diff --git a/htdocs/compta/facture/card.php b/htdocs/compta/facture/card.php
index 9ad79393499..8541581fb49 100644
--- a/htdocs/compta/facture/card.php
+++ b/htdocs/compta/facture/card.php
@@ -1695,7 +1695,7 @@ if (empty($reshook))
 			setEventMessages($langs->trans('ErrorFieldRequired', $langs->transnoentitiesnoconv('Type')), null, 'errors');
 			$error++;
 		}
-		if ($prod_entry_mode == 'free' && empty($idprod) && (($price_ht < 0 && empty($conf->global->FACTURE_ENABLE_NEGATIVE_LINES)) || $price_ht == '') && $price_ht_devise == '') 	// Unit price can be 0 but not ''
+		if (($prod_entry_mode == 'free' && empty($idprod) && (($price_ht < 0 && empty($conf->global->FACTURE_ENABLE_NEGATIVE_LINES)) || $price_ht == '') && $price_ht_devise == '') && $object->type != Facture::TYPE_CREDIT_NOTE) 	// Unit price can be 0 but not ''
 		{
 			if ($price_ht < 0 && empty($conf->global->FACTURE_ENABLE_NEGATIVE_LINES))
 			{
@@ -2155,7 +2155,7 @@ if (empty($reshook))
 			setEventMessages($langs->trans('ErrorQtyForCustomerInvoiceCantBeNegative'), null, 'errors');
 			$error++;
 		}
-		if (empty($productid) && (($pu_ht < 0 && empty($conf->global->FACTURE_ENABLE_NEGATIVE_LINES)) || $pu_ht == '') && $pu_ht_devise == '') 	// Unit price can be 0 but not ''
+		if ((empty($productid) && (($pu_ht < 0 && empty($conf->global->FACTURE_ENABLE_NEGATIVE_LINES)) || $pu_ht == '') && $pu_ht_devise == '') && $object->type != Facture::TYPE_CREDIT_NOTE) 	// Unit price can be 0 but not ''
 		{
 			if ($pu_ht < 0 && empty($conf->global->FACTURE_ENABLE_NEGATIVE_LINES))
 			{
diff --git a/htdocs/core/lib/security.lib.php b/htdocs/core/lib/security.lib.php
index d2b768d75d5..d12ee339909 100644
--- a/htdocs/core/lib/security.lib.php
+++ b/htdocs/core/lib/security.lib.php
@@ -484,9 +484,9 @@ function checkUserAccessToObject($user, $featuresarray, $objectid=0, $tableandsh
 					{
 						$sql.= ",".MAIN_DB_PREFIX."usergroup_user as ug";
 						$sql.= " WHERE dbt.".$dbt_select." IN (".$objectid.")";
-						$sql.= " AND (ug.fk_user = dbt.rowid";
-						$sql.= " AND ug.entity IN (".getEntity('user')."))";
-						$sql.= " OR dbt.entity = 0"; // Show always superadmin
+						$sql.= " AND ((ug.fk_user = dbt.rowid";
+						$sql.= " AND ug.entity IN (".getEntity('usergroup')."))";
+						$sql.= " OR dbt.entity = 0)"; // Show always superadmin
 					}
 				}
 				else {
diff --git a/htdocs/install/inc.php b/htdocs/install/inc.php
index 0a2a6866f26..0b924122ebb 100644
--- a/htdocs/install/inc.php
+++ b/htdocs/install/inc.php
@@ -196,7 +196,7 @@ if (constant('DOL_DATA_ROOT') === null) {
 }
 if (@file_exists($lockfile))
 {
-	if (! is_object($langs))
+	if (! isset($langs) || ! is_object($langs))
 	{
 		$langs = new Translate('..', $conf);
 		$langs->setDefaultLang('auto');
diff --git a/htdocs/user/card.php b/htdocs/user/card.php
index f0b3fb819f2..6db383ed515 100644
--- a/htdocs/user/card.php
+++ b/htdocs/user/card.php
@@ -84,9 +84,11 @@ $socid=0;
 if ($user->societe_id > 0) $socid = $user->societe_id;
 $feature2='user';
 if ($user->id == $id) { $feature2=''; $canreaduser=1; } // A user can always read its own card
-if (!$canreaduser) {
+
+if (! $canreaduser) {
 	$result = restrictedArea($user, 'user', $id, 'user&user', $feature2);
 }
+
 if ($user->id <> $id && ! $canreaduser) accessforbidden();
 
 // Load translation files required by page