diff --git a/htdocs/admin/company.php b/htdocs/admin/company.php
index 4487f81c2fe..6170c02dd4f 100644
--- a/htdocs/admin/company.php
+++ b/htdocs/admin/company.php
@@ -49,7 +49,7 @@ $error=0;
  * Actions
  */
 
-if ( ($action == 'update' && empty($_POST["cancel"]))
+if ( ($action == 'update' && ! GETPOST("cancel",'alpha'))
 || ($action == 'updateedit') )
 {
 	$tmparray=getCountry(GETPOST('country_id','int'),'all',$db,$langs,0);
@@ -63,19 +63,19 @@ if ( ($action == 'update' && empty($_POST["cancel"]))
 		dolibarr_set_const($db, "MAIN_INFO_SOCIETE_COUNTRY", $s,'chaine',0,'',$conf->entity);
 	}
 
-	dolibarr_set_const($db, "MAIN_INFO_SOCIETE_NOM",$_POST["nom"],'chaine',0,'',$conf->entity);
-	dolibarr_set_const($db, "MAIN_INFO_SOCIETE_ADDRESS",$_POST["address"],'chaine',0,'',$conf->entity);
-	dolibarr_set_const($db, "MAIN_INFO_SOCIETE_TOWN",$_POST["town"],'chaine',0,'',$conf->entity);
-	dolibarr_set_const($db, "MAIN_INFO_SOCIETE_ZIP",$_POST["zipcode"],'chaine',0,'',$conf->entity);
-	dolibarr_set_const($db, "MAIN_INFO_SOCIETE_STATE",$_POST["state_id"],'chaine',0,'',$conf->entity);
-	dolibarr_set_const($db, "MAIN_MONNAIE",$_POST["currency"],'chaine',0,'',$conf->entity);
-	dolibarr_set_const($db, "MAIN_INFO_SOCIETE_TEL",$_POST["tel"],'chaine',0,'',$conf->entity);
-	dolibarr_set_const($db, "MAIN_INFO_SOCIETE_FAX",$_POST["fax"],'chaine',0,'',$conf->entity);
-	dolibarr_set_const($db, "MAIN_INFO_SOCIETE_MAIL",$_POST["mail"],'chaine',0,'',$conf->entity);
-	dolibarr_set_const($db, "MAIN_INFO_SOCIETE_WEB",$_POST["web"],'chaine',0,'',$conf->entity);
-	dolibarr_set_const($db, "MAIN_INFO_SOCIETE_NOTE",$_POST["note"],'chaine',0,'',$conf->entity);
-	dolibarr_set_const($db, "MAIN_INFO_SOCIETE_GENCOD",$_POST["barcode"],'chaine',0,'',$conf->entity);
-	
+	dolibarr_set_const($db, "MAIN_INFO_SOCIETE_NOM", GETPOST("nom",'nohtml'),'chaine',0,'',$conf->entity);
+	dolibarr_set_const($db, "MAIN_INFO_SOCIETE_ADDRESS", GETPOST("address",'nohtml'),'chaine',0,'',$conf->entity);
+	dolibarr_set_const($db, "MAIN_INFO_SOCIETE_TOWN", GETPOST("town",'nohtml'),'chaine',0,'',$conf->entity);
+	dolibarr_set_const($db, "MAIN_INFO_SOCIETE_ZIP", GETPOST("zipcode",'alpha'),'chaine',0,'',$conf->entity);
+	dolibarr_set_const($db, "MAIN_INFO_SOCIETE_STATE", GETPOST("state_id",'alpha'),'chaine',0,'',$conf->entity);
+	dolibarr_set_const($db, "MAIN_MONNAIE", GETPOST("currency",'alpha'),'chaine',0,'',$conf->entity);
+	dolibarr_set_const($db, "MAIN_INFO_SOCIETE_TEL", GETPOST("tel",'alpha'),'chaine',0,'',$conf->entity);
+	dolibarr_set_const($db, "MAIN_INFO_SOCIETE_FAX", GETPOST("fax",'alpha'),'chaine',0,'',$conf->entity);
+	dolibarr_set_const($db, "MAIN_INFO_SOCIETE_MAIL", GETPOST("mail",'alpha'),'chaine',0,'',$conf->entity);
+	dolibarr_set_const($db, "MAIN_INFO_SOCIETE_WEB", GETPOST("web",'alpha'),'chaine',0,'',$conf->entity);
+	dolibarr_set_const($db, "MAIN_INFO_SOCIETE_NOTE", GETPOST("note",'none'),'chaine',0,'',$conf->entity);
+	dolibarr_set_const($db, "MAIN_INFO_SOCIETE_GENCOD", GETPOST("barcode",'alpha'),'chaine',0,'',$conf->entity);
+
 	$varforimage='logo'; $dirforimage=$conf->mycompany->dir_output.'/logos/';
 	if ($_FILES[$varforimage]["tmp_name"])
 	{
@@ -100,8 +100,8 @@ if ( ($action == 'update' && empty($_POST["cancel"]))
 					if ($isimage > 0)
 					{
 					    // Create thumbs
-					    //$object->addThumbs($newfile);    // We can't use addThumbs here yet because we need name of generated thumbs to add them into constants. TODO Check if need such constants. We should be able to retreive value with get... 
-					    	
+					    //$object->addThumbs($newfile);    // We can't use addThumbs here yet because we need name of generated thumbs to add them into constants. TODO Check if need such constants. We should be able to retreive value with get...
+
 						// Create small thumb, Used on logon for example
 						$imgThumbSmall = vignette($dirforimage.$original_file, $maxwidthsmall, $maxheightsmall, '_small', $quality);
 						if (image_format_supported($imgThumbSmall) >= 0 && preg_match('/([^\\/:]+)$/i',$imgThumbSmall,$reg))
@@ -143,27 +143,27 @@ if ( ($action == 'update' && empty($_POST["cancel"]))
 			}
 		}
 	}
-	
-	dolibarr_set_const($db, "MAIN_INFO_SOCIETE_MANAGERS",$_POST["MAIN_INFO_SOCIETE_MANAGERS"],'chaine',0,'',$conf->entity);
-	dolibarr_set_const($db, "MAIN_INFO_CAPITAL",$_POST["capital"],'chaine',0,'',$conf->entity);
-	dolibarr_set_const($db, "MAIN_INFO_SOCIETE_FORME_JURIDIQUE",$_POST["forme_juridique_code"],'chaine',0,'',$conf->entity);
-	dolibarr_set_const($db, "MAIN_INFO_SIREN",$_POST["siren"],'chaine',0,'',$conf->entity);
-	dolibarr_set_const($db, "MAIN_INFO_SIRET",$_POST["siret"],'chaine',0,'',$conf->entity);
-	dolibarr_set_const($db, "MAIN_INFO_APE",$_POST["ape"],'chaine',0,'',$conf->entity);
-	dolibarr_set_const($db, "MAIN_INFO_RCS",$_POST["rcs"],'chaine',0,'',$conf->entity);
-	dolibarr_set_const($db, "MAIN_INFO_PROFID5",$_POST["MAIN_INFO_PROFID5"],'chaine',0,'',$conf->entity);
-	dolibarr_set_const($db, "MAIN_INFO_PROFID6",$_POST["MAIN_INFO_PROFID6"],'chaine',0,'',$conf->entity);
 
-	dolibarr_set_const($db, "MAIN_INFO_TVAINTRA",$_POST["tva"],'chaine',0,'',$conf->entity);
-	dolibarr_set_const($db, "MAIN_INFO_SOCIETE_OBJECT",$_POST["object"],'chaine',0,'',$conf->entity);
+	dolibarr_set_const($db, "MAIN_INFO_SOCIETE_MANAGERS", GETPOST("MAIN_INFO_SOCIETE_MANAGERS",'alpha'),'chaine',0,'',$conf->entity);
+	dolibarr_set_const($db, "MAIN_INFO_CAPITAL", GETPOST("capital",'alpha'),'chaine',0,'',$conf->entity);
+	dolibarr_set_const($db, "MAIN_INFO_SOCIETE_FORME_JURIDIQUE", GETPOST("forme_juridique_code",'alpha'),'chaine',0,'',$conf->entity);
+	dolibarr_set_const($db, "MAIN_INFO_SIREN", GETPOST("siren",'alpha'),'chaine',0,'',$conf->entity);
+	dolibarr_set_const($db, "MAIN_INFO_SIRET", GETPOST("siret",'alpha'),'chaine',0,'',$conf->entity);
+	dolibarr_set_const($db, "MAIN_INFO_APE", GETPOST("ape",'alpha'),'chaine',0,'',$conf->entity);
+	dolibarr_set_const($db, "MAIN_INFO_RCS", GETPOST("rcs",'alpha'),'chaine',0,'',$conf->entity);
+	dolibarr_set_const($db, "MAIN_INFO_PROFID5", GETPOST("MAIN_INFO_PROFID5",'alpha'),'chaine',0,'',$conf->entity);
+	dolibarr_set_const($db, "MAIN_INFO_PROFID6", GETPOST("MAIN_INFO_PROFID6",'alpha'),'chaine',0,'',$conf->entity);
 
-	dolibarr_set_const($db, "SOCIETE_FISCAL_MONTH_START",$_POST["fiscalmonthstart"],'chaine',0,'',$conf->entity);
+	dolibarr_set_const($db, "MAIN_INFO_TVAINTRA", GETPOST("tva",'alpha'),'chaine',0,'',$conf->entity);
+	dolibarr_set_const($db, "MAIN_INFO_SOCIETE_OBJECT", GETPOST("object",'nohtml'),'chaine',0,'',$conf->entity);
 
-	dolibarr_set_const($db, "FACTURE_TVAOPTION",$_POST["optiontva"],'chaine',0,'',$conf->entity);
+	dolibarr_set_const($db, "SOCIETE_FISCAL_MONTH_START", GETPOST("fiscalmonthstart",'alpha'),'chaine',0,'',$conf->entity);
+
+	dolibarr_set_const($db, "FACTURE_TVAOPTION", GETPOST("optiontva",'alpha'),'chaine',0,'',$conf->entity);
 
 	// Local taxes
-	dolibarr_set_const($db, "FACTURE_LOCAL_TAX1_OPTION",$_POST["optionlocaltax1"],'chaine',0,'',$conf->entity);
-	dolibarr_set_const($db, "FACTURE_LOCAL_TAX2_OPTION",$_POST["optionlocaltax2"],'chaine',0,'',$conf->entity);
+	dolibarr_set_const($db, "FACTURE_LOCAL_TAX1_OPTION", GETPOST("optionlocaltax1",'alpha'),'chaine',0,'',$conf->entity);
+	dolibarr_set_const($db, "FACTURE_LOCAL_TAX2_OPTION", GETPOST("optionlocaltax2",'alpha'),'chaine',0,'',$conf->entity);
 
 	if($_POST["optionlocaltax1"]=="localtax1on")
 	{
@@ -173,9 +173,9 @@ if ( ($action == 'update' && empty($_POST["cancel"]))
 		}
 		else
 		{
-			dolibarr_set_const($db, "MAIN_INFO_VALUE_LOCALTAX1", GETPOST('lt1'),'chaine',0,'',$conf->entity);
+			dolibarr_set_const($db, "MAIN_INFO_VALUE_LOCALTAX1", GETPOST('lt1','alpha'),'chaine',0,'',$conf->entity);
 		}
-		dolibarr_set_const($db,"MAIN_INFO_LOCALTAX_CALC1", $_POST["clt1"],'chaine',0,'',$conf->entity);
+		dolibarr_set_const($db,"MAIN_INFO_LOCALTAX_CALC1",  GETPOST("clt1",'alpha'),'chaine',0,'',$conf->entity);
 	}
 	if($_POST["optionlocaltax2"]=="localtax2on")
 	{
@@ -185,9 +185,9 @@ if ( ($action == 'update' && empty($_POST["cancel"]))
 		}
 		else
 		{
-			dolibarr_set_const($db, "MAIN_INFO_VALUE_LOCALTAX2", GETPOST('lt2'),'chaine',0,'',$conf->entity);
+			dolibarr_set_const($db, "MAIN_INFO_VALUE_LOCALTAX2", GETPOST('lt2','alpha'),'chaine',0,'',$conf->entity);
 		}
-		dolibarr_set_const($db,"MAIN_INFO_LOCALTAX_CALC2", $_POST["clt2"],'chaine',0,'',$conf->entity);
+		dolibarr_set_const($db,"MAIN_INFO_LOCALTAX_CALC2",  GETPOST("clt2",'alpha'),'chaine',0,'',$conf->entity);
 	}
 
 	if ($action != 'updateedit' && ! $error)
@@ -207,7 +207,7 @@ if ($action == 'addthumb')  // Regenerate thumbs
 		if ($isimage > 0)
 		{
 		    // Create thumbs
-		    //$object->addThumbs($newfile);    // We can't use addThumbs here yet because we need name of generated thumbs to add them into constants. TODO Check if need such constants. We should be able to retreive value with get... 
+		    //$object->addThumbs($newfile);    // We can't use addThumbs here yet because we need name of generated thumbs to add them into constants. TODO Check if need such constants. We should be able to retreive value with get...
 
 			// Create small thumb. Used on logon for example
 			$imgThumbSmall = vignette($conf->mycompany->dir_output.'/logos/'.$_GET["file"], $maxwidthsmall, $maxheightsmall, '_small',$quality);
@@ -309,72 +309,72 @@ if ($action == 'edit' || $action == 'updateedit')
 	print '<tr class="liste_titre"><th class="titlefield">'.$langs->trans("CompanyInfo").'</th><th>'.$langs->trans("Value").'</th></tr>'."\n";
 
 	// Name
-	
+
 	print '<tr class="oddeven"><td class="fieldrequired"><label for="name">'.$langs->trans("CompanyName").'</label></td><td>';
-	print '<input name="nom" id="name" class="minwidth200" value="'. ($conf->global->MAIN_INFO_SOCIETE_NOM?$conf->global->MAIN_INFO_SOCIETE_NOM:$_POST["nom"]) . '" autofocus="autofocus"></td></tr>'."\n";
+	print '<input name="nom" id="name" class="minwidth200" value="'. ($conf->global->MAIN_INFO_SOCIETE_NOM?$conf->global->MAIN_INFO_SOCIETE_NOM: GETPOST("nom",'nohtml')) . '" autofocus="autofocus"></td></tr>'."\n";
 
 	// Addresse
-	
+
 	print '<tr class="oddeven"><td><label for="address">'.$langs->trans("CompanyAddress").'</label></td><td>';
-	print '<textarea name="address" id="address" class="quatrevingtpercent" rows="'.ROWS_3.'">'. ($conf->global->MAIN_INFO_SOCIETE_ADDRESS?$conf->global->MAIN_INFO_SOCIETE_ADDRESS:$_POST["address"]) . '</textarea></td></tr>'."\n";
+	print '<textarea name="address" id="address" class="quatrevingtpercent" rows="'.ROWS_3.'">'. ($conf->global->MAIN_INFO_SOCIETE_ADDRESS?$conf->global->MAIN_INFO_SOCIETE_ADDRESS: GETPOST("address",'nohtml')) . '</textarea></td></tr>'."\n";
+
 
-	
 	print '<tr class="oddeven"><td><label for="zipcode">'.$langs->trans("CompanyZip").'</label></td><td>';
-	print '<input class="minwidth100" name="zipcode" id="zipcode" value="'. ($conf->global->MAIN_INFO_SOCIETE_ZIP?$conf->global->MAIN_INFO_SOCIETE_ZIP:$_POST["zipcode"]) . '"></td></tr>'."\n";
+	print '<input class="minwidth100" name="zipcode" id="zipcode" value="'. ($conf->global->MAIN_INFO_SOCIETE_ZIP?$conf->global->MAIN_INFO_SOCIETE_ZIP: GETPOST("zipcode",'alpha')) . '"></td></tr>'."\n";
+
 
-	
 	print '<tr class="oddeven"><td><label for="town">'.$langs->trans("CompanyTown").'</label></td><td>';
-	print '<input name="town" class="minwidth100" id="town" value="'. ($conf->global->MAIN_INFO_SOCIETE_TOWN?$conf->global->MAIN_INFO_SOCIETE_TOWN:$_POST["town"]) . '"></td></tr>'."\n";
+	print '<input name="town" class="minwidth100" id="town" value="'. ($conf->global->MAIN_INFO_SOCIETE_TOWN?$conf->global->MAIN_INFO_SOCIETE_TOWN: GETPOST("town",'nohtml')) . '"></td></tr>'."\n";
 
 	// Country
-	
+
 	print '<tr class="oddeven"><td class="fieldrequired"><label for="selectcountry_id">'.$langs->trans("Country").'</label></td><td class="maxwidthonsmartphone">';
 	//if (empty($country_selected)) $country_selected=substr($langs->defaultlang,-2);    // By default, country of localization
 	print $form->select_country($mysoc->country_id,'country_id');
 	if ($user->admin) print info_admin($langs->trans("YouCanChangeValuesForThisListFromDictionarySetup"),1);
 	print '</td></tr>'."\n";
 
-	
+
 	print '<tr class="oddeven"><td><label for="state_id">'.$langs->trans("State").'</label></td><td class="maxwidthonsmartphone">';
 	$formcompany->select_departement($conf->global->MAIN_INFO_SOCIETE_STATE,$mysoc->country_code,'state_id');
 	print '</td></tr>'."\n";
 
-	
+
 	print '<tr class="oddeven"><td><label for="currency">'.$langs->trans("CompanyCurrency").'</label></td><td>';
 	print $form->selectCurrency($conf->currency,"currency");
 	print '</td></tr>'."\n";
 
-	
+
 	print '<tr class="oddeven"><td><label for="phone">'.$langs->trans("Phone").'</label></td><td>';
 	print '<input name="tel" id="phone" value="'. $conf->global->MAIN_INFO_SOCIETE_TEL . '"></td></tr>';
 	print '</td></tr>'."\n";
 
-	
+
 	print '<tr class="oddeven"><td><label for="fax">'.$langs->trans("Fax").'</label></td><td>';
 	print '<input name="fax" id="fax" value="'. $conf->global->MAIN_INFO_SOCIETE_FAX . '"></td></tr>';
 	print '</td></tr>'."\n";
 
-	
+
 	print '<tr class="oddeven"><td><label for="email">'.$langs->trans("EMail").'</label></td><td>';
 	print '<input name="mail" id="email" class="minwidth200" value="'. $conf->global->MAIN_INFO_SOCIETE_MAIL . '"></td></tr>';
 	print '</td></tr>'."\n";
 
 	// Web
-	
+
 	print '<tr class="oddeven"><td><label for="web">'.$langs->trans("Web").'</label></td><td>';
 	print '<input name="web" id="web" class="minwidth300" value="'. $conf->global->MAIN_INFO_SOCIETE_WEB . '"></td></tr>';
 	print '</td></tr>'."\n";
 
 	// Barcode
 	if (! empty($conf->barcode->enabled)) {
-		
+
 		print '<tr class="oddeven"><td><label for="barcode">'.$langs->trans("Gencod").'</label></td><td>';
 		print '<input name="barcode" id="barcode" class="minwidth150" value="'. $conf->global->MAIN_INFO_SOCIETE_GENCOD . '"></td></tr>';
 		print '</td></tr>';
 	}
 
 	// Logo
-	
+
 	print '<tr'.dol_bc($var,'hideonsmartphone').'><td><label for="logo">'.$langs->trans("Logo").' (png,jpg)</label></td><td>';
 	print '<table width="100%" class="nobordernopadding"><tr class="nocellnopadd"><td valign="middle" class="nocellnopadd">';
 	print '<input type="file" class="flat class=minwidth200" name="logo" id="logo">';
@@ -392,9 +392,9 @@ if ($action == 'edit' || $action == 'updateedit')
 	print '</td></tr>';
 
 	// Note
-	
+
 	print '<tr class="oddeven"><td class="tdtop"><label for="note">'.$langs->trans("Note").'</label></td><td>';
-	print '<textarea class="flat quatrevingtpercent" name="note" id="note" rows="'.ROWS_5.'">'.(! empty($conf->global->MAIN_INFO_SOCIETE_NOTE) ? $conf->global->MAIN_INFO_SOCIETE_NOTE : '').'</textarea></td></tr>';
+	print '<textarea class="flat quatrevingtpercent" name="note" id="note" rows="'.ROWS_5.'">'.(GETPOST('note','none') ? GETPOST('note','none') : $conf->global->MAIN_INFO_SOCIETE_NOTE).'</textarea></td></tr>';
 	print '</td></tr>';
 
 	print '</table>';
@@ -409,17 +409,17 @@ if ($action == 'edit' || $action == 'updateedit')
 	$langs->load("companies");
 
 	// Managing Director(s)
-	
+
 	print '<tr class="oddeven"><td><label for="director">'.$langs->trans("ManagingDirectors").'</label></td><td>';
 	print '<input name="MAIN_INFO_SOCIETE_MANAGERS" id="director" class="minwidth200" value="' . $conf->global->MAIN_INFO_SOCIETE_MANAGERS . '"></td></tr>';
 
 	// Capital
-	
+
 	print '<tr class="oddeven"><td><label for="capital">'.$langs->trans("Capital").'</label></td><td>';
 	print '<input name="capital" id="capital" class="minwidth100" value="' . $conf->global->MAIN_INFO_CAPITAL . '"></td></tr>';
 
 	// Juridical Status
-	
+
 	print '<tr class="oddeven"><td><label for="forme_juridique_code">'.$langs->trans("JuridicalStatus").'</label></td><td>';
 	if ($mysoc->country_code) {
 		print $formcompany->select_juridicalstatus($conf->global->MAIN_INFO_SOCIETE_FORME_JURIDIQUE, $mysoc->country_code, '', 'forme_juridique_code');
@@ -431,7 +431,7 @@ if ($action == 'edit' || $action == 'updateedit')
 	// ProfID1
 	if ($langs->transcountry("ProfId1",$mysoc->country_code) != '-')
 	{
-		
+
 		print '<tr class="oddeven"><td><label for="profid1">'.$langs->transcountry("ProfId1",$mysoc->country_code).'</label></td><td>';
 		if (! empty($mysoc->country_code))
 		{
@@ -447,7 +447,7 @@ if ($action == 'edit' || $action == 'updateedit')
 	// ProfId2
 	if ($langs->transcountry("ProfId2",$mysoc->country_code) != '-')
 	{
-		
+
 		print '<tr class="oddeven"><td><label for="profid2">'.$langs->transcountry("ProfId2",$mysoc->country_code).'</label></td><td>';
 		if (! empty($mysoc->country_code))
 		{
@@ -463,7 +463,7 @@ if ($action == 'edit' || $action == 'updateedit')
 	// ProfId3
 	if ($langs->transcountry("ProfId3",$mysoc->country_code) != '-')
 	{
-		
+
 		print '<tr class="oddeven"><td><label for="profid3">'.$langs->transcountry("ProfId3",$mysoc->country_code).'</label></td><td>';
 		if (! empty($mysoc->country_code))
 		{
@@ -479,7 +479,7 @@ if ($action == 'edit' || $action == 'updateedit')
 	// ProfId4
 	if ($langs->transcountry("ProfId4",$mysoc->country_code) != '-')
 	{
-		
+
 		print '<tr class="oddeven"><td><label for="profid4">'.$langs->transcountry("ProfId4",$mysoc->country_code).'</label></td><td>';
 		if (! empty($mysoc->country_code))
 		{
@@ -495,7 +495,7 @@ if ($action == 'edit' || $action == 'updateedit')
 	// ProfId5
 	if ($langs->transcountry("ProfId5",$mysoc->country_code) != '-')
 	{
-		
+
 		print '<tr class="oddeven"><td><label for="profid5">'.$langs->transcountry("ProfId5",$mysoc->country_code).'</label></td><td>';
 		if (! empty($mysoc->country_code))
 		{
@@ -511,7 +511,7 @@ if ($action == 'edit' || $action == 'updateedit')
 	// ProfId6
 	if ($langs->transcountry("ProfId6",$mysoc->country_code) != '-')
 	{
-		
+
 		print '<tr class="oddeven"><td><label for="profid6">'.$langs->transcountry("ProfId6",$mysoc->country_code).'</label></td><td>';
 		if (! empty($mysoc->country_code))
 		{
@@ -525,13 +525,13 @@ if ($action == 'edit' || $action == 'updateedit')
 	}
 
 	// TVA Intra
-	
+
 	print '<tr class="oddeven"><td><label for="intra_vat">'.$langs->trans("VATIntra").'</label></td><td>';
 	print '<input name="tva" id="intra_vat" class="minwidth200" value="' . (! empty($conf->global->MAIN_INFO_TVAINTRA) ? $conf->global->MAIN_INFO_TVAINTRA : '') . '">';
 	print '</td></tr>';
-	
+
 	// Object of the company
-	
+
 	print '<tr class="oddeven"><td><label for="object">'.$langs->trans("CompanyObject").'</label></td><td>';
 	print '<textarea class="flat quatrevingtpercent" name="object" id="object" rows="'.ROWS_5.'">'.(! empty($conf->global->MAIN_INFO_SOCIETE_OBJECT) ? $conf->global->MAIN_INFO_SOCIETE_OBJECT : '').'</textarea></td></tr>';
 	print '</td></tr>';
@@ -546,7 +546,7 @@ if ($action == 'edit' || $action == 'updateedit')
 	print '<td class="titlefield">'.$langs->trans("FiscalYearInformation").'</td><td>'.$langs->trans("Value").'</td>';
 	print "</tr>\n";
 
-	
+
 	print '<tr class="oddeven"><td><label for="fiscalmonthstart">'.$langs->trans("FiscalMonthStart").'</label></td><td>';
 	print $formother->select_month($conf->global->SOCIETE_FISCAL_MONTH_START,'fiscalmonthstart',0,1) . '</td></tr>';
 
@@ -561,7 +561,7 @@ if ($action == 'edit' || $action == 'updateedit')
 	print '<td align="right">&nbsp;</td>';
 	print "</tr>\n";
 
-	
+
 	print "<tr class=\"oddeven\"><td width=\"140\"><label><input type=\"radio\" name=\"optiontva\" id=\"use_vat\" value=\"1\"".(empty($conf->global->FACTURE_TVAOPTION)?"":" checked")."> ".$langs->trans("VATIsUsed")."</label></td>";
 	print '<td colspan="2">';
 	print "<table>";
@@ -570,7 +570,7 @@ if ($action == 'edit' || $action == 'updateedit')
 	print "</table>";
 	print "</td></tr>\n";
 
-	
+
 	print "<tr class=\"oddeven\"><td width=\"140\"><label><input type=\"radio\" name=\"optiontva\" id=\"no_vat\" value=\"0\"".(empty($conf->global->FACTURE_TVAOPTION)?" checked":"")."> ".$langs->trans("VATIsNotUsed")."</label></td>";
 	print '<td colspan="2">';
 	print "<table>";
@@ -593,7 +593,7 @@ if ($action == 'edit' || $action == 'updateedit')
 		print '<td>'.$langs->transcountry("LocalTax1Management",$mysoc->country_code).'</td><td>'.$langs->trans("Description").'</td>';
 		print '<td align="right">&nbsp;</td>';
 		print "</tr>\n";
-		
+
 		// Note: When option is not set, it must not appears as set on on, because there is no default value for this option
 		print "<tr class=\"oddeven\"><td width=\"140\"><input type=\"radio\" name=\"optionlocaltax1\" id=\"lt1\" value=\"localtax1on\"".(($conf->global->FACTURE_LOCAL_TAX1_OPTION == '1' || $conf->global->FACTURE_LOCAL_TAX1_OPTION == "localtax1on")?" checked":"")."> ".$langs->transcountry("LocalTax1IsUsed",$mysoc->country_code)."</td>";
 		print '<td colspan="2">';
@@ -616,7 +616,7 @@ if ($action == 'edit' || $action == 'updateedit')
 		print "</table>";
 		print "</td></tr>\n";
 
-		
+
 		print "<tr class=\"oddeven\"><td width=\"140\"><input type=\"radio\" name=\"optionlocaltax1\" id=\"nolt1\" value=\"localtax1off\"".((empty($conf->global->FACTURE_LOCAL_TAX1_OPTION) || $conf->global->FACTURE_LOCAL_TAX1_OPTION == "localtax1off")?" checked":"")."> ".$langs->transcountry("LocalTax1IsNotUsed",$mysoc->country_code)."</td>";
 		print '<td colspan="2">';
 		print "<table>";
@@ -637,7 +637,7 @@ if ($action == 'edit' || $action == 'updateedit')
 		print '<td align="right">&nbsp;</td>';
 		print "</tr>\n";
 
-		
+
 		// Note: When option is not set, it must not appears as set on on, because there is no default value for this option
 		print "<tr class=\"oddeven\"><td width=\"140\"><input type=\"radio\" name=\"optionlocaltax2\" id=\"lt2\" value=\"localtax2on\"".(($conf->global->FACTURE_LOCAL_TAX2_OPTION == '1' || $conf->global->FACTURE_LOCAL_TAX2_OPTION == "localtax2on")?" checked":"")."> ".$langs->transcountry("LocalTax2IsUsed",$mysoc->country_code)."</td>";
 		print '<td colspan="2">';
@@ -657,7 +657,7 @@ if ($action == 'edit' || $action == 'updateedit')
 		print "</table>";
 		print "</td></tr>\n";
 
-		
+
 		print "<tr class=\"oddeven\"><td width=\"140\"><input type=\"radio\" name=\"optionlocaltax2\" id=\"nolt2\" value=\"localtax2off\"".((empty($conf->global->FACTURE_LOCAL_TAX2_OPTION) || $conf->global->FACTURE_LOCAL_TAX2_OPTION == "localtax2off")?" checked":"")."> ".$langs->transcountry("LocalTax2IsNotUsed",$mysoc->country_code)."</td>";
 		print '<td colspan="2">';
 		print "<table>";
@@ -693,22 +693,22 @@ else
 	print '<table class="noborder" width="100%">';
 	print '<tr class="liste_titre"><td>'.$langs->trans("CompanyInfo").'</td><td>'.$langs->trans("Value").'</td></tr>';
 
-	
+
 	print '<tr class="oddeven"><td class="titlefield">'.$langs->trans("CompanyName").'</td><td>';
 	if (! empty($conf->global->MAIN_INFO_SOCIETE_NOM)) print $conf->global->MAIN_INFO_SOCIETE_NOM;
 	else print img_warning().' <font class="error">'.$langs->trans("ErrorFieldRequired",$langs->transnoentitiesnoconv("CompanyName")).'</font>';
 	print '</td></tr>';
 
-	
+
 	print '<tr class="oddeven"><td>'.$langs->trans("CompanyAddress").'</td><td>' . nl2br(empty($conf->global->MAIN_INFO_SOCIETE_ADDRESS)?'':$conf->global->MAIN_INFO_SOCIETE_ADDRESS) . '</td></tr>';
 
-	
+
 	print '<tr class="oddeven"><td>'.$langs->trans("CompanyZip").'</td><td>' . (empty($conf->global->MAIN_INFO_SOCIETE_ZIP)?'':$conf->global->MAIN_INFO_SOCIETE_ZIP) . '</td></tr>';
 
-	
+
 	print '<tr class="oddeven"><td>'.$langs->trans("CompanyTown").'</td><td>' . (empty($conf->global->MAIN_INFO_SOCIETE_TOWN)?'':$conf->global->MAIN_INFO_SOCIETE_TOWN) . '</td></tr>';
 
-	
+
 	print '<tr class="oddeven"><td>'.$langs->trans("CompanyCountry").'</td><td>';
 	if ($mysoc->country_code)
 	{
@@ -719,13 +719,13 @@ else
 	else print img_warning().' <font class="error">'.$langs->trans("ErrorFieldRequired",$langs->transnoentitiesnoconv("CompanyCountry")).'</font>';
 	print '</td></tr>';
 
-	
+
 	print '<tr class="oddeven"><td>'.$langs->trans("State").'</td><td>';
 	if (! empty($conf->global->MAIN_INFO_SOCIETE_STATE)) print getState($conf->global->MAIN_INFO_SOCIETE_STATE);
 	else print '&nbsp;';
 	print '</td></tr>';
 
-	
+
 	print '<tr class="oddeven"><td>'.$langs->trans("CompanyCurrency").'</td><td>';
 	print currency_name($conf->currency,1);
 	print ' ('.$conf->currency;
@@ -733,28 +733,28 @@ else
 	print ')';
 	print '</td></tr>';
 
-	
+
 	print '<tr class="oddeven"><td>'.$langs->trans("Phone").'</td><td>' . dol_print_phone($conf->global->MAIN_INFO_SOCIETE_TEL,$mysoc->country_code) . '</td></tr>';
 
-	
+
 	print '<tr class="oddeven"><td>'.$langs->trans("Fax").'</td><td>' . dol_print_phone($conf->global->MAIN_INFO_SOCIETE_FAX,$mysoc->country_code) . '</td></tr>';
 
-	
+
 	print '<tr class="oddeven"><td>'.$langs->trans("Mail").'</td><td>' . dol_print_email($conf->global->MAIN_INFO_SOCIETE_MAIL,0,0,0,80) . '</td></tr>';
 
 	// Web
-	
+
 	print '<tr class="oddeven"><td>'.$langs->trans("Web").'</td><td>' . dol_print_url($conf->global->MAIN_INFO_SOCIETE_WEB,'_blank',80) . '</td></tr>';
 
 	// Barcode
 	if (! empty($conf->barcode->enabled))
 	{
-		
+
 		print '<tr class="oddeven"><td>'.$langs->trans("Gencod").'</td><td>' . $conf->global->MAIN_INFO_SOCIETE_GENCOD . '</td></tr>';
 	}
 
 	// Logo
-	
+
 	print '<tr class="oddeven"><td>'.$langs->trans("Logo").'</td><td>';
 
 	$tagtd='tagtd ';
@@ -780,7 +780,7 @@ else
 
 	print '</td></tr>';
 
-	
+
 	print '<tr class="oddeven"><td class="tdtop">'.$langs->trans("Note").'</td><td>' . (! empty($conf->global->MAIN_INFO_SOCIETE_NOTE) ? nl2br($conf->global->MAIN_INFO_SOCIETE_NOTE) : '') . '</td></tr>';
 
 	print '</table>';
@@ -796,17 +796,17 @@ else
 	print '<tr class="liste_titre"><td class="titlefield">'.$langs->trans("CompanyIds").'</td><td>'.$langs->trans("Value").'</td></tr>';
 
 	// Managing Director(s)
-	
+
 	print '<tr class="oddeven"><td>'.$langs->trans("ManagingDirectors").'</td><td>';
 	print $conf->global->MAIN_INFO_SOCIETE_MANAGERS . '</td></tr>';
 
 	// Capital
-	
+
 	print '<tr class="oddeven"><td>'.$langs->trans("Capital").'</td><td>';
 	print $conf->global->MAIN_INFO_CAPITAL . '</td></tr>';
 
 	// Juridical Status
-	
+
 	print '<tr class="oddeven"><td>'.$langs->trans("JuridicalStatus").'</td><td>';
 	print getFormeJuridiqueLabel($conf->global->MAIN_INFO_SOCIETE_FORME_JURIDIQUE);
 	print '</td></tr>';
@@ -814,7 +814,7 @@ else
 	// ProfId1
 	if ($langs->transcountry("ProfId1",$mysoc->country_code) != '-')
 	{
-		
+
 		print '<tr class="oddeven"><td>'.$langs->transcountry("ProfId1",$mysoc->country_code).'</td><td>';
 		if (! empty($conf->global->MAIN_INFO_SIREN))
 		{
@@ -830,7 +830,7 @@ else
 	// ProfId2
 	if ($langs->transcountry("ProfId2",$mysoc->country_code) != '-')
 	{
-		
+
 		print '<tr class="oddeven"><td>'.$langs->transcountry("ProfId2",$mysoc->country_code).'</td><td>';
 		if (! empty($conf->global->MAIN_INFO_SIRET))
 		{
@@ -846,7 +846,7 @@ else
 	// ProfId3
 	if ($langs->transcountry("ProfId3",$mysoc->country_code) != '-')
 	{
-		
+
 		print '<tr class="oddeven"><td>'.$langs->transcountry("ProfId3",$mysoc->country_code).'</td><td>';
 		if (! empty($conf->global->MAIN_INFO_APE))
 		{
@@ -862,7 +862,7 @@ else
 	// ProfId4
 	if ($langs->transcountry("ProfId4",$mysoc->country_code) != '-')
 	{
-		
+
 		print '<tr class="oddeven"><td>'.$langs->transcountry("ProfId4",$mysoc->country_code).'</td><td>';
 		if (! empty($conf->global->MAIN_INFO_RCS))
 		{
@@ -878,7 +878,7 @@ else
 	// ProfId5
 	if ($langs->transcountry("ProfId5",$mysoc->country_code) != '-')
 	{
-		
+
 		print '<tr class="oddeven"><td>'.$langs->transcountry("ProfId5",$mysoc->country_code).'</td><td>';
 		if (! empty($conf->global->MAIN_INFO_PROFID5))
 		{
@@ -894,7 +894,7 @@ else
 	// ProfId6
 	if ($langs->transcountry("ProfId6",$mysoc->country_code) != '-')
 	{
-		
+
 		print '<tr class="oddeven"><td>'.$langs->transcountry("ProfId6",$mysoc->country_code).'</td><td>';
 		if (! empty($conf->global->MAIN_INFO_PROFID6))
 		{
@@ -908,7 +908,7 @@ else
 	}
 
 	// VAT
-	
+
 	print '<tr class="oddeven"><td>'.$langs->trans("VATIntra").'</td>';
 	print '<td>';
 	if (! empty($conf->global->MAIN_INFO_TVAINTRA))
@@ -944,8 +944,8 @@ else
 	}
 	print '</td>';
 	print '</tr>';
-	
-	
+
+
 	print '<tr class="oddeven"><td class="tdtop">'.$langs->trans("CompanyObject").'</td><td>' . (! empty($conf->global->MAIN_INFO_SOCIETE_OBJECT) ? nl2br($conf->global->MAIN_INFO_SOCIETE_OBJECT) : '') . '</td></tr>';
 
 	print '</table>';
@@ -960,7 +960,7 @@ else
 	print '<td class="titlefield">'.$langs->trans("FiscalYearInformation").'</td><td>'.$langs->trans("Value").'</td>';
 	print "</tr>\n";
 
-	
+
 	print '<tr class="oddeven"><td>'.$langs->trans("FiscalMonthStart").'</td><td>';
 	$monthstart=(! empty($conf->global->SOCIETE_FISCAL_MONTH_START)) ? $conf->global->SOCIETE_FISCAL_MONTH_START : 1;
 	print dol_print_date(dol_mktime(12,0,0,$monthstart,1,2000,1),'%B','gm') . '</td></tr>';
@@ -977,7 +977,7 @@ else
 	print '<td align="right">&nbsp;</td>';
 	print "</tr>\n";
 
-	
+
 	print "<tr class=\"oddeven\"><td width=\"160\"><input class=\"oddeven\" type=\"radio\" name=\"optiontva\" id=\"use_vat\" disabled value=\"1\"".(empty($conf->global->FACTURE_TVAOPTION)?"":" checked")."> ".$langs->trans("VATIsUsed")."</td>";
 	print '<td colspan="2">';
 	print "<table>";
@@ -986,7 +986,7 @@ else
 	print "</table>";
 	print "</td></tr>\n";
 
-	
+
 	print "<tr class=\"oddeven\"><td width=\"160\"><input class=\"oddeven\" type=\"radio\" name=\"optiontva\" id=\"no_vat\" disabled value=\"0\"".(empty($conf->global->FACTURE_TVAOPTION)?" checked":"")."> ".$langs->trans("VATIsNotUsed")."</td>";
 	print '<td colspan="2">';
 	print "<table>";
@@ -1011,7 +1011,7 @@ else
 		print '<td align="right">&nbsp;</td>';
 		print "</tr>\n";
 
-		
+
 		print "<tr class=\"oddeven\"><td width=\"160\"><input class=\"oddeven\" type=\"radio\" name=\"optionlocaltax1\" id=\"lt1\" disabled value=\"localtax1on\"".(($conf->global->FACTURE_LOCAL_TAX1_OPTION == '1' || $conf->global->FACTURE_LOCAL_TAX1_OPTION == "localtax1on")?" checked":"")."> ".$langs->transcountry("LocalTax1IsUsed",$mysoc->country_code)."</td>";
 		print '<td colspan="2">';
 		print "<table>";
@@ -1039,7 +1039,7 @@ else
 		print "</table>";
 		print "</td></tr>\n";
 
-		
+
 		print "<tr class=\"oddeven\"><td width=\"160\"><input class=\"oddeven\" type=\"radio\" name=\"optionlocaltax1\" id=\"nolt1\" disabled value=\"localtax1off\"".((empty($conf->global->FACTURE_LOCAL_TAX1_OPTION) || $conf->global->FACTURE_LOCAL_TAX1_OPTION == "localtax1off")?" checked":"")."> ".$langs->transcountry("LocalTax1IsNotUsed",$mysoc->country_code)."</td>";
 		print '<td colspan="2">';
 		print "<table>";
@@ -1061,7 +1061,7 @@ else
 		print '<td align="right">&nbsp;</td>';
 		print "</tr>\n";
 
-		
+
 		print "<tr class=\"oddeven\"><td width=\"160\"><input class=\"oddeven\" type=\"radio\" name=\"optionlocaltax2\" id=\"lt2\" disabled value=\"localtax2on\"".(($conf->global->FACTURE_LOCAL_TAX2_OPTION == '1' || $conf->global->FACTURE_LOCAL_TAX2_OPTION == "localtax2on")?" checked":"")."> ".$langs->transcountry("LocalTax2IsUsed",$mysoc->country_code)."</td>";
 		print '<td colspan="2">';
 		print "<table>";
@@ -1090,7 +1090,7 @@ else
 		print "</table>";
 		print "</td></tr>\n";
 
-		
+
 		print "<tr class=\"oddeven\"><td width=\"160\"><input class=\"oddeven\" type=\"radio\" name=\"optionlocaltax2\" id=\"nolt2\" disabled value=\"localtax2off\"".((empty($conf->global->FACTURE_LOCAL_TAX2_OPTION) || $conf->global->FACTURE_LOCAL_TAX2_OPTION == "localtax2off")?" checked":"")."> ".$langs->transcountry("LocalTax2IsNotUsed",$mysoc->country_code)."</td>";
 		print '<td colspan="2">';
 		print "<table>";
diff --git a/htdocs/admin/menus/edit.php b/htdocs/admin/menus/edit.php
index db03407fed1..cd236d85122 100644
--- a/htdocs/admin/menus/edit.php
+++ b/htdocs/admin/menus/edit.php
@@ -83,27 +83,27 @@ if ($action == 'update')
                 }
             }
         }
-        
+
         $menu = new Menubase($db);
-        $result=$menu->fetch($_POST['menuId']);
+        $result=$menu->fetch(GETPOST('menuId', 'int'));
         if ($result > 0)
         {
-            $menu->titre=$_POST['titre'];
-            $menu->leftmenu=$_POST['leftmenu'];
-            $menu->url=$_POST['url'];
-            $menu->langs=$_POST['langs'];
-            $menu->position=$_POST['position'];
-            $menu->enabled=$_POST['enabled'];
-            $menu->perms=$_POST['perms'];
-            $menu->target=$_POST['target'];
-            $menu->user=$_POST['user'];
-            if (is_numeric($_POST['menuIdParent']))
+            $menu->titre=GETPOST('titre', 'alpha');
+            $menu->leftmenu=GETPOST('leftmenu', 'alpha');
+            $menu->url=GETPOST('url','alpha');
+            $menu->langs=GETPOST('langs','alpha');
+            $menu->position=GETPOST('position','int');
+            $menu->enabled=GETPOST('enabled','alpha');
+            $menu->perms=GETPOST('perms','alpha');
+            $menu->target=GETPOST('target','alpha');
+            $menu->user=GETPOST('user','alpha');
+            if (is_numeric(GETPOST('menuIdParent','alpha')))
             {
-            	$menu->fk_menu=$_POST['menuIdParent'];
+            	$menu->fk_menu=GETPOST('menuIdParent','alpha');
             }
             else
             {
-    	       	if ($_POST['type'] == 'top') $menu->fk_menu=0;
+    	       	if (GETPOST('type','alpha') == 'top') $menu->fk_menu=0;
     	       	else $menu->fk_menu=-1;
             	$menu->fk_mainmenu=$mainmenu;
             	$menu->fk_leftmenu=$leftmenu;
@@ -123,7 +123,6 @@ if ($action == 'update')
         {
 	        setEventMessages($menu->error, $menu->errors, 'errors');
         }
-        $_GET["menuId"] = $_POST['menuId'];
         $action = "edit";
     }
     else
@@ -148,9 +147,9 @@ if ($action == 'add')
     }
 
     $leftmenu=''; $mainmenu='';
-    if (! empty($_POST['menuId']) && ! is_numeric($_POST['menuId']))
+    if (GETPOST('menuId','int') && ! is_numeric(GETPOST('menuId','int')))
     {
-	    $tmp=explode('&',$_POST['menuId']);
+	    $tmp=explode('&',GETPOST('menuId','int'));
 	    foreach($tmp as $s)
 	    {
 	    	if (preg_match('/fk_mainmenu=/',$s))
@@ -197,7 +196,7 @@ if ($action == 'add')
         $action = 'create';
         $error++;
     }
-    if (! $error && empty($_POST['menuId']) && $_POST['type'] == 'left')
+    if (! $error && ! $_POST['menuId'] && $_POST['type'] == 'left')
     {
 	    setEventMessages($langs->trans("ErrorLeftMenuMustHaveAParentId"), null, 'errors');
         $action = 'create';
@@ -207,23 +206,23 @@ if ($action == 'add')
     if (! $error)
     {
         $menu = new Menubase($db);
-        $menu->menu_handler=preg_replace('/_menu$/','',$_POST['menu_handler']);
-        $menu->type=$_POST['type'];
-        $menu->titre=$_POST['titre'];
-        $menu->url=$_POST['url'];
-        $menu->langs=$_POST['langs'];
-        $menu->position=$_POST['position'];
-        $menu->enabled=$_POST['enabled'];
-        $menu->perms=$_POST['perms'];
-        $menu->target=$_POST['target'];
-        $menu->user=$_POST['user'];
-        if (is_numeric($_POST['menuId']))
+        $menu->menu_handler=preg_replace('/_menu$/','',GETPOST('menu_handler','aZ09'));
+        $menu->type=GETPOST('type','alpha');
+        $menu->titre=GETPOST('titre','alpha');
+        $menu->url=GETPOST('url','alpha');
+        $menu->langs=GETPOST('langs','alpha');
+        $menu->position=GETPOST('position','int');
+        $menu->enabled=GETPOST('enabled','alpha');
+        $menu->perms=GETPOST('perms','alpha');
+        $menu->target=GETPOST('target','alpha');
+        $menu->user=GETPOST('user','alpha');
+        if (is_numeric(GETPOST('menuId','int')))
         {
-        	$menu->fk_menu=$_POST['menuId'];
+        	$menu->fk_menu=GETPOST('menuId','int');
         }
         else
        {
-	       	if ($_POST['type'] == 'top') $menu->fk_menu=0;
+	       	if (GETPOST('type','alpha') == 'top') $menu->fk_menu=0;
 	       	else $menu->fk_menu=-1;
         	$menu->fk_mainmenu=$mainmenu;
         	$menu->fk_leftmenu=$leftmenu;
@@ -232,7 +231,7 @@ if ($action == 'add')
         $result=$menu->create($user);
         if ($result > 0)
         {
-            header("Location: ".DOL_URL_ROOT."/admin/menus/index.php?menu_handler=".$_POST['menu_handler']);
+            header("Location: ".DOL_URL_ROOT."/admin/menus/index.php?menu_handler=".GETPOST('menu_handler','aZ09'));
             exit;
         }
         else
@@ -305,17 +304,17 @@ if ($action == 'create')
     </script>';
 
     print load_fiche_titre($langs->trans("NewMenu"),'','title_setup');
-    
-    print '<form action="./edit.php?action=add&menuId='.$_GET['menuId'].'" method="post" name="formmenucreate">';
+
+    print '<form action="./edit.php?action=add&menuId='.GETPOST('menuId', 'int').'" method="post" name="formmenucreate">';
     print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
 
     dol_fiche_head();
-    
+
     print '<table class="border" width="100%">';
 
     // Id
-    $parent_rowid = $_GET['menuId'];
-    if ($_GET['menuId'])
+    $parent_rowid = GETPOST('menuId', 'int');
+    if (GETPOST('menuId', 'int'))
     {
         $sql = "SELECT m.rowid, m.mainmenu, m.leftmenu, m.level, m.langs FROM ".MAIN_DB_PREFIX."menu as m WHERE m.rowid = ".GETPOST('menuId', 'int');
         $res  = $db->query($sql);
@@ -375,40 +374,40 @@ if ($action == 'create')
     }
     else
     {
-        print '<td><input type="text" size="48" id="menuId" name="menuId" value="'.($_POST["menuId"]?$_POST["menuId"]:'').'"></td>';
+        print '<td><input type="text" size="48" id="menuId" name="menuId" value="'.(GETPOST("menuId", 'int')?GETPOST("menuId", 'int'):'').'"></td>';
     }
     print '<td>'.$langs->trans('DetailMenuIdParent');
     print ', '.$langs->trans("Example").': fk_mainmenu=abc&fk_leftmenu=def';
     print '</td></tr>';
 
     // Title
-    print '<tr><td class="fieldrequired">'.$langs->trans('Title').'</td><td><input type="text" size="30" name="titre" value="'.$_POST["titre"].'"></td><td>'.$langs->trans('DetailTitre').'</td></tr>';
+    print '<tr><td class="fieldrequired">'.$langs->trans('Title').'</td><td><input type="text" size="30" name="titre" value="'.dol_escape_htmltag(GETPOST("titre",'alpha')).'"></td><td>'.$langs->trans('DetailTitre').'</td></tr>';
 
     // URL
-    print '<tr><td class="fieldrequired">'.$langs->trans('URL').'</td><td><input type="text" size="60" name="url" value="'.$_POST["url"].'"></td><td>'.$langs->trans('DetailUrl').'</td></tr>';
+    print '<tr><td class="fieldrequired">'.$langs->trans('URL').'</td><td><input type="text" size="60" name="url" value="'.GETPOST("url",'alpha').'"></td><td>'.$langs->trans('DetailUrl').'</td></tr>';
 
     // Langs
     print '<tr><td>'.$langs->trans('LangFile').'</td><td><input type="text" size="30" name="langs" value="'.$parent_langs.'"></td><td>'.$langs->trans('DetailLangs').'</td></tr>';
 
     // Position
-    print '<tr><td>'.$langs->trans('Position').'</td><td><input type="text" size="5" name="position" value="'.(isset($_POST["position"])?$_POST["position"]:100).'"></td><td>'.$langs->trans('DetailPosition').'</td></tr>';
+    print '<tr><td>'.$langs->trans('Position').'</td><td><input type="text" size="5" name="position" value="'.dol_escape_htmltag(isset($_POST["position"])?$_POST["position"]:100).'"></td><td>'.$langs->trans('DetailPosition').'</td></tr>';
 
     // Target
     print '<tr><td>'.$langs->trans('Target').'</td><td><select class="flat" name="target">';
-    print '<option value=""'.($menu->target==""?' selected':'').'>'.$langs->trans('').'</option>';
+    print '<option value=""'.($menu->target==""?' selected':'').'>&nbsp;</option>';
     print '<option value="_blank"'.($menu->target=="_blank"?' selected':'').'>'.$langs->trans('_blank').'</option>';
     print '</select></td></td><td>'.$langs->trans('DetailTarget').'</td></tr>';
 
     // Enabled
-    print '<tr><td>'.$langs->trans('Enabled').'</td><td><input type="text" size="60" name="enabled" value="'.$_POST["enabled"].'"></td><td>'.$langs->trans('DetailEnabled').'</td></tr>';
+    print '<tr><td>'.$langs->trans('Enabled').'</td><td><input type="text" size="60" name="enabled" value="'.GETPOST("enabled",'alpha').'"></td><td>'.$langs->trans('DetailEnabled').'</td></tr>';
 
     // Perms
-    print '<tr><td>'.$langs->trans('Rights').'</td><td><input type="text" size="60" name="perms" value="'.$_POST["perms"].'"></td><td>'.$langs->trans('DetailRight').'</td></tr>';
+    print '<tr><td>'.$langs->trans('Rights').'</td><td><input type="text" size="60" name="perms" value="'.GETPOST('perms','alpha').'"></td><td>'.$langs->trans('DetailRight').'</td></tr>';
 
     print '</table>';
 
     dol_fiche_end();
-    
+
     // Boutons
     print '<div class="center">';
 	print '<input type="submit" class="button" name="save" value="'.$langs->trans("Save").'">';
@@ -426,14 +425,14 @@ elseif ($action == 'edit')
     print '<form action="./edit.php?action=update" method="POST" name="formmenuedit">';
     print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
     print '<input type="hidden" name="handler_origine" value="'.$menu_handler.'">';
-    print '<input type="hidden" name="menuId" value="'.$_GET['menuId'].'">';
+    print '<input type="hidden" name="menuId" value="'.GETPOST('menuId', 'int').'">';
 
     dol_fiche_head();
-    
+
     print '<table class="border" width="100%">';
 
     $menu = new Menubase($db);
-    $result=$menu->fetch($_GET['menuId']);
+    $result=$menu->fetch(GETPOST('menuId', 'int'));
     //var_dump($menu);
 
     // Id
@@ -472,20 +471,20 @@ elseif ($action == 'edit')
     //print '<tr><td>'.$langs->trans('Level').'</td><td>'.$menu->level.'</td><td>'.$langs->trans('DetailLevel').'</td></tr>';
 
     // Title
-    print '<tr><td class="fieldrequired">'.$langs->trans('Title').'</td><td><input type="text" size="30" name="titre" value="'.$menu->titre.'"></td><td>'.$langs->trans('DetailTitre').'</td></tr>';
+    print '<tr><td class="fieldrequired">'.$langs->trans('Title').'</td><td><input type="text" size="30" name="titre" value="'.dol_escape_htmltag($menu->titre).'"></td><td>'.$langs->trans('DetailTitre').'</td></tr>';
 
     // Url
     print '<tr><td class="fieldrequired">'.$langs->trans('URL').'</td><td><input type="text" class="quatrevingtpercent" name="url" value="'.$menu->url.'"></td><td>'.$langs->trans('DetailUrl').'</td></tr>';
 
     // Langs
-    print '<tr><td>'.$langs->trans('LangFile').'</td><td><input type="text" size="30" name="langs" value="'.$menu->langs.'"></td><td>'.$langs->trans('DetailLangs').'</td></tr>';
+    print '<tr><td>'.$langs->trans('LangFile').'</td><td><input type="text" size="30" name="langs" value="'.dol_escape_htmltag($menu->langs).'"></td><td>'.$langs->trans('DetailLangs').'</td></tr>';
 
     // Position
     print '<tr><td>'.$langs->trans('Position').'</td><td><input type="text" size="5" name="position" value="'.$menu->position.'"></td><td>'.$langs->trans('DetailPosition').'</td></tr>';
 
     // Target
     print '<tr><td>'.$langs->trans('Target').'</td><td><select class="flat" name="target">';
-    print '<option value=""'.($menu->target==""?' selected':'').'>'.$langs->trans('').'</option>';
+    print '<option value=""'.($menu->target==""?' selected':'').'>&nbsp;</option>';
     print '<option value="_blank"'.($menu->target=="_blank"?' selected':'').'>'.$langs->trans('_blank').'</option>';
     print '</select></td><td>'.$langs->trans('DetailTarget').'</td></tr>';
 
@@ -502,7 +501,7 @@ elseif ($action == 'edit')
     print '</table>';
 
     dol_fiche_end();
-    
+
     // Bouton
     print '<div class="center">';
 	print '<input type="submit" class="button" name="save" value="'.$langs->trans("Save").'">';
diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php
index 8443e077b30..0d3aa76b8e6 100644
--- a/htdocs/core/lib/functions.lib.php
+++ b/htdocs/core/lib/functions.lib.php
@@ -3263,7 +3263,12 @@ function dol_print_error($db='',$error='',$errors=null)
 	}
 
 	if (empty($dolibarr_main_prod)) print $out;
-	else define("MAIN_CORE_ERROR", 1);
+	else
+	{
+		print $langs->trans("DolibarrHasDetectedError").'. ';
+		print $langs->trans("YouCanSetOptionDolibarrMainProdToZero");
+		define("MAIN_CORE_ERROR", 1);
+	}
 	//else print 'Sorry, an error occured but the parameter $dolibarr_main_prod is defined in conf file so no message is reported to your browser. Please read the log file for error message.';
 	dol_syslog("Error ".$syslog, LOG_ERR);
 }
@@ -6209,6 +6214,8 @@ function natural_search($fields, $value, $mode=0, $nofirstand=0)
 {
     global $db,$langs;
 
+    $value=trim($value);
+
     if ($mode == 0)
     {
     	$value=preg_replace('/\*/','%',$value);	// Replace * with %
diff --git a/htdocs/core/modules/commande/mod_commande_saphir.php b/htdocs/core/modules/commande/mod_commande_saphir.php
index 1996717e506..2c8ae2ef3e9 100644
--- a/htdocs/core/modules/commande/mod_commande_saphir.php
+++ b/htdocs/core/modules/commande/mod_commande_saphir.php
@@ -88,9 +88,12 @@ class mod_commande_saphir extends ModeleNumRefCommandes
      	global $conf,$langs,$mysoc;
 
     	$old_code_client=$mysoc->code_client;
+    	$old_code_type=$mysoc->typent_code;
     	$mysoc->code_client='CCCCCCCCCC';
+    	$mysoc->typent_code='TTTTTTTTTT';
      	$numExample = $this->getNextValue($mysoc,'');
 		$mysoc->code_client=$old_code_client;
+		$mysoc->typent_code=$old_code_type;
 
 		if (! $numExample)
 		{
@@ -121,7 +124,9 @@ class mod_commande_saphir extends ModeleNumRefCommandes
 			return 0;
 		}
 
-		$numFinal=get_next_value($db,$mask,'commande','ref','',$objsoc,$object->date);
+		$date = ($object->date_commande ? $object->date_commande : $object->date);
+
+		$numFinal=get_next_value($db,$mask,'commande','ref','',$objsoc,$date);
 
 		return  $numFinal;
 	}
diff --git a/htdocs/core/modules/expedition/mod_expedition_ribera.php b/htdocs/core/modules/expedition/mod_expedition_ribera.php
index c92ea93e6a2..c002da1eee2 100644
--- a/htdocs/core/modules/expedition/mod_expedition_ribera.php
+++ b/htdocs/core/modules/expedition/mod_expedition_ribera.php
@@ -79,9 +79,12 @@ class mod_expedition_ribera extends ModelNumRefExpedition
      	global $conf,$langs,$mysoc;
 
     	$old_code_client=$mysoc->code_client;
+    	$old_code_type=$mysoc->typent_code;
     	$mysoc->code_client='CCCCCCCCCC';
+    	$mysoc->typent_code='TTTTTTTTTT';
      	$numExample = $this->getNextValue($mysoc,'');
 		$mysoc->code_client=$old_code_client;
+		$mysoc->typent_code=$old_code_type;
 
 		if (! $numExample)
 		{
@@ -111,7 +114,9 @@ class mod_expedition_ribera extends ModelNumRefExpedition
 			return 0;
 		}
 
-		$numFinal=get_next_value($db,$mask,'expedition','ref','',$objsoc->code_client,$shipment->date_expedition);
+		$date = $shipment->date_expedition;
+
+		$numFinal=get_next_value($db,$mask,'expedition','ref','',$objsoc,$date);
 
 		return  $numFinal;
 	}
diff --git a/htdocs/core/modules/propale/mod_propale_saphir.php b/htdocs/core/modules/propale/mod_propale_saphir.php
index 25ccecb253c..ec0b0b241e2 100644
--- a/htdocs/core/modules/propale/mod_propale_saphir.php
+++ b/htdocs/core/modules/propale/mod_propale_saphir.php
@@ -88,9 +88,12 @@ class mod_propale_saphir extends ModeleNumRefPropales
      	global $conf,$langs,$mysoc;
 
     	$old_code_client=$mysoc->code_client;
+    	$old_code_type=$mysoc->typent_code;
     	$mysoc->code_client='CCCCCCCCCC';
+    	$mysoc->typent_code='TTTTTTTTTT';
      	$numExample = $this->getNextValue($mysoc,'');
 		$mysoc->code_client=$old_code_client;
+		$mysoc->typent_code=$old_code_type;
 
 		if (! $numExample)
 		{
@@ -121,8 +124,8 @@ class mod_propale_saphir extends ModeleNumRefPropales
 			return 0;
 		}
 
-		$date=$propal->datep;
-		$customercode=$objsoc->code_client;
+		$date = $propal->date;
+
 		$numFinal=get_next_value($db,$mask,'propal','ref','',$objsoc,$date);
 
 		return  $numFinal;
diff --git a/htdocs/document.php b/htdocs/document.php
index 206ea69688a..d35021005e6 100644
--- a/htdocs/document.php
+++ b/htdocs/document.php
@@ -110,7 +110,7 @@ if (empty($modulepart)) accessforbidden('Bad value for parameter modulepart');
 $check_access = dol_check_secure_access_document($modulepart, $original_file, $entity, $refname);
 $accessallowed              = $check_access['accessallowed'];
 $sqlprotectagainstexternals = $check_access['sqlprotectagainstexternals'];
-$original_file              = $check_access['original_file'];               // original_file is now a full path name
+$fullpath_original_file     = $check_access['original_file'];               // $fullpath_original_file is now a full path name
 
 // Basic protection (against external users only)
 if ($user->societe_id > 0)
@@ -137,36 +137,35 @@ if ($user->societe_id > 0)
 }
 
 // Security:
-// Limite acces si droits non corrects
+// Limit access if permissions are wrong
 if (! $accessallowed)
 {
 	accessforbidden();
 }
 
 // Security:
-// On interdit les remontees de repertoire ainsi que les pipe dans
-// les noms de fichiers.
-if (preg_match('/\.\./',$original_file) || preg_match('/[<>|]/',$original_file))
+// On interdit les remontees de repertoire ainsi que les pipe dans les noms de fichiers.
+if (preg_match('/\.\./',$fullpath_original_file) || preg_match('/[<>|]/',$fullpath_original_file))
 {
-	dol_syslog("Refused to deliver file ".$original_file);
-	$file=basename($original_file);		// Do no show plain path of original_file in shown error message
-	dol_print_error(0,$langs->trans("ErrorFileNameInvalid",$file));
+	dol_syslog("Refused to deliver file ".$fullpath_original_file);
+	print "ErrorFileNameInvalid: ".$original_file;
 	exit;
 }
 
 
 clearstatcache();
 
-$filename = basename($original_file);
+$filename = basename($fullpath_original_file);
 
 // Output file on browser
-dol_syslog("document.php download $original_file $filename content-type=$type");
-$original_file_osencoded=dol_osencode($original_file);	// New file name encoded in OS encoding charset
+dol_syslog("document.php download $fullpath_original_file filename=$filename content-type=$type");
+$fullpath_original_file_osencoded=dol_osencode($fullpath_original_file);	// New file name encoded in OS encoding charset
 
 // This test if file exists should be useless. We keep it to find bug more easily
-if (! file_exists($original_file_osencoded))
+if (! file_exists($fullpath_original_file_osencoded))
 {
-	dol_print_error(0,$langs->trans("ErrorFileDoesNotExists",$original_file));
+	dol_syslog("ErrorFileDoesNotExists: ".$fullpath_original_file);
+	print "ErrorFileDoesNotExists: ".$original_file;
 	exit;
 }
 
@@ -177,7 +176,7 @@ if ($encoding)   header('Content-Encoding: '.$encoding);
 // Add MIME Content-Disposition from RFC 2183 (inline=automatically displayed, atachment=need user action to open)
 if ($attachment) header('Content-Disposition: attachment; filename="'.$filename.'"');
 else header('Content-Disposition: inline; filename="'.$filename.'"');
-header('Content-Length: ' . dol_filesize($original_file));
+header('Content-Length: ' . dol_filesize($fullpath_original_file));
 // Ajout directives pour resoudre bug IE
 header('Cache-Control: Public, must-revalidate');
 header('Pragma: public');
@@ -185,6 +184,6 @@ header('Pragma: public');
 //ob_clean();
 //flush();
 
-readfile($original_file_osencoded);
+readfile($fullpath_original_file_osencoded);
 
 if (is_object($db)) $db->close();
diff --git a/htdocs/don/card.php b/htdocs/don/card.php
index 203c35caa72..72ea8e84792 100644
--- a/htdocs/don/card.php
+++ b/htdocs/don/card.php
@@ -345,7 +345,7 @@ if ($action == 'create')
 
 	// Public note
 	print '<tr>';
-	print '<td class="border" valign="top">' . $langs->trans('NotePublic') . '</td>';
+	print '<td class="tdtop">' . $langs->trans('NotePublic') . '</td>';
 	print '<td>';
 
     $doleditor = new DolEditor('note_public', $note_public, '', 80, 'dolibarr_notes', 'In', 0, false, true, ROWS_3, '90%');
@@ -355,7 +355,7 @@ if ($action == 'create')
 	// Private note
 	if (empty($user->societe_id)) {
 		print '<tr>';
-		print '<td class="border" valign="top">' . $langs->trans('NotePrivate') . '</td>';
+		print '<td class="tdtop">' . $langs->trans('NotePrivate') . '</td>';
 		print '<td>';
 
 		$doleditor = new DolEditor('note_private', $note_private, '', 80, 'dolibarr_notes', 'In', 0, false, true, ROWS_3, '90%');
@@ -542,7 +542,7 @@ if (! empty($id) && $action != 'edit')
 	$hselected='card';
 
 	$head = donation_prepare_head($object);
-	dol_fiche_head($head, $hselected, $langs->trans("Donation"), 0, 'generic');
+	dol_fiche_head($head, $hselected, $langs->trans("Donation"), -1, 'generic');
 
 	// Print form confirm
 	print $formconfirm;
diff --git a/htdocs/don/document.php b/htdocs/don/document.php
index 115f58e5cc1..0ae81231bc1 100644
--- a/htdocs/don/document.php
+++ b/htdocs/don/document.php
@@ -104,7 +104,7 @@ if ($object->id)
 
 	$head=donation_prepare_head($object);
 
-	dol_fiche_head($head, 'documents',  $langs->trans("Donation"), 0, 'generic');
+	dol_fiche_head($head, 'documents',  $langs->trans("Donation"), -1, 'generic');
 
 
 	// Construit liste des fichiers
@@ -116,7 +116,7 @@ if ($object->id)
 	}
 
 	$linkback = '<a href="'.DOL_URL_ROOT.'/don/list.php'.(! empty($socid)?'?socid='.$socid:'').'">'.$langs->trans("BackToList").'</a>';
-	
+
 	$morehtmlref='<div class="refidno">';
 	// Project
 	if (! empty($conf->projet->enabled))
@@ -151,13 +151,13 @@ if ($object->id)
 	    }
 	}
 	$morehtmlref.='</div>';
-	
-	
+
+
 	dol_banner_tab($object, 'rowid', $linkback, 1, 'rowid', 'ref', $morehtmlref);
-	
+
 	print '<div class="fichecenter">';
 	print '<div class="underbanner clearboth"></div>';
-	
+
     print '<table class="border" width="100%">';
 
 	// Ref
@@ -166,7 +166,7 @@ if ($object->id)
 	print $form->showrefnav($object, 'id', $linkback, 1, 'rowid', 'ref', '');
 	print '</td></tr>';
     */
-    
+
 	// Societe
 	//print "<tr><td>".$langs->trans("Company")."</td><td>".$object->client->getNomUrl(1)."</td></tr>";
 
@@ -175,9 +175,9 @@ if ($object->id)
     print '</table>';
 
     print '</div>';
-    
+
     print '<div class="clearboth"></div>';
-    
+
     dol_fiche_end();
 
     $modulepart = 'don';
diff --git a/htdocs/don/info.php b/htdocs/don/info.php
index 46f398d4749..30c2129b6c6 100644
--- a/htdocs/don/info.php
+++ b/htdocs/don/info.php
@@ -67,7 +67,7 @@ $object->info($id);
 
 $head = donation_prepare_head($object);
 
-dol_fiche_head($head, 'info', $langs->trans("Donation"), 0, 'generic');
+dol_fiche_head($head, 'info', $langs->trans("Donation"), -1, 'generic');
 
 $linkback = '<a href="'.DOL_URL_ROOT.'/don/list.php'.(! empty($socid)?'?socid='.$socid:'').'">'.$langs->trans("BackToList").'</a>';
 
@@ -116,7 +116,7 @@ print '<br>';
 print '<table width="100%"><tr><td>';
 dol_print_object_info($object);
 print '</td></tr></table>';
-      
+
 print '</div>';
 
 dol_fiche_end();
diff --git a/htdocs/don/list.php b/htdocs/don/list.php
index 3d0422da917..5521b233a28 100644
--- a/htdocs/don/list.php
+++ b/htdocs/don/list.php
@@ -42,7 +42,7 @@ $pagenext = $page + 1;
 if (! $sortorder) $sortorder="DESC";
 if (! $sortfield) $sortfield="d.datedon";
 
-$statut=isset($_GET["statut"])?$_GET["statut"]:"-1";
+$statut=(GETPOST("statut",'intcomma')!='')?GETPOST("statut",'intcomma'):"-1";
 $search_all=GETPOST('sall', 'alphanohtml');
 $search_ref=GETPOST('search_ref','alpha');
 $search_company=GETPOST('search_company','alpha');
@@ -90,13 +90,13 @@ $sql.= " d.amount, d.fk_statut as statut, ";
 $sql.= " p.rowid as pid, p.ref, p.title, p.public";
 $sql.= " FROM ".MAIN_DB_PREFIX."don as d LEFT JOIN ".MAIN_DB_PREFIX."projet AS p";
 $sql.= " ON p.rowid = d.fk_projet WHERE 1 = 1";
-if ($statut >= 0)
+if ($statut != '' && $statut != '-1')
 {
-	$sql .= " AND d.fk_statut = ".$statut;
+	$sql .= " AND d.fk_statut IN (".$statut.")";
 }
 if (trim($search_ref) != '')
 {
-    $sql.= ' AND d.rowid LIKE \'%'.$db->escape(trim($search_ref)) . '%\'';
+    $sql.= natural_search('d.ref',$search_ref);
 }
 if (trim($search_all) != '')
 {
@@ -110,7 +110,7 @@ if (trim($search_name) != '')
 {
     $sql .= natural_search(array('d.lastname', 'd.firstname'), $search_name);
 }
-if ($search_amount) $sql.= natural_search(array('d.amount'), price2num(trim($search_amount)), 1);
+if ($search_amount) $sql.= natural_search('d.amount', $search_amount, 1);
 
 $sql.= $db->order($sortfield,$sortorder);
 $nbtotalofrecords = '';
@@ -131,17 +131,7 @@ if ($resql)
     //if ($page > 0) $param.= '&page='.$page;
 	if ($optioncss != '') $param.='&optioncss='.$optioncss;
 
-	if ($statut >= 0)
-	{
-	    $donationstatic->statut=$statut;
-	    $label=$donationstatic->getLibStatut(0);
-		print_barre_liste($langs->trans("Donations"), $page, $_SERVER["PHP_SELF"], $param, $sortfield, $sortorder, '', $num,$nbtotalofrecords);
-	}
-	else
-	{
-		print_barre_liste($langs->trans("Donations"), $page, $_SERVER["PHP_SELF"], $param, $sortfield, $sortorder, '', $num,$nbtotalofrecords);
-	}
-
+	print_barre_liste($langs->trans("Donations"), $page, $_SERVER["PHP_SELF"], $param, $sortfield, $sortorder, '', $num,$nbtotalofrecords);
 
     print '<form method="get" action="'.$_SERVER["PHP_SELF"].'">'."\n";
     if ($optioncss != '') print '<input type="hidden" name="optioncss" value="'.$optioncss.'">';
diff --git a/htdocs/don/note.php b/htdocs/don/note.php
index b197510a585..d78aa2c7ea5 100644
--- a/htdocs/don/note.php
+++ b/htdocs/don/note.php
@@ -84,7 +84,7 @@ if ($id > 0 || ! empty($ref))
 
 	$head = donation_prepare_head($object);
 
-	dol_fiche_head($head, 'note', $langs->trans("Donation"), 0, 'generic');
+	dol_fiche_head($head, 'note', $langs->trans("Donation"), -1, 'generic');
 
 	$linkback = '<a href="'.DOL_URL_ROOT.'/don/list.php'.(! empty($socid)?'?socid='.$socid:'').'">'.$langs->trans("BackToList").'</a>';
 
diff --git a/htdocs/install/mysql/migration/5.0.0-6.0.0.sql b/htdocs/install/mysql/migration/5.0.0-6.0.0.sql
index 086dbf9f404..dcf736f62a4 100644
--- a/htdocs/install/mysql/migration/5.0.0-6.0.0.sql
+++ b/htdocs/install/mysql/migration/5.0.0-6.0.0.sql
@@ -24,6 +24,8 @@
 -- -- VPGSQL8.2 DELETE FROM llx_usergroup_user      WHERE fk_user      NOT IN (SELECT rowid from llx_user);
 -- -- VMYSQL4.1 DELETE FROM llx_usergroup_user      WHERE fk_usergroup NOT IN (SELECT rowid from llx_usergroup);
 
+
+
 ALTER TABLE llx_holiday_config MODIFY COLUMN name varchar(128);
 
 ALTER TABLE llx_supplier_proposaldet CHANGE COLUMN fk_askpricesupplier fk_supplier_proposal integer NOT NULL;
@@ -326,7 +328,8 @@ ALTER TABLE llx_expensereport_det ADD COLUMN vat_src_code varchar(10)  DEFAULT '
 
 DELETE FROM llx_const WHERE name = __ENCRYPT('ADHERENT_BANK_USE_AUTO')__;
 
-UPDATE llx_const SET value = __ENCRYPT('moono-lisa')__ WHERE value = __ENCRYPT('moono')__ AND name = __ENCRYPT('FCKEDITOR_SKIN')__;
+UPDATE llx_const SET value = __ENCRYPT('moono-lisa')__   WHERE value = __ENCRYPT('moono')__       AND name = __ENCRYPT('FCKEDITOR_SKIN')__;
+DELETE FROM llx_document_model where nom = 'fsfe.fr.php' and type='donation';
 
 ALTER TABLE llx_product_price ADD COLUMN default_vat_code	varchar(10) AFTER tva_tx;
 ALTER TABLE llx_product_fournisseur_price ADD COLUMN default_vat_code	varchar(10) AFTER tva_tx;
diff --git a/htdocs/install/mysql/migration/repair.sql b/htdocs/install/mysql/migration/repair.sql
index 340714f690f..da158132113 100755
--- a/htdocs/install/mysql/migration/repair.sql
+++ b/htdocs/install/mysql/migration/repair.sql
@@ -41,6 +41,8 @@
 -- VMYSQLUTF8UNICODECI ALTER TABLE llx_product MODIFY accountancy_code_sell VARCHAR(32) COLLATE utf8_unicode_ci;
 -- VMYSQLUTF8UNICODECI ALTER TABLE llx_product MODIFY accountancy_code_buy VARCHAR(32) CHARACTER SET utf8;
 -- VMYSQLUTF8UNICODECI ALTER TABLE llx_product MODIFY accountancy_code_buy VARCHAR(32) COLLATE utf8_unicode_ci;
+-- VMYSQLUTF8UNICODECI ALTER TABLE llx_c_type_fees MODIFY accountancy_code VARCHAR(32) CHARACTER SET utf8;
+-- VMYSQLUTF8UNICODECI ALTER TABLE llx_c_type_fees MODIFY accountancy_code VARCHAR(32) COLLATE utf8_unicode_ci;
 
 
 -- VMYSQL4.1 SET sql_mode = 'ALLOW_INVALID_DATES';
diff --git a/htdocs/langs/en_US/main.lang b/htdocs/langs/en_US/main.lang
index 95fd4f228ca..bb5a25708e9 100644
--- a/htdocs/langs/en_US/main.lang
+++ b/htdocs/langs/en_US/main.lang
@@ -103,7 +103,8 @@ RequestLastAccessInError=Latest database access request error
 ReturnCodeLastAccessInError=Return code for latest database access request error
 InformationLastAccessInError=Information for latest database access request error
 DolibarrHasDetectedError=Dolibarr has detected a technical error
-InformationToHelpDiagnose=This information can be useful for diagnostic purposes
+YouCanSetOptionDolibarrMainProdToZero=You can read log file or set option $dolibarr_main_prod to '0' in your config file to get more information.
+InformationToHelpDiagnose=This information can be useful for diagnostic purposes (you can set option $dolibarr_main_prod to '1' to remove such notices)
 MoreInformation=More information
 TechnicalInformation=Technical information
 TechnicalID=Technical ID
diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php
index ce7512f52c2..41f1d36e46b 100644
--- a/htdocs/main.inc.php
+++ b/htdocs/main.inc.php
@@ -77,38 +77,39 @@ if (function_exists('get_magic_quotes_gpc'))	// magic_quotes_* deprecated in PHP
  */
 function test_sql_and_script_inject($val, $type)
 {
-    $sql_inj = 0;
+    $inj = 0;
     // For SQL Injection (only GET and POST are used to be included into bad escaped SQL requests)
     if ($type != 2)
     {
-        $sql_inj += preg_match('/delete\s+from/i',	 $val);
-        $sql_inj += preg_match('/create\s+table/i',	 $val);
-        $sql_inj += preg_match('/update.+set.+=/i',  $val);
-        $sql_inj += preg_match('/insert\s+into/i', 	 $val);
-        $sql_inj += preg_match('/select.+from/i', 	 $val);
-        $sql_inj += preg_match('/union.+select/i', 	 $val);
-        $sql_inj += preg_match('/into\s+(outfile|dumpfile)/i',  $val);
-        $sql_inj += preg_match('/(\.\.%2f)+/i',		 $val);
+        $inj += preg_match('/delete\s+from/i',	 $val);
+        $inj += preg_match('/create\s+table/i',	 $val);
+        $inj += preg_match('/update.+set.+=/i',  $val);
+        $inj += preg_match('/insert\s+into/i', 	 $val);
+        $inj += preg_match('/select.+from/i', 	 $val);
+        $inj += preg_match('/union.+select/i', 	 $val);
+        $inj += preg_match('/into\s+(outfile|dumpfile)/i',  $val);
+        $inj += preg_match('/(\.\.%2f)+/i',		 $val);
     }
     // For XSS Injection done by adding javascript with script
     // This is all cases a browser consider text is javascript:
     // When it found '<script', 'javascript:', '<style', 'onload\s=' on body tag, '="&' on a tag size with old browsers
     // All examples on page: http://ha.ckers.org/xss.html#XSScalc
-    $sql_inj += preg_match('/<script/i', $val);
-    if (! defined('NOSTYLECHECK')) $sql_inj += preg_match('/<style/i', $val);
-    $sql_inj += preg_match('/base[\s]+href/si', $val);
-    $sql_inj += preg_match('/<.*onmouse/si', $val);       // onmousexxx can be set on img or any html tag like <img title='...' onmouseover=alert(1)>
-    $sql_inj += preg_match('/onerror\s*=/i', $val);       // onerror can be set on img or any html tag like <img title='...' onerror = alert(1)>
-    $sql_inj += preg_match('/onfocus\s*=/i', $val);       // onfocus can be set on input text html tag like <input type='text' value='...' onfocus = alert(1)>
+    $inj += preg_match('/<script/i', $val);
+    if (! defined('NOSTYLECHECK')) $inj += preg_match('/<style/i', $val);
+    $inj += preg_match('/base[\s]+href/si', $val);
+    $inj += preg_match('/<.*onmouse/si', $val);       // onmousexxx can be set on img or any html tag like <img title='...' onmouseover=alert(1)>
+    $inj += preg_match('/onerror\s*=/i', $val);       // onerror can be set on img or any html tag like <img title='...' onerror = alert(1)>
+    $inj += preg_match('/onfocus\s*=/i', $val);       // onfocus can be set on input text html tag like <input type='text' value='...' onfocus = alert(1)>
+    $inj += preg_match('/onload\s*=/i', $val);        // onload can be set on input text html tag like <input type='text' value='...' onfocus = alert(1)>
     if ($type == 1)
     {
-        $sql_inj += preg_match('/javascript:/i', $val);
-        $sql_inj += preg_match('/vbscript:/i', $val);
+        $inj += preg_match('/javascript:/i', $val);
+        $inj += preg_match('/vbscript:/i', $val);
     }
     // For XSS Injection done by adding javascript closing html tags like with onmousemove, etc... (closing a src or href tag with not cleaned param)
-    if ($type == 1) $sql_inj += preg_match('/"/i', $val);		// We refused " in GET parameters value
-    if ($type == 2) $sql_inj += preg_match('/[;"]/', $val);		// PHP_SELF is a file system path. It can contains spaces.
-    return $sql_inj;
+    if ($type == 1) $inj += preg_match('/"/i', $val);		// We refused " in GET parameters value
+    if ($type == 2) $inj += preg_match('/[;"]/', $val);		// PHP_SELF is a file system path. It can contains spaces.
+    return $inj;
 }
 
 /**
diff --git a/htdocs/projet/activity/perday.php b/htdocs/projet/activity/perday.php
index 73197025df6..4dff34ad30b 100644
--- a/htdocs/projet/activity/perday.php
+++ b/htdocs/projet/activity/perday.php
@@ -341,6 +341,9 @@ $param='';
 $param.=($mode?'&mode='.$mode:'');
 $param.=($search_project_ref?'&search_project_ref='.$search_project_ref:'');
 $param.=($search_userassignedid > 0?'&search_userassignedid='.$search_usertoprocessid:'');
+$param.=($search_thirdparty?'&search_thirdparty='.$search_thirdparty:'');
+$param.=($search_task_ref?'&search_task_ref='.$search_task_ref:'');
+$param.=($search_task_label?'&search_task_label='.$search_task_label:'');
 
 // Show navigation bar
 $nav ='<a class="inline-block valignmiddle" href="?year='.$prev_year."&amp;month=".$prev_month."&amp;day=".$prev_day.$param.'">'.img_previous($langs->trans("Previous"))."</a>\n";
diff --git a/htdocs/projet/activity/perweek.php b/htdocs/projet/activity/perweek.php
index 01e4b71eda8..6ea60f3d76f 100644
--- a/htdocs/projet/activity/perweek.php
+++ b/htdocs/projet/activity/perweek.php
@@ -337,6 +337,9 @@ $param='';
 $param.=($mode?'&mode='.$mode:'');
 $param.=($search_project_ref?'&search_project_ref='.$search_project_ref:'');
 $param.=($search_usertoprocessid > 0?'&search_usertoprocessid='.$search_usertoprocessid:'');
+$param.=($search_thirdparty?'&search_thirdparty='.$search_thirdparty:'');
+$param.=($search_task_ref?'&search_task_ref='.$search_task_ref:'');
+$param.=($search_task_label?'&search_task_label='.$search_task_label:'');
 
 // Show navigation bar
 $nav ='<a class="inline-block valignmiddle" href="?year='.$prev_year."&month=".$prev_month."&day=".$prev_day.$param.'">'.img_previous($langs->trans("Previous"))."</a>\n";
diff --git a/htdocs/viewimage.php b/htdocs/viewimage.php
index bd73f0c0b43..3f7ddbcd1cb 100644
--- a/htdocs/viewimage.php
+++ b/htdocs/viewimage.php
@@ -113,7 +113,7 @@ if (empty($modulepart)) accessforbidden('Bad value for parameter modulepart');
 $check_access = dol_check_secure_access_document($modulepart,$original_file,$entity,$refname);
 $accessallowed              = $check_access['accessallowed'];
 $sqlprotectagainstexternals = $check_access['sqlprotectagainstexternals'];
-$original_file              = $check_access['original_file'];
+$fullpath_original_file     = $check_access['original_file'];
 
 // Security:
 // Limit access if permissions are wrong
@@ -124,11 +124,10 @@ if (! $accessallowed)
 
 // Security:
 // On interdit les remontees de repertoire ainsi que les pipe dans les noms de fichiers.
-if (preg_match('/\.\./',$original_file) || preg_match('/[<>|]/',$original_file))
+if (preg_match('/\.\./',$fullpath_original_file) || preg_match('/[<>|]/',$fullpath_original_file))
 {
-    dol_syslog("Refused to deliver file ".$original_file, LOG_WARNING);
-    // Do no show plain path in shown error message
-    dol_print_error(0,'Error: File '.$_GET["file"].' does not exists');
+	dol_syslog("Refused to deliver file ".$fullpath_original_file);
+	print "ErrorFileNameInvalid: ".$original_file;
     exit;
 }
 
@@ -143,7 +142,7 @@ if ($modulepart == 'barcode')
 
     if (empty($generator) || empty($encoding))
     {
-        dol_print_error(0,'Error, parameter "generator" or "encoding" not defined');
+        print 'Error: Parameter "generator" or "encoding" not defined';
         exit;
     }
 
@@ -176,14 +175,13 @@ else					// Open and return file
     clearstatcache();
 
     // Output files on browser
-    dol_syslog("viewimage.php return file $original_file content-type=$type");
+    dol_syslog("viewimage.php return file $fullpath_original_file content-type=$type");
 
     // This test is to avoid error images when image is not available (for example thumbs).
-    if (! dol_is_file($original_file) && empty($_GET["noalt"]))
+    if (! dol_is_file($fullpath_original_file) && empty($_GET["noalt"]))
     {
-        $original_file=DOL_DOCUMENT_ROOT.'/public/theme/common/nophoto.png';
+        $fullpath_original_file=DOL_DOCUMENT_ROOT.'/public/theme/common/nophoto.png';
         /*$error='Error: File '.$_GET["file"].' does not exists or filesystems permissions are not allowed';
-        dol_print_error(0,$error);
         print $error;
         exit;*/
     }
@@ -192,16 +190,17 @@ else					// Open and return file
     if ($type)
     {
         top_httphead($type);
-        header('Content-Disposition: inline; filename="'.basename($original_file).'"');
+        header('Content-Disposition: inline; filename="'.basename($fullpath_original_file).'"');
     }
     else
     {
         top_httphead('image/png');
-        header('Content-Disposition: inline; filename="'.basename($original_file).'"');
+        header('Content-Disposition: inline; filename="'.basename($fullpath_original_file).'"');
     }
 
-    $original_file_osencoded=dol_osencode($original_file);
-    readfile($original_file_osencoded);
+    $fullpath_original_file_osencoded=dol_osencode($fullpath_original_file);
+
+    readfile($fullpath_original_file_osencoded);
 }