diff --git a/htdocs/admin/system/filecheck.php b/htdocs/admin/system/filecheck.php
index cb7c9667757..e6e95872c91 100644
--- a/htdocs/admin/system/filecheck.php
+++ b/htdocs/admin/system/filecheck.php
@@ -78,10 +78,10 @@ print '<br>';
 $file_list = array('missing' => array(), 'updated' => array());
 
 // Local file to compare to
-$xmlshortfile = GETPOST('xmlshortfile', 'alpha') ?GETPOST('xmlshortfile', 'alpha') : '/install/filelist-'.DOL_VERSION.(empty($conf->global->MAIN_FILECHECK_LOCAL_SUFFIX) ? '' : $conf->global->MAIN_FILECHECK_LOCAL_SUFFIX).'.xml'.(empty($conf->global->MAIN_FILECHECK_LOCAL_EXT) ? '' : $conf->global->MAIN_FILECHECK_LOCAL_EXT);
-$xmlfile = DOL_DOCUMENT_ROOT.$xmlshortfile;
+$xmlshortfile = dol_sanitizeFileName(GETPOST('xmlshortfile', 'alpha') ? GETPOST('xmlshortfile', 'alpha') : 'filelist-'.DOL_VERSION.(empty($conf->global->MAIN_FILECHECK_LOCAL_SUFFIX) ? '' : $conf->global->MAIN_FILECHECK_LOCAL_SUFFIX).'.xml'.(empty($conf->global->MAIN_FILECHECK_LOCAL_EXT) ? '' : $conf->global->MAIN_FILECHECK_LOCAL_EXT));
+$xmlfile = DOL_DOCUMENT_ROOT.'/install/'.$xmlshortfile;
 // Remote file to compare to
-$xmlremote = GETPOST('xmlremote');
+$xmlremote = GETPOST('xmlremote', 'alphanohtml');
 if (empty($xmlremote) && !empty($conf->global->MAIN_FILECHECK_URL)) {
 	$xmlremote = $conf->global->MAIN_FILECHECK_URL;
 }
@@ -92,7 +92,13 @@ if (empty($xmlremote) && !empty($conf->global->$param)) {
 if (empty($xmlremote)) {
 	$xmlremote = 'https://www.dolibarr.org/files/stable/signatures/filelist-'.DOL_VERSION.'.xml';
 }
-
+if ($xmlremote && !preg_match('/^https?:\/\//', $xmlremote)) {
+}
+if ($xmlremote && !preg_match('/^https?:\/\//', $xmlremote)) {
+	$langs->load("errors");
+	setEventMessages($langs->trans("ErrorURLMustStartWithHttp", $xmlremote), '', 'errors');
+	$error++;
+}
 
 // Test if remote test is ok
 $enableremotecheck = true;
@@ -147,7 +153,7 @@ if (GETPOST('target') == 'local') {
 		}
 		$xml = simplexml_load_file($xmlfile);
 	} else {
-		print $langs->trans('XmlNotFound').': '.$xmlfile;
+		print '<div class="warning">'.$langs->trans('XmlNotFound').': '.$xmlfile.'</span>';
 		$error++;
 	}
 }
diff --git a/htdocs/core/boxes/box_external_rss.php b/htdocs/core/boxes/box_external_rss.php
index d85f0a3f44b..7bf8a69ed03 100644
--- a/htdocs/core/boxes/box_external_rss.php
+++ b/htdocs/core/boxes/box_external_rss.php
@@ -77,6 +77,7 @@ class box_external_rss extends ModeleBoxes
 		$this->max = $max;
 
 		// On recupere numero de param de la boite
+		$reg = array();
 		preg_match('/^([0-9]+) /', $this->paramdef, $reg);
 		$site = $reg[1];
 
diff --git a/htdocs/core/modules/modExternalRss.class.php b/htdocs/core/modules/modExternalRss.class.php
index 6ca023a65a8..d7710687ca6 100644
--- a/htdocs/core/modules/modExternalRss.class.php
+++ b/htdocs/core/modules/modExternalRss.class.php
@@ -100,6 +100,7 @@ class modExternalRss extends DolibarrModules
 		$result = $this->db->query($sql);
 		if ($result) {
 			while ($obj = $this->db->fetch_object($result)) {
+				$reg = array();
 				if (preg_match('/EXTERNAL_RSS_TITLE_([0-9]+)/i', $obj->name, $reg)) {
 					// Definie la boite si on a trouvee une ancienne configuration
 					//$this->boxes[$reg[1]][0] = "(ExternalRSSInformations)";