Index: branches/5.3.x/units/destinations/dst_event_handler.php
===================================================================
diff -u -r15899 -r16106
--- branches/5.3.x/units/destinations/dst_event_handler.php	(.../dst_event_handler.php)	(revision 15899)
+++ branches/5.3.x/units/destinations/dst_event_handler.php	(.../dst_event_handler.php)	(revision 16106)
@@ -1,6 +1,6 @@
 <?php
 /**
-* @version	$Id: dst_event_handler.php 15899 2013-07-12 10:32:25Z alex $
+* @version	$Id: dst_event_handler.php 16106 2014-12-07 11:32:50Z alex $
 * @package	In-Commerce
 * @copyright	Copyright (C) 1997 - 2009 Intechnic. All rights reserved.
 * @license	Commercial License
@@ -35,7 +35,8 @@
 		}
 
 		foreach ($items_info as $field_values) {
-			$object->SetFieldsFromHash($field_values, $this->getRequestProtectedFields($field_values));
+			$object->setID(0);
+			$object->SetFieldsFromHash($field_values);
 			$event->setEventParam('form_data', $field_values);
 			$this->customProcessing($event, 'before');
 
@@ -132,4 +133,4 @@
 
 	}
 
-}
\ No newline at end of file
+}
Index: branches/5.3.x/install/upgrades.sql
===================================================================
diff -u -r15925 -r16106
--- branches/5.3.x/install/upgrades.sql	(.../upgrades.sql)	(revision 15925)
+++ branches/5.3.x/install/upgrades.sql	(.../upgrades.sql)	(revision 16106)
@@ -294,4 +294,6 @@
 
 # ===== v 5.2.1-RC1 =====
 
+# ===== v 5.2.1 =====
+
 # ===== v 5.3.0-B1 =====
Index: branches/5.3.x/units/product_option_combinations/product_option_combinations_event_handler.php
===================================================================
diff -u -r15899 -r16106
--- branches/5.3.x/units/product_option_combinations/product_option_combinations_event_handler.php	(.../product_option_combinations_event_handler.php)	(revision 15899)
+++ branches/5.3.x/units/product_option_combinations/product_option_combinations_event_handler.php	(.../product_option_combinations_event_handler.php)	(revision 16106)
@@ -1,6 +1,6 @@
 <?php
 /**
-* @version	$Id: product_option_combinations_event_handler.php 15899 2013-07-12 10:32:25Z alex $
+* @version	$Id: product_option_combinations_event_handler.php 16106 2014-12-07 11:32:50Z alex $
 * @package	In-Commerce
 * @copyright	Copyright (C) 1997 - 2009 Intechnic. All rights reserved.
 * @license	Commercial License
@@ -74,7 +74,7 @@
 		return explode(',', $this->Conn->GetOne($query));
 	}
 
-	function CreateCombinations($event, $fields, $current_option=null)
+	function CreateCombinations(kEvent $event, $fields, $current_option=null)
 	{
 		$recursed = false;
 		$combination = $fields['Combination'];
@@ -99,6 +99,8 @@
 			ksort($salt);
 			$object->Load(kUtil::crc32(serialize($salt)), 'CombinationCRC');
 			$object->SetFieldsFromHash($fields);
+			$event->setEventParam('form_data', $fields);
+
 			$this->customProcessing($event,'before');
 			if ( $object->isLoaded() ) { // Update if such combination already exists
 				if( $object->Update() )
@@ -117,7 +119,7 @@
 		}
 	}
 
-	function UpdateCombinations($event, $fields, $current_option=null)
+	function UpdateCombinations(kEvent $event, $fields, $current_option=null)
 	{
 		$recursed = false;
 		$combination = $fields['Combination'];
@@ -147,6 +149,7 @@
 				$object->Load($edit_id);
 			}
 			$object->SetFieldsFromHash($fields);
+			$event->setEventParam('form_data', $fields);
 
 			$this->customProcessing($event,'before');
 			if( $object->Update() )
@@ -176,14 +179,14 @@
 		}
 
 		list($id, $field_values) = each($items_info);
-		$object->SetFieldsFromHash($field_values, $this->getRequestProtectedFields($field_values));
+		$object->setID($id);
+		$object->SetFieldsFromHash($field_values);
 		$event->setEventParam('form_data', $field_values);
 
 		if ( !$object->Validate() ) {
 			$event->status = kEvent::erFAIL;
 			$event->redirect = false;
 			$this->Application->SetVar($event->getPrefixSpecial() . '_SaveEvent', 'OnCreate');
-			$object->setID($id);
 			return;
 		}
 
@@ -208,7 +211,7 @@
 			foreach($items_info as $id => $field_values)
 			{
 				$object->Load($id);
- 				$object->SetFieldsFromHash($field_values, $this->getRequestProtectedFields($field_values));
+ 				$object->SetFieldsFromHash($field_values);
 				$event->setEventParam('form_data', $field_values);
 
  				if (!$object->Validate()) {
@@ -395,7 +398,7 @@
 			$temp_object->SwitchToTemp();
 			$temp_object->Load($id);
 
-			$temp_object->SetDBFieldsFromHash($live_object->GetFieldValues(), null, Array ('QtyInStock', 'QtyReserved', 'QtyBackOrdered', 'QtyOnOrder'));
+			$temp_object->SetDBFieldsFromHash($live_object->GetFieldValues(), Array ('QtyInStock', 'QtyReserved', 'QtyBackOrdered', 'QtyOnOrder'));
 			$temp_object->Update();
 		}
 	}
@@ -442,4 +445,4 @@
 		}
 	}
 
-}
\ No newline at end of file
+}
Index: branches/5.3.x/admin_templates/user_order_item_tab.tpl
===================================================================
diff -u -r15492 -r16106
--- branches/5.3.x/admin_templates/user_order_item_tab.tpl	(.../user_order_item_tab.tpl)	(revision 15492)
+++ branches/5.3.x/admin_templates/user_order_item_tab.tpl	(.../user_order_item_tab.tpl)	(revision 16106)
@@ -17,7 +17,7 @@
 		<inp2:$prefix_InitList grid="$grid_name"/>
 
 		$Catalog.setItemCount('<inp2:m_param name="prefix"/>', '<inp2:{$prefix}_TotalRecords/>');
-		$Catalog.setCurrentCategory('<inp2:m_param name="prefix"/>', <inp2:m_get name="m_cat_id"/>);
+		$Catalog.setCurrentCategory('<inp2:m_param name="prefix"/>', <inp2:m_get name="m_cat_id" no_html_escape="1" js_escape="1"/>);
 		$Catalog.saveSearch('<inp2:m_Param name="prefix"/>', '<inp2:$prefix_SearchKeyword js_escape="1"/>', '<inp2:m_Param name="grid_name"/>');
 
 		<inp2:m_RenderElement name="grid_js" PrefixSpecial="$prefix" IdField="OrderId" grid="$grid_name"/>
@@ -33,4 +33,4 @@
 	</inp2:m_if>
 </inp2:m_DefineElement>
 
-<inp2:ord_InitCatalogTab render_as="order_catalog_tab" default_grid="Search" radio_grid="Radio"/>
\ No newline at end of file
+<inp2:ord_InitCatalogTab render_as="order_catalog_tab" default_grid="Search" radio_grid="Radio"/>
Index: branches/5.3.x/units/pricing/pricing_event_handler.php
===================================================================
diff -u -r15899 -r16106
--- branches/5.3.x/units/pricing/pricing_event_handler.php	(.../pricing_event_handler.php)	(revision 15899)
+++ branches/5.3.x/units/pricing/pricing_event_handler.php	(.../pricing_event_handler.php)	(revision 16106)
@@ -1,6 +1,6 @@
 <?php
 /**
-* @version	$Id: pricing_event_handler.php 15899 2013-07-12 10:32:25Z alex $
+* @version	$Id: pricing_event_handler.php 16106 2014-12-07 11:32:50Z alex $
 * @package	In-Commerce
 * @copyright	Copyright (C) 1997 - 2011 Intechnic. All rights reserved.
 * @license	Commercial License
@@ -184,7 +184,7 @@
 		$this->Application->SetVar($event->getPrefixSpecial(true), $temp); // store pr_tang var
 	}
 
-	function OnPreSaveBrackets($event)
+	function OnPreSaveBrackets(kEvent $event)
 	{
 		if( $this->Application->GetVar('pr_tang') ) {
 
@@ -206,7 +206,7 @@
 
 				if (in_array($item_id, $stored_ids)) { //if it's already exist
 					$object->Load($item_id);
-					$object->SetFieldsFromHash($field_values, $this->getRequestProtectedFields($field_values));
+					$object->SetFieldsFromHash($field_values);
 					$event->setEventParam('form_data', $field_values);
 
 					if (!$object->Validate()) {
@@ -225,8 +225,8 @@
 					unset($stored_ids[array_search($item_id, $stored_ids)]);
 				}
 				else {
-					$object->Clear();
-					$object->SetFieldsFromHash($field_values, $this->getRequestProtectedFields($field_values));
+					$object->Clear(0);
+					$object->SetFieldsFromHash($field_values);
 					$event->setEventParam('form_data', $field_values);
 
 					$object->SetDBField('ProductId', $product_id);
@@ -522,4 +522,4 @@
 		$object->addFilter('price_user_group', $object->TableName . '.GroupId=' . $pricing_group);
 	}
 
-}
\ No newline at end of file
+}
Index: branches/5.3.x/admin_templates/catalog_tab.tpl
===================================================================
diff -u -r15492 -r16106
--- branches/5.3.x/admin_templates/catalog_tab.tpl	(.../catalog_tab.tpl)	(revision 15492)
+++ branches/5.3.x/admin_templates/catalog_tab.tpl	(.../catalog_tab.tpl)	(revision 16106)
@@ -67,7 +67,7 @@
 		<inp2:$prefix_InitList grid="$grid_name"/>
 
 		$Catalog.setItemCount('<inp2:m_param name="prefix"/>', '<inp2:{$prefix}_CatalogItemCount/>');
-		$Catalog.setCurrentCategory('<inp2:m_param name="prefix"/>', <inp2:m_get name="m_cat_id"/>);
+		$Catalog.setCurrentCategory('<inp2:m_param name="prefix"/>', <inp2:m_get name="m_cat_id" no_html_escape="1" js_escape="1"/>);
 		$Catalog.saveSearch('<inp2:m_Param name="prefix"/>', '<inp2:$prefix_SearchKeyword js_escape="1"/>', '<inp2:m_Param name="grid_name"/>');
 
 		<inp2:m_DefineElement name="qty_td">
@@ -99,4 +99,4 @@
 	</inp2:m_if>
 </inp2:m_DefineElement>
 
-<inp2:p_InitCatalogTab render_as="catalog_tab" default_grid="Default" radio_grid="Radio"/>
\ No newline at end of file
+<inp2:p_InitCatalogTab render_as="catalog_tab" default_grid="Default" radio_grid="Radio"/>
Index: branches/5.3.x/admin_templates/products/products_pricing_grid.tpl
===================================================================
diff -u -r15492 -r16106
--- branches/5.3.x/admin_templates/products/products_pricing_grid.tpl	(.../products_pricing_grid.tpl)	(revision 15492)
+++ branches/5.3.x/admin_templates/products/products_pricing_grid.tpl	(.../products_pricing_grid.tpl)	(revision 16106)
@@ -5,8 +5,8 @@
 <inp2:m_else/>
 	<inp2:lang.current_SetContentType content_type="text/plain"/>
 	if ($request_visible) {
-		document.getElementById('<inp2:m_get name="item_prefix"/>_div').setAttribute('group_id', <inp2:m_get name="group_id"/>);
-		maximizeElement( jq('#<inp2:m_get name="item_prefix"/>_div') );
+		document.getElementById('<inp2:m_get name="item_prefix" no_html_escape="1" js_escape="1"/>_div').setAttribute('group_id', <inp2:m_get name="group_id" no_html_escape="1" js_escape="1"/>);
+		maximizeElement( jq('#<inp2:m_get name="item_prefix" no_html_escape="1" js_escape="1"/>_div') );
 	}
 	<inp2:m_if check="c_SaveWarning">
 		document.getElementById('save_warning').style.display = 'block';
@@ -107,4 +107,4 @@
 			</inp2:m_if>
 		</script>
 	</table>
-</inp2:m_if>
\ No newline at end of file
+</inp2:m_if>
Index: branches/5.3.x/units/affiliates/affiliates_event_handler.php
===================================================================
diff -u -r15936 -r16106
--- branches/5.3.x/units/affiliates/affiliates_event_handler.php	(.../affiliates_event_handler.php)	(revision 15936)
+++ branches/5.3.x/units/affiliates/affiliates_event_handler.php	(.../affiliates_event_handler.php)	(revision 16106)
@@ -1,6 +1,6 @@
 <?php
 /**
-* @version	$Id: affiliates_event_handler.php 15936 2013-08-14 09:32:43Z alex $
+* @version	$Id: affiliates_event_handler.php 16106 2014-12-07 11:32:50Z alex $
 * @package	In-Commerce
 * @copyright	Copyright (C) 1997 - 2009 Intechnic. All rights reserved.
 * @license	Commercial License
@@ -315,9 +315,10 @@
 			$object = $event->getObject( Array('form_name' => 'registration', 'skip_autoload' => true) );
 			/* @var $object kDBItem */
 
-			$field_values = $this->getSubmittedFields($event);
-			$object->SetFieldsFromHash($field_values, $this->getRequestProtectedFields($field_values));
 			$object->setID(0);
+			$field_values = $this->getSubmittedFields($event);
+			$object->SetFieldsFromHash($field_values);
+			$event->setEventParam('form_data', $field_values);
 
 			if ( !$object->Validate() ) {
 				$user = $event->MasterEvent->getObject();
@@ -671,4 +672,4 @@
 
 			return $object->GetDBField('PortalUserId') == $this->Application->RecallVar('user_id');
 		}
-	}
\ No newline at end of file
+	}
Index: branches/5.3.x/units/reports/reports_event_handler.php
===================================================================
diff -u -r15925 -r16106
--- branches/5.3.x/units/reports/reports_event_handler.php	(.../reports_event_handler.php)	(revision 15925)
+++ branches/5.3.x/units/reports/reports_event_handler.php	(.../reports_event_handler.php)	(revision 16106)
@@ -1,6 +1,6 @@
 <?php
 /**
-* @version	$Id: reports_event_handler.php 15925 2013-07-30 10:02:36Z alex $
+* @version	$Id: reports_event_handler.php 16106 2014-12-07 11:32:50Z alex $
 * @package	In-Commerce
 * @copyright	Copyright (C) 1997 - 2009 Intechnic. All rights reserved.
 * @license	Commercial License
@@ -39,17 +39,19 @@
 		$this->permMapping = array_merge($this->permMapping, $permissions);
 	}
 
-	function OnRunReport($event)
+	function OnRunReport(kEvent $event)
 	{
 		$this->Application->LinkVar('reports_finish_t');
 		$progress_t = $this->Application->GetVar('progress_t');
 		$event->redirect = $progress_t;
 
-		$items_info = $this->Application->GetVar( $event->getPrefixSpecial(true) );
-		if($items_info) $field_values = array_shift($items_info);
+		$field_values = $this->getSubmittedFields($event);
 
+		/** @var kDBItem $object */
 		$object = $event->getObject( Array('skip_autoload' => true) );
-		$object->SetFieldsFromHash($field_values, $this->getRequestProtectedFields($field_values));
+		$object->SetFieldsFromHash($field_values);
+		$event->setEventParam('form_data', $field_values);
+
 		$object->UpdateFormattersMasterFields();
 
 		$field_values['offset'] = 0;
@@ -758,6 +760,7 @@
 		}
 
 		foreach($report->Records as $a_row) {
+			// TODO: maybe this should be SetDBFieldsFromHash instead, because all data comes from inside.
 			$ReportItem->SetFieldsFromHash($a_row);
 			$row = '';
 			foreach ($a_fields AS $field => $a_props)
@@ -769,6 +772,7 @@
 		}
 
 		// totals
+		// TODO: maybe this should be SetDBFieldsFromHash instead, because all data comes from inside.
 		$ReportItem->SetFieldsFromHash($a_totals);
 		$counter = 0;
 		foreach ($a_fields AS $field => $a_props)
@@ -816,4 +820,4 @@
 		echo $ret;
 		exit();
 	}
-}
\ No newline at end of file
+}
Index: branches/5.3.x/units/shipping_costs/shipping_costs_event_handler.php
===================================================================
diff -u -r15899 -r16106
--- branches/5.3.x/units/shipping_costs/shipping_costs_event_handler.php	(.../shipping_costs_event_handler.php)	(revision 15899)
+++ branches/5.3.x/units/shipping_costs/shipping_costs_event_handler.php	(.../shipping_costs_event_handler.php)	(revision 16106)
@@ -1,6 +1,6 @@
 <?php
 /**
-* @version	$Id: shipping_costs_event_handler.php 15899 2013-07-12 10:32:25Z alex $
+* @version	$Id: shipping_costs_event_handler.php 16106 2014-12-07 11:32:50Z alex $
 * @package	In-Commerce
 * @copyright	Copyright (C) 1997 - 2009 Intechnic. All rights reserved.
 * @license	Commercial License
@@ -66,7 +66,8 @@
 		}
 
 		foreach ($items_info as $field_values) {
-			$object->SetFieldsFromHash($field_values, $this->getRequestProtectedFields($field_values));
+			$object->setID(0);
+			$object->SetFieldsFromHash($field_values);
 			$event->setEventParam('form_data', $field_values);
 			$this->customProcessing($event, 'before');
 
@@ -297,4 +298,4 @@
 			$object->Update(null, null, true);
 		}
 	}
-}
\ No newline at end of file
+}
Index: branches/5.3.x/units/product_options/product_options_tag_processor.php
===================================================================
diff -u -r15899 -r16106
--- branches/5.3.x/units/product_options/product_options_tag_processor.php	(.../product_options_tag_processor.php)	(revision 15899)
+++ branches/5.3.x/units/product_options/product_options_tag_processor.php	(.../product_options_tag_processor.php)	(revision 16106)
@@ -1,6 +1,6 @@
 <?php
 /**
-* @version	$Id: product_options_tag_processor.php 15899 2013-07-12 10:32:25Z alex $
+* @version	$Id: product_options_tag_processor.php 16106 2014-12-07 11:32:50Z alex $
 * @package	In-Commerce
 * @copyright	Copyright (C) 1997 - 2009 Intechnic. All rights reserved.
 * @license	Commercial License
@@ -108,7 +108,8 @@
 					$selected = is_array($option_value) && in_array(kUtil::escape($val), $option_value);
 				}
 				else { // radio buttons ?
-					$selected = htmlspecialchars_decode($option_value) == $val;
+					// TODO: Not sure why we're unescaping.
+					$selected = kUtil::unescape($option_value, kUtil::ESCAPE_HTML) == $val;
 				}
 			}
 
@@ -172,4 +173,4 @@
 	{
 		return $this->PrintList2($params);
 	}
-}
\ No newline at end of file
+}
Index: branches/5.3.x/units/affiliates/affiliates_tag_processor.php
===================================================================
diff -u -r15492 -r16106
--- branches/5.3.x/units/affiliates/affiliates_tag_processor.php	(.../affiliates_tag_processor.php)	(revision 15492)
+++ branches/5.3.x/units/affiliates/affiliates_tag_processor.php	(.../affiliates_tag_processor.php)	(revision 16106)
@@ -1,6 +1,6 @@
 <?php
 /**
-* @version	$Id: affiliates_tag_processor.php 15156 2012-03-04 09:27:14Z alex $
+* @version	$Id: affiliates_tag_processor.php 16106 2014-12-07 11:32:50Z alex $
 * @package	In-Commerce
 * @copyright	Copyright (C) 1997 - 2009 Intechnic. All rights reserved.
 * @license	Commercial License
@@ -48,9 +48,7 @@
 		 */
 		function GetUserAffiliateLink($params)
 		{
-			$params['skip_autoload'] = true;
-
-			$object = $this->getObject($params);
+			$object = $this->getObject(kUtil::array_merge_recursive($params, array('skip_autoload' => true)));
 			/* @var $object kDBItem */
 
 			$object->Load(array('PortalUserId' => $this->Application->RecallVar('user_id')));
Index: branches/5.3.x/install/upgrades.php
===================================================================
diff -u -r15925 -r16106
--- branches/5.3.x/install/upgrades.php	(.../upgrades.php)	(revision 15925)
+++ branches/5.3.x/install/upgrades.php	(.../upgrades.php)	(revision 16106)
@@ -1,6 +1,6 @@
 <?php
 /**
-* @version	$Id: upgrades.php 15925 2013-07-30 10:02:36Z alex $
+* @version	$Id: upgrades.php 16106 2014-12-07 11:32:50Z alex $
 * @package	In-Commerce
 * @copyright	Copyright (C) 1997 - 2009 Intechnic. All rights reserved.
 * @license	Commercial License
@@ -64,6 +64,7 @@
 				'5.2.1-B1' => Array ('Core' => '5.2.1-B1'),
 				'5.2.1-B2' => Array ('Core' => '5.2.1-B2'),
 				'5.2.1-RC1' => Array ('Core' => '5.2.1-RC1'),
+				'5.2.1' => Array ('Core' => '5.2.1'),
 				'5.3.0-B1' => Array ('Core' => '5.3.0-B1'),
 			);
 		}
Index: branches/5.3.x/units/taxesdestinations/taxes_dst_event_handler.php
===================================================================
diff -u -r15671 -r16106
--- branches/5.3.x/units/taxesdestinations/taxes_dst_event_handler.php	(.../taxes_dst_event_handler.php)	(revision 15671)
+++ branches/5.3.x/units/taxesdestinations/taxes_dst_event_handler.php	(.../taxes_dst_event_handler.php)	(revision 16106)
@@ -1,6 +1,6 @@
 <?php
 /**
-* @version	$Id: taxes_dst_event_handler.php 15671 2013-01-17 11:39:41Z alex $
+* @version	$Id: taxes_dst_event_handler.php 16106 2014-12-07 11:32:50Z alex $
 * @package	In-Commerce
 * @copyright	Copyright (C) 1997 - 2009 Intechnic. All rights reserved.
 * @license	Commercial License
@@ -54,10 +54,14 @@
 
 				if ( $taxdest->Load($field_values['TaxZoneDestId'], "TaxZoneDestId") ) {
 					$taxdest->SetFieldsFromHash($field_values);
+					$event->setEventParam('form_data', $field_values);
+
 					$taxdest->Update($field_values['TaxZoneDestId']);
 				}
 				else {
 					$taxdest->SetFieldsFromHash($field_values);
+					$event->setEventParam('form_data', $field_values);
+
 					$taxdest->Create($field_values['TaxZoneDestId']);
 				}
 			}
@@ -82,7 +86,10 @@
 		}
 
 		foreach ($items_info as $field_values) {
+			$object->setID(0);
 			$object->SetFieldsFromHash($field_values);
+			$event->setEventParam('form_data', $field_values);
+
 			$this->customProcessing($event, 'before');
 
 			if ( $object->Create() ) {
@@ -173,4 +180,4 @@
 
 	}
 
-}
\ No newline at end of file
+}
Index: branches/5.3.x/admin_templates/user_item_tab.tpl
===================================================================
diff -u -r15492 -r16106
--- branches/5.3.x/admin_templates/user_item_tab.tpl	(.../user_item_tab.tpl)	(revision 15492)
+++ branches/5.3.x/admin_templates/user_item_tab.tpl	(.../user_item_tab.tpl)	(revision 16106)
@@ -16,7 +16,7 @@
 		<inp2:$prefix_InitList grid="$grid_name"/>
 
 		$Catalog.setItemCount('<inp2:m_param name="prefix"/>', '<inp2:{$prefix}_CatalogItemCount/>');
-		$Catalog.setCurrentCategory('<inp2:m_param name="prefix"/>', <inp2:m_get name="m_cat_id"/>);
+		$Catalog.setCurrentCategory('<inp2:m_param name="prefix"/>', <inp2:m_get name="m_cat_id" no_html_escape="1" js_escape="1"/>);
 		$Catalog.saveSearch('<inp2:m_Param name="prefix"/>', '<inp2:$prefix_SearchKeyword js_escape="1"/>', '<inp2:m_Param name="grid_name"/>');
 
 		<inp2:m_DefineElement name="qty_td">
@@ -40,4 +40,4 @@
 
 <inp2:m_if check="m_Param" name="tab_init">
 	<inp2:m_include template="in-commerce/user_order_item_tab" tab_init="$tab_init" title_property="$title_property"/>
-</inp2:m_if>
\ No newline at end of file
+</inp2:m_if>
Index: branches/5.3.x/units/orders/orders_event_handler.php
===================================================================
diff -u -r15936 -r16106
--- branches/5.3.x/units/orders/orders_event_handler.php	(.../orders_event_handler.php)	(revision 15936)
+++ branches/5.3.x/units/orders/orders_event_handler.php	(.../orders_event_handler.php)	(revision 16106)
@@ -1,6 +1,6 @@
 <?php
 /**
-* @version	$Id: orders_event_handler.php 15936 2013-08-14 09:32:43Z alex $
+* @version	$Id: orders_event_handler.php 16106 2014-12-07 11:32:50Z alex $
 * @package	In-Commerce
 * @copyright	Copyright (C) 1997 - 2009 Intechnic. All rights reserved.
 * @license	Commercial License
@@ -1750,7 +1750,8 @@
 
 		// update values from submit
 		$field_values = $this->getSubmittedFields($event);
-		$object->SetFieldsFromHash($field_values, $this->getRequestProtectedFields($field_values));
+		$object->SetFieldsFromHash($field_values);
+		$event->setEventParam('form_data', $field_values);
 
 		$this->DoResetAddress($object, $from_tab, $to_tab);
 
@@ -4025,4 +4026,4 @@
 
 		$ajax_form_helper->transitEvent($event, 'OnUpdate');
 	}
-}
\ No newline at end of file
+}
Index: branches/5.3.x/units/gateways/gw_classes/paypal.php
===================================================================
diff -u -r15925 -r16106
--- branches/5.3.x/units/gateways/gw_classes/paypal.php	(.../paypal.php)	(revision 15925)
+++ branches/5.3.x/units/gateways/gw_classes/paypal.php	(.../paypal.php)	(revision 16106)
@@ -1,6 +1,6 @@
 <?php
 /**
-* @version	$Id: paypal.php 15925 2013-07-30 10:02:36Z alex $
+* @version	$Id: paypal.php 16106 2014-12-07 11:32:50Z alex $
 * @package	In-Commerce
 * @copyright	Copyright (C) 1997 - 2009 Intechnic. All rights reserved.
 * @license	Commercial License
@@ -237,6 +237,7 @@
 						'BillingCountry' => '???',
 					);
 
+					// TODO: maybe this should be SetDBFieldsFromHash instead, because all data comes from inside.
 					$order->SetFieldsFromHash($info);
 
 					$order->SetDBField('Status', ORDER_STATUS_PROCESSED);
@@ -265,4 +266,4 @@
 
 			return $success;
 		}
-	}
\ No newline at end of file
+	}
Index: branches/5.3.x/units/orders/order_manager.php
===================================================================
diff -u -r15695 -r16106
--- branches/5.3.x/units/orders/order_manager.php	(.../order_manager.php)	(revision 15695)
+++ branches/5.3.x/units/orders/order_manager.php	(.../order_manager.php)	(revision 16106)
@@ -1,6 +1,6 @@
 <?php
 /**
-* @version   $Id: order_manager.php 15695 2013-02-19 11:30:36Z alex $
+* @version   $Id: order_manager.php 16106 2014-12-07 11:32:50Z alex $
 * @package   In-Commerce
 * @copyright   Copyright (C) 1997 - 2009 Intechnic. All rights reserved.
 * @license   Commercial License
@@ -274,6 +274,7 @@
 						'BackOrderFlag' => $operation['BackOrderFlag'],
 						'ItemData' => serialize($item_data),
 						'PackageNum' => $operation['PackageNum'],
+						'OptionsSalt' => $operation['OptionsSalt'],
 					);
 
 					$order_item->SetDBFieldsFromHash($fields_hash);
@@ -482,4 +483,4 @@
 
 			return $this->Conn->GetRow($sql);
 		}
-	}
\ No newline at end of file
+	}
Index: branches/5.3.x/units/coupons/coupons_event_handler.php
===================================================================
diff -u -r15925 -r16106
--- branches/5.3.x/units/coupons/coupons_event_handler.php	(.../coupons_event_handler.php)	(revision 15925)
+++ branches/5.3.x/units/coupons/coupons_event_handler.php	(.../coupons_event_handler.php)	(revision 16106)
@@ -1,6 +1,6 @@
 <?php
 /**
-* @version	$Id: coupons_event_handler.php 15925 2013-07-30 10:02:36Z alex $
+* @version	$Id: coupons_event_handler.php 16106 2014-12-07 11:32:50Z alex $
 * @package	In-Commerce
 * @copyright	Copyright (C) 1997 - 2009 Intechnic. All rights reserved.
 * @license	Commercial License
@@ -89,7 +89,7 @@
 		$object->SetDBField('Expiration_time', $expiration);
 	}
 
-	function OnApplyClone($event)
+	function OnApplyClone(kEvent $event)
 	{
 		if ($this->Application->CheckPermission('SYSTEM_ACCESS.READONLY', 1)) {
 			$event->status = kEvent::erFAIL;
@@ -103,8 +103,9 @@
 
 		$items_info = $this->Application->GetVar( $event->getPrefixSpecial(true) );
 		list($id, $field_values) = each($items_info);
-		$object->SetFieldsFromHash($field_values, $this->getRequestProtectedFields($field_values));
 		$object->setID($id);
+		$object->SetFieldsFromHash($field_values);
+		$event->setEventParam('form_data', $field_values);
 
 		if ( !$object->Validate() ) {
 			$event->status = kEvent::erFAIL;
@@ -231,4 +232,4 @@
 
 		$object->SetDBField('Amount', abs($object->GetDBField('Amount')));
 	}
-}
\ No newline at end of file
+}
Index: branches/5.3.x/units/products/products_event_handler.php
===================================================================
diff -u -r15983 -r16106
--- branches/5.3.x/units/products/products_event_handler.php	(.../products_event_handler.php)	(revision 15983)
+++ branches/5.3.x/units/products/products_event_handler.php	(.../products_event_handler.php)	(revision 16106)
@@ -1,6 +1,6 @@
 <?php
 /**
-* @version	$Id: products_event_handler.php 15983 2013-10-07 14:37:11Z alex $
+* @version	$Id: products_event_handler.php 16106 2014-12-07 11:32:50Z alex $
 * @package	In-Commerce
 * @copyright	Copyright (C) 1997 - 2009 Intechnic. All rights reserved.
 * @license	Commercial License
@@ -111,7 +111,8 @@
 		/* @var $object kDBItem */
 
 		$field_values = $this->getSubmittedFields($event);
-		$object->SetFieldsFromHash($field_values, $this->getRequestProtectedFields($field_values));
+		$object->SetFieldsFromHash($field_values);
+		$event->setEventParam('form_data', $field_values);
 
 		if ($object->GetDBField('InventoryStatus') == 2) {
 			// inventory by options (use first selected combination in grid)
@@ -341,7 +342,7 @@
 		$temp->SwitchToTemp();
 		$temp->Load($id);
 
-		$temp->SetDBFieldsFromHash($product->GetFieldValues(), null, Array ('QtyInStock', 'QtyReserved', 'QtyBackOrdered', 'QtyOnOrder'));
+		$temp->SetDBFieldsFromHash($product->GetFieldValues(), Array ('QtyInStock', 'QtyReserved', 'QtyBackOrdered', 'QtyOnOrder'));
 		$temp->Update();
 	}
 
@@ -1607,4 +1608,4 @@
 
 		return $products;
 	}
-}
\ No newline at end of file
+}
Index: branches/5.3.x/units/order_items/order_items_event_handler.php
===================================================================
diff -u -r15899 -r16106
--- branches/5.3.x/units/order_items/order_items_event_handler.php	(.../order_items_event_handler.php)	(revision 15899)
+++ branches/5.3.x/units/order_items/order_items_event_handler.php	(.../order_items_event_handler.php)	(revision 16106)
@@ -1,6 +1,6 @@
 <?php
 /**
-* @version	$Id: order_items_event_handler.php 15899 2013-07-12 10:32:25Z alex $
+* @version	$Id: order_items_event_handler.php 16106 2014-12-07 11:32:50Z alex $
 * @package	In-Commerce
 * @copyright	Copyright (C) 1997 - 2009 Intechnic. All rights reserved.
 * @license	Commercial License
@@ -113,7 +113,7 @@
 				$object->Clear(); // otherwise validation errors will be passed to next object
 
 				$object->Load($id);
-				$object->SetFieldsFromHash($field_values, $this->getRequestProtectedFields($field_values));
+				$object->SetFieldsFromHash($field_values);
 				$event->setEventParam('form_data', $field_values);
 				$this->customProcessing($event, 'before');
 
@@ -366,4 +366,4 @@
 
 			return false;
 		}
-	}
\ No newline at end of file
+	}
Index: branches/5.3.x/units/order_items/order_items_tag_processor.php
===================================================================
diff -u -r15899 -r16106
--- branches/5.3.x/units/order_items/order_items_tag_processor.php	(.../order_items_tag_processor.php)	(revision 15899)
+++ branches/5.3.x/units/order_items/order_items_tag_processor.php	(.../order_items_tag_processor.php)	(revision 16106)
@@ -1,6 +1,6 @@
 <?php
 /**
-* @version	$Id: order_items_tag_processor.php 15899 2013-07-12 10:32:25Z alex $
+* @version	$Id: order_items_tag_processor.php 16106 2014-12-07 11:32:50Z alex $
 * @package	In-Commerce
 * @copyright	Copyright (C) 1997 - 2009 Intechnic. All rights reserved.
 * @license	Commercial License
@@ -78,7 +78,7 @@
 		$options = $item_data['Options'];
 		foreach ($options as $opt => $val) {
 			if ( !is_array($val) ) {
-				$val = htmlspecialchars_decode($val);
+				$val = kUtil::unescape($val, kUtil::ESCAPE_HTML); // TODO: Not sure why we're unescaping.
 			}
 			$key_data = $opt_helper->ConvertKey($opt, $object->GetDBField('ProductId'));
 
@@ -177,7 +177,7 @@
 		$i = 0;
 		foreach ($values as $val) {
 			$i++;
-			$val = htmlspecialchars_decode($val);
+			$val = kUtil::unescape($val, kUtil::ESCAPE_HTML); // TODO: Not sure why we're unescaping.
 
 			// TODO: consider escaping in template instead
 			$block_params['value'] = kUtil::escape($val);
@@ -302,4 +302,4 @@
 
 		return $order_helper->eligibleForFreePromoShipping($object);
 	}
-}
\ No newline at end of file
+}
Index: branches/5.3.x/units/orders/orders_item.php
===================================================================
diff -u -r15695 -r16106
--- branches/5.3.x/units/orders/orders_item.php	(.../orders_item.php)	(revision 15695)
+++ branches/5.3.x/units/orders/orders_item.php	(.../orders_item.php)	(revision 16106)
@@ -1,6 +1,6 @@
 <?php
 /**
-* @version	$Id: orders_item.php 15695 2013-02-19 11:30:36Z alex $
+* @version	$Id: orders_item.php 16106 2014-12-07 11:32:50Z alex $
 * @package	In-Commerce
 * @copyright	Copyright (C) 1997 - 2009 Intechnic. All rights reserved.
 * @license	Commercial License
@@ -15,21 +15,20 @@
 
 	class OrdersItem extends kDBItem
 	{
+
 		/**
 		 * Sets item' fields corresponding to elements in passed $hash values.
-		 *
 		 * The function sets current item fields to values passed in $hash, by matching $hash keys with field names
 		 * of current item. If current item' fields are unknown {@link kDBItem::PrepareFields()} is called before actually setting the fields
 		 *
-		 * @param Array $hash
-		 * @param Array $skip_fields Optional param, field names in target object to skip, other fields will be set
+		 * @param Array $hash       Fields hash.
 		 * @param Array $set_fields Optional param, field names in target object to set, other fields will be skipped
+		 *
 		 * @return void
-		 * @access public
 		 */
-		public function SetFieldsFromHash($hash, $skip_fields = Array (), $set_fields = Array ())
+		public function SetFieldsFromHash($hash, $set_fields = Array ())
 		{
-			parent::SetFieldsFromHash($hash, $skip_fields, $set_fields);
+			parent::SetFieldsFromHash($hash, $set_fields);
 
 			$options = $this->GetFieldOptions('PaymentCCExpDate');
 
@@ -378,4 +377,4 @@
 
 			$this->Application->StoreVar('checkout_errors', serialize($errors));
 		}
-	}
\ No newline at end of file
+	}
Index: branches/5.3.x/units/orders/order_calculator.php
===================================================================
diff -u -r15695 -r16106
--- branches/5.3.x/units/orders/order_calculator.php	(.../order_calculator.php)	(revision 15695)
+++ branches/5.3.x/units/orders/order_calculator.php	(.../order_calculator.php)	(revision 16106)
@@ -1,6 +1,6 @@
 <?php
 /**
-* @version   $Id: order_calculator.php 15695 2013-02-19 11:30:36Z alex $
+* @version   $Id: order_calculator.php 16106 2014-12-07 11:32:50Z alex $
 * @package   In-Commerce
 * @copyright   Copyright (C) 1997 - 2009 Intechnic. All rights reserved.
 * @license   Commercial License
@@ -576,7 +576,7 @@
 
 		protected function formatPrice($a_val, $price, $parsed)
 		{
-			$a_val = htmlspecialchars_decode($a_val);
+			$a_val = kUtil::unescape($a_val, kUtil::ESCAPE_HTML); // TODO: Not sure why we're unescaping.
 
 			$addition = 0;
 			$conv_prices = $parsed['Prices'];
@@ -856,4 +856,4 @@
 		{
 			return $this->manager->getTable($prefix);
 		}
-	}
\ No newline at end of file
+	}