Index: trunk/kernel/include/parseditem.php
===================================================================
diff -u -r725 -r738
--- trunk/kernel/include/parseditem.php	(.../parseditem.php)	(revision 725)
+++ trunk/kernel/include/parseditem.php	(.../parseditem.php)	(revision 738)
@@ -936,8 +936,8 @@
         }
         if(!$found && $LoadFromDB==TRUE)
         {
-            $sql = "SELECT * FROM ".$this->SourceTable." WHERE $Field = '$Value'";
-            //echo $sql;
+            $sql = 'SELECT * FROM '.$this->SourceTable.' WHERE '.$Field.' = "'.addslashes($Value).'"';
+//            $sql = 'SELECT * FROM '.$this->SourceTable.' WHERE '.$Field.' = "'.($Value).'"';
             $res = $this->adodbConnection->Execute($sql);
 
             if($res && !$res->EOF)
Index: trunk/admin/users/addgroup.php
===================================================================
diff -u -r624 -r738
--- trunk/admin/users/addgroup.php	(.../addgroup.php)	(revision 624)
+++ trunk/admin/users/addgroup.php	(.../addgroup.php)	(revision 738)
@@ -179,14 +179,14 @@
   <tr <?php int_table_color(); ?>> 
     <td valign="top"><span ID="prompt_group_name" class="text"><?php echo prompt_language("la_prompt_GroupName"); ?></span></td>
     <td> 
-      <input type="text" ValidationType="exists" tabindex="1" name="group_name" class="text" size="20" value="<?php echo $c->parsetag("group_name"); ?>">
+      <input type="text" ValidationType="exists" tabindex="1" name="group_name" class="text" size="20" value="<?php echo inp_htmlize($c->parsetag("group_name")); ?>">
     </td>
     <td></td>
   </tr>
    <tr <?php int_table_color(); ?>> 
     <td valign="top"><span class="text"><?php echo prompt_language("la_prompt_Comments"); ?></span></td>
     <td> 
-      <textarea name="group_comments" tabindex="2" cols="30" rows="5" class="text"><?php echo inp_textarea_unescape($c->Get("Description")); ?></textarea>
+      <textarea name="group_comments" tabindex="2" cols="30" rows="5" class="text"><?php echo inp_htmlize($c->Get("Description")); ?></textarea>
     </td>
     <td><span class="text">&nbsp;</span></td>
   </tr>
Index: trunk/admin/users/adduser_custom.php
===================================================================
diff -u -r624 -r738
--- trunk/admin/users/adduser_custom.php	(.../adduser_custom.php)	(revision 624)
+++ trunk/admin/users/adduser_custom.php	(.../adduser_custom.php)	(revision 738)
@@ -167,7 +167,7 @@
       
       if(is_object($f))
       {
-        $val_field = "<input type=\"text\" tabindex=\"".($i+1)."\" VALUE=\"".$f->Get("Value")."\" name=\"$fieldname\">";
+        $val_field = "<input type=\"text\" tabindex=\"".($i+1)."\" VALUE=\"".inp_htmlize($f->Get("Value"))."\" name=\"$fieldname\">";
         $field->Set("Value", $val_field);
         $field->Set("DataId",$f->Get("CustomDataId"));
       }
Index: trunk/admin/users/addgroup_users.php
===================================================================
diff -u -r732 -r738
--- trunk/admin/users/addgroup_users.php	(.../addgroup_users.php)	(revision 732)
+++ trunk/admin/users/addgroup_users.php	(.../addgroup_users.php)	(revision 738)
@@ -220,8 +220,8 @@
 }
 else
 {
-	$list = '-1';
-	$where = "u.PortalUserId = -1 ";
+  $list=0;
+  $where = "u.PortalUserId = -1 ";
 }
 $order = $objConfig->Get("User_SortOrder");
 $SearchWords = $objSession->GetVariable("UserGroupSearchWord");
@@ -245,7 +245,7 @@
    echo htmlentities($sql,ENT_NOQUOTES)."<br>\n";
 
 $objUsers->Query_Item($sql, $objListView->GetLimitSQL() );
-$itemcount = TableCount(GetTablePrefix()."PortalUser", 'PortalUserId IN ('.$list.')',0);
+$itemcount = $list?TableCount(GetTablePrefix()."PortalUser","PortalUserId IN ($list)",0):0;
   
 $objListView->SetListItems($objUsers);
 $objListView->IdField = "ResourceId";