diff --git a/htdocs/admin/system/database-tables.php b/htdocs/admin/system/database-tables.php
index addeb3793c6..2da8561d30c 100644
--- a/htdocs/admin/system/database-tables.php
+++ b/htdocs/admin/system/database-tables.php
@@ -36,7 +36,13 @@ $action=GETPOST('action','alpha');
 
 if ($action == 'convert')
 {
-	$db->query("alter table ".$_GET["table"]." ENGINE=INNODB");
+    $sql="ALTER TABLE ".$db->escape(GETPOST("table", "aZ09"))." ENGINE=INNODB";
+	$db->query($sql);
+}
+if ($action == 'convertutf8')
+{
+    $sql="ALTER TABLE ".$db->escape(GETPOST("table", "aZ09"))." CHARACTER SET utf8 COLLATE utf8_unicode_ci";
+    $db->query($sql);
 }
 
 
@@ -111,9 +117,9 @@ else
 
 				print '<td><a href="dbtable.php?table='.$obj->Name.'">'.$obj->Name.'</a></td>';
 				print '<td>'.$obj->Engine.'</td>';
-				if (isset($row[1]) && $row[1] == "MyISAM")
+				if (isset($obj->Engine) && $obj->Engine == "MyISAM")
 				{
-					print '<td><a href="database-tables.php?action=convert&amp;table='.$row[0].'">'.$langs->trans("Convert").'</a></td>';
+				    print '<td><a class="reposition" href="database-tables.php?action=convert&amp;table='.$obj->Name.'">'.$langs->trans("Convert").' InnoDB</a></td>';
 				}
 				else
 				{
@@ -127,7 +133,12 @@ else
 				print '<td align="right">'.$obj->Index_length.'</td>';
 				print '<td align="right">'.$obj->Auto_increment.'</td>';
 				print '<td align="right">'.$obj->Check_time.'</td>';
-				print '<td align="right">'.$obj->Collation.'</td>';
+				print '<td align="right">'.$obj->Collation;
+				if (isset($obj->Collation) && ($obj->Collation == "utf8mb4_general_ci" || $obj->Collation == "utf8mb4_unicode_ci"))
+				{
+				    print '<br><a class="reposition" href="database-tables.php?action=convertutf8&amp;table='.$obj->Name.'">'.$langs->trans("Convert").' UTF8</a>';
+				}
+				print '</td>';
 				print '</tr>';
 				$i++;
 			}
diff --git a/htdocs/admin/tools/export_files.php b/htdocs/admin/tools/export_files.php
index 809cea3b271..4a19fd0e9a6 100644
--- a/htdocs/admin/tools/export_files.php
+++ b/htdocs/admin/tools/export_files.php
@@ -36,6 +36,8 @@ $export_type=GETPOST('export_type','alpha');
 $file=GETPOST('zipfilename_template','alpha');
 $compression = GETPOST('compression');
 
+$file = dol_sanitizeFileName($file);
+
 $sortfield = GETPOST('sortfield','alpha');
 $sortorder = GETPOST('sortorder','alpha');
 $page = GETPOST("page",'int');
@@ -57,10 +59,11 @@ $errormsg='';
 
 if ($action == 'delete')
 {
-	$file=$conf->admin->dir_output.'/'.GETPOST('urlfile');
-	$ret=dol_delete_file($file, 1);
-	if ($ret) setEventMessages($langs->trans("FileWasRemoved", GETPOST('urlfile')), null, 'mesgs');
-	else setEventMessages($langs->trans("ErrorFailToDeleteFile", GETPOST('urlfile')), null, 'errors');
+    $filerelative = dol_sanitizeFileName(GETPOST('urlfile', 'alpha'));
+    $filepath=$conf->admin->dir_output.'/'.$filerelative;
+	$ret=dol_delete_file($filepath, 1);
+	if ($ret) setEventMessages($langs->trans("FileWasRemoved", $filerelative), null, 'mesgs');
+	else setEventMessages($langs->trans("ErrorFailToDeleteFile", $filerelative), null, 'errors');
 	$action='';
 }
 
@@ -122,7 +125,7 @@ elseif (in_array($compression, array('gz', 'bz')))
     $cmd = 'tar -cf '.$outputdir."/".$file." --exclude=documents/admin/documents -C ".DOL_DATA_ROOT." ".DOL_DATA_ROOT."/../documents/";
     exec($cmd, $out, $retval);
     //var_dump($cmd, DOL_DATA_ROOT);exit;
-    
+
     if ($retval != 0)
     {
         $langs->load("errors");
@@ -139,7 +142,7 @@ elseif (in_array($compression, array('gz', 'bz')))
         {
             $cmd = "bzip2 " . $outputdir."/".$file;
         }
-        
+
         exec($cmd, $out, $retval);
         if ($retval != 0)
         {