_templates/incs/grid_blocks.tpl	(.../grid_blocks.tpl)	(revision 16307)
+++ branches/5.2.x/core/admin_templates/incs/grid_blocks.tpl	(.../grid_blocks.tpl)	(revision 16339)
@@ -351,7 +351,7 @@
 		<script type="text/javascript">
 			new AJAXDropDown('<inp2:SearchInputName field="$filter_field" filter_type="like" grid="$grid"/>',
 				function(cur_value) {
-					return '<inp2:m_t no_amp="1" pass="m,{$PrefixSpecial}" field="$filter_field" {$PrefixSpecial}_event="OnSuggestValues" cur_value="#VALUE#"/>'.replace('#VALUE#', cur_value);
+					return '<inp2:m_t pass="m,{$PrefixSpecial}" field="$filter_field" {$PrefixSpecial}_event="OnSuggestValues" cur_value="#VALUE#" no_amp="1" js_escape="1"/>'.replace('#VALUE#', cur_value);
 				}
 			);
 		</script>
@@ -719,7 +719,7 @@
 			<inp2:m_RenderElement name="grid_search_buttons" pass_params="1"/>
 		</inp2:m_ifnot>
 
-		GridScrollers['<inp2:m_param name="PrefixSpecial"/>'].SaveURL = '<inp2:m_t pass="m,$PrefixSpecial" {$PrefixSpecial}_event="OnSaveWidths" widths="#WIDTHS#" no_amp="1" grid_name="$grid"/>';
+		GridScrollers['<inp2:m_param name="PrefixSpecial"/>'].SaveURL = '<inp2:m_t pass="m,$PrefixSpecial" {$PrefixSpecial}_event="OnSaveWidths" widths="#WIDTHS#" grid_name="$grid" no_amp="1" js_escape="1"/>';
 
 		<inp2:m_if check="m_Param" name="selector">
 			// 2. scan grid (only when using selector)
Index: branches/5.2.x/core/admin_templates/catalog/item_selector/item_selector_advanced_view.tpl
===================================================================
diff -u -r14244 -r16339
--- branches/5.2.x/core/admin_templates/catalog/item_selector/item_selector_advanced_view.tpl	(.../item_selector_advanced_view.tpl)	(revision 14244)
+++ branches/5.2.x/core/admin_templates/catalog/item_selector/item_selector_advanced_view.tpl	(.../item_selector_advanced_view.tpl)	(revision 16339)
@@ -21,7 +21,7 @@
 	  				this.switchTab();
 	  			}
 
-	  			var $Catalog = new Catalog('<inp2:m_Link template="#TEMPLATE_NAME#" pass_through="ts,td,tm,type" type="item_selector" ts="showall" td="no" m_cat_id="#CATEGORY_ID#" no_amp="1"/>', 'is_advanced_view_', 'ItemSelectorAdvancedView');
+	  			var $Catalog = new Catalog('<inp2:m_Link template="#TEMPLATE_NAME#" pass_through="ts,td,tm,type" type="item_selector" ts="showall" td="no" m_cat_id="#CATEGORY_ID#" no_amp="1" js_escape="1"/>', 'is_advanced_view_', 'ItemSelectorAdvancedView');
 			</script>
 		</td>
 
Index: branches/5.2.x/core/admin_templates/promo_block_groups/section_reload.tpl
===================================================================
diff -u -r15165 -r16339
--- branches/5.2.x/core/admin_templates/promo_block_groups/section_reload.tpl	(.../section_reload.tpl)	(revision 15165)
+++ branches/5.2.x/core/admin_templates/promo_block_groups/section_reload.tpl	(.../section_reload.tpl)	(revision 16339)
@@ -6,7 +6,7 @@
 	</inp2:m_DefineElement>
 	<inp2:adm_PrintSection render_as="structure_node" section_name="in-portal:promo_block_groups"/>
 
-	$menu_frame.SyncActive('<inp2:m_t pass="m" m_opener="r"/>');
+	$menu_frame.SyncActive('<inp2:m_t pass="m" m_opener="r" no_amp="1" js_escape="1"/>');
 </inp2:m_if>
 
 
Index: branches/5.2.x/core/admin_templates/tools/system_tools.tpl
===================================================================
diff -u -r15858 -r16339
--- branches/5.2.x/core/admin_templates/tools/system_tools.tpl	(.../system_tools.tpl)	(revision 15858)
+++ branches/5.2.x/core/admin_templates/tools/system_tools.tpl	(.../system_tools.tpl)	(revision 16339)
@@ -11,7 +11,7 @@
 	}
 
 	function compile_templates() {
-		openwin('<inp2:m_Link template="tools/compile_templates" m_wid="100"/>', 'compile', 800, 575);
+		openwin('<inp2:m_Link template="tools/compile_templates" m_wid="100" no_amp="1" js_escape="1"/>', 'compile', 800, 575);
 	}
 </script>
 
@@ -242,7 +242,7 @@
 						$me.prop('disabled', true).removeClass('button').addClass('button-disabled');
 
 						$.post(
-							'<inp2:m_Link template="dummy" pass="m,adm" adm_event="OnMemoryCacheGet" js_escape="1" no_amp="1"/>',
+							'<inp2:m_Link template="dummy" pass="m,adm" adm_event="OnMemoryCacheGet" no_amp="1" js_escape="1"/>',
 							{
 								key: $('#memory_cache_key_name').val()
 							},
@@ -281,7 +281,7 @@
 						$me.prop('disabled', true).removeClass('button').addClass('button-disabled');
 
 						$.post(
-							'<inp2:m_Link template="dummy" pass="m,adm" adm_event="OnMemoryCacheSet" js_escape="1" no_amp="1"/>',
+							'<inp2:m_Link template="dummy" pass="m,adm" adm_event="OnMemoryCacheSet" no_amp="1" js_escape="1"/>',
 							{
 								key: $('#memory_cache_key_name').val(),
 								value: $('#memory_cache_key_value').val()
Index: branches/5.2.x/core/admin_templates/export/export_complete.tpl
===================================================================
diff -u -r14244 -r16339
--- branches/5.2.x/core/admin_templates/export/export_complete.tpl	(.../export_complete.tpl)	(revision 14244)
+++ branches/5.2.x/core/admin_templates/export/export_complete.tpl	(.../export_complete.tpl)	(revision 16339)
@@ -24,7 +24,7 @@
 <script type="text/javascript">
 	$(document).ready(
 		function() {
-			window.location.href = '<inp2:m_t template="index" adm_event="OnGetCSV" pass="m,adm" no_amp="1"/>';
+			window.location.href = '<inp2:m_t template="index" adm_event="OnGetCSV" pass="m,adm" no_amp="1" js_escape="1"/>';
 		}
 	);
 </script>
Index: branches/5.2.x/core/admin_templates/users/admins_edit_groups.tpl
===================================================================
diff -u -r14244 -r16339
--- branches/5.2.x/core/admin_templates/users/admins_edit_groups.tpl	(.../admins_edit_groups.tpl)	(revision 14244)
+++ branches/5.2.x/core/admin_templates/users/admins_edit_groups.tpl	(.../admins_edit_groups.tpl)	(revision 16339)
@@ -41,7 +41,7 @@
 
 				a_toolbar.AddButton( new ToolBarButton('select_user', '<inp2:m_phrase label="la_ToolTip_AddToGroup" escape="1"/>::<inp2:m_phrase label="la_ToolTip_Add" escape="1"/>',
 						function() {
-							openSelector('u-ug', '<inp2:m_Link t="users/group_selector" pass="m,u"/>', 'GroupId', '800x600');
+							openSelector('u-ug', '<inp2:m_Link t="users/group_selector" pass="m,u" no_amp="1" js_escape="1"/>', 'GroupId', '800x600');
 						} ) );
 
 				a_toolbar.AddButton( new ToolBarButton('edit', '<inp2:m_phrase label="la_ToolTip_Edit" escape="1"/>', edit) );
Index: branches/5.2.x/core/kernel/db/db_tag_processor.php
===================================================================
diff -u -r16314 -r16339
--- branches/5.2.x/core/kernel/db/db_tag_processor.php	(.../db_tag_processor.php)	(revision 16314)
+++ branches/5.2.x/core/kernel/db/db_tag_processor.php	(.../db_tag_processor.php)	(revision 16339)
@@ -1,6 +1,6 @@
 <?php
 /**
-* @version	$Id: db_tag_processor.php 16314 2016-01-17 12:18:46Z alex $
+* @version	$Id: db_tag_processor.php 16339 2016-04-02 13:45:52Z alex $
 * @package	In-Portal
 * @copyright	Copyright (C) 1997 - 2009 Intechnic. All rights reserved.
 * @license      GNU/GPL
@@ -2421,7 +2421,7 @@
 			if ($this->Special == 'import') {
 				// this is used?
 				$this->Application->StoreVar('PermCache_UpdateRequired', 1);
-				$this->Application->Redirect('categories/cache_updater', Array('m_opener' => 'r', 'pass' => 'm', 'continue' => 1, 'no_amp' => 1));
+				$this->Application->Redirect('categories/cache_updater', Array('m_opener' => 'r', 'pass' => 'm', 'continue' => 1));
 			}
 			elseif ($this->Special == 'export') {
 				// used for orders export in In-Commerce
@@ -2744,9 +2744,7 @@
 		}
 
 		$params['front'] = 1; // to make opener stack work properly
-		$params['__URLENCODE__'] = 1; // don't use "&amp;"
 		$params['__NO_REWRITE__'] = 1; // since admin link
-//		$params['escape'] = 1; // needed?
 
 		unset($params['button_icon'], $params['button_class'], $params['button_title'], $params['template'], $params['item_prefix'], $params['temp_mode']);
 
Index: branches/5.2.x/core/admin_templates/mailing_lists/send_queue.tpl
===================================================================
diff -u -r15608 -r16339
--- branches/5.2.x/core/admin_templates/mailing_lists/send_queue.tpl	(.../send_queue.tpl)	(revision 15608)
+++ branches/5.2.x/core/admin_templates/mailing_lists/send_queue.tpl	(.../send_queue.tpl)	(revision 16339)
@@ -6,10 +6,10 @@
 <inp2:m_RenderElement name="ajax_progress_bar" cancel_action="cancel_action();"/>
 <script type="text/javascript">
 	function cancel_action() {
-		redirect('<inp2:m_Link template="mailing_lists/send_complete"/>');
+		redirect('<inp2:m_Link template="mailing_lists/send_complete" no_amp="1" js_escape="1"/>');
 	}
 
-	$QueueProcessor = new AjaxProgressBar('<inp2:m_t template="index" email-template_event="OnProcessEmailQueue" type="return_progress" finish_template="mailing_lists/send_complete" pass="m,email-template" no_amp="1"/>');
+	$QueueProcessor = new AjaxProgressBar('<inp2:m_t template="index" email-template_event="OnProcessEmailQueue" type="return_progress" finish_template="mailing_lists/send_complete" pass="m,email-template" no_amp="1" js_escape="1"/>');
 </script>
 
-<inp2:m_include t="incs/footer"/>
\ No newline at end of file
+<inp2:m_include t="incs/footer"/>
Index: branches/5.2.x/core/admin_templates/tools/import2.tpl
===================================================================
diff -u -r14244 -r16339
--- branches/5.2.x/core/admin_templates/tools/import2.tpl	(.../import2.tpl)	(revision 14244)
+++ branches/5.2.x/core/admin_templates/tools/import2.tpl	(.../import2.tpl)	(revision 16339)
@@ -11,7 +11,7 @@
   		<script type="text/javascript">
 				a_toolbar = new ToolBar();
 				a_toolbar.AddButton( new ToolBarButton('prev', '<inp2:m_phrase label="la_ToolTip_Prev" escape="1"/>', function() {
-							location.href = '<inp2:m_Link t="tools/import1"/>';
+							location.href = '<inp2:m_Link t="tools/import1" no_amp="1" js_escape="1"/>';
 						}
 					) );
 				a_toolbar.AddButton( new ToolBarButton('next', '<inp2:m_phrase label="la_ToolTip_Next" escape="1"/>', function() {
@@ -35,7 +35,7 @@
 				{
 					<inp2:m_DefineElement name="import_js_script">
 						if (import_id == <inp2:m_Param name="script_id"/>) {
-							redirect('<inp2:m_Link template="{$script_module}/import" pass="{$script_prefix}.import" {$script_prefix}.import_event="OnResetSettings"/>');
+							redirect('<inp2:m_Link template="{$script_module}/import" pass="{$script_prefix}.import" {$script_prefix}.import_event="OnResetSettings" no_amp="1" js_escape="1"/>');
 							return ;
 						}
 					</inp2:m_DefineElement>
Index: branches/5.2.x/core/admin_templates/categories/ci_blocks.tpl
===================================================================
diff -u -r14585 -r16339
--- branches/5.2.x/core/admin_templates/categories/ci_blocks.tpl	(.../ci_blocks.tpl)	(revision 14585)
+++ branches/5.2.x/core/admin_templates/categories/ci_blocks.tpl	(.../ci_blocks.tpl)	(revision 16339)
@@ -75,7 +75,7 @@
 			<inp2:m_RemoveVar var="RefreshStructureTree"/>
 		</inp2:m_if>
 
-		$menu_frame.SyncActive('<inp2:m_t pass="m" m_opener="r"/>');
+		$menu_frame.SyncActive('<inp2:m_t pass="m" m_opener="r" no_amp="1" js_escape="1"/>');
 	}
 </inp2:m_DefineElement>
 
Index: branches/5.2.x/core/kernel/managers/url_manager.php
===================================================================
diff -u -r15856 -r16339
--- branches/5.2.x/core/kernel/managers/url_manager.php	(.../url_manager.php)	(revision 15856)
+++ branches/5.2.x/core/kernel/managers/url_manager.php	(.../url_manager.php)	(revision 16339)
@@ -1,6 +1,6 @@
 <?php
 /**
-* @version	$Id: url_manager.php 15856 2013-07-02 14:56:00Z alex $
+* @version	$Id: url_manager.php 16339 2016-04-02 13:45:52Z alex $
 * @package	In-Portal
 * @copyright	Copyright (C) 1997 - 2010 Intechnic. All rights reserved.
 * @license      GNU/GPL
@@ -172,11 +172,6 @@
 			unset($params['anchor']);
 		}
 
-		if ( isset($params['no_amp']) ) {
-			$params['__URLENCODE__'] = $params['no_amp'];
-			unset($params['no_amp']);
-		}
-
 		$rewrite = true;
 		if ( isset($params['__NO_REWRITE__']) ) {
 			$rewrite = false;
@@ -242,11 +237,6 @@
 		list($index_file, $env) = explode('|', $opener_stack->get(kOpenerStack::LAST_ELEMENT, true));
 		$ret = $this->Application->BaseURL($prefix, $ssl) . $index_file . '?' . ENV_VAR_NAME . '=' . $env;
 
-		// TODO: tag, which uses resulting url should do escaping
-		if ( isset($params['escape']) && $params['escape'] ) {
-			$ret = kUtil::escape($ret, kUtil::ESCAPE_JS);
-		}
-
 		if ( isset($params['m_opener']) && $params['m_opener'] == 'u' ) {
 			$opener_stack->pop();
 			$opener_stack->save(true);
Index: branches/5.2.x/core/admin_templates/incs/form_blocks.tpl
===================================================================
diff -u -r15858 -r16339
--- branches/5.2.x/core/admin_templates/incs/form_blocks.tpl	(.../form_blocks.tpl)	(revision 15858)
+++ branches/5.2.x/core/admin_templates/incs/form_blocks.tpl	(.../form_blocks.tpl)	(revision 16339)
@@ -370,9 +370,9 @@
 						names : '<inp2:{$prefix}_Field field="$field" format="file_names" no_special="1" js_escape="1"/>',
 						sizes : '<inp2:{$prefix}_Field field="$field" format="file_sizes" no_special="1" js_escape="1"/>',
 						flashsid : '<inp2:m_SID/>',
-						uploadURL : '<inp2:{$LinkPrefix}_{$LinkTag} pass="all,$prefix" {$prefix}_event="OnUploadFile" js_escape="1" no_amp="1" />',
-						deleteURL : '<inp2:{$LinkPrefix}_{$LinkTag} pass="all,$prefix" {$prefix}_event="OnDeleteFile" field_id="#FIELD_ID#" file="#FILE#" js_escape="1" no_amp="1"/>',
-						previewURL : '<inp2:{$LinkPrefix}_{$LinkTag} pass="all,$prefix" {$prefix}_event="OnViewFile" field="#FIELD#" file="#FILE#" js_escape="1" no_amp="1" />',
+						uploadURL : '<inp2:{$LinkPrefix}_{$LinkTag} pass="all,$prefix" {$prefix}_event="OnUploadFile" no_amp="1" js_escape="1"/>',
+						deleteURL : '<inp2:{$LinkPrefix}_{$LinkTag} pass="all,$prefix" {$prefix}_event="OnDeleteFile" field_id="#FIELD_ID#" file="#FILE#" no_amp="1" js_escape="1"/>',
+						previewURL : '<inp2:{$LinkPrefix}_{$LinkTag} pass="all,$prefix" {$prefix}_event="OnViewFile" field="#FIELD#" file="#FILE#" no_amp="1" js_escape="1"/>',
 
 						// Button settings
 						buttonImageURL: 'img/upload.png',	// Relative to the Flash file
@@ -706,7 +706,7 @@
 						var $type = $( jq('#<inp2:$prefix_InputName name="{$field}Type" js_escape="1"/>') ).val();
 
 						if ( !isNaN( parseInt($type) ) ) {
-							var $url = '<inp2:m_Link template="dummy" pass="m,$prefix" {$prefix}_event="OnSuggestAddress" value="#VALUE#" type="#TYPE#" no_amp="1"/>';
+							var $url = '<inp2:m_Link template="dummy" pass="m,$prefix" {$prefix}_event="OnSuggestAddress" value="#VALUE#" type="#TYPE#" no_amp="1" js_escape="1"/>';
 
 							return $url.replace('#VALUE#', encodeURIComponent(cur_value)).replace('#TYPE#', encodeURIComponent($type));
 						}
@@ -976,7 +976,7 @@
 				<inp2:m_RenderElement name="inp_edit_hidden" prefix="$prefix" field="$field" db="db"/>
 				<script type="text/javascript">
 					var <inp2:m_Param name="field"/> = new MultiInputControl('<inp2:m_Param name="field"/>', '<inp2:{$prefix}_InputName field="#FIELD_NAME#"/>', fields['<inp2:m_Param name="prefix"/>'], '<inp2:m_Param name="format"/>');
-					<inp2:m_Param name="field"/>.ValidateURL = '<inp2:m_Link template="dummy" pass="m,$prefix" {$prefix}_event="OnValidateMInputFields" js_escape="1"/>';
+					<inp2:m_Param name="field"/>.ValidateURL = '<inp2:m_Link template="dummy" pass="m,$prefix" {$prefix}_event="OnValidateMInputFields" no_amp="1" js_escape="1"/>';
 					<inp2:m_if check="m_Param" name="allow_add">
 						<inp2:m_Param name="field"/>.SetPermission('add', true);
 					</inp2:m_if>
Index: branches/5.2.x/core/admin_templates/catalog/item_selector/item_selector_catalog.tpl
===================================================================
diff -u -r14244 -r16339
--- branches/5.2.x/core/admin_templates/catalog/item_selector/item_selector_catalog.tpl	(.../item_selector_catalog.tpl)	(revision 14244)
+++ branches/5.2.x/core/admin_templates/catalog/item_selector/item_selector_catalog.tpl	(.../item_selector_catalog.tpl)	(revision 16339)
@@ -15,7 +15,7 @@
 	  		<input type="hidden" name="m_cat_id" value="<inp2:m_get name="m_cat_id"/>"/>
 	  		<inp2:m_include t="catalog/item_selector/item_selector_toolbar" is_catalog="1"/>
 	  		<script type="text/javascript">
-	  			var $Catalog = new Catalog('<inp2:m_Link template="#TEMPLATE_NAME#" pass_through="type" type="item_selector" m_cat_id="#CATEGORY_ID#" no_amp="1"/>', 'is_catalog_', 'ItemSelectorCatalog');
+	  			var $Catalog = new Catalog('<inp2:m_Link template="#TEMPLATE_NAME#" pass_through="type" type="item_selector" m_cat_id="#CATEGORY_ID#" no_amp="1" js_escape="1"/>', 'is_catalog_', 'ItemSelectorCatalog');
 	  		</script>
 		</td>
 
Index: branches/5.2.x/core/units/helpers/curl_helper.php
===================================================================
diff -u -r16120 -r16339
--- branches/5.2.x/core/units/helpers/curl_helper.php	(.../curl_helper.php)	(revision 16120)
+++ branches/5.2.x/core/units/helpers/curl_helper.php	(.../curl_helper.php)	(revision 16339)
@@ -1,6 +1,6 @@
 <?php
 /**
-* @version	$Id: curl_helper.php 16120 2014-12-30 14:46:24Z alex $
+* @version	$Id: curl_helper.php 16339 2016-04-02 13:45:52Z alex $
 * @package	In-Portal
 * @copyright	Copyright (C) 1997 - 2009 Intechnic. All rights reserved.
 * @license      GNU/GPL
@@ -270,14 +270,7 @@
 		public function SetRequestData($data)
 		{
 			if ( is_array($data) ) {
-				$params_str = '';
-				$data = $this->Application->HttpQuery->_transformArrays($data);
-
-				foreach ($data as $key => $value) {
-					$params_str .= $key . '=' . kUtil::escape($value, kUtil::ESCAPE_URL) . '&';
-				}
-
-				$data = $params_str;
+				$data = http_build_query($data);
 			}
 
 			$this->requestData = $data;
@@ -577,4 +570,4 @@
 
 			return ($this->lastHTTPCode == 200) || ($this->lastHTTPCode >= 300 && $this->lastHTTPCode < 310);
 		}
-	}
+	}
\ No newline at end of file
Index: branches/5.2.x/core/admin_templates/reviews/reviews.tpl
===================================================================
diff -u -r14244 -r16339
--- branches/5.2.x/core/admin_templates/reviews/reviews.tpl	(.../reviews.tpl)	(revision 14244)
+++ branches/5.2.x/core/admin_templates/reviews/reviews.tpl	(.../reviews.tpl)	(revision 16339)
@@ -41,7 +41,7 @@
 					}
 				}
 
-	  			var $Catalog = new Catalog('<inp2:m_Link template="reviews/reviews_tab" item_prefix="#ITEM_PREFIX#" tab_name="#TAB_NAME#" pass_through="td,item_prefix,tab_name" td="no" m_cat_id="-1" no_amp="1"/>', 'reviews_', 'Reviews');
+	  			var $Catalog = new Catalog('<inp2:m_Link template="reviews/reviews_tab" item_prefix="#ITEM_PREFIX#" tab_name="#TAB_NAME#" pass_through="td,item_prefix,tab_name" td="no" m_cat_id="-1" no_amp="1" js_escape="1"/>', 'reviews_', 'Reviews');
 				var a_toolbar = new ToolBar();
 
 					a_toolbar.AddButton( new ToolBarButton('edit', '<inp2:m_phrase label="la_ToolTip_Edit" escape="1"/>', edit) );
@@ -84,7 +84,7 @@
 						var $kf = document.getElementById($form_name);
 
 						var $prev_action = $kf.action;
-						$kf.action = '<inp2:m_t pass="all" pass_through="item_prefix" item_prefix="#PREFIX#" no_amp="1"/>' . replace('#PREFIX#', $Catalog.ActivePrefix);
+						$kf.action = '<inp2:m_t pass="all" pass_through="item_prefix" item_prefix="#PREFIX#" no_amp="1" js_escape="1"/>' . replace('#PREFIX#', $Catalog.ActivePrefix);
 
 						std_edit_temp_item(
 							$Catalog.ActivePrefix, 'reviews/review_direct_edit',
Index: branches/5.2.x/core/admin_templates/incs/close_popup.tpl
===================================================================
diff -u -r16249 -r16339
--- branches/5.2.x/core/admin_templates/incs/close_popup.tpl	(.../close_popup.tpl)	(revision 16249)
+++ branches/5.2.x/core/admin_templates/incs/close_popup.tpl	(.../close_popup.tpl)	(revision 16339)
@@ -6,11 +6,11 @@
 		<script type="text/javascript">
 			var $is_debug = <inp2:m_if check="m_ConstOn" name="DBG_REDIRECT">true<inp2:m_else/>false</inp2:m_if>;
 			var $use_popups = <inp2:m_if check="adm_UsePopups">true<inp2:m_else/>false</inp2:m_if>;
-			var $redirect_url = '<inp2:m_t t="dummy" opener="u" m_opener="u" escape="escape"/>';
+			var $redirect_url = '<inp2:m_t t="dummy" opener="u" m_opener="u" no_amp="1" js_escape="1"/>';
 			var $modal_windows = <inp2:m_if check="adm_UsePopups" mode="modal">true<inp2:m_else/>false</inp2:m_if>;
 
 			if ($is_debug) {
-				document.write('<a href="#" onclick="proceed_redirect()">' + $redirect_url.replace(/%5C/g, '\\') + '</a>');
+				document.write('<a href="#" onclick="proceed_redirect()">' + $redirect_url + '</a>');
 			}
 			else {
 				proceed_redirect();
@@ -41,7 +41,7 @@
 				}
 				else if (!$use_popups) {
 					// not using popups (for editing), but close_popup called (e.g. from selector)
-					window.location.href = $redirect_url.replace(/%5C/g, '\\');
+					window.location.href = rawurldecode($redirect_url);
 				}
 			}
 
@@ -109,6 +109,20 @@
 
 				return getFrame('main').TB.remove();
 			}
+
+			function rawurldecode(str) {
+
+				if ( str.indexOf('?') != -1 ) {
+					var $parts = str.split('?', 2);
+
+					return $parts[0] + ($parts.length == 2 ? '?' + rawurldecode($parts[1]) : '');
+				}
+
+				return decodeURIComponent((str + '').replace(/%(?![\da-f]{2})/gi, function () {
+					// PHP tolerates poorly formed escape sequences
+					return '%25';
+				}));
+			}
 		</script>
 	</head>
 	<body>
Index: branches/5.2.x/core/kernel/session/session.php
===================================================================
diff -u -r16338 -r16339
--- branches/5.2.x/core/kernel/session/session.php	(.../session.php)	(revision 16338)
+++ branches/5.2.x/core/kernel/session/session.php	(.../session.php)	(revision 16339)
@@ -1,6 +1,6 @@
 <?php
 /**
-* @version	$Id: session.php 16338 2016-04-02 11:56:38Z alex $
+* @version	$Id: session.php 16339 2016-04-02 13:45:52Z alex $
 * @package	In-Portal
 * @copyright	Copyright (C) 1997 - 2009 Intechnic. All rights reserved.
 * @license      GNU/GPL
@@ -850,12 +850,12 @@
 	{
 		$wid = $this->Application->GetVar('m_wid');
 
-		$last_env = $this->getLastTemplateENV($t, Array ('m_opener' => 'u'));
+		$last_env = $this->getLastTemplateENV($t, array('m_opener' => 'u'));
 		$last_template = basename($_SERVER['PHP_SELF']) . '|' . $last_env;
 		$this->StoreVar(rtrim('last_template_' . $wid, '_'), $last_template);
 
 		// prepare last_template for opener stack, module & session could be added later
-		$last_env = $this->getLastTemplateENV($t, null, false);
+		$last_env = $this->getLastTemplateENV($t);
 		$last_template = basename($_SERVER['PHP_SELF']) . '|' . $last_env;
 
 		// save last_template in persistent session
@@ -919,27 +919,19 @@
 		}
 	}
 
-	function getLastTemplateENV($t, $params = null, $encode = true)
+	protected function getLastTemplateENV($t, $params = null)
 	{
 		if (!isset($params)) {
 			$params = Array ();
 		}
 
-		$params['__URLENCODE__'] = 1; // uses "&" instead of "&amp;" for url part concatenation + replaces "\" to "%5C" (works in HTML)
-
-
 		if ($this->Application->GetVar('admin') && !array_key_exists('admin', $params) && !defined('EDITING_MODE')) {
 			$params['editing_mode'] = ''; // used in kApplication::Run
 		}
 
 		$params = array_merge($this->Application->getPassThroughVariables($params), $params);
-		$ret = $this->Application->BuildEnv($t, $params, 'all', false, false);
 
-		if (!$encode) {
-			// cancels 2nd part of replacements, that URLENCODE does
-			$ret = str_replace('%5C', '\\', $ret);
-		}
-		return $ret;
+		return $this->Application->BuildEnv($t, $params, 'all', false, false);
 	}
 
 	/**
Index: branches/5.2.x/core/admin_templates/tree.tpl
===================================================================
diff -u -r16308 -r16339
--- branches/5.2.x/core/admin_templates/tree.tpl	(.../tree.tpl)	(revision 16308)
+++ branches/5.2.x/core/admin_templates/tree.tpl	(.../tree.tpl)	(revision 16339)
@@ -35,7 +35,7 @@
 		getFrame('head').$FrameResizer.OpenWidth = $width;
 
 		$.get(
-			'<inp2:m_Link template="index" adm_event="OnSaveMenuFrameWidth" pass="m,adm" js_escape="1" no_amp="1"/>',
+			'<inp2:m_Link template="index" adm_event="OnSaveMenuFrameWidth" pass="m,adm" no_amp="1" js_escape="1"/>',
 			{width: $width}
 		);
 
@@ -76,7 +76,7 @@
 				the_tree.AddFromXML('<tree><inp2:adm_PrintSections render_as="xml_node" section_name="in-portal:root" js_escape="1"/></tree>');
 
 				<inp2:m_if check="adm_MainFrameLink">
-					var fld = the_tree.locateItemByURL('<inp2:adm_MainFrameLink m_opener="r" no_amp="1"/>');
+					var fld = the_tree.locateItemByURL('<inp2:adm_MainFrameLink m_opener="r" js_escape="1"/>');
 					if (fld) {
 						fld.highLight();
 					}
@@ -113,7 +113,7 @@
 
 			// highlight "Structure & Data" node, when one of it's shortcut nodes are clicked
 			<inp2:m_DefineElement name="section_url_element"><inp2:m_param name="section_url"/></inp2:m_DefineElement>
-			var $structure_node = the_tree.locateItemByURL('<inp2:adm_PrintSection render_as="section_url_element" section_name="in-portal:browse"/>');
+			var $structure_node = the_tree.locateItemByURL('<inp2:adm_PrintSection render_as="section_url_element" section_name="in-portal:browse" js_escape="1"/>');
 
 			if ($catalog_type == 'AdvancedView') {
 				$right_frame.$Catalog.switchTab($prefix);
Index: branches/5.2.x/core/admin_templates/catalog_tab.tpl
===================================================================
diff -u -r16062 -r16339
--- branches/5.2.x/core/admin_templates/catalog_tab.tpl	(.../catalog_tab.tpl)	(revision 16062)
+++ branches/5.2.x/core/admin_templates/catalog_tab.tpl	(.../catalog_tab.tpl)	(revision 16339)
@@ -32,7 +32,7 @@
 			<inp2:$prefix_InitList grid="$grid_name"/>
 		</inp2:m_if>
 
-		// substiture form action, like from was created from here
+		// substitute form action, like from was created from here
 		document.getElementById('categories_form').action = '<inp2:m_t pass="all" no_amp="1" js_escape="1"/>';
 		$Catalog.setItemCount('<inp2:m_param name="prefix"/>', '<inp2:$prefix_CatalogItemCount/>');
 		$Catalog.setCurrentCategory('<inp2:m_param name="prefix"/>', <inp2:m_get name="m_cat_id" no_html_escape="1" js_escape="1"/>);
@@ -81,7 +81,7 @@
 
 		<inp2:m_if check="adm_CheckPermCache">
 			Application.SetVar('continue', 1);
-			openSelector('c', '<inp2:m_t t="categories/cache_updater" pass="m"/>');
+			openSelector('c', '<inp2:m_t t="categories/cache_updater" pass="m" no_amp="1" js_escape="1"/>');
 		</inp2:m_if>
 		#separator#
 		<!-- categories tab: begin -->
Index: branches/5.2.x/core/admin_templates/tools/import1.tpl
===================================================================
diff -u -r14244 -r16339
--- branches/5.2.x/core/admin_templates/tools/import1.tpl	(.../import1.tpl)	(revision 14244)
+++ branches/5.2.x/core/admin_templates/tools/import1.tpl	(.../import1.tpl)	(revision 16339)
@@ -14,7 +14,7 @@
 						}
 					) );
 				a_toolbar.AddButton( new ToolBarButton('next', '<inp2:m_phrase label="la_ToolTip_Next" escape="1"/>', function() {
-						location.href = '<inp2:m_Link t="tools/import2"/>';
+						location.href = '<inp2:m_Link t="tools/import2" no_amp="1" js_escape="1"/>';
 						}
 				 ) );
 
Index: branches/5.2.x/core/admin_templates/users/users_edit_groups.tpl
===================================================================
diff -u -r14244 -r16339
--- branches/5.2.x/core/admin_templates/users/users_edit_groups.tpl	(.../users_edit_groups.tpl)	(revision 14244)
+++ branches/5.2.x/core/admin_templates/users/users_edit_groups.tpl	(.../users_edit_groups.tpl)	(revision 16339)
@@ -41,7 +41,7 @@
 
 				a_toolbar.AddButton( new ToolBarButton('select_user', '<inp2:m_phrase label="la_ToolTip_AddToGroup" escape="1"/>::<inp2:m_phrase label="la_ToolTip_Add" escape="1"/>',
 						function() {
-							openSelector('u-ug', '<inp2:m_Link t="users/group_selector" pass="m,u"/>', 'GroupId', '800x600');
+							openSelector('u-ug', '<inp2:m_Link t="users/group_selector" pass="m,u" no_amp="1" js_escape="1"/>', 'GroupId', '800x600');
 						} ) );
 
 				a_toolbar.AddButton( new ToolBarButton('edit', '<inp2:m_phrase label="la_ToolTip_Edit" escape="1"/>', edit) );
Index: branches/5.2.x/core/kernel/utility/http_query.php
===================================================================
diff -u -r16267 -r16339
--- branches/5.2.x/core/kernel/utility/http_query.php	(.../http_query.php)	(revision 16267)
+++ branches/5.2.x/core/kernel/utility/http_query.php	(.../http_query.php)	(revision 16339)
@@ -1,6 +1,6 @@
 <?php
 /**
-* @version	$Id: http_query.php 16267 2015-09-27 09:38:37Z alex $
+* @version	$Id: http_query.php 16339 2016-04-02 13:45:52Z alex $
 * @package	In-Portal
 * @copyright	Copyright (C) 1997 - 2009 Intechnic. All rights reserved.
 * @license      GNU/GPL
@@ -704,8 +704,7 @@
 			$vars = $this->_removePassThroughVariables($vars);
 		}
 
-		// transform arrays
-		return $this->_transformArrays($vars);
+		return $vars;
 	}
 
 	/**
@@ -731,23 +730,6 @@
 		return $url_params;
 	}
 
-	function _transformArrays($array, $level_prefix = '')
-	{
-		$ret = Array ();
-		foreach ($array as $var_name => $var_value) {
-			$new_var_name = $level_prefix ? $level_prefix . '[' . $var_name . ']' : $var_name;
-
-			if (is_array($var_value)) {
-				$ret = array_merge($ret, $this->_transformArrays($var_value, $new_var_name));
-			}
-			else {
-				$ret[$new_var_name] = $var_value;
-			}
-		}
-
-		return $ret;
-	}
-
 	function writeRequestLog($filename)
 	{
 		$log_file = (defined('RESTRICTED') ? RESTRICTED : FULL_PATH) . '/' . $filename;
Index: branches/5.2.x/core/admin_templates/js/ajax_dropdown.js
===================================================================
diff -u -r16153 -r16339
--- branches/5.2.x/core/admin_templates/js/ajax_dropdown.js	(.../ajax_dropdown.js)	(revision 16153)
+++ branches/5.2.x/core/admin_templates/js/ajax_dropdown.js	(.../ajax_dropdown.js)	(revision 16339)
@@ -15,7 +15,7 @@
 	new AJAXDropDown('combo_input1', function(cur_value) {return 'items1.xml?cur='+encodeURIComponent(cur_value)});
 
 	new AJAXDropDown('curr_search_keyword', function(cur_value) {
-			var $url = '<inp2:m_Link template="dummy" pass="m,curr" curr_event="OnSuggestValues" field="Name" cur_value="#CUR_VALUE#" no_amp="1"/>';
+			var $url = '<inp2:m_Link template="dummy" pass="m,curr" curr_event="OnSuggestValues" field="Name" cur_value="#CUR_VALUE#" no_amp="1" js_escape="1"/>';
 			return $url.replace('#CUR_VALUE#', encodeURIComponent(cur_value));
 		}
 	);
Index: branches/5.2.x/core/admin_templates/tools/restore4.tpl
===================================================================
diff -u -r14244 -r16339
--- branches/5.2.x/core/admin_templates/tools/restore4.tpl	(.../restore4.tpl)	(revision 14244)
+++ branches/5.2.x/core/admin_templates/tools/restore4.tpl	(.../restore4.tpl)	(revision 16339)
@@ -9,7 +9,7 @@
   		<script type="text/javascript">
 				a_toolbar = new ToolBar();
 				a_toolbar.AddButton( new ToolBarButton('prev', '<inp2:m_phrase label="la_ToolTip_Prev" escape="1"/>', function() {
-							location.href = '<inp2:m_Link t="tools/restore1"/>';;
+							location.href = '<inp2:m_Link t="tools/restore1" no_amp="1" js_escape="1"/>';
 						}
 					) );
 				a_toolbar.AddButton( new ToolBarButton('next', '<inp2:m_phrase label="la_ToolTip_Next" escape="1"/>', function() {
Index: branches/5.2.x/core/admin_templates/tools/restore1.tpl
===================================================================
diff -u -r14244 -r16339
--- branches/5.2.x/core/admin_templates/tools/restore1.tpl	(.../restore1.tpl)	(revision 14244)
+++ branches/5.2.x/core/admin_templates/tools/restore1.tpl	(.../restore1.tpl)	(revision 16339)
@@ -12,7 +12,7 @@
 						}
 					) );
 				a_toolbar.AddButton( new ToolBarButton('next', '<inp2:m_phrase label="la_ToolTip_Next" escape="1"/>', function() {
-						location.href = '<inp2:m_Link t="tools/restore2"/>';
+						location.href = '<inp2:m_Link t="tools/restore2" no_amp="1" js_escape="1"/>';
 						}
 				 ) );
 				a_toolbar.Render();
Index: branches/5.2.x/core/admin_templates/stylesheets/block_style_edit.tpl
===================================================================
diff -u -r14244 -r16339
--- branches/5.2.x/core/admin_templates/stylesheets/block_style_edit.tpl	(.../block_style_edit.tpl)	(revision 14244)
+++ branches/5.2.x/core/admin_templates/stylesheets/block_style_edit.tpl	(.../block_style_edit.tpl)	(revision 16339)
@@ -53,7 +53,7 @@
 				{
 					if( ValidateRequired() )
 					{
-						openSelector('selectors', '<inp2:m_t t="stylesheets/style_editor" pass="all"/>', '', '850x460', 'OnOpenStyleEditor');
+						openSelector('selectors', '<inp2:m_t t="stylesheets/style_editor" pass="all" no_amp="1" js_escape="1"/>', '', '850x460', 'OnOpenStyleEditor');
 					}
 					else
 					{
Index: branches/5.2.x/core/admin_templates/browser/browser_footer.tpl
===================================================================
diff -u -r15856 -r16339
--- branches/5.2.x/core/admin_templates/browser/browser_footer.tpl	(.../browser_footer.tpl)	(revision 15856)
+++ branches/5.2.x/core/admin_templates/browser/browser_footer.tpl	(.../browser_footer.tpl)	(revision 16339)
@@ -8,7 +8,7 @@
 			document.body.scroll = 'no';
 
 			var _Simultaneous_Edit_Message = '<inp2:m_Get var="_simultaneous_edit_message" js_escape="1"/>';
-			var _DropTempUrl = '<inp2:m_t pass="m,adm" adm_event="OnDropTempTablesByWID" js_escape="1"/>';
+			var _DropTempUrl = '<inp2:m_t pass="m,adm" adm_event="OnDropTempTablesByWID" no_amp="1" js_escape="1"/>';
 			addLoadEvent(function() {Form.Init('scroll_container')});
 		}
 
Index: branches/5.2.x/core/admin_templates/incs/menu_blocks.tpl
===================================================================
diff -u -r15856 -r16339
--- branches/5.2.x/core/admin_templates/incs/menu_blocks.tpl	(.../menu_blocks.tpl)	(revision 15856)
+++ branches/5.2.x/core/admin_templates/incs/menu_blocks.tpl	(.../menu_blocks.tpl)	(revision 16339)
@@ -59,7 +59,7 @@
 		$Menus['<inp2:m_param name="PrefixSpecial"/>'+'_view_menu'].showIcon = true;
 
 		<inp2:m_if check="m_ParamEquals" name="menu_columns" value="yes">
-			$Menus['<inp2:m_param name="PrefixSpecial"/>'+'_view_menu'].addItem(rs('<inp2:m_param name="PrefixSpecial"/>.columns'),'<inp2:m_Phrase label="la_SelectColumns" html_escape="1" js_escape="1"/>','javascript:openSelector("<inp2:m_param name="PrefixSpecial"/>", "<inp2:m_Link template="popups/column_picker" grid_name="$grid" no_amp="1"/>")');
+			$Menus['<inp2:m_param name="PrefixSpecial"/>'+'_view_menu'].addItem(rs('<inp2:m_param name="PrefixSpecial"/>.columns'),'<inp2:m_Phrase label="la_SelectColumns" html_escape="1" js_escape="1"/>','javascript:openSelector("<inp2:m_param name="PrefixSpecial"/>", "<inp2:m_Link template="popups/column_picker" grid_name="$grid" no_amp="1" js_escape="1"/>")');
 		</inp2:m_if>
 
 		<inp2:m_if check="m_ParamEquals" name="menu_auto_refresh" value="yes">
Index: branches/5.2.x/index.php
===================================================================
diff -u -r16338 -r16339
--- branches/5.2.x/index.php	(.../index.php)	(revision 16338)
+++ branches/5.2.x/index.php	(.../index.php)	(revision 16339)
@@ -1,6 +1,6 @@
 <?php
 /**
-* @version	$Id: index.php 16338 2016-04-02 11:56:38Z alex $
+* @version	$Id: index.php 16339 2016-04-02 13:45:52Z alex $
 * @package	In-Portal
 * @copyright	Copyright (C) 1997 - 2009 Intechnic. All rights reserved.
 * @license      GNU/GPL
Index: branches/5.2.x/core/admin_templates/tools/backup2.tpl
===================================================================
diff -u -r14244 -r16339
--- branches/5.2.x/core/admin_templates/tools/backup2.tpl	(.../backup2.tpl)	(revision 14244)
+++ branches/5.2.x/core/admin_templates/tools/backup2.tpl	(.../backup2.tpl)	(revision 16339)
@@ -14,7 +14,7 @@
 		}
 	);
 
-	$Backup = new AjaxProgressBar('<inp2:m_t t="dummy" adm.backup_event="OnBackupProgress" pass="m,adm.backup" js_escape="1"/>');
+	$Backup = new AjaxProgressBar('<inp2:m_t t="dummy" adm.backup_event="OnBackupProgress" pass="m,adm.backup" no_amp="1" js_escape="1"/>');
 </script>
 
 <inp2:m_include t="incs/footer"/>
\ No newline at end of file
Index: branches/5.2.x/core/admin_templates/tools/restore2.tpl
===================================================================
diff -u -r14244 -r16339
--- branches/5.2.x/core/admin_templates/tools/restore2.tpl	(.../restore2.tpl)	(revision 14244)
+++ branches/5.2.x/core/admin_templates/tools/restore2.tpl	(.../restore2.tpl)	(revision 16339)
@@ -9,7 +9,7 @@
   		<script type="text/javascript">
 				a_toolbar = new ToolBar();
 				a_toolbar.AddButton( new ToolBarButton('prev', '<inp2:m_phrase label="la_ToolTip_Prev" escape="1"/>', function() {
-							location.href = '<inp2:m_Link t="tools/restore1"/>';
+							location.href = '<inp2:m_Link t="tools/restore1" no_amp="1" js_escape="1"/>';
 						}
 					) );
 				a_toolbar.AddButton( new ToolBarButton('next', '<inp2:m_phrase label="la_ToolTip_Next" escape="1"/>', function() {
Index: branches/5.2.x/core/kernel/db/db_event_handler.php
===================================================================
diff -u -r16247 -r16339
--- branches/5.2.x/core/kernel/db/db_event_handler.php	(.../db_event_handler.php)	(revision 16247)
+++ branches/5.2.x/core/kernel/db/db_event_handler.php	(.../db_event_handler.php)	(revision 16339)
@@ -1,6 +1,6 @@
 <?php
 /**
-* @version	$Id: db_event_handler.php 16247 2015-09-02 20:48:06Z alex $
+* @version	$Id: db_event_handler.php 16339 2016-04-02 13:45:52Z alex $
 * @package	In-Portal
 * @copyright	Copyright (C) 1997 - 2009 Intechnic. All rights reserved.
 * @license      GNU/GPL
@@ -607,7 +607,7 @@
 			if ( MOD_REWRITE ) {
 				$redirect_params = Array (
 					'm_cat_id' => 0,
-					'next_template' => kUtil::escape('external:' . $_SERVER['REQUEST_URI'], kUtil::ESCAPE_URL),
+					'next_template' => 'external:' . $_SERVER['REQUEST_URI'],
 				);
 			}
 			else {
@@ -1815,7 +1815,7 @@
 			$simultaneous_edit_message = $this->Application->GetVar('_simultaneous_edit_message');
 
 			if ( $simultaneous_edit_message ) {
-				$event->SetRedirectParam('_simultaneous_edit_message', kUtil::escape($simultaneous_edit_message, kUtil::ESCAPE_URL));
+				$event->SetRedirectParam('_simultaneous_edit_message', $simultaneous_edit_message);
 			}
 		}
 
Index: branches/5.2.x/core/kernel/utility/opener_stack.php
===================================================================
diff -u -r14937 -r16339
--- branches/5.2.x/core/kernel/utility/opener_stack.php	(.../opener_stack.php)	(revision 14937)
+++ branches/5.2.x/core/kernel/utility/opener_stack.php	(.../opener_stack.php)	(revision 16339)
@@ -1,6 +1,6 @@
 <?php
 /**
-* @version	$Id: opener_stack.php 14937 2011-12-28 20:23:27Z alex $
+* @version	$Id: opener_stack.php 16339 2016-04-02 13:45:52Z alex $
 * @package	In-Portal
 * @copyright	Copyright (C) 1997 - 2011 Intechnic. All rights reserved.
 * @license      GNU/GPL
@@ -130,14 +130,9 @@
 			return $this->data[$index];
 		}
 
-		list ($index_file, $original_env) = explode('|', $this->data[$index], 2);
-		$fixed_env = str_replace(Array ('&amp;', '%5C'), Array ('&', '\\'), $original_env);
+		list ($index_file, $env) = explode('|', $this->data[$index], 2);
+		$params = $this->Application->processQueryString($env, 'pass');
 
-		$params = $this->Application->processQueryString($fixed_env, 'pass');
-
-		// opener stack is used from JavaScript / redirecting, so any "&amp;" could break it
-		$params['__URLENCODE__'] = 1;
-
 		$template = kUtil::popParam('t', $params, '');
 
 		return Array ($template, $params, $index_file);
Index: branches/5.2.x/core/kernel/application.php
===================================================================
diff -u -r16318 -r16339
--- branches/5.2.x/core/kernel/application.php	(.../application.php)	(revision 16318)
+++ branches/5.2.x/core/kernel/application.php	(.../application.php)	(revision 16339)
@@ -1,6 +1,6 @@
 <?php
 /**
-* @version	$Id: application.php 16318 2016-01-17 13:24:32Z alex $
+* @version	$Id: application.php 16339 2016-04-02 13:45:52Z alex $
 * @package	In-Portal
 * @copyright	Copyright (C) 1997 - 2009 Intechnic. All rights reserved.
 * @license      GNU/GPL
@@ -1002,7 +1002,7 @@
 				$redirect_params = Array ();
 
 				if ( !$this->isAdmin ) {
-					$redirect_params['next_template'] = kUtil::escape($_SERVER['REQUEST_URI'], kUtil::ESCAPE_URL);
+					$redirect_params['next_template'] = $_SERVER['REQUEST_URI'];
 				}
 
 				$this->Redirect($maintenance_template, $redirect_params);
@@ -1860,7 +1860,6 @@
 			$params['ajax'] = 'yes';
 		}
 
-		$params['__URLENCODE__'] = 1;
 		$location = $this->HREF($t, $prefix, $params, $index_file);
 
 		if ( $this->isDebugMode() && (kUtil::constOn('DBG_REDIRECT') || (kUtil::constOn('DBG_RAISE_ON_WARNINGS') && $this->Debugger->WarningCount)) ) {
Index: branches/5.2.x/core/admin_templates/index.tpl
===================================================================
diff -u -r16293 -r16339
--- branches/5.2.x/core/admin_templates/index.tpl	(.../index.tpl)	(revision 16293)
+++ branches/5.2.x/core/admin_templates/index.tpl	(.../index.tpl)	(revision 16339)
@@ -42,7 +42,7 @@
 		 	<frameset id="sub_frameset" cols="<inp2:m_if check='m_RecallEquals' name='ShowAdminMenu' value='0' persistent='1'><inp2:adm_MenuFrameWidth/><inp2:m_else/>0</inp2:m_if>,*" border="1">
 				<frame src="<inp2:m_t t='tree' pass='m' m_cat_id='0' m_opener='s' no_pass_through='1'/>" id="menu_frame" name="menu" target="main" scrolling="auto" marginwidth="0" marginheight="0" border="1" frameborder="1">
 				<inp2:m_DefineElement name="root_node">
-					<frame src="<inp2:m_if check='adm_MainFrameLink'><inp2:adm_MainFrameLink/><inp2:m_else/><inp2:m_param name='section_url'/></inp2:m_if>" name="main" marginwidth="0" marginheight="0" scrolling="auto" border="1" frameborder="1">
+					<frame src="<inp2:m_if check='adm_MainFrameLink'><inp2:adm_MainFrameLink html_escape='1'/><inp2:m_else/><inp2:m_param name='section_url' html_escape='1'/></inp2:m_if>" name="main" marginwidth="0" marginheight="0" scrolling="auto" border="1" frameborder="1">
 				</inp2:m_DefineElement>
 				<inp2:adm_PrintSection render_as="root_node" section_name="in-portal:root" use_first_child="1"/>
 			</frameset>
@@ -52,7 +52,7 @@
 		 	<frameset id="sub_frameset" cols="<inp2:m_if check='m_RecallEquals' name='ShowAdminMenu' value='0' persistent='1'><inp2:adm_MenuFrameWidth/><inp2:m_else/>0</inp2:m_if>,*" border="0">
 				<frame src="<inp2:m_t t='tree' pass='m' m_cat_id='0' m_opener='s' no_pass_through='1'/>" id="menu_frame" name="menu" target="main" noresize scrolling="auto" marginwidth="0" marginheight="0">
 				<inp2:m_DefineElement name="root_node">
-					<frame src="<inp2:m_if check='adm_MainFrameLink'><inp2:adm_MainFrameLink/><inp2:m_else/><inp2:m_param name='section_url'/></inp2:m_if>" name="main" marginwidth="0" marginheight="0" frameborder="no" noresize scrolling="auto">
+					<frame src="<inp2:m_if check='adm_MainFrameLink'><inp2:adm_MainFrameLink html_escape='1'/><inp2:m_else/><inp2:m_param name='section_url' html_escape='1'/></inp2:m_if>" name="main" marginwidth="0" marginheight="0" frameborder="no" noresize scrolling="auto">
 				</inp2:m_DefineElement>
 				<inp2:adm_PrintSection render_as="root_node" section_name="in-portal:root" use_first_child="1"/>
 			</frameset>
Index: branches/5.2.x/core/admin_templates/import/import_complete.tpl
===================================================================
diff -u -r14572 -r16339
--- branches/5.2.x/core/admin_templates/import/import_complete.tpl	(.../import_complete.tpl)	(revision 14572)
+++ branches/5.2.x/core/admin_templates/import/import_complete.tpl	(.../import_complete.tpl)	(revision 16339)
@@ -29,7 +29,7 @@
 		</inp2:m_if>
 		<tr class="<inp2:m_odd_even odd='table-color1' even='table-color2'/>">
 			<td colspan="3" align="center">
-				<input type="button" value="<inp2:m_phrase name="la_Close"/>" class="button" onclick="window.location.href='<inp2:m_Link template="incs/close_popup" no_amp="1" />';"/>
+				<input type="button" value="<inp2:m_phrase name="la_Close"/>" class="button" onclick="window.location.href='<inp2:m_Link template="incs/close_popup" no_amp="1" js_escape="1"/>';"/>
 			</td>
 		</tr>
 	</table>
Index: branches/5.2.x/core/kernel/managers/rewrite_url_processor.php
===================================================================
diff -u -r15862 -r16339
--- branches/5.2.x/core/kernel/managers/rewrite_url_processor.php	(.../rewrite_url_processor.php)	(revision 15862)
+++ branches/5.2.x/core/kernel/managers/rewrite_url_processor.php	(.../rewrite_url_processor.php)	(revision 16339)
@@ -1,6 +1,6 @@
 <?php
 /**
-* @version	$Id: rewrite_url_processor.php 15862 2013-07-04 09:48:57Z alex $
+* @version	$Id: rewrite_url_processor.php 16339 2016-04-02 13:45:52Z alex $
 * @package	In-Portal
 * @copyright	Copyright (C) 1997 - 2011 Intechnic. All rights reserved.
 * @license      GNU/GPL
@@ -944,13 +944,6 @@
 		$ret = '';
 		$env = '';
 
-		$encode = false;
-
-		if ( isset($params['__URLENCODE__']) ) {
-			$encode = $params['__URLENCODE__'];
-			unset($params['__URLENCODE__']);
-		}
-
 		if ( isset($params['__SSL__']) ) {
 			unset($params['__SSL__']);
 		}
@@ -1054,29 +1047,14 @@
 
 		unset($params['pass'], $params['opener'], $params['m_event']);
 
-		if ( array_key_exists('escape', $params) && $params['escape'] ) {
-			$ret = addslashes($ret);
-			unset($params['escape']);
-		}
-
 		// TODO: why?
-		$ret = str_replace('%2F', '/', urlencode($ret));
+//		$ret = str_replace('%2F', '/', urlencode($ret));
 
 		if ( $params ) {
-			$params_str = '';
-			$join_string = $encode ? '&' : '&amp;';
-
-			foreach ($params as $param => $value) {
-				$params_str .= $join_string . $param . '=' . $value;
-			}
-
-			$ret .= '?' . substr($params_str, strlen($join_string));
+			$params_str = http_build_query($params);
+			$ret .= '?' . str_replace('%23', '#', $params_str);
 		}
 
-		if ( $encode ) {
-			$ret = str_replace('\\', '%5C', $ret);
-		}
-
 		return $ret;
 	}
 
Index: branches/5.2.x/core/admin_templates/config/config_edit.tpl
===================================================================
diff -u -r16062 -r16339
--- branches/5.2.x/core/admin_templates/config/config_edit.tpl	(.../config_edit.tpl)	(revision 16062)
+++ branches/5.2.x/core/admin_templates/config/config_edit.tpl	(.../config_edit.tpl)	(revision 16339)
@@ -81,7 +81,7 @@
 <script type="text/javascript">
 	$(document).ready(function () {
 		var $field_mask = '<inp2:conf_InputName name="#FIELD_NAME#" js_escape="1"/>',
-			$suggest_url = '<inp2:m_Link template="dummy" pass="m,conf" conf_event="OnSuggestValues" field="#FIELD_NAME#" cur_value="#CUR_VALUE#" no_amp="1"/>';
+			$suggest_url = '<inp2:m_Link template="dummy" pass="m,conf" conf_event="OnSuggestValues" field="#FIELD_NAME#" cur_value="#CUR_VALUE#" no_amp="1" js_escape="1"/>';
 
 		new AJAXDropDown($field_mask.replace('#FIELD_NAME#', 'Section'), function(cur_value) {
 			return $suggest_url.replace('#FIELD_NAME#', 'Section').replace('#CUR_VALUE#', encodeURIComponent(cur_value));
Index: branches/5.2.x/core/admin_templates/categories/cache_updater.tpl
===================================================================
diff -u -r14244 -r16339
--- branches/5.2.x/core/admin_templates/categories/cache_updater.tpl	(.../cache_updater.tpl)	(revision 14244)
+++ branches/5.2.x/core/admin_templates/categories/cache_updater.tpl	(.../cache_updater.tpl)	(revision 16339)
@@ -15,7 +15,7 @@
 		</tr>
 		<tr>
 	    	<td align="right" width="50%">
-	    			<input type="button" name="yes_btn" value="<inp2:m_phrase name='la_yes'/>" onclick="goto_url('<inp2:m_t continue="1"/>');" class="button" />
+	    			<input type="button" name="yes_btn" value="<inp2:m_phrase name='la_yes'/>" onclick="goto_url('<inp2:m_t continue="1" no_amp="1" js_escape="1"/>');" class="button" />
 		    </td>
 			<td>
 				<img src="img/spacer.gif" width="10" />
@@ -32,7 +32,7 @@
 			window_close();
 		}
 
-		$CacheUpdater = new AjaxProgressBar('<inp2:m_t t="categories/xml/cache_updater" continue="2" no_amp="1"/>');
+		$CacheUpdater = new AjaxProgressBar('<inp2:m_t t="categories/xml/cache_updater" continue="2" no_amp="1" js_escape="1"/>');
 	</script>
 </inp2:m_if>
 
Index: branches/5.2.x/core/admin_templates/tools/compile_templates.tpl
===================================================================
diff -u -r14244 -r16339
--- branches/5.2.x/core/admin_templates/tools/compile_templates.tpl	(.../compile_templates.tpl)	(revision 14244)
+++ branches/5.2.x/core/admin_templates/tools/compile_templates.tpl	(.../compile_templates.tpl)	(revision 16339)
@@ -8,10 +8,10 @@
 	<inp2:m_RenderElement name="ajax_progress_bar" cancel_action="cancel_action();"/>
 	<script type="text/javascript">
 		function cancel_action() {
-			redirect('<inp2:m_Link template="tools/compile_complete"/>');
+			redirect('<inp2:m_Link template="tools/compile_complete" no_amp="1" js_escape="1"/>');
 		}
 
-		$QueueProcessor = new AjaxProgressBar('<inp2:m_t template="index" adm_event="OnCompileTemplates" type="return_progress" finish_template="tools/compile_complete" pass="m,adm" no_amp="1"/>');
+		$QueueProcessor = new AjaxProgressBar('<inp2:m_t template="index" adm_event="OnCompileTemplates" type="return_progress" finish_template="tools/compile_complete" pass="m,adm" no_amp="1" js_escape="1"/>');
 	</script>
 
 <inp2:m_include t="incs/footer"/>
\ No newline at end of file
Index: branches/5.2.x/core/admin_templates/groups/groups_edit_users.tpl
===================================================================
diff -u -r14244 -r16339
--- branches/5.2.x/core/admin_templates/groups/groups_edit_users.tpl	(.../groups_edit_users.tpl)	(revision 14244)
+++ branches/5.2.x/core/admin_templates/groups/groups_edit_users.tpl	(.../groups_edit_users.tpl)	(revision 16339)
@@ -40,7 +40,7 @@
 
 					a_toolbar.AddButton( new ToolBarButton('usertogroup', '<inp2:m_phrase label="la_ToolTip_AddUserToGroup" escape="1"/>',
 							function() {
-								openSelector('g-ug', '<inp2:m_Link t="users/user_selector" pass="m,g"/>', 'GroupId', '800x600');
+								openSelector('g-ug', '<inp2:m_Link t="users/user_selector" pass="m,g" no_amp="1" js_escape="1"/>', 'GroupId', '800x600');
 							} ) );
 
 					a_toolbar.AddButton( new ToolBarButton('delete', '<inp2:m_phrase label="la_ToolTip_Delete" escape="1"/>', function() {
Index: branches/5.2.x/core/admin_templates/stylesheets/base_style_edit.tpl
===================================================================
diff -u -r14244 -r16339
--- branches/5.2.x/core/admin_templates/stylesheets/base_style_edit.tpl	(.../base_style_edit.tpl)	(revision 14244)
+++ branches/5.2.x/core/admin_templates/stylesheets/base_style_edit.tpl	(.../base_style_edit.tpl)	(revision 16339)
@@ -46,7 +46,7 @@
 				{
 					if( ValidateRequired() )
 					{
-						openSelector('selectors', '<inp2:m_t t="stylesheets/style_editor" pass="all"/>', '', '850x460', 'OnOpenStyleEditor');
+						openSelector('selectors', '<inp2:m_t t="stylesheets/style_editor" pass="all" no_amp="1" js_escape="1"/>', '', '850x460', 'OnOpenStyleEditor');
 					}
 					else
 					{
Index: branches/5.2.x/core/admin_templates/incs/footer.tpl
===================================================================
diff -u -r15856 -r16339
--- branches/5.2.x/core/admin_templates/incs/footer.tpl	(.../footer.tpl)	(revision 15856)
+++ branches/5.2.x/core/admin_templates/incs/footer.tpl	(.../footer.tpl)	(revision 16339)
@@ -18,7 +18,7 @@
 
 		<inp2:m_ifnot check="m_Get" name="m_wid" equals_to="">
 			// for popups only; TODO: find a way, how to identify editing popups, not selectors
-			var _DropTempUrl = '<inp2:m_t pass="m,adm" adm_event="OnDropTempTablesByWID" js_escape="1"/>';
+			var _DropTempUrl = '<inp2:m_t pass="m,adm" adm_event="OnDropTempTablesByWID" no_amp="1" js_escape="1"/>';
 		</inp2:m_ifnot>
 
 		Application.footerInit();
Index: branches/5.2.x/core/admin_templates/groups/groups_list.tpl
===================================================================
diff -u -r14244 -r16339
--- branches/5.2.x/core/admin_templates/groups/groups_list.tpl	(.../groups_list.tpl)	(revision 14244)
+++ branches/5.2.x/core/admin_templates/groups/groups_list.tpl	(.../groups_list.tpl)	(revision 16339)
@@ -38,7 +38,7 @@
 								function() {
 									Application.SetVar('remove_specials[g.total]', 1);
 									Application.SetVar('mailing_recipient_type', 'g');
-									openSelector('mailing-list', '<inp2:m_Link template="mailing_lists/mailing_list_edit"/>', 'UserEmail', null, 'OnNew');
+									openSelector('mailing-list', '<inp2:m_Link template="mailing_lists/mailing_list_edit" no_amp="1" js_escape="1"/>', 'UserEmail', null, 'OnNew');
 								}
 							)
 						);
@@ -62,7 +62,7 @@
 <inp2:m_RenderElement name="grid" PrefixSpecial="g.total" IdField="GroupId" grid="Default"/>
 <script type="text/javascript">
 	Grids['g.total'].SetDependantToolbarButtons( new Array('edit', 'delete', 'e-mail') );
-	
+
 	<inp2:m_if check="m_Recall" name="refresh_tree">
 	 	<inp2:m_RemoveVar name="refresh_tree"/>
   		getFrame('menu').location.reload();
Index: branches/5.2.x/core/admin_templates/categories/categories_edit_permissions.tpl
===================================================================
diff -u -r16286 -r16339
--- branches/5.2.x/core/admin_templates/categories/categories_edit_permissions.tpl	(.../categories_edit_permissions.tpl)	(revision 16286)
+++ branches/5.2.x/core/admin_templates/categories/categories_edit_permissions.tpl	(.../categories_edit_permissions.tpl)	(revision 16339)
@@ -66,7 +66,7 @@
 					set_hidden_field('t', $prev_template);
 				}
 
-	  			var $PermManager = new Catalog('<inp2:m_Link template="categories/permissions_tab" item_prefix="#ITEM_PREFIX#" group_id="#GROUP_ID#" no_amp="1" pass="m,c"/>', 'permmanager_', 'CategoryPermissionEditor');
+	  			var $PermManager = new Catalog('<inp2:m_Link template="categories/permissions_tab" item_prefix="#ITEM_PREFIX#" group_id="#GROUP_ID#" pass="m,c" no_amp="1" js_escape="1"/>', 'permmanager_', 'CategoryPermissionEditor');
 
 				a_toolbar = new ToolBar();
 				a_toolbar.AddButton( new ToolBarButton('select', '<inp2:m_phrase label="la_ToolTip_Save" escape="1"/>', function() {
Index: branches/5.2.x/core/admin_templates/summary/root.tpl
===================================================================
diff -u -r14244 -r16339
--- branches/5.2.x/core/admin_templates/summary/root.tpl	(.../root.tpl)	(revision 14244)
+++ branches/5.2.x/core/admin_templates/summary/root.tpl	(.../root.tpl)	(revision 16339)
@@ -1,4 +1,3 @@
-
 	<!-- overview box: begin -->
 	<table cellspacing="0" cellpadding="0" width="269">
 		<tr>
@@ -55,7 +54,7 @@
 				<script type="text/javascript">
 					function doSearch()
 					{
-						submit_action('<inp2:m_t index_file="users/user_list.php" pass="m" escape="1"/>', 'm_user_search');
+						submit_action('<inp2:m_t index_file="users/user_list.php" pass="m" no_amp="1" js_escape="1"/>', 'm_user_search');
 					}
 				</script>
 
Index: branches/5.2.x/core/admin_templates/js/script.js
===================================================================
diff -u -r16276 -r16339
--- branches/5.2.x/core/admin_templates/js/script.js	(.../script.js)	(revision 16276)
+++ branches/5.2.x/core/admin_templates/js/script.js	(.../script.js)	(revision 16339)
@@ -365,7 +365,7 @@
 	set_hidden_field('events[trans]', 'OnLoad');
 
 	var $regex = new RegExp('(.*)\?env=(' + document.getElementById('sid').value + ')?-(.*?):(.*)');
-	var $t = $regex.exec(url)[3];
+	var $t = $regex.exec(rawurldecode(url))[3];
 
 	$kf.target = wnd;
 	submit_event(prefix, '', $t, url);
@@ -548,7 +548,7 @@
 function openSelector($prefix, $url, $dst_field, $window_size, $event) {
 	// get template name from url
 	var $regex = new RegExp('(.*)\?env=(' + document.getElementById('sid').value + ')?-(.*?):(m[^:]+)');
-	$regex = $regex.exec($url);
+	$regex = $regex.exec(rawurldecode($url));
 
 	var $t = $regex[3];
 
@@ -1852,7 +1852,7 @@
 		// setTimeout allows to call method indirectly. Without it whole idea won't work 2nd time (try adding 2 relations one after another)
 		setTimeout(
 			function () {
-				openSelector('adm', $ru.replace(/%5C/g, '\\') + '&merge_opener_stack=1');
+				openSelector('adm', $ru + '&merge_opener_stack=1');
 			},
 			200
 		);
@@ -1863,7 +1863,7 @@
 	window.focus();
 
 	if ( !(($force_skip_refresh === true) || (typeof $skip_refresh != 'undefined' && $skip_refresh)) ) {
-		window.location.href = $redirect_url.replace(/%5C/g, '\\');
+		window.location.href = rawurldecode($redirect_url);
 	}
 }
 
@@ -1874,6 +1874,20 @@
 	return document.getElementById($prepend + $mask.replace('#FIELD_NAME#', $field) + $append);
 }
 
+function rawurldecode(str) {
+
+	if ( str.indexOf('?') != -1 ) {
+		var $parts = str.split('?', 2);
+
+		return $parts[0] + ($parts.length == 2 ? '?' + rawurldecode($parts[1]) : '');
+	}
+
+	return decodeURIComponent((str + '').replace(/%(?![\da-f]{2})/gi, function () {
+		// PHP tolerates poorly formed escape sequences
+		return '%25';
+	}));
+}
+
 Array.prototype.each = function ($callback) {
 	var $result = null;
 
Index: branches/5.2.x/core/admin_templates/export/export_progress.tpl
===================================================================
diff -u -r16062 -r16339
--- branches/5.2.x/core/admin_templates/export/export_progress.tpl	(.../export_progress.tpl)	(revision 16062)
+++ branches/5.2.x/core/admin_templates/export/export_progress.tpl	(.../export_progress.tpl)	(revision 16339)
@@ -8,7 +8,7 @@
 	<inp2:m_RenderElement name="ajax_progress_bar" cancel_action="cancel_action();"/>
 	<script type="text/javascript">
 		function cancel_action() {
-			redirect('<inp2:m_Link template="export/export_complete"/>');
+			redirect('<inp2:m_Link template="export/export_complete" no_amp="1" js_escape="1"/>');
 		}
 
 		function rand(n)
@@ -22,7 +22,7 @@
 		for(var i=0; i<10; i++) {
 			export_rand += (rand(10) - 1);
 		}
-		var action_url = '<inp2:m_t template="index" adm_event="OnExportCSV" type="return_progress" finish_template="export/export_complete" PrefixSpecial="#PrefixSpecial#" grid="#grid#" export_rand="#export_rand#" pass="m,adm" no_amp="1"/>';
+		var action_url = '<inp2:m_t template="index" adm_event="OnExportCSV" type="return_progress" finish_template="export/export_complete" PrefixSpecial="#PrefixSpecial#" grid="#grid#" export_rand="#export_rand#" pass="m,adm" no_amp="1" js_escape="1"/>';
 		action_url = action_url.replace('#PrefixSpecial#', PrefixSpecial);
 		action_url = action_url.replace('#grid#', grid);
 		action_url = action_url.replace('#export_rand#', export_rand);
Index: branches/5.2.x/core/admin_templates/import/import_progress.tpl
===================================================================
diff -u -r14244 -r16339
--- branches/5.2.x/core/admin_templates/import/import_progress.tpl	(.../import_progress.tpl)	(revision 14244)
+++ branches/5.2.x/core/admin_templates/import/import_progress.tpl	(.../import_progress.tpl)	(revision 16339)
@@ -9,12 +9,12 @@
 	<inp2:m_RenderElement name="ajax_progress_bar" cancel_action="cancel_action();"/>
 	<script type="text/javascript">
 		function cancel_action() {
-			redirect('<inp2:m_Link template="import/import_complete"/>');
+			redirect('<inp2:m_Link template="import/import_complete" no_amp="1" js_escape="1"/>');
 		}
 
 		var PrefixSpecial = '<inp2:m_Get var="PrefixSpecial" js_escape="1" />';
 		var grid = '<inp2:m_Get var="grid" js_escape="1" />';
-		var action_url = '<inp2:m_t template="index" adm_event="OnCSVImportStep" type="return_progress" finish_template="import/import_complete" PrefixSpecial="#PrefixSpecial#" grid="#grid#" pass="m,adm" no_amp="1"/>';
+		var action_url = '<inp2:m_t template="index" adm_event="OnCSVImportStep" type="return_progress" finish_template="import/import_complete" PrefixSpecial="#PrefixSpecial#" grid="#grid#" pass="m,adm" no_amp="1" js_escape="1"/>';
 		action_url = action_url.replace('#PrefixSpecial#', PrefixSpecial);
 		action_url = action_url.replace('#grid#', grid);
 	//	window.open(action_url);
Index: branches/5.2.x/core/units/helpers/ajax_form_helper.php
===================================================================
diff -u -r16003 -r16339
--- branches/5.2.x/core/units/helpers/ajax_form_helper.php	(.../ajax_form_helper.php)	(revision 16003)
+++ branches/5.2.x/core/units/helpers/ajax_form_helper.php	(.../ajax_form_helper.php)	(revision 16339)
@@ -138,10 +138,7 @@
 						$event->redirect = '';
 					}
 
-					$redirect_to = $this->Application->HREF($event->redirect, '', $event->getRedirectParams(), $event->redirectScript);
-
-					// is used from JavaScript / redirecting, so any "&amp;" could break it
-					$params['redirect_to'] = str_replace(Array ('&amp;', '%5C'), Array ('&', '\\'), $redirect_to);
+					$params['redirect_to'] = $this->Application->HREF($event->redirect, '', $event->getRedirectParams(), $event->redirectScript);
 				}
 
 				$params = array_merge($params, $event->getRedirectParams());
@@ -151,4 +148,4 @@
 
 			return $params['status'] == 'OK';
 		}
-	}
\ No newline at end of file
+	}