Index: install.php
===================================================================
--- install.php	(revision 15597)
+++ install.php	(working copy)
@@ -1732,7 +1732,7 @@
 		 */
 		function DBErrorHandler($code, $msg, $sql)
 		{
-			$this->errorMessage = 'Query: <br />'.htmlspecialchars($sql).'<br />execution result is error:<br />['.$code.'] '.$msg;
+			$this->errorMessage = 'Query: <br />'.htmlspecialchars($sql, null, 'UTF-8').'<br />execution result is error:<br />['.$code.'] '.$msg;
 			return true;
 		}
 
Index: install/install_toolkit.php
===================================================================
--- install/install_toolkit.php	(revision 15437)
+++ install/install_toolkit.php	(working copy)
@@ -412,7 +412,7 @@
 				$this->Conn->Query($sql);
 				if ($this->Conn->getErrorCode() != 0) {
 					if (is_object($this->_installator)) {
-		  				$this->_installator->errorMessage = 'Error: ('.$this->Conn->getErrorCode().') '.$this->Conn->getErrorMsg().'<br /><br />Last Database Query:<br /><textarea cols="70" rows="10" readonly>'.htmlspecialchars($sql).'</textarea>';
+		  				$this->_installator->errorMessage = 'Error: ('.$this->Conn->getErrorCode().') '.$this->Conn->getErrorMsg().'<br /><br />Last Database Query:<br /><textarea cols="70" rows="10" readonly>'.htmlspecialchars($sql, null, 'UTF-8').'</textarea>';
 		  				$this->_installator->LastQueryNum = $i + 1;
 					}
 	  				return false;
@@ -728,7 +728,7 @@
 					$image_src = $this->Application->BaseURL() . $image_src;
 				}
 
-				$ret[] = '<img src="' . $image_src . '" alt="' . htmlspecialchars($module_name) . '" title="' . htmlspecialchars($module_name) . '" style="vertical-align:middle; margin: 3px 0 3px 5px"/>';
+				$ret[] = '<img src="' . $image_src . '" alt="' . htmlspecialchars($module_name, null, 'UTF-8') . '" title="' . htmlspecialchars($module_name, null, 'UTF-8') . '" style="vertical-align:middle; margin: 3px 0 3px 5px"/>';
 			}
 
 			if (array_key_exists('description', $module_info) && $module_info['description']) {
Index: kernel/db/db_event_handler.php
===================================================================
--- kernel/db/db_event_handler.php	(revision 15575)
+++ kernel/db/db_event_handler.php	(working copy)
@@ -3482,7 +3482,7 @@
 			echo '<suggestions>';
 
 			foreach ($data as $item) {
-				echo '<item>' . htmlspecialchars($item) . '</item>';
+				echo '<item>' . htmlspecialchars($item, null, CHARSET) . '</item>';
 			}
 
 			echo '</suggestions>';
Index: kernel/db/db_tag_processor.php
===================================================================
--- kernel/db/db_tag_processor.php	(revision 15437)
+++ kernel/db/db_tag_processor.php	(working copy)
@@ -897,7 +897,7 @@
 
 		if (!array_key_exists('no_special', $params) || !$params['no_special']) {
 			// when no_special parameter NOT SET apply htmlspecialchars
-			$value = htmlspecialchars($value);
+			$value = htmlspecialchars($value, null, CHARSET);
 		}
 
 		if (array_key_exists('checked', $params) && $params['checked']) {
@@ -2275,7 +2275,7 @@
 			}
 
 			if ( !array_key_exists('no_special', $params) || !$params['no_special'] ) {
-				$ret = htmlspecialchars($ret);
+				$ret = htmlspecialchars($ret, null, CHARSET);
 			}
 
 			return $ret;
Index: kernel/nparser/nparser.php
===================================================================
--- kernel/nparser/nparser.php	(revision 15437)
+++ kernel/nparser/nparser.php	(working copy)
@@ -838,7 +838,7 @@
 		$icon_url = $base_url . 'core/admin_templates/img/top_frame/icons/' . $btn_name . '_mode.png';
 
 		$block_editor = '
-			<div id="' . $container_id . '" params="' . $param_string . '" class="' . $btn_container_class . '" title="' . htmlspecialchars($block_title) . '">
+			<div id="' . $container_id . '" params="' . $param_string . '" class="' . $btn_container_class . '" title="' . htmlspecialchars($block_title, null, CHARSET) . '">
 				<button style="background-image: url(' . $icon_url . ');" class="cms-btn-new ' . $btn_class . '" id="' . $container_id . '_btn">' . $btn_text . '</button>
 				<div class="cms-btn-content">
 					%s
Index: kernel/processors/main_processor.php
===================================================================
--- kernel/processors/main_processor.php	(revision 15588)
+++ kernel/processors/main_processor.php	(working copy)
@@ -304,7 +304,7 @@
 
 		$ret = ($ret === false && isset($params['no_null'])) ? '' : $ret;
 		if (getArrayValue($params, 'special') || getArrayValue($params, 'htmlchars')) {
-			$ret = htmlspecialchars($ret);
+			$ret = htmlspecialchars($ret, null, CHARSET);
 		}
 
 		if (getArrayValue($params, 'urlencode')) {
@@ -610,7 +610,7 @@
 		}
 
 		if ( isset($params['escape']) && $params['escape'] ) {
-			$translation = htmlspecialchars($translation, ENT_QUOTES);
+			$translation = htmlspecialchars($translation, ENT_QUOTES, CHARSET);
 			$translation = addslashes($translation);
 		}
 
Index: kernel/processors/tag_processor.php
===================================================================
--- kernel/processors/tag_processor.php	(revision 15437)
+++ kernel/processors/tag_processor.php	(working copy)
@@ -202,7 +202,7 @@
 		function PostProcess($ret, $flag_values)
 		{
 			if ($flag_values['html_escape']) {
-				$ret = htmlspecialchars($ret);
+				$ret = htmlspecialchars($ret, null, CHARSET);
 			}
 			if ($flag_values['js_escape']) {
 				$ret = addslashes($ret);
@@ -329,7 +329,7 @@
 	{
 		// echo " prefix : $prefix <br>";
 		if (!isset($this->Prefixes[$prefix]))
-			$this->Application->ApplicationDie ("<b>Filepath and ClassName for prefix $prefix not defined while processing ".htmlspecialchars($tag->GetFullTag())."!</b>");
+			$this->Application->ApplicationDie ("<b>Filepath and ClassName for prefix $prefix not defined while processing ".htmlspecialchars($tag->GetFullTag(), null, CHARSET)."!</b>");
 		include_once($this->Prefixes[$prefix]['path']);
 		$ClassName = $this->Prefixes[$prefix]['class'];
 		$a_processor = new $ClassName($prefix);
Index: kernel/utility/debugger.php
===================================================================
--- kernel/utility/debugger.php	(revision 15597)
+++ kernel/utility/debugger.php	(working copy)
@@ -1147,7 +1147,7 @@
 								$value = '<b class="debug_error">no value</b>';
 							}
 							else {
-								$value = htmlspecialchars($this->print_r($value, true));
+								$value = htmlspecialchars($this->print_r($value, true), null, 'UTF-8');
 							}
 
 							echo '<tr><td>' . $prefix . '</td><td>' . $key . '</td><td>' . $value . '</td></tr>';
Index: kernel/utility/http_query.php
===================================================================
--- kernel/utility/http_query.php	(revision 15569)
+++ kernel/utility/http_query.php	(working copy)
@@ -633,7 +633,7 @@
 				}
 
 				if (!$this->Application->isAdmin) {
-					$value = htmlspecialchars($value);
+					$value = htmlspecialchars($value, null, CHARSET);
 				}
 
 				$array[$key] = $value;
Index: units/categories/categories_tag_processor.php
===================================================================
--- units/categories/categories_tag_processor.php	(revision 15531)
+++ units/categories/categories_tag_processor.php	(working copy)
@@ -1691,7 +1691,7 @@
 	{
 		$phrase = $this->Application->Phrase($title, false, true);
 
-		return $tabs . 'a_toolbar.AddButton( new ToolBarButton("' . $name . '", "' . htmlspecialchars($phrase) . '") );';
+		return $tabs . 'a_toolbar.AddButton( new ToolBarButton("' . $name . '", "' . htmlspecialchars($phrase, null, CHARSET) . '") );';
 	}
 
 	function _getThemeFileId()
Index: units/configuration/configuration_event_handler.php
===================================================================
--- units/configuration/configuration_event_handler.php	(revision 15590)
+++ units/configuration/configuration_event_handler.php	(working copy)
@@ -529,7 +529,7 @@
 				$suggestion_module = in_array('In-Portal', $suggestion_modules) ? 'In-Portal' : implode(', ', $suggestion_modules);
 				$suggestion_title = $suggestion_value . ' <em style="color: grey;">' . $of_label . ' ' . $suggestion_module . '</em>';
 
-				echo '<item value="' . htmlspecialchars($suggestion_value) . '">' . htmlspecialchars($suggestion_title) . '</item>';
+				echo '<item value="' . htmlspecialchars($suggestion_value, null, CHARSET) . '">' . htmlspecialchars($suggestion_title, null, CHARSET) . '</item>';
 			}
 
 			echo '</suggestions>';
Index: units/email_events/email_events_event_handler.php
===================================================================
--- units/email_events/email_events_event_handler.php	(revision 15542)
+++ units/email_events/email_events_event_handler.php	(working copy)
@@ -550,7 +550,7 @@
 			echo '<suggestions>';
 
 			foreach ($data as $item) {
-				echo '<item>' . htmlspecialchars($item) . '</item>';
+				echo '<item>' . htmlspecialchars($item, null, CHARSET) . '</item>';
 			}
 
 			echo '</suggestions>';
Index: units/fck/fck_eh.php
===================================================================
--- units/fck/fck_eh.php	(revision 15445)
+++ units/fck/fck_eh.php	(working copy)
@@ -96,7 +96,7 @@
 				$title = $title . ' (' . $page_path . ')';
 				$real_url = $this->Application->HREF($template, '_FRONT_END_', array('pass' => 'm'), 'index.php');
 
-				$res .= '<CmsPage real_url="' . $real_url . '" path="@@' . $id . '@@" title="' . htmlspecialchars($title, ENT_QUOTES) . '" st_id="' . $id . '" serverpath="" />' . "\n";
+				$res .= '<CmsPage real_url="' . $real_url . '" path="@@' . $id . '@@" title="' . htmlspecialchars($title, ENT_QUOTES, CHARSET) . '" st_id="' . $id . '" serverpath="" />' . "\n";
 			}
 
 			$res.= "</CmsPages>";
Index: units/helpers/controls/minput_helper.php
===================================================================
--- units/helpers/controls/minput_helper.php	(revision 15437)
+++ units/helpers/controls/minput_helper.php	(working copy)
@@ -40,7 +40,7 @@
 					if (!in_array($field_name, $use_fields)) {
 						continue;
 					}
-					$xml .= '<field name="' . $field_name . '">' . htmlspecialchars($field_value) . '</field>';
+					$xml .= '<field name="' . $field_name . '">' . htmlspecialchars($field_value, null, CHARSET) . '</field>';
 				}
 				$xml .= '</record>';
 			}
Index: units/helpers/deployment_helper.php
===================================================================
--- units/helpers/deployment_helper.php	(revision 15588)
+++ units/helpers/deployment_helper.php	(working copy)
@@ -422,7 +422,7 @@
 				}
 				elseif ( $sql ) {
 					$this->toLog($sql . ' ... ', false);
-					echo mb_substr(trim(preg_replace('/(\n|\t| )+/is', ' ', ($this->isCommandLine ? $sql : htmlspecialchars($sql)))), 0, self::SQL_TRIM_LENGTH) . ' ... ';
+					echo mb_substr(trim(preg_replace('/(\n|\t| )+/is', ' ', ($this->isCommandLine ? $sql : htmlspecialchars($sql, null, CHARSET)))), 0, self::SQL_TRIM_LENGTH) . ' ... ';
 
 					$this->Conn->Query($sql);
 
@@ -563,7 +563,7 @@
 
 		$html_color = $html_color_map[$color][$bold ? 'bold' : 'normal'];
 
-		return '<span style="color: ' . $html_color . '">' . htmlspecialchars($text) . '</span>';
+		return '<span style="color: ' . $html_color . '">' . htmlspecialchars($text, null, CHARSET) . '</span>';
 	}
 
 	/**
@@ -579,7 +579,7 @@
 			return "\033[1m" . $text . "\033[0m";
 		}
 
-		return '<strong>' . htmlspecialchars($text) . '</strong>';
+		return '<strong>' . htmlspecialchars($text, null, CHARSET) . '</strong>';
 	}
 
 	/**
@@ -611,7 +611,7 @@
 	private function out($text, $new_line = false)
 	{
 		if ( !$this->isCommandLine ) {
-			$text = htmlspecialchars($text);
+			$text = htmlspecialchars($text, null, CHARSET);
 		}
 
 		echo $text . ($new_line ? PHP_EOL : '');
Index: units/helpers/language_import_helper.php
===================================================================
--- units/helpers/language_import_helper.php	(revision 15588)
+++ units/helpers/language_import_helper.php	(working copy)
@@ -318,7 +318,7 @@
 				$ret .= "\t" . '<LANGUAGE Encoding="' . $this->_exportEncoding . '"';
 
 				foreach ($export_fields	as $export_field) {
-					$ret .= ' ' . $export_field . '="' . htmlspecialchars($language_info[$export_field], NULL, 'UTF-8') . '"';
+					$ret .= ' ' . $export_field . '="' . htmlspecialchars($language_info[$export_field], NULL, CHARSET) . '"';
 				}
 
 				$ret .= '>' . "\n";
@@ -363,8 +363,8 @@
 							$column_translation = base64_encode($column_translation);
 						}
 						else {
-							$hint_translation = htmlspecialchars($hint_translation, NULL, 'UTF-8');
-							$column_translation = htmlspecialchars($column_translation, NULL, 'UTF-8');
+							$hint_translation = htmlspecialchars($hint_translation, NULL, CHARSET);
+							$column_translation = htmlspecialchars($column_translation, NULL, CHARSET);
 						}
 
 						$attributes = Array (
Index: units/helpers/xml_helper.php
===================================================================
--- units/helpers/xml_helper.php	(revision 15437)
+++ units/helpers/xml_helper.php	(working copy)
@@ -534,7 +534,7 @@
 					$xml .= ' ';
 					$att_contents = array();
 					foreach ($this->OriginalAttributes as $name => $value) {
-						$att_contents[] = $name.'="'.htmlspecialchars($value).'"';
+						$att_contents[] = $name.'="'.htmlspecialchars($value, null, CHARSET).'"';
 					}
 					$xml .= implode(' ', $att_contents);
 				}
Index: units/images/image_tag_processor.php
===================================================================
--- units/images/image_tag_processor.php	(revision 15437)
+++ units/images/image_tag_processor.php	(working copy)
@@ -40,7 +40,7 @@
 		$block_params['img_path'] = $image_url;
 		$image_dimensions = $this->ImageSize($block_params);
 		$block_params['img_size'] = $image_dimensions ? $image_dimensions : ' width="' . $block_params['DefaultWidth'] . '"';
-		$block_params['alt'] = $object->GetField('AltName') ? $object->GetField('AltName') : htmlspecialchars($this->getItemTitle($parent_item));
+		$block_params['alt'] = $object->GetField('AltName') ? $object->GetField('AltName') : htmlspecialchars($this->getItemTitle($parent_item), null, CHARSET);
 		$block_params['align'] = array_key_exists('align', $block_params) ? $block_params['align'] : 'left';
 	}
 
@@ -447,7 +447,7 @@
 		$params['img_path'] = $image_url;
 		$image_dimensions = $this->ImageSize($params);
 		$params['img_size'] = $image_dimensions ? $image_dimensions : ' width="' . $params['DefaultWidth'] . '"';
-		$params['alt'] = htmlspecialchars($object->GetField('AltName')); // really used ?
+		$params['alt'] = htmlspecialchars($object->GetField('AltName'), null, CHARSET); // really used ?
 		$params['name'] = $this->SelectParam($params, 'block,render_as');
 		$params['align'] = array_key_exists('align', $params) ? $params['align'] : 'left';
 		$params['no_editing'] = 1;
Index: units/logs/change_logs/changes_formatter.php
===================================================================
--- units/logs/change_logs/changes_formatter.php	(revision 15515)
+++ units/logs/change_logs/changes_formatter.php	(working copy)
@@ -79,6 +79,6 @@
 			$data = substr($data, 0, 50) . ' ...';
 		}
 
-		return htmlspecialchars($data);
+		return htmlspecialchars($data, null, CHARSET);
 	}
 }
\ No newline at end of file