diff --git a/htdocs/fourn/facture/rapport.php b/htdocs/fourn/facture/rapport.php
index ccc92ad2cba..56b5a451d05 100644
--- a/htdocs/fourn/facture/rapport.php
+++ b/htdocs/fourn/facture/rapport.php
@@ -45,7 +45,7 @@ if ($user->societe_id > 0)
 $dir = $conf->fournisseur->facture->dir_output.'/payments';
 if (! $user->rights->societe->client->voir || $socid) $dir.='/private/'.$user->id;	// If user has no permission to see all, output dir is specific to user
 
-$year = $_GET["year"];
+$year = GETPOST("year", 'int');
 if (! $year) { $year=date("Y"); }
 
 
@@ -67,7 +67,7 @@ if ($action == 'builddoc')
     // We save charset_output to restore it because write_file can change it if needed for
     // output format that does not support UTF8.
     $sav_charset_output=$outputlangs->charset_output;
-    if ($rap->write_file($dir, $_POST["remonth"], $_POST["reyear"], $outputlangs) > 0)
+	if ($rap->write_file($dir, GETPOST("remonth", 'int'), GETPOST("reyear", 'int'), $outputlangs) > 0)
     {
         $outputlangs->charset_output=$sav_charset_output;
     }
@@ -77,7 +77,7 @@ if ($action == 'builddoc')
         dol_print_error($db, $obj->error);
     }
 
-    $year = $_POST["reyear"];
+    $year = GETPOST("reyear", 'int');
 }
 
 
diff --git a/htdocs/reception/stats/month.php b/htdocs/reception/stats/month.php
index 84eb9126464..f151a57041d 100644
--- a/htdocs/reception/stats/month.php
+++ b/htdocs/reception/stats/month.php
@@ -27,6 +27,7 @@ require_once DOL_DOCUMENT_ROOT.'/reception/class/reception.class.php';
 require_once DOL_DOCUMENT_ROOT.'/reception/class/receptionstats.class.php';
 require_once DOL_DOCUMENT_ROOT.'/core/class/dolgraph.class.php';
 
+$year = GETPOST("year", 'int');
 
 /*
  * View
@@ -42,7 +43,7 @@ $mesg = '';
 print load_fiche_titre($langs->trans("StatisticsOfReceptions").' '.$_GET["year"], $mesg);
 
 $stats = new ReceptionStats($db);
-$data = $stats->getNbReceptionByMonth($_GET["year"]);
+$data = $stats->getNbReceptionByMonth(GETPOST("year", 'int'));
 
 dol_mkdir($conf->reception->dir_temp);