#4661: Don't double-encode ampersand in e_form::thead()

I guessed the `filter_var(…, FILTER_SANITIZE_STRING)` intention
mentioned in 20882920a0.  I guessed wrong.
This fixes the guess to be just HTML tag removal.

Fixes: https://github.com/e107inc/e107/issues/4661

e107_handlers/form_handler.php

@@ -4457,12 +4457,12 @@ var_dump($select_options);*/
 		$tp = e107::getParser();
         $text = '';
 
-        $querypattern = $tp->filter($querypattern, 'str');
+        $querypattern = strip_tags($querypattern);
         if(!$requeststr)
         {
 	        $requeststr = rawurldecode(e_QUERY);
         }
-        $requeststr = $tp->filter($requeststr, 'str');
+        $requeststr = strip_tags($requeststr);
 
 		// Recommended pattern: mode=list&field=[FIELD]&asc=[ASC]&from=[FROM]
 		if(strpos($querypattern,'&')!==FALSE)