Index: branches/5.2.x/units/coupons/coupons_event_handler.php
===================================================================
diff -u -r14986 -r15047
--- branches/5.2.x/units/coupons/coupons_event_handler.php	(.../coupons_event_handler.php)	(revision 14986)
+++ branches/5.2.x/units/coupons/coupons_event_handler.php	(.../coupons_event_handler.php)	(revision 15047)
@@ -1,6 +1,6 @@
 <?php
 /**
-* @version	$Id: coupons_event_handler.php 14986 2012-01-04 16:11:56Z alex $
+* @version	$Id: coupons_event_handler.php 15047 2012-01-16 15:18:30Z alex $
 * @package	In-Commerce
 * @copyright	Copyright (C) 1997 - 2009 Intechnic. All rights reserved.
 * @license	Commercial License
@@ -103,7 +103,7 @@
 
 		$items_info = $this->Application->GetVar( $event->getPrefixSpecial(true) );
 		list($id, $field_values) = each($items_info);
-		$object->SetFieldsFromHash($field_values);
+		$object->SetFieldsFromHash($field_values, $this->getRequestProtectedFields($field_values));
 		$object->setID($id);
 
 		if ( !$object->Validate() ) {
Index: branches/5.2.x/units/destinations/dst_event_handler.php
===================================================================
diff -u -r14872 -r15047
--- branches/5.2.x/units/destinations/dst_event_handler.php	(.../dst_event_handler.php)	(revision 14872)
+++ branches/5.2.x/units/destinations/dst_event_handler.php	(.../dst_event_handler.php)	(revision 15047)
@@ -1,6 +1,6 @@
 <?php
 /**
-* @version	$Id: dst_event_handler.php 14872 2011-12-16 11:56:28Z alex $
+* @version	$Id: dst_event_handler.php 15047 2012-01-16 15:18:30Z alex $
 * @package	In-Commerce
 * @copyright	Copyright (C) 1997 - 2009 Intechnic. All rights reserved.
 * @license	Commercial License
@@ -33,7 +33,7 @@
 		}
 
 		foreach ($items_info as $field_values) {
-			$object->SetFieldsFromHash($field_values);
+			$object->SetFieldsFromHash($field_values, $this->getRequestProtectedFields($field_values));
 			$this->customProcessing($event, 'before');
 
 			if ( $object->Create() ) {
Index: branches/5.2.x/units/product_option_combinations/product_option_combinations_event_handler.php
===================================================================
diff -u -r14986 -r15047
--- branches/5.2.x/units/product_option_combinations/product_option_combinations_event_handler.php	(.../product_option_combinations_event_handler.php)	(revision 14986)
+++ branches/5.2.x/units/product_option_combinations/product_option_combinations_event_handler.php	(.../product_option_combinations_event_handler.php)	(revision 15047)
@@ -1,6 +1,6 @@
 <?php
 /**
-* @version	$Id: product_option_combinations_event_handler.php 14986 2012-01-04 16:11:56Z alex $
+* @version	$Id: product_option_combinations_event_handler.php 15047 2012-01-16 15:18:30Z alex $
 * @package	In-Commerce
 * @copyright	Copyright (C) 1997 - 2009 Intechnic. All rights reserved.
 * @license	Commercial License
@@ -167,7 +167,7 @@
 		if($items_info)
 		{
 			list($id,$field_values) = each($items_info);
-			$object->SetFieldsFromHash($field_values);
+			$object->SetFieldsFromHash($field_values, $this->getRequestProtectedFields($field_values));
 			if (!$object->Validate()) {
 				$event->status = kEvent::erFAIL;
 				$event->redirect = false;
@@ -199,7 +199,7 @@
 			foreach($items_info as $id => $field_values)
 			{
 				$object->Load($id);
- 				$object->SetFieldsFromHash($field_values);
+ 				$object->SetFieldsFromHash($field_values, $this->getRequestProtectedFields($field_values));
 
  				if (!$object->Validate()) {
 					$event->status = kEvent::erFAIL;
Index: branches/5.2.x/units/orders/orders_item.php
===================================================================
diff -u -r14884 -r15047
--- branches/5.2.x/units/orders/orders_item.php	(.../orders_item.php)	(revision 14884)
+++ branches/5.2.x/units/orders/orders_item.php	(.../orders_item.php)	(revision 15047)
@@ -1,6 +1,6 @@
 <?php
 /**
-* @version	$Id: orders_item.php 14884 2011-12-19 11:26:05Z alex $
+* @version	$Id: orders_item.php 15047 2012-01-16 15:18:30Z alex $
 * @package	In-Commerce
 * @copyright	Copyright (C) 1997 - 2009 Intechnic. All rights reserved.
 * @license	Commercial License
@@ -22,13 +22,14 @@
 		 * of current item. If current item' fields are unknown {@link kDBItem::PrepareFields()} is called before actually setting the fields
 		 *
 		 * @param Array $hash
+		 * @param Array $skip_fields Optional param, field names in target object to skip, other fields will be set
 		 * @param Array $set_fields Optional param, field names in target object to set, other fields will be skipped
 		 * @return void
 		 * @access public
 		 */
-		public function SetFieldsFromHash($hash, $set_fields = Array ())
+		public function SetFieldsFromHash($hash, $skip_fields = Array (), $set_fields = Array ())
 		{
-			parent::SetFieldsFromHash($hash, $set_fields);
+			parent::SetFieldsFromHash($hash, $skip_fields, $set_fields);
 
 			$options = $this->GetFieldOptions('PaymentCCExpDate');
 
Index: branches/5.2.x/units/pricing/pricing_event_handler.php
===================================================================
diff -u -r15009 -r15047
--- branches/5.2.x/units/pricing/pricing_event_handler.php	(.../pricing_event_handler.php)	(revision 15009)
+++ branches/5.2.x/units/pricing/pricing_event_handler.php	(.../pricing_event_handler.php)	(revision 15047)
@@ -1,6 +1,6 @@
 <?php
 /**
-* @version	$Id: pricing_event_handler.php 15009 2012-01-06 20:37:54Z alex $
+* @version	$Id: pricing_event_handler.php 15047 2012-01-16 15:18:30Z alex $
 * @package	In-Commerce
 * @copyright	Copyright (C) 1997 - 2011 Intechnic. All rights reserved.
 * @license	Commercial License
@@ -202,11 +202,11 @@
 			$items_info = $this->Application->GetVar( $event->getPrefixSpecial(true) ); // get pr_tang var
 			uasort($items_info, 'pr_bracket_comp');
 
-			foreach ($items_info as $item_id => $values) {
+			foreach ($items_info as $item_id => $field_values) {
 
 				if (in_array($item_id, $stored_ids)) { //if it's already exist
 					$object->Load($item_id);
-					$object->SetFieldsFromHash($values);
+					$object->SetFieldsFromHash($field_values, $this->getRequestProtectedFields($field_values));
 
 					if (!$object->Validate()) {
 						unset($stored_ids[array_search($item_id, $stored_ids)]);
@@ -225,7 +225,7 @@
 				}
 				else {
 					$object->Clear();
-					$object->SetFieldsFromHash($values);
+					$object->SetFieldsFromHash($field_values, $this->getRequestProtectedFields($field_values));
 					$object->SetDBField('ProductId', $product_id);
 
 					if( $object->Create() ) {
Index: branches/5.2.x/units/order_items/order_items_event_handler.php
===================================================================
diff -u -r15018 -r15047
--- branches/5.2.x/units/order_items/order_items_event_handler.php	(.../order_items_event_handler.php)	(revision 15018)
+++ branches/5.2.x/units/order_items/order_items_event_handler.php	(.../order_items_event_handler.php)	(revision 15047)
@@ -1,6 +1,6 @@
 <?php
 /**
-* @version	$Id: order_items_event_handler.php 15018 2012-01-09 11:41:23Z alex $
+* @version	$Id: order_items_event_handler.php 15047 2012-01-16 15:18:30Z alex $
 * @package	In-Commerce
 * @copyright	Copyright (C) 1997 - 2009 Intechnic. All rights reserved.
 * @license	Commercial License
@@ -113,7 +113,7 @@
 				$object->Clear(); // otherwise validation errors will be passed to next object
 
 				$object->Load($id);
-				$object->SetFieldsFromHash($field_values);
+				$object->SetFieldsFromHash($field_values, $this->getRequestProtectedFields($field_values));
 				$this->customProcessing($event, 'before');
 
 				if ( $object->Update($id) ) {
Index: branches/5.2.x/units/shipping_costs/shipping_costs_event_handler.php
===================================================================
diff -u -r14986 -r15047
--- branches/5.2.x/units/shipping_costs/shipping_costs_event_handler.php	(.../shipping_costs_event_handler.php)	(revision 14986)
+++ branches/5.2.x/units/shipping_costs/shipping_costs_event_handler.php	(.../shipping_costs_event_handler.php)	(revision 15047)
@@ -1,6 +1,6 @@
 <?php
 /**
-* @version	$Id: shipping_costs_event_handler.php 14986 2012-01-04 16:11:56Z alex $
+* @version	$Id: shipping_costs_event_handler.php 15047 2012-01-16 15:18:30Z alex $
 * @package	In-Commerce
 * @copyright	Copyright (C) 1997 - 2009 Intechnic. All rights reserved.
 * @license	Commercial License
@@ -64,7 +64,7 @@
 		}
 
 		foreach ($items_info as $field_values) {
-			$object->SetFieldsFromHash($field_values);
+			$object->SetFieldsFromHash($field_values, $this->getRequestProtectedFields($field_values));
 			$this->customProcessing($event, 'before');
 
 			if ( $object->Create() ) {
Index: branches/5.2.x/units/orders/orders_event_handler.php
===================================================================
diff -u -r15046 -r15047
--- branches/5.2.x/units/orders/orders_event_handler.php	(.../orders_event_handler.php)	(revision 15046)
+++ branches/5.2.x/units/orders/orders_event_handler.php	(.../orders_event_handler.php)	(revision 15047)
@@ -1,6 +1,6 @@
 <?php
 /**
-* @version	$Id: orders_event_handler.php 15046 2012-01-16 13:58:12Z alex $
+* @version	$Id: orders_event_handler.php 15047 2012-01-16 15:18:30Z alex $
 * @package	In-Commerce
 * @copyright	Copyright (C) 1997 - 2009 Intechnic. All rights reserved.
 * @license	Commercial License
@@ -1729,13 +1729,9 @@
 		/* @var $object kDBItem */
 
 		// update values from submit
-		$items_info = $this->Application->GetVar($event->getPrefixSpecial(true));
-		if ( $items_info ) {
-			$field_values = array_shift($items_info);
-		}
+		$field_values = $this->getSubmittedFields($event);
+		$object->SetFieldsFromHash($field_values, $this->getRequestProtectedFields($field_values));
 
-		$object->SetFieldsFromHash($field_values);
-
 		$this->DoResetAddress($object, $from_tab, $to_tab);
 
 		$object->Update();
Index: branches/5.2.x/units/reports/reports_event_handler.php
===================================================================
diff -u -r15009 -r15047
--- branches/5.2.x/units/reports/reports_event_handler.php	(.../reports_event_handler.php)	(revision 15009)
+++ branches/5.2.x/units/reports/reports_event_handler.php	(.../reports_event_handler.php)	(revision 15047)
@@ -1,6 +1,6 @@
 <?php
 /**
-* @version	$Id: reports_event_handler.php 15009 2012-01-06 20:37:54Z alex $
+* @version	$Id: reports_event_handler.php 15047 2012-01-16 15:18:30Z alex $
 * @package	In-Commerce
 * @copyright	Copyright (C) 1997 - 2009 Intechnic. All rights reserved.
 * @license	Commercial License
@@ -49,7 +49,7 @@
 		if($items_info) $field_values = array_shift($items_info);
 
 		$object =& $event->getObject( Array('skip_autoload' => true) );
-		$object->SetFieldsFromHash($field_values);
+		$object->SetFieldsFromHash($field_values, $this->getRequestProtectedFields($field_values));
 		$object->UpdateFormattersMasterFields();
 
 		$field_values['offset'] = 0;
Index: branches/5.2.x/units/affiliate_plans_brackets/affiliate_plans_brackets_event_handler.php
===================================================================
diff -u -r14986 -r15047
--- branches/5.2.x/units/affiliate_plans_brackets/affiliate_plans_brackets_event_handler.php	(.../affiliate_plans_brackets_event_handler.php)	(revision 14986)
+++ branches/5.2.x/units/affiliate_plans_brackets/affiliate_plans_brackets_event_handler.php	(.../affiliate_plans_brackets_event_handler.php)	(revision 15047)
@@ -1,6 +1,6 @@
 <?php
 /**
-* @version	$Id: affiliate_plans_brackets_event_handler.php 14986 2012-01-04 16:11:56Z alex $
+* @version	$Id: affiliate_plans_brackets_event_handler.php 15047 2012-01-16 15:18:30Z alex $
 * @package	In-Commerce
 * @copyright	Copyright (C) 1997 - 2009 Intechnic. All rights reserved.
 * @license	Commercial License
@@ -115,6 +115,8 @@
 		function OnPreSaveBrackets(&$event)
 		{
 			$brackets_helper =& $this->Application->recallObject('BracketsHelper');
+			/* @var $brackets_helper kBracketsHelper */
+
 			$brackets_helper->InitHelper('FromAmount', 'ToAmount', Array('Percent' => '') );
 			$brackets_helper->OnPreSaveBrackets($event);
 		}
Index: branches/5.2.x/units/affiliates/affiliates_event_handler.php
===================================================================
diff -u -r15030 -r15047
--- branches/5.2.x/units/affiliates/affiliates_event_handler.php	(.../affiliates_event_handler.php)	(revision 15030)
+++ branches/5.2.x/units/affiliates/affiliates_event_handler.php	(.../affiliates_event_handler.php)	(revision 15047)
@@ -1,6 +1,6 @@
 <?php
 /**
-* @version	$Id: affiliates_event_handler.php 15030 2012-01-10 14:35:36Z alex $
+* @version	$Id: affiliates_event_handler.php 15047 2012-01-16 15:18:30Z alex $
 * @package	In-Commerce
 * @copyright	Copyright (C) 1997 - 2009 Intechnic. All rights reserved.
 * @license	Commercial License
@@ -309,7 +309,7 @@
 			/* @var $object kDBItem */
 
 			$field_values = $this->getSubmittedFields($event);
-			$object->SetFieldsFromHash($field_values);
+			$object->SetFieldsFromHash($field_values, $this->getRequestProtectedFields($field_values));
 			$object->setID(0);
 
 			if ( !$object->Validate() ) {
Index: branches/5.2.x/units/products/products_event_handler.php
===================================================================
diff -u -r15044 -r15047
--- branches/5.2.x/units/products/products_event_handler.php	(.../products_event_handler.php)	(revision 15044)
+++ branches/5.2.x/units/products/products_event_handler.php	(.../products_event_handler.php)	(revision 15047)
@@ -1,6 +1,6 @@
 <?php
 /**
-* @version	$Id: products_event_handler.php 15044 2012-01-16 11:24:58Z alex $
+* @version	$Id: products_event_handler.php 15047 2012-01-16 15:18:30Z alex $
 * @package	In-Commerce
 * @copyright	Copyright (C) 1997 - 2009 Intechnic. All rights reserved.
 * @license	Commercial License
@@ -110,7 +110,8 @@
 		$object =& $event->getObject();
 		/* @var $object kDBItem */
 
-		$object->SetFieldsFromHash( $this->getSubmittedFields($event) );
+		$field_values = $this->getSubmittedFields($event);
+		$object->SetFieldsFromHash($field_values, $this->getRequestProtectedFields($field_values));
 
 		if ($object->GetDBField('InventoryStatus') == 2) {
 			// inventory by options (use first selected combination in grid)