- fixed regex for stripping <script> tags

- no entities on wordbook entries

Author: Marius Burkard

interface/lib/classes/tform_base.inc.php

@@ -473,9 +473,8 @@ function getHTML($record, $tab, $action = 'NEW') {
 						if(is_array($field['value'])) {
 							foreach($field['value'] as $k => $v) {
 								$selected = ($k == $val)?' SELECTED':'';
-								if(isset($this->wordbook[$v]))
-									$v = $this->wordbook[$v];
-								$v = $app->functions->htmlentities($v);
+								if(isset($this->wordbook[$v])) $v = $this->wordbook[$v];
+								else $v = $app->functions->htmlentities($v);
 								$out .= "<option value='$k'$selected>".$this->lng($v)."</option>\r\n";
 							}
 						}
@@ -914,7 +913,7 @@ function filterField($field_name, $field_value, $filters, $filter_event) {
 					$returnval = preg_replace('/\s+/', '', $returnval);
 					break;
 				case 'STRIPTAGS':
-					$returnval = strip_tags(preg_replace('/<script[^>]*>/is', '', $returnval));
+					$returnval = strip_tags(preg_replace('/<script[^>]*?>.*?<\/script>/is', '', $returnval));
 					break;
 				case 'STRIPNL':
 					$returnval = str_replace(array("\n","\r"),'', $returnval);