diff --git a/admin-dev/themes/default/template/controllers/orders/form.tpl b/admin-dev/themes/default/template/controllers/orders/form.tpl
index e0aad95a2..e14cbbca4 100755
--- a/admin-dev/themes/default/template/controllers/orders/form.tpl
+++ b/admin-dev/themes/default/template/controllers/orders/form.tpl
@@ -210,7 +210,11 @@
 
 	function resetBind()
 	{
-		$('.fancybox').fancybox();
+		$('.fancybox').fancybox({
+			'type': 'iframe',
+			'width': '50%',
+			'height': '100%'
+		});
 		/*$("#new_address").fancybox({
 			onClosed: useCart(id_cart)
 		});*/
diff --git a/admin-dev/themes/default/template/form_submit_ajax.tpl b/admin-dev/themes/default/template/form_submit_ajax.tpl
index 6faf3ebfe..bd2e3813c 100644
--- a/admin-dev/themes/default/template/form_submit_ajax.tpl
+++ b/admin-dev/themes/default/template/form_submit_ajax.tpl
@@ -39,7 +39,7 @@
 				form_datas[this.name] = this.value;
 			});
 			$.each(form_selects, function() {
-				form_datas[this.name] = this.options.selectedIndex;
+				form_datas[this.name] = this[this.options.selectedIndex].value;
 			});
 			$.ajax({
 				type: this.method,
@@ -49,7 +49,7 @@
 				data : form_datas,
 				success : function(res)
 				{
-					$('#fancybox-content').html(res);
+					$('html').html(res);
 				}
 			});
 		});
diff --git a/classes/Validate.php b/classes/Validate.php
index 84e8c1e10..33d71d77d 100644
--- a/classes/Validate.php
+++ b/classes/Validate.php
@@ -366,8 +366,13 @@ class ValidateCore
 	 */
 	public static function isCleanHtml($html)
 	{
-		$events = 'onmousedown|onmousemove|onmmouseup|onmouseover|onmouseout|onload|onunload|onfocus|onblur|onchange';
-		$events .= '|onsubmit|ondblclick|onclick|onkeydown|onkeyup|onkeypress|onmouseenter|onmouseleave|onerror';
+		$events = 'onmousedown|onmousemove|onmmouseup|onmouseover|onmouseout|onload|onunload|onfocus|onblur|onchange
+						|onsubmit|ondblclick|onclick|onkeydown|onkeyup|onkeypress|onmouseenter|onmouseleave|onerror|onselect|onreset|onabort|ondragdrop|onresize|onactivate|onafterprint|onmoveend
+						|onafterupdate|onbeforeactivate|onbeforecopy|onbeforecut|onbeforedeactivate|onbeforeeditfocus|onbeforepaste|onbeforeprint|onbeforeunload|onbeforeupdate|onmove
+						|onbounce|oncellchange|oncontextmenu|oncontrolselect|oncopy|oncut|ondataavailable|ondatasetchanged|ondatasetcomplete|ondeactivate|ondrag|ondragend|ondragenter|onmousewheel
+						|ondragleave|ondragover|ondragstart|ondrop|onerrorupdate|onfilterchange|onfinish|onfocusin|onfocusout|onhashchange|onhelp|oninput|onlosecapture|onmessage|onmouseup|onmovestart
+						|onoffline|ononline|onpaste|onpropertychange|onreadystatechange|onresizeend|onresizestart|onrowenter|onrowexit|onrowsdelete|onrowsinserted|onscroll|onsearch|onselectionchange
+						|onselectstart|onstart|onstop';
 		return (!preg_match('/<[ \t\n]*script/i', $html) && !preg_match('/<?.*('.$events.')[ \t\n]*=/i', $html) && !preg_match('/.*script\:/i', $html));
 	}
 
diff --git a/controllers/admin/AdminTabsController.php b/controllers/admin/AdminTabsController.php
index ecaeaecde..3adbdf155 100644
--- a/controllers/admin/AdminTabsController.php
+++ b/controllers/admin/AdminTabsController.php
@@ -71,7 +71,7 @@ class AdminTabsControllerCore extends AdminController
 			'position' => array(
 				'title' => $this->l('Position'),
 				'width' => 40,
-				'filter_key' => 'cp!position',
+				'filter_key' => 'a!position',
 				'position' => 'position'
 			)
 		);