diff --git a/htdocs/public/paybox/newpayment.php b/htdocs/public/paybox/newpayment.php
index 3b0d23a2016..addbc3c6ccf 100644
--- a/htdocs/public/paybox/newpayment.php
+++ b/htdocs/public/paybox/newpayment.php
@@ -80,9 +80,22 @@ $urlok=$urlwithouturlroot.DOL_URL_ROOT.'/public/paybox/paymentok.php?';
 $urlko=$urlwithouturlroot.DOL_URL_ROOT.'/public/paybox/paymentko.php?';
 
 // Complete urls
+$SOURCE=GETPOST("source",'alpha');
+$ref=$REF=GETPOST('ref','alpha');
 $TAG=GETPOST("tag",'alpha');
 $FULLTAG=GETPOST("fulltag",'alpha');  // fulltag is tag with more informations
+$SECUREKEY=GETPOST("securekey");	        // Secure key
 
+if (! empty($SOURCE))
+{
+    $urlok.='source='.urlencode($SOURCE).'&';
+    $urlko.='source='.urlencode($SOURCE).'&';
+}
+if (! empty($REF))
+{
+    $urlok.='ref='.urlencode($REF).'&';
+    $urlko.='ref='.urlencode($REF).'&';
+}
 if (!empty($TAG))
 {
     $urlok.='tag='.urlencode($TAG).'&';
@@ -96,6 +109,9 @@ if (!empty($FULLTAG))
 $urlok=preg_replace('/&$/','',$urlok);  // Remove last &
 $urlko=preg_replace('/&$/','',$urlko);  // Remove last &
 
+// Check security token
+$valid=true;
+
 
 /*
  * Actions
@@ -148,6 +164,7 @@ print '<input type="hidden" name="suffix" value="'.GETPOST("suffix",'alpha').'">
 print "\n";
 print '<!-- Form to send a Paybox payment -->'."\n";
 print '<!-- PAYBOX_CREDITOR = '.$conf->global->PAYPAL_CREDITOR.' -->'."\n";
+print '<!-- creditor = '.$creditor.' -->'."\n";
 print '<!-- urlok = '.$urlok.' -->'."\n";
 print '<!-- urlko = '.$urlko.' -->'."\n";
 print "\n";
@@ -212,7 +229,7 @@ $var=false;
 
 
 // Free payment
-if (! GETPOST("source"))
+if (! GETPOST("source") && $valid)
 {
 	$found=true;
     $tag=GETPOST("tag");
@@ -230,7 +247,7 @@ if (! GETPOST("source"))
 	print '<tr class="CTableRow'.($var?'1':'2').'"><td class="CTableRow'.($var?'1':'2').'">'.$langs->trans("Amount");
 	if (empty($amount)) print ' ('.$langs->trans("ToComplete").')';
 	print '</td><td class="CTableRow'.($var?'1':'2').'">';
-	if (empty($amount) || ! is_numeric($amount)) print '<input class="flat" size=8 type="text" name="newamount" value="'.GETPOST("newamount").'">';
+	if (empty($amount) || ! is_numeric($amount)) print '<input class="flat" size=8 type="text" name="newamount" value="'.GETPOST("newamount","int").'">';
 	else {
 		print '<b>'.price($amount).'</b>';
         print '<input type="hidden" name="amount" value="'.$amount.'">';
@@ -259,7 +276,7 @@ if (! GETPOST("source"))
 
 
 // Payment on customer order
-if (GETPOST("source") == 'order')
+if (GETPOST("source") == 'order' && $valid)
 {
 	$found=true;
 	$langs->load("orders");
@@ -267,7 +284,7 @@ if (GETPOST("source") == 'order')
 	require_once(DOL_DOCUMENT_ROOT."/commande/class/commande.class.php");
 
 	$order=new Commande($db);
-	$result=$order->fetch('',$_REQUEST["ref"]);
+	$result=$order->fetch('',$ref);
 	if ($result < 0)
 	{
 		$mesg=$order->error;
@@ -283,7 +300,7 @@ if (GETPOST("source") == 'order')
     $amount=price2num($amount);
 
 	$fulltag='IR='.$order->ref.'.TPID='.$order->thirdparty->id.'.TP='.strtr($order->thirdparty->name,"-"," ");
-	if (! empty($_REQUEST["tag"])) { $tag=$_REQUEST["tag"]; $fulltag.='.TAG='.$_REQUEST["tag"]; }
+	if (! empty($TAG)) { $tag=$TAG; $fulltag.='.TAG='.$TAG; }
 	$fulltag=dol_string_unaccent($fulltag);
 
 	// Creditor
@@ -312,7 +329,7 @@ if (GETPOST("source") == 'order')
 	print '<tr class="CTableRow'.($var?'1':'2').'"><td class="CTableRow'.($var?'1':'2').'">'.$langs->trans("Amount");
 	if (empty($amount)) print ' ('.$langs->trans("ToComplete").')';
 	print '</td><td class="CTableRow'.($var?'1':'2').'">';
-	if (empty($amount) || ! is_numeric($amount)) print '<input class="flat" size=8 type="text" name="newamount" value="'.GETPOST("newamount").'">';
+	if (empty($amount) || ! is_numeric($amount)) print '<input class="flat" size=8 type="text" name="newamount" value="'.GETPOST("newamount","int").'">';
 	else {
 		print '<b>'.price($amount).'</b>';
         print '<input type="hidden" name="amount" value="'.$amount.'">';
@@ -342,7 +359,7 @@ if (GETPOST("source") == 'order')
 
 
 // Payment on customer invoice
-if (GETPOST("source") == 'invoice')
+if (GETPOST("source") == 'invoice' && $valid)
 {
 	$found=true;
 	$langs->load("bills");
@@ -350,7 +367,7 @@ if (GETPOST("source") == 'invoice')
 	require_once(DOL_DOCUMENT_ROOT."/compta/facture/class/facture.class.php");
 
 	$invoice=new Facture($db);
-	$result=$invoice->fetch('',$_REQUEST["ref"]);
+	$result=$invoice->fetch('',$ref);
 	if ($result < 0)
 	{
 		$mesg=$invoice->error;
@@ -361,12 +378,12 @@ if (GETPOST("source") == 'invoice')
 		$result=$invoice->fetch_thirdparty($invoice->socid);
 	}
 
-	$amount=$invoice->total_ttc - $invoice->getSommePaiement();
+	$amount=price2num($invoice->total_ttc - $invoice->getSommePaiement());
     if (GETPOST("amount",'int')) $amount=GETPOST("amount",'int');
     $amount=price2num($amount);
 
 	$fulltag='IR='.$invoice->ref.'.TPID='.$invoice->thirdparty->id.'.TP='.strtr($invoice->thirdparty->name,"-"," ");
-	if (! empty($_REQUEST["tag"])) { $tag=$_REQUEST["tag"]; $fulltag.='.TAG='.$_REQUEST["tag"]; }
+	if (! empty($TAG)) { $tag=$TAG; $fulltag.='.TAG='.$TAG; }
 	$fulltag=dol_string_unaccent($fulltag);
 
 	// Creditor
@@ -395,7 +412,7 @@ if (GETPOST("source") == 'invoice')
 	print '<tr class="CTableRow'.($var?'1':'2').'"><td class="CTableRow'.($var?'1':'2').'">'.$langs->trans("Amount");
 	if (empty($amount)) print ' ('.$langs->trans("ToComplete").')';
 	print '</td><td class="CTableRow'.($var?'1':'2').'">';
-	if (empty($amount) || ! is_numeric($amount)) print '<input class="flat" size=8 type="text" name="newamount" value="'.GETPOST("newamount").'">';
+	if (empty($amount) || ! is_numeric($amount)) print '<input class="flat" size=8 type="text" name="newamount" value="'.GETPOST("newamount","int").'">';
 	else {
 		print '<b>'.price($amount).'</b>';
         print '<input type="hidden" name="amount" value="'.$amount.'">';
@@ -424,7 +441,7 @@ if (GETPOST("source") == 'invoice')
 }
 
 // Payment on contract line
-if (GETPOST("source") == 'contractline')
+if (GETPOST("source") == 'contractline' && $valid)
 {
 	$found=true;
 	$langs->load("contracts");
@@ -432,7 +449,7 @@ if (GETPOST("source") == 'contractline')
 	require_once(DOL_DOCUMENT_ROOT."/contrat/class/contrat.class.php");
 
 	$contractline=new ContratLigne($db);
-	$result=$contractline->fetch('',$_REQUEST["ref"]);
+	$result=$contractline->fetch('',$ref);
 	if ($result < 0)
 	{
 		$mesg=$contractline->error;
@@ -492,11 +509,11 @@ if (GETPOST("source") == 'contractline')
     $amount=price2num($amount);
 
 	$fulltag='CLR='.$contractline->ref.'.CR='.$contract->ref.'.TPID='.$contract->thirdparty->id.'.TP='.strtr($contract->thirdparty->name,"-"," ");
-	if (! empty($_REQUEST["tag"])) { $tag=$_REQUEST["tag"]; $fulltag.='.TAG='.$_REQUEST["tag"]; }
+	if (! empty($TAG)) { $tag=$TAG; $fulltag.='.TAG='.$TAG; }
 	$fulltag=dol_string_unaccent($fulltag);
 
 	$qty=1;
-	if (isset($_REQUEST["qty"])) $qty=$_REQUEST["qty"];
+	if (GETPOST('qty')) $qty=GETPOST('qty');
 
 	// Creditor
 	$var=!$var;
@@ -566,7 +583,7 @@ if (GETPOST("source") == 'contractline')
 	print '<tr class="CTableRow'.($var?'1':'2').'"><td class="CTableRow'.($var?'1':'2').'">'.$langs->trans("Amount");
 	if (empty($amount)) print ' ('.$langs->trans("ToComplete").')';
 	print '</td><td class="CTableRow'.($var?'1':'2').'">';
-	if (empty($amount) || ! is_numeric($amount)) print '<input class="flat" size=8 type="text" name="newamount" value="'.$_REQUEST["newamount"].'">';
+	if (empty($amount) || ! is_numeric($amount)) print '<input class="flat" size=8 type="text" name="newamount" value="'.GETPOST("newamount","int").'">';
 	else {
 		print '<b>'.price($amount).'</b>';
         print '<input type="hidden" name="amount" value="'.$amount.'">';
@@ -596,7 +613,7 @@ if (GETPOST("source") == 'contractline')
 }
 
 // Payment on member subscription
-if (GETPOST("source") == 'membersubscription')
+if (GETPOST("source") == 'membersubscription' && $valid)
 {
 	$found=true;
 	$langs->load("members");
@@ -605,7 +622,7 @@ if (GETPOST("source") == 'membersubscription')
 	require_once(DOL_DOCUMENT_ROOT."/adherents/class/cotisation.class.php");
 
 	$member=new Adherent($db);
-	$result=$member->fetch('',GETPOST("ref"));
+	$result=$member->fetch('',$ref);
 	if ($result < 0)
 	{
 		$mesg=$member->error;
@@ -621,7 +638,7 @@ if (GETPOST("source") == 'membersubscription')
     $amount=price2num($amount);
 
 	$fulltag='MID='.$member->id.'.M='.strtr($member->getFullName($langs),"-"," ");
-	if (! empty($_REQUEST["tag"])) { $tag=$_REQUEST["tag"]; $fulltag.='.TAG='.$_REQUEST["tag"]; }
+	if (! empty($TAG)) { $tag=$TAG; $fulltag.='.TAG='.$TAG; }
 	$fulltag=dol_string_unaccent($fulltag);
 
 	// Creditor
@@ -639,7 +656,7 @@ if (GETPOST("source") == 'membersubscription')
 	// Object
 	$var=!$var;
 	$text='<b>'.$langs->trans("PaymentSubscription").'</b>';
-	print '<tr><td class="CTableRow'.($var?'1':'2').'">'.$langs->trans("Designation");
+	print '<tr class="CTableRow'.($var?'1':'2').'"><td class="CTableRow'.($var?'1':'2').'">'.$langs->trans("Designation");
 	print '</td><td class="CTableRow'.($var?'1':'2').'">'.$text;
 	print '<input type="hidden" name="source" value="'.GETPOST("source",'alpha').'">';
 	print '<input type="hidden" name="ref" value="'.$member->ref.'">';
@@ -667,11 +684,18 @@ if (GETPOST("source") == 'membersubscription')
 	print '<tr class="CTableRow'.($var?'1':'2').'"><td class="CTableRow'.($var?'1':'2').'">'.$langs->trans("Amount");
 	if (empty($amount)) print ' ('.$langs->trans("ToComplete").')';
 	print '</td><td class="CTableRow'.($var?'1':'2').'">';
-	if (empty($amount) || ! is_numeric($amount)) print '<input class="flat" size=8 type="text" name="newamount" value="'.$_REQUEST["newamount"].'">';
+	if (empty($amount) || ! is_numeric($amount))
+	{
+	    $valtoshow=GETPOST("newamount",'int');
+	    if (! empty($conf->global->MEMBER_MIN_AMOUNT) && $valtoshow) $valtoshow=max($conf->global->MEMBER_MIN_AMOUNT,$valtoshow);
+	    print '<input class="flat" size="8" type="text" name="newamount" value="'.$valtoshow.'">';
+	}
 	else {
-		print '<b>'.price($amount).'</b>';
-        print '<input type="hidden" name="amount" value="'.$amount.'">';
-		print '<input type="hidden" name="newamount" value="'.$amount.'">';
+	    $valtoshow=$amount;
+	    if (! empty($conf->global->MEMBER_MIN_AMOUNT) && $valtoshow) $valtoshow=max($conf->global->MEMBER_MIN_AMOUNT,$valtoshow);
+	    print '<b>'.price($valtoshow).'</b>';
+	    print '<input type="hidden" name="amount" value="'.$valtoshow.'">';
+	    print '<input type="hidden" name="newamount" value="'.$valtoshow.'">';
 	}
 	// Currency
 	print ' <b>'.$langs->trans("Currency".$currency).'</b>';
diff --git a/htdocs/public/paypal/newpayment.php b/htdocs/public/paypal/newpayment.php
index b2bf8ad54e9..7aa2743b840 100755
--- a/htdocs/public/paypal/newpayment.php
+++ b/htdocs/public/paypal/newpayment.php
@@ -1,13 +1,13 @@
 <?php
 /* Copyright (C) 2001-2002	Rodolphe Quiedeville	<rodolphe@quiedeville.org>
- * Copyright (C) 2006-2011	Laurent Destailleur		<eldy@users.sourceforge.net>
+ * Copyright (C) 2006-2012	Laurent Destailleur		<eldy@users.sourceforge.net>
  * Copyright (C) 2009-2012	Regis Houssin			<regis@dolibarr.fr>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
  * the Free Software Foundation; either version 2 of the License, or
  * (at your option) any later version.
- *e
+ *
  * This program is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
@@ -116,7 +116,7 @@ if (! empty($SECUREKEY))
 $urlok=preg_replace('/&$/','',$urlok);  // Remove last &
 $urlko=preg_replace('/&$/','',$urlko);  // Remove last &
 
-// Clean parameters
+// Check parameters
 $PAYPAL_API_OK="";
 if ($urlok) $PAYPAL_API_OK=$urlok;
 $PAYPAL_API_KO="";
@@ -341,7 +341,7 @@ if (! GETPOST("source") && $valid)
 	print '<tr class="CTableRow'.($var?'1':'2').'"><td class="CTableRow'.($var?'1':'2').'">'.$langs->trans("Amount");
 	if (empty($amount)) print ' ('.$langs->trans("ToComplete").')';
 	print '</td><td class="CTableRow'.($var?'1':'2').'">';
-	if (empty($amount) || ! is_numeric($amount)) print '<input class="flat" size=8 type="text" name="newamount" value="'.GETPOST("newamount",'int').'">';
+	if (empty($amount) || ! is_numeric($amount)) print '<input class="flat" size=8 type="text" name="newamount" value="'.GETPOST("newamount","int").'">';
 	else {
 		print '<b>'.price($amount).'</b>';
         print '<input type="hidden" name="amount" value="'.$amount.'">';
@@ -420,7 +420,7 @@ if (GETPOST("source") == 'order' && $valid)
 	print '<tr class="CTableRow'.($var?'1':'2').'"><td class="CTableRow'.($var?'1':'2').'">'.$langs->trans("Amount");
 	if (empty($amount)) print ' ('.$langs->trans("ToComplete").')';
 	print '</td><td class="CTableRow'.($var?'1':'2').'">';
-	if (empty($amount) || ! is_numeric($amount)) print '<input class="flat" size=8 type="text" name="newamount" value="'.GETPOST("newamount",'int').'">';
+	if (empty($amount) || ! is_numeric($amount)) print '<input class="flat" size=8 type="text" name="newamount" value="'.GETPOST("newamount","int").'">';
 	else {
 		print '<b>'.price($amount).'</b>';
         print '<input type="hidden" name="amount" value="'.$amount.'">';
@@ -523,7 +523,7 @@ if (GETPOST("source") == 'invoice' && $valid)
 	print '<tr class="CTableRow'.($var?'1':'2').'"><td class="CTableRow'.($var?'1':'2').'">'.$langs->trans("Amount");
 	if (empty($amount)) print ' ('.$langs->trans("ToComplete").')';
 	print '</td><td class="CTableRow'.($var?'1':'2').'">';
-	if (empty($amount) || ! is_numeric($amount)) print '<input class="flat" size=8 type="text" name="newamount" value="'.GETPOST("newamount",'int').'">';
+	if (empty($amount) || ! is_numeric($amount)) print '<input class="flat" size=8 type="text" name="newamount" value="'.GETPOST("newamount","int").'">';
 	else {
 		print '<b>'.price($amount).'</b>';
         print '<input type="hidden" name="amount" value="'.$amount.'">';
@@ -714,7 +714,7 @@ if (GETPOST("source") == 'contractline' && $valid)
 	print '<tr class="CTableRow'.($var?'1':'2').'"><td class="CTableRow'.($var?'1':'2').'">'.$langs->trans("Amount");
 	if (empty($amount)) print ' ('.$langs->trans("ToComplete").')';
 	print '</td><td class="CTableRow'.($var?'1':'2').'">';
-	if (empty($amount) || ! is_numeric($amount)) print '<input class="flat" size=8 type="text" name="newamount" value="'.GETPOST("newamount",'int').'">';
+	if (empty($amount) || ! is_numeric($amount)) print '<input class="flat" size=8 type="text" name="newamount" value="'.GETPOST("newamount","int").'">';
 	else {
 		print '<b>'.price($amount).'</b>';
         print '<input type="hidden" name="amount" value="'.$amount.'">';
@@ -833,11 +833,18 @@ if (GETPOST("source") == 'membersubscription' && $valid)
 	print '<tr class="CTableRow'.($var?'1':'2').'"><td class="CTableRow'.($var?'1':'2').'">'.$langs->trans("Amount");
 	if (empty($amount)) print ' ('.$langs->trans("ToComplete").')';
 	print '</td><td class="CTableRow'.($var?'1':'2').'">';
-	if (empty($amount) || ! is_numeric($amount)) print '<input class="flat" size=8 type="text" name="newamount" value="'.GETPOST("newamount",'int').'">';
+	if (empty($amount) || ! is_numeric($amount))
+	{
+	    $valtoshow=GETPOST("newamount",'int');
+	    if (! empty($conf->global->MEMBER_MIN_AMOUNT) && $valtoshow) $valtoshow=max($conf->global->MEMBER_MIN_AMOUNT,$valtoshow);
+	    print '<input class="flat" size="8" type="text" name="newamount" value="'.$valtoshow.'">';
+	}
 	else {
-		print '<b>'.price($amount).'</b>';
-        print '<input type="hidden" name="amount" value="'.$amount.'">';
-		print '<input type="hidden" name="newamount" value="'.$amount.'">';
+	    $valtoshow=$amount;
+	    if (! empty($conf->global->MEMBER_MIN_AMOUNT) && $valtoshow) $valtoshow=max($conf->global->MEMBER_MIN_AMOUNT,$valtoshow);
+	    print '<b>'.price($valtoshow).'</b>';
+        print '<input type="hidden" name="amount" value="'.$valtoshow.'">';
+		print '<input type="hidden" name="newamount" value="'.$valtoshow.'">';
 	}
 	// Currency
 	print ' <b>'.$langs->trans("Currency".$currency).'</b>';