diff --git a/htdocs/cashdesk/tpl/facturation1.tpl.php b/htdocs/cashdesk/tpl/facturation1.tpl.php
index 59c3a6fb65d..fc1a3f431c5 100644
--- a/htdocs/cashdesk/tpl/facturation1.tpl.php
+++ b/htdocs/cashdesk/tpl/facturation1.tpl.php
@@ -49,7 +49,7 @@ $langs->load("cashdesk");
             $htmlname='idprod';
             $status=-1;
             $rice_level=$company->price_level;
-            print ajax_autocompleter($selected, $htmlname, DOL_URL_ROOT.'/product/ajaxproducts.php', 'outjson=1&price_level='.$price_level.'&type='.$filtertype.'&mode=1&status='.$status.'&finished='.$finished, $conf->global->PRODUIT_USE_SEARCH_TO_SELECT);
+            print ajax_autocompleter($selected, $htmlname, DOL_URL_ROOT.'/product/ajax/products.php', 'outjson=1&price_level='.$price_level.'&type='.$filtertype.'&mode=1&status='.$status.'&finished='.$finished, $conf->global->PRODUIT_USE_SEARCH_TO_SELECT);
             if (! $hidelabel) print $langs->trans("RefOrLabel").' : ';
             print '<input type="text" size="4" name="search_'.$htmlname.'" id="search_'.$htmlname.'" value="'.$selected_input_value.'" />';
             */
diff --git a/htdocs/core/class/html.form.class.php b/htdocs/core/class/html.form.class.php
index 111c3b8496d..d52ec6e334e 100644
--- a/htdocs/core/class/html.form.class.php
+++ b/htdocs/core/class/html.form.class.php
@@ -1082,7 +1082,7 @@ class Form
                 $selected_input_value=$product->ref;
             }
             // mode=1 means customers products
-            print ajax_autocompleter($selected, $htmlname, DOL_URL_ROOT.'/product/ajaxproducts.php', 'htmlname='.$htmlname.'&outjson=1&price_level='.$price_level.'&type='.$filtertype.'&mode=1&status='.$status.'&finished='.$finished, $conf->global->PRODUIT_USE_SEARCH_TO_SELECT);
+            print ajax_autocompleter($selected, $htmlname, DOL_URL_ROOT.'/product/ajax/products.php', 'htmlname='.$htmlname.'&outjson=1&price_level='.$price_level.'&type='.$filtertype.'&mode=1&status='.$status.'&finished='.$finished, $conf->global->PRODUIT_USE_SEARCH_TO_SELECT);
             if (! $hidelabel) print $langs->trans("RefOrLabel").' : ';
             print '<input type="text" size="20" name="search_'.$htmlname.'" id="search_'.$htmlname.'" value="'.$selected_input_value.'" />';
         }
@@ -1329,7 +1329,7 @@ class Form
         if ($conf->global->PRODUIT_USE_SEARCH_TO_SELECT)
         {
             // mode=2 means suppliers products
-            print ajax_autocompleter('', $htmlname, DOL_URL_ROOT.'/product/ajaxproducts.php', ($socid > 0?'socid='.$socid.'&':'').'htmlname='.$htmlname.'&outjson=1&price_level='.$price_level.'&type='.$filtertype.'&mode=2&status='.$status.'&finished='.$finished, $conf->global->PRODUIT_USE_SEARCH_TO_SELECT);
+            print ajax_autocompleter('', $htmlname, DOL_URL_ROOT.'/product/ajax/products.php', ($socid > 0?'socid='.$socid.'&':'').'htmlname='.$htmlname.'&outjson=1&price_level='.$price_level.'&type='.$filtertype.'&mode=2&status='.$status.'&finished='.$finished, $conf->global->PRODUIT_USE_SEARCH_TO_SELECT);
             print $langs->trans("RefOrLabel").' : <input type="text" size="16" name="search_'.$htmlname.'" id="search_'.$htmlname.'">';
             print '<br>';
         }
diff --git a/htdocs/product/ajaxproducts.php b/htdocs/product/ajax/products.php
similarity index 73%
rename from htdocs/product/ajaxproducts.php
rename to htdocs/product/ajax/products.php
index 1e99dcb7a8c..a0e7a5f4cab 100644
--- a/htdocs/product/ajaxproducts.php
+++ b/htdocs/product/ajax/products.php
@@ -18,7 +18,7 @@
  */
 
 /**
- *       \file       htdocs/product/ajaxproducts.php
+ *       \file       htdocs/product/ajax/products.php
  *       \brief      File to return Ajax response on product list request
  */
 
@@ -30,12 +30,19 @@ if (! defined('NOREQUIRESOC'))   define('NOREQUIRESOC','1');
 if (! defined('NOCSRFCHECK'))    define('NOCSRFCHECK','1');
 if (empty($_GET['keysearch']) && ! defined('NOREQUIREHTML'))  define('NOREQUIREHTML','1');
 
-require('../main.inc.php');
+require('../../main.inc.php');
 require_once(DOL_DOCUMENT_ROOT.'/core/class/html.form.class.php');
 
 $langs->load("products");
 $langs->load("main");
 
+$htmlname=GETPOST('htmlname','alpha');
+$socid=GETPOST('socid','int');
+$type=GETPOST('type','int');
+$mode=GETPOST('mode','int');
+$status=((GETPOST('status','int') >= 0) ? GETPOST('status','int') : -1);
+$outjson=(GETPOST('outjson','int') ? GETPOST('outjson','int') : 0);
+$pricelevel=GETPOST('price_level','int');
 
 /*
  * View
@@ -55,32 +62,25 @@ top_httphead();
 dol_syslog(join(',',$_GET));
 //print_r($_GET);
 
-if (! isset($_GET['htmlname'])) return;
+if (empty($htmlname)) return;
 
-$htmlname = $_GET['htmlname'];
 $match = preg_grep('/('.$htmlname.'[0-9]+)/',array_keys($_GET));
 sort($match);
 $idprod = (! empty($match[0]) ? $match[0] : '');
 
-if (! isset($_GET[$htmlname]) && ! isset($_GET[$idprod])) return;
+if (! GETPOST($htmlname) && ! GETPOST($idprod)) return;
 
 // When used from jQuery, the search term is added as GET param "term".
-$searchkey=(! empty($_GET[$idprod])?$_GET[$idprod]:'');
-if (empty($searchkey)) $searchkey=$_GET[$htmlname];
-$outjson=isset($_GET['outjson'])?$_GET['outjson']:0;
-
-// Get list of product.
-$status=-1;
-if (isset($_GET['status'])) $status=$_GET['status'];
+$searchkey=(GETPOST($idprod)?GETPOST($idprod):(GETPOST($htmlname)?GETPOST($htmlname):''));
 
 $form = new Form($db);
-if (empty($_GET['mode']) || $_GET['mode'] == 1)
+if (empty($mode) || $mode == 1)
 {
-	$arrayresult=$form->select_produits_do("",$htmlname,$_GET["type"],"",$_GET["price_level"],$searchkey,$status,2,$outjson);
+	$arrayresult=$form->select_produits_do("",$htmlname,$type,"",$pricelevel,$searchkey,$status,2,$outjson);
 }
-if ($_GET['mode'] == 2)
+elseif ($mode == 2)
 {
-	$arrayresult=$form->select_produits_fournisseurs_do($_GET["socid"],"",$htmlname,$_GET["type"],"",$searchkey,$status,$outjson);
+	$arrayresult=$form->select_produits_fournisseurs_do($socid,"",$htmlname,$type,"",$searchkey,$status,$outjson);
 }
 
 $db->close();