diff --git a/htdocs/admin/agenda.php b/htdocs/admin/agenda.php
index 2c90c0ed99b..748fc7a0309 100644
--- a/htdocs/admin/agenda.php
+++ b/htdocs/admin/agenda.php
@@ -75,6 +75,12 @@ else
 if (GETPOST('button_removefilter_x','alpha') || GETPOST('button_removefilter.x','alpha') ||GETPOST('button_removefilter','alpha')) // All tests are required to be compatible with all browsers
 {
 	$search_event = '';
+	$action = '';
+}
+
+if (GETPOST('button_search_x','alpha') || GETPOST('button_search.x','alpha') ||GETPOST('button_search','alpha'))	// To avoid the save when we click on search
+{
+	$action = '';
 }
 
 if ($action == "save" && empty($cancel))
@@ -106,34 +112,6 @@ if ($action == "save" && empty($cancel))
     }
 }
 
-if (preg_match('/set_(.*)/',$action,$reg))
-{
-	$code=$reg[1];
-	$value=(GETPOST($code) ? GETPOST($code) : 1);
-	if (dolibarr_set_const($db, $code, $value, 'chaine', 0, '', $conf->entity) > 0)
-	{
-		Header("Location: ".$_SERVER["PHP_SELF"]);
-		exit;
-	}
-	else
-	{
-		dol_print_error($db);
-	}
-}
-
-if (preg_match('/del_(.*)/',$action,$reg))
-{
-	$code=$reg[1];
-	if (dolibarr_del_const($db, $code, $conf->entity) > 0)
-	{
-		Header("Location: ".$_SERVER["PHP_SELF"]);
-		exit;
-	}
-	else
-	{
-		dol_print_error($db);
-	}
-}
 
 
 /**
diff --git a/htdocs/admin/agenda_other.php b/htdocs/admin/agenda_other.php
index 54414e094d3..b6b332a4b99 100644
--- a/htdocs/admin/agenda_other.php
+++ b/htdocs/admin/agenda_other.php
@@ -52,10 +52,10 @@ $type = 'action';
 
 include DOL_DOCUMENT_ROOT.'/core/actions_setmoduleoptions.inc.php';
 
-if (preg_match('/set_(.*)/',$action,$reg))
+if (preg_match('/set_([a-z0-9_\-]+)/i',$action,$reg))
 {
 	$code=$reg[1];
-	$value=(GETPOST($code) ? GETPOST($code) : 1);
+	$value=(GETPOST($code, 'alpha') ? GETPOST($code, 'alpha') : 1);
 	if (dolibarr_set_const($db, $code, $value, 'chaine', 0, '', $conf->entity) > 0)
 	{
 		Header("Location: ".$_SERVER["PHP_SELF"]);
@@ -67,7 +67,7 @@ if (preg_match('/set_(.*)/',$action,$reg))
 	}
 }
 
-if (preg_match('/del_(.*)/',$action,$reg))
+if (preg_match('/del_([a-z0-9_\-]+)/i',$action,$reg))
 {
 	$code=$reg[1];
 	if (dolibarr_del_const($db, $code, $conf->entity) > 0)
diff --git a/htdocs/admin/agenda_reminder.php b/htdocs/admin/agenda_reminder.php
index 3e946dd8e60..fac49dcfcde 100644
--- a/htdocs/admin/agenda_reminder.php
+++ b/htdocs/admin/agenda_reminder.php
@@ -47,10 +47,10 @@ $type = 'action';
 
 include DOL_DOCUMENT_ROOT.'/core/actions_setmoduleoptions.inc.php';
 
-if (preg_match('/set_(.*)/',$action,$reg))
+if (preg_match('/set_([a-z0-9_\-]+)/i',$action,$reg))
 {
 	$code=$reg[1];
-	$value=(GETPOST($code) ? GETPOST($code) : 1);
+	$value=(GETPOST($code, 'alpha') ? GETPOST($code, 'alpha') : 1);
 	if (dolibarr_set_const($db, $code, $value, 'chaine', 0, '', $conf->entity) > 0)
 	{
 		Header("Location: ".$_SERVER["PHP_SELF"]);
@@ -62,7 +62,7 @@ if (preg_match('/set_(.*)/',$action,$reg))
 	}
 }
 
-if (preg_match('/del_(.*)/',$action,$reg))
+if (preg_match('/del_([a-z0-9_\-]+)/i',$action,$reg))
 {
 	$code=$reg[1];
 	if (dolibarr_del_const($db, $code, $conf->entity) > 0)
diff --git a/htdocs/admin/ecm.php b/htdocs/admin/ecm.php
index dd9e748de02..2d8bd936b50 100644
--- a/htdocs/admin/ecm.php
+++ b/htdocs/admin/ecm.php
@@ -33,7 +33,7 @@ if (! $user->admin) accessforbidden();
 /*
  * Action
  */
-if (preg_match('/set_(.*)/',$action,$reg))
+if (preg_match('/set_([a-z0-9_\-]+)/i',$action,$reg))
 {
     $code=$reg[1];
     if (dolibarr_set_const($db, $code, 1, 'chaine', 0, '', $conf->entity) > 0)
@@ -47,7 +47,7 @@ if (preg_match('/set_(.*)/',$action,$reg))
     }
 }
 
-if (preg_match('/del_(.*)/',$action,$reg))
+if (preg_match('/del_([a-z0-9_\-]+)/i',$action,$reg))
 {
     $code=$reg[1];
     if (dolibarr_del_const($db, $code, $conf->entity) > 0)
diff --git a/htdocs/admin/multicurrency.php b/htdocs/admin/multicurrency.php
index 25feceda0d1..467ffffeb41 100644
--- a/htdocs/admin/multicurrency.php
+++ b/htdocs/admin/multicurrency.php
@@ -48,10 +48,11 @@ $action = GETPOST('action', 'alpha');
  */
 
 
-if (preg_match('/set_(.*)/',$action,$reg))
+if (preg_match('/set_([a-z0-9_\-]+)/i',$action,$reg))
 {
 	$code=$reg[1];
-	if (dolibarr_set_const($db, $code, GETPOST($code), 'chaine', 0, '', $conf->entity) > 0)
+	$value=(GETPOST($code, 'alpha') ? GETPOST($code, 'alpha') : 1);
+	if (dolibarr_set_const($db, $code, $value, 'chaine', 0, '', $conf->entity) > 0)
 	{
 		header("Location: ".$_SERVER["PHP_SELF"]);
 		exit;
@@ -62,7 +63,7 @@ if (preg_match('/set_(.*)/',$action,$reg))
 	}
 }
 
-if (preg_match('/del_(.*)/',$action,$reg))
+if (preg_match('/del_([a-z0-9_\-]+)/i',$action,$reg))
 {
 	$code=$reg[1];
 	if (dolibarr_del_const($db, $code, 0) > 0)
diff --git a/htdocs/admin/security_file.php b/htdocs/admin/security_file.php
index 143cc17e46f..7ce087ead6f 100644
--- a/htdocs/admin/security_file.php
+++ b/htdocs/admin/security_file.php
@@ -51,36 +51,7 @@ if (GETPOST('sendit') && ! empty($conf->global->MAIN_UPLOAD_DOC))
     dol_add_file_process($upload_dir, 0, 0, 'userfile');
 }
 
-if (preg_match('/set_(.*)/',$action,$reg))
-{
-	$code=$reg[1];
-	$value=(GETPOST($code, 'alpha') ? GETPOST($code, 'alpha') : 1);
-	if (dolibarr_set_const($db, $code, $value, 'chaine', 0, '', $conf->entity) > 0)
-	{
-		Header("Location: ".$_SERVER["PHP_SELF"]);
-		exit;
-	}
-	else
-	{
-		dol_print_error($db);
-	}
-}
-
-else if (preg_match('/del_(.*)/',$action,$reg))
-{
-	$code=$reg[1];
-	if (dolibarr_del_const($db, $code, $conf->entity) > 0)
-	{
-		Header("Location: ".$_SERVER["PHP_SELF"]);
-		exit;
-	}
-	else
-	{
-		dol_print_error($db);
-	}
-}
-
-else if ($action == 'updateform')
+if ($action == 'updateform')
 {
 	$antivircommand = GETPOST('MAIN_ANTIVIRUS_COMMAND','none');			// Use GETPOST none because we must accept ". Example c:\Progra~1\ClamWin\bin\clamscan.exe
 	$antivirparam = GETPOST('MAIN_ANTIVIRUS_PARAM','none');				// Use GETPOST none because we must accept ". Example --database="C:\Program Files (x86)\ClamWin\lib"
diff --git a/htdocs/admin/security_other.php b/htdocs/admin/security_other.php
index e5c66d9e24b..60d0888ed91 100644
--- a/htdocs/admin/security_other.php
+++ b/htdocs/admin/security_other.php
@@ -43,10 +43,10 @@ $action=GETPOST('action','alpha');
  * Actions
  */
 
-if (preg_match('/set_(.*)/',$action,$reg))
+if (preg_match('/set_([a-z0-9_\-]+)/i',$action,$reg))
 {
 	$code=$reg[1];
-	$value=(GETPOST($code) ? GETPOST($code) : 1);
+	$value=(GETPOST($code, 'alpha') ? GETPOST($code, 'alpha') : 1);
 	if (dolibarr_set_const($db, $code, $value, 'chaine', 0, '', $conf->entity) > 0)
 	{
 		Header("Location: ".$_SERVER["PHP_SELF"]);
@@ -58,7 +58,7 @@ if (preg_match('/set_(.*)/',$action,$reg))
 	}
 }
 
-else if (preg_match('/del_(.*)/',$action,$reg))
+else if (preg_match('/del_([a-z0-9_\-]+)/i',$action,$reg))
 {
 	$code=$reg[1];
 	if (dolibarr_del_const($db, $code, $conf->entity) > 0)
diff --git a/htdocs/admin/user.php b/htdocs/admin/user.php
index ee5faefeaee..a7b1c5b9373 100644
--- a/htdocs/admin/user.php
+++ b/htdocs/admin/user.php
@@ -86,7 +86,7 @@ elseif ($action == 'setdoc')
 	}
 	$res = true;
 }
-elseif (preg_match('/set_(.*)/',$action,$reg))
+elseif (preg_match('/set_([a-z0-9_\-]+)/i',$action,$reg))
 {
     $code=$reg[1];
     if (dolibarr_set_const($db, $code, 1, 'chaine', 0, '', $conf->entity) > 0)
@@ -100,7 +100,7 @@ elseif (preg_match('/set_(.*)/',$action,$reg))
     }
 }
 
-elseif (preg_match('/del_(.*)/',$action,$reg))
+elseif (preg_match('/del_([a-z0-9_\-]+)/i',$action,$reg))
 {
     $code=$reg[1];
     if (dolibarr_del_const($db, $code, $conf->entity) > 0)
diff --git a/htdocs/admin/usergroup.php b/htdocs/admin/usergroup.php
index 5a1cf94e59f..75497e9d19d 100644
--- a/htdocs/admin/usergroup.php
+++ b/htdocs/admin/usergroup.php
@@ -83,7 +83,7 @@ elseif ($action == 'setdoc')
 	}
 	$res = true;
 }
-elseif (preg_match('/set_(.*)/',$action,$reg))
+elseif (preg_match('/set_([a-z0-9_\-]+)/i',$action,$reg))
 {
     $code=$reg[1];
     if (dolibarr_set_const($db, $code, 1, 'chaine', 0, '', $conf->entity) > 0)
@@ -97,7 +97,7 @@ elseif (preg_match('/set_(.*)/',$action,$reg))
     }
 }
 
-elseif (preg_match('/del_(.*)/',$action,$reg))
+elseif (preg_match('/del_([a-z0-9_\-]+)/i',$action,$reg))
 {
     $code=$reg[1];
     if (dolibarr_del_const($db, $code, $conf->entity) > 0)
diff --git a/htdocs/categories/admin/categorie.php b/htdocs/categories/admin/categorie.php
index c1564e1b892..518d8903edd 100644
--- a/htdocs/categories/admin/categorie.php
+++ b/htdocs/categories/admin/categorie.php
@@ -38,7 +38,7 @@ $action=GETPOST('action','aZ09');
  *	Actions
  */
 
-if (preg_match('/set_(.*)/',$action,$reg))
+if (preg_match('/set_([a-z0-9_\-]+)/i',$action,$reg))
 {
     $code=$reg[1];
     if (dolibarr_set_const($db, $code, 1, 'chaine', 0, '', $conf->entity) > 0)
@@ -52,7 +52,7 @@ if (preg_match('/set_(.*)/',$action,$reg))
     }
 }
 
-if (preg_match('/del_(.*)/',$action,$reg))
+if (preg_match('/del_([a-z0-9_\-]+)/i',$action,$reg))
 {
     $code=$reg[1];
     if (dolibarr_del_const($db, $code, $conf->entity) > 0)
diff --git a/htdocs/margin/admin/margin.php b/htdocs/margin/admin/margin.php
index 559b5b13564..d37dfe0c83b 100644
--- a/htdocs/margin/admin/margin.php
+++ b/htdocs/margin/admin/margin.php
@@ -42,7 +42,7 @@ $action=GETPOST('action','alpha');
 /*
  * Action
  */
-if (preg_match('/set_(.*)/',$action,$reg))
+if (preg_match('/set_([a-z0-9_\-]+)/i',$action,$reg))
 {
     $code=$reg[1];
     if (dolibarr_set_const($db, $code, 1, 'yesno', 0, '', $conf->entity) > 0)
@@ -56,7 +56,7 @@ if (preg_match('/set_(.*)/',$action,$reg))
     }
 }
 
-if (preg_match('/del_(.*)/',$action,$reg))
+if (preg_match('/del_([a-z0-9_\-]+)/i',$action,$reg))
 {
     $code=$reg[1];
     if (dolibarr_del_const($db, $code, $conf->entity) > 0)