diff --git a/ChangeLog b/ChangeLog
index d4a8b55625f..646c1314b1f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -7,6 +7,7 @@ English Dolibarr ChangeLog
 
 For users:
 ----------
+NEW: Several security issues after a second private bug bounty campaign. 
 
 
 For developers:
diff --git a/htdocs/accountancy/admin/index.php b/htdocs/accountancy/admin/index.php
index b5443486648..4e56b5bfa2f 100644
--- a/htdocs/accountancy/admin/index.php
+++ b/htdocs/accountancy/admin/index.php
@@ -81,7 +81,7 @@ if ($action == 'update') {
 			$constvalue = GETPOST($constname, 'alpha');
 
 			if ($constname == 'ACCOUNTING_DATE_START_BINDING') {
-				$constvalue = dol_mktime(12, 0, 0, GETPOST($constname.'month', 'int'), GETPOST($constname.'day', 'int'), GETPOST($constname.'year', 'int'));
+				$constvalue = dol_mktime(0, 0, 0, GETPOST($constname.'month', 'int'), GETPOST($constname.'day', 'int'), GETPOST($constname.'year', 'int'));
 			}
 
 			if (!dolibarr_set_const($db, $constname, $constvalue, 'chaine', 0, '', $conf->entity)) {
diff --git a/htdocs/accountancy/admin/productaccount.php b/htdocs/accountancy/admin/productaccount.php
index dd55e870009..26de6e5ab16 100644
--- a/htdocs/accountancy/admin/productaccount.php
+++ b/htdocs/accountancy/admin/productaccount.php
@@ -1,6 +1,6 @@
 <?php
 /* Copyright (C) 2013-2014 Olivier Geffroy      <jeff@jeffinfo.com>
- * Copyright (C) 2013-2020 Alexandre Spangaro   <aspangaro@open-dsi.fr>
+ * Copyright (C) 2013-2021 Alexandre Spangaro   <aspangaro@open-dsi.fr>
  * Copyright (C) 2014 	   Florian Henry		<florian.henry@open-concept.pro>
  * Copyright (C) 2014 	   Juanjo Menent		<jmenent@2byte.es>
  * Copyright (C) 2015      Ari Elbaz (elarifr)	<github@accedinfo.com>
@@ -98,6 +98,28 @@ if (empty($action)) {
 
 $arrayfields = array();
 
+$accounting_product_modes = array(
+	'ACCOUNTANCY_SELL',
+	'ACCOUNTANCY_SELL_INTRA',
+	'ACCOUNTANCY_SELL_EXPORT',
+	'ACCOUNTANCY_BUY',
+	'ACCOUNTANCY_BUY_INTRA',
+	'ACCOUNTANCY_BUY_EXPORT'
+);
+
+if ($accounting_product_mode == 'ACCOUNTANCY_BUY') {
+	$accountancy_field_name = "accountancy_code_buy";
+} elseif ($accounting_product_mode == 'ACCOUNTANCY_BUY_INTRA') {
+	$accountancy_field_name = "accountancy_code_buy_intra";
+} elseif ($accounting_product_mode == 'ACCOUNTANCY_BUY_EXPORT') {
+	$accountancy_field_name = "accountancy_code_buy_export";
+} elseif ($accounting_product_mode == 'ACCOUNTANCY_SELL') {
+	$accountancy_field_name = "accountancy_code_sell";
+} elseif ($accounting_product_mode == 'ACCOUNTANCY_SELL_INTRA') {
+	$accountancy_field_name = "accountancy_code_sell_intra";
+} else { // $accounting_product_mode == 'ACCOUNTANCY_SELL_EXPORT'
+	$accountancy_field_name = "accountancy_code_sell_export";
+}
 
 /*
  * Actions
@@ -133,15 +155,6 @@ if ($action == 'update') {
 	if (!empty($btn_changetype)) {
 		$error = 0;
 
-		$accounting_product_modes = array(
-				'ACCOUNTANCY_SELL',
-				'ACCOUNTANCY_SELL_INTRA',
-				'ACCOUNTANCY_SELL_EXPORT',
-				'ACCOUNTANCY_BUY',
-				'ACCOUNTANCY_BUY_INTRA',
-				'ACCOUNTANCY_BUY_EXPORT'
-		);
-
 		if (in_array($accounting_product_mode, $accounting_product_modes)) {
 			if (!dolibarr_set_const($db, 'ACCOUNTING_PRODUCT_MODE', $accounting_product_mode, 'chaine', 0, '', $conf->entity)) {
 				$error++;
@@ -153,7 +166,7 @@ if ($action == 'update') {
 
 	if (!empty($btn_changeaccount)) {
 		//$msg = '<div><span class="accountingprocessing">' . $langs->trans("Processing") . '...</span></div>';
-		if (!empty($chk_prod)) {
+		if (!empty($chk_prod) && in_array($accounting_product_mode, $accounting_product_modes)) {
 			$accounting = new AccountingAccount($db);
 
 			//$msg .= '<div><span class="accountingprocessing">' . count($chk_prod) . ' ' . $langs->trans("SelectedLines") . '</span></div>';
@@ -175,26 +188,15 @@ if ($action == 'update') {
 				} else {
 					$db->begin();
 
-					$sql = " UPDATE ".MAIN_DB_PREFIX."product";
-					if ($accounting_product_mode == 'ACCOUNTANCY_BUY') {
-						$sql .= " SET accountancy_code_buy = ".$accounting->account_number;
+					if (!empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED)) {
+						$sql = "INSERT INTO ".MAIN_DB_PREFIX."product_perentity (fk_product, entity, '".$db->escape($accountancy_field_name)."')";
+						$sql .= " VALUES (".((int) $productid).", ".((int) $conf->entity).", '".$db->escape($accounting->account_number)."')";
+						$sql .= " ON DUPLICATE KEY UPDATE ".$accountancy_field_name." = '".$db->escape($accounting->account_number)."'";
+					} else {
+						$sql = " UPDATE ".MAIN_DB_PREFIX."product";
+						$sql .= " SET ".$accountancy_field_name." = '".$db->escape($accounting->account_number)."'";
+						$sql .= " WHERE rowid = ".((int) $productid);
 					}
-					if ($accounting_product_mode == 'ACCOUNTANCY_BUY_INTRA') {
-						$sql .= " SET accountancy_code_buy_intra = ".$accounting->account_number;
-					}
-					if ($accounting_product_mode == 'ACCOUNTANCY_BUY_EXPORT') {
-						$sql .= " SET accountancy_code_buy_export = ".$accounting->account_number;
-					}
-					if ($accounting_product_mode == 'ACCOUNTANCY_SELL') {
-						$sql .= " SET accountancy_code_sell = ".$accounting->account_number;
-					}
-					if ($accounting_product_mode == 'ACCOUNTANCY_SELL_INTRA') {
-						$sql .= " SET accountancy_code_sell_intra = ".$accounting->account_number;
-					}
-					if ($accounting_product_mode == 'ACCOUNTANCY_SELL_EXPORT') {
-						$sql .= " SET accountancy_code_sell_export = ".$accounting->account_number;
-					}
-					$sql .= " WHERE rowid = ".((int) $productid);
 
 					dol_syslog("/accountancy/admin/productaccount.php sql=".$sql, LOG_DEBUG);
 					if ($db->query($sql)) {
@@ -267,50 +269,25 @@ if (empty($pcgvercode)) {
 }
 
 $sql = "SELECT p.rowid, p.ref, p.label, p.description, p.tosell, p.tobuy, p.tva_tx,";
-$sql .= " p.accountancy_code_sell, p.accountancy_code_sell_intra, p.accountancy_code_sell_export,";
-$sql .= " p.accountancy_code_buy, p.accountancy_code_buy_intra, p.accountancy_code_buy_export,";
+if (!empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED)) {
+	$sql .= " pa.accountancy_code_sell, pa.accountancy_code_sell_intra, pa.accountancy_code_sell_export,";
+	$sql .= " pa.accountancy_code_buy, pa.accountancy_code_buy_intra, pa.accountancy_code_buy_export,";
+} else {
+	$sql .= " p.accountancy_code_sell, p.accountancy_code_sell_intra, p.accountancy_code_sell_export,";
+	$sql .= " p.accountancy_code_buy, p.accountancy_code_buy_intra, p.accountancy_code_buy_export,";
+}
 $sql .= " p.tms, p.fk_product_type as product_type,";
 $sql .= " aa.rowid as aaid";
 $sql .= " FROM ".MAIN_DB_PREFIX."product as p";
-$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa ON";
-if ($accounting_product_mode == 'ACCOUNTANCY_BUY') {
-	$sql .= " p.accountancy_code_buy = aa.account_number AND aa.fk_pcg_version = '".$db->escape($pcgvercode)."'";
-} elseif ($accounting_product_mode == 'ACCOUNTANCY_BUY_INTRA') {
-	$sql .= " p.accountancy_code_buy_intra = aa.account_number AND aa.fk_pcg_version = '".$db->escape($pcgvercode)."'";
-} elseif ($accounting_product_mode == 'ACCOUNTANCY_BUY_EXPORT') {
-	$sql .= " p.accountancy_code_buy_export = aa.account_number AND aa.fk_pcg_version = '".$db->escape($pcgvercode)."'";
-} elseif ($accounting_product_mode == 'ACCOUNTANCY_SELL') {
-	$sql .= " p.accountancy_code_sell = aa.account_number AND aa.fk_pcg_version = '".$db->escape($pcgvercode)."'";
-} elseif ($accounting_product_mode == 'ACCOUNTANCY_SELL_INTRA') {
-	$sql .= " p.accountancy_code_sell_intra = aa.account_number AND aa.fk_pcg_version = '".$db->escape($pcgvercode)."'";
+if (!empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED)) {
+	$sql .= " LEFT JOIN " . MAIN_DB_PREFIX . "product_accounting as pa ON pa.fk_product = p.rowid AND pa.entity = " . ((int) $conf->entity);
+	$sql .= " LEFT JOIN " . MAIN_DB_PREFIX . "accounting_account as aa ON aa.account_number = pa." . $accountancy_field_name . " AND aa.fk_pcg_version = '" . $db->escape($pcgvercode) . "'";
 } else {
-	$sql .= " p.accountancy_code_sell_export = aa.account_number AND aa.fk_pcg_version = '".$db->escape($pcgvercode)."'";
+	$sql .= " LEFT JOIN " . MAIN_DB_PREFIX . "accounting_account as aa ON aa.account_number = p." . $accountancy_field_name . " AND aa.fk_pcg_version = '" . $db->escape($pcgvercode) . "'";
 }
 $sql .= ' WHERE p.entity IN ('.getEntity('product').')';
-if ($accounting_product_mode == 'ACCOUNTANCY_BUY') {
-	if (strlen(trim($search_current_account))) {
-		$sql .= natural_search("p.accountancy_code_buy", $search_current_account);
-	}
-} elseif ($accounting_product_mode == 'ACCOUNTANCY_BUY_INTRA') {
-	if (strlen(trim($search_current_account))) {
-		$sql .= natural_search("p.accountancy_code_buy_intra", $search_current_account);
-	}
-} elseif ($accounting_product_mode == 'ACCOUNTANCY_BUY_EXPORT') {
-	if (strlen(trim($search_current_account))) {
-		$sql .= natural_search("p.accountancy_code_buy_export", $search_current_account);
-	}
-} elseif ($accounting_product_mode == 'ACCOUNTANCY_SELL') {
-	if (strlen(trim($search_current_account))) {
-		$sql .= natural_search("p.accountancy_code_sell", $search_current_account);
-	}
-} elseif ($accounting_product_mode == 'ACCOUNTANCY_SELL_INTRA') {
-	if (strlen(trim($search_current_account))) {
-		$sql .= natural_search("p.accountancy_code_sell_intra", $search_current_account);
-	}
-} else {
-	if (strlen(trim($search_current_account))) {
-		$sql .= natural_search("p.accountancy_code_sell_export", $search_current_account);
-	}
+if (strlen(trim($search_current_account))) {
+	$sql .= natural_search((!empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED) ? "pa." : "p.") . $accountancy_field_name, $search_current_account);
 }
 if ($search_current_account_valid == 'withoutvalidaccount') {
 	$sql .= " AND aa.account_number IS NULL";
@@ -459,7 +436,7 @@ if ($result) {
 	// On sell
 	if ($accounting_product_mode == 'ACCOUNTANCY_SELL' || $accounting_product_mode == 'ACCOUNTANCY_SELL_INTRA' || $accounting_product_mode == 'ACCOUNTANCY_SELL_EXPORT') {
 		print '<td class="liste_titre center">'.$form->selectyesno('search_onsell', $search_onsell, 1, false, 1).'</td>';
-	} elseif ($accounting_product_mode == 'ACCOUNTANCY_BUY' || $accounting_product_mode == 'ACCOUNTANCY_BUY_INTRA' || $accounting_product_mode == 'ACCOUNTANCY_BUY_EXPORT') {
+	} else {
 		// On buy
 		print '<td class="liste_titre center">'.$form->selectyesno('search_onpurchase', $search_onpurchase, 1, false, 1).'</td>';
 	}
@@ -484,26 +461,12 @@ if ($result) {
 	}
 	print_liste_field_titre("VATRate", $_SERVER["PHP_SELF"], "p.tva_tx", "", $param, '', $sortfield, $sortorder, 'right ');
 	// On sell / On purchase
-	if ($accounting_product_mode == 'ACCOUNTANCY_SELL') {
+	if ($accounting_product_mode == 'ACCOUNTANCY_SELL' || $accounting_product_mode == 'ACCOUNTANCY_SELL_INTRA' || $accounting_product_mode == 'ACCOUNTANCY_SELL_EXPORT') {
 		print_liste_field_titre("OnSell", $_SERVER["PHP_SELF"], "p.tosell", "", $param, '', $sortfield, $sortorder, 'center ');
-		$fieldtosortaccount = "p.accountancy_code_sell";
-	} elseif ($accounting_product_mode == 'ACCOUNTANCY_SELL_INTRA') {
-		print_liste_field_titre("OnSell", $_SERVER["PHP_SELF"], "p.tosell", "", $param, '', $sortfield, $sortorder, 'center ');
-		$fieldtosortaccount = "p.accountancy_code_sell_intra";
-	} elseif ($accounting_product_mode == 'ACCOUNTANCY_SELL_EXPORT') {
-		print_liste_field_titre("OnSell", $_SERVER["PHP_SELF"], "p.tosell", "", $param, '', $sortfield, $sortorder, 'center ');
-		$fieldtosortaccount = "p.accountancy_code_sell_export";
-	} elseif ($accounting_product_mode == 'ACCOUNTANCY_BUY') {
+	} else {
 		print_liste_field_titre("OnBuy", $_SERVER["PHP_SELF"], "p.tobuy", "", $param, '', $sortfield, $sortorder, 'center ');
-		$fieldtosortaccount = "p.accountancy_code_buy";
-	} elseif ($accounting_product_mode == 'ACCOUNTANCY_BUY_INTRA') {
-		print_liste_field_titre("OnBuy", $_SERVER["PHP_SELF"], "p.tobuy", "", $param, '', $sortfield, $sortorder, 'center ');
-		$fieldtosortaccount = "p.accountancy_code_buy_intra";
-	} elseif ($accounting_product_mode == 'ACCOUNTANCY_BUY_EXPORT') {
-		print_liste_field_titre("OnBuy", $_SERVER["PHP_SELF"], "p.tobuy", "", $param, '', $sortfield, $sortorder, 'center ');
-		$fieldtosortaccount = "p.accountancy_code_buy_export";
 	}
-	print_liste_field_titre("CurrentDedicatedAccountingAccount", $_SERVER["PHP_SELF"], $fieldtosortaccount, "", $param, '', $sortfield, $sortorder);
+	print_liste_field_titre("CurrentDedicatedAccountingAccount", $_SERVER["PHP_SELF"], (empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED) ? "pa." : "p.") . $accountancy_field_name, "", $param, '', $sortfield, $sortorder);
 	print_liste_field_titre("AssignDedicatedAccountingAccount");
 	$clickpitco = $form->showCheckAddButtons('checkforselect', 1);
 	print_liste_field_titre($clickpitco, '', '', '', '', '', '', '', 'center ');
@@ -607,11 +570,10 @@ if ($result) {
 		print vatrate($obj->tva_tx);
 		print '</td>';
 
+		// On sell / On purchase
 		if ($accounting_product_mode == 'ACCOUNTANCY_SELL' || $accounting_product_mode == 'ACCOUNTANCY_SELL_INTRA' || $accounting_product_mode == 'ACCOUNTANCY_SELL_EXPORT') {
 			print '<td class="center">'.$product_static->getLibStatut(3, 0).'</td>';
-		}
-
-		if ($accounting_product_mode == 'ACCOUNTANCY_BUY' || $accounting_product_mode == 'ACCOUNTANCY_BUY_INTRA' || $accounting_product_mode == 'ACCOUNTANCY_BUY_EXPORT') {
+		} else {
 			print '<td class="center">'.$product_static->getLibStatut(3, 1).'</td>';
 		}
 
diff --git a/htdocs/accountancy/bookkeeping/list.php b/htdocs/accountancy/bookkeeping/list.php
index 40a8284adc4..8daefea76d2 100644
--- a/htdocs/accountancy/bookkeeping/list.php
+++ b/htdocs/accountancy/bookkeeping/list.php
@@ -45,14 +45,14 @@ $search_mvt_num = GETPOST('search_mvt_num', 'int');
 $search_doc_type = GETPOST("search_doc_type", 'alpha');
 $search_doc_ref = GETPOST("search_doc_ref", 'alpha');
 $search_date_start = dol_mktime(0, 0, 0, GETPOST('search_date_startmonth', 'int'), GETPOST('search_date_startday', 'int'), GETPOST('search_date_startyear', 'int'));
-$search_date_end = dol_mktime(0, 0, 0, GETPOST('search_date_endmonth', 'int'), GETPOST('search_date_endday', 'int'), GETPOST('search_date_endyear', 'int'));
+$search_date_end = dol_mktime(23, 59, 59, GETPOST('search_date_endmonth', 'int'), GETPOST('search_date_endday', 'int'), GETPOST('search_date_endyear', 'int'));
 $search_doc_date = dol_mktime(0, 0, 0, GETPOST('doc_datemonth', 'int'), GETPOST('doc_dateday', 'int'), GETPOST('doc_dateyear', 'int'));
 $search_date_creation_start = dol_mktime(0, 0, 0, GETPOST('date_creation_startmonth', 'int'), GETPOST('date_creation_startday', 'int'), GETPOST('date_creation_startyear', 'int'));
-$search_date_creation_end = dol_mktime(0, 0, 0, GETPOST('date_creation_endmonth', 'int'), GETPOST('date_creation_endday', 'int'), GETPOST('date_creation_endyear', 'int'));
+$search_date_creation_end = dol_mktime(23, 59, 59, GETPOST('date_creation_endmonth', 'int'), GETPOST('date_creation_endday', 'int'), GETPOST('date_creation_endyear', 'int'));
 $search_date_modification_start = dol_mktime(0, 0, 0, GETPOST('date_modification_startmonth', 'int'), GETPOST('date_modification_startday', 'int'), GETPOST('date_modification_startyear', 'int'));
-$search_date_modification_end = dol_mktime(0, 0, 0, GETPOST('date_modification_endmonth', 'int'), GETPOST('date_modification_endday', 'int'), GETPOST('date_modification_endyear', 'int'));
+$search_date_modification_end = dol_mktime(23, 59, 59, GETPOST('date_modification_endmonth', 'int'), GETPOST('date_modification_endday', 'int'), GETPOST('date_modification_endyear', 'int'));
 $search_date_export_start = dol_mktime(0, 0, 0, GETPOST('date_export_startmonth', 'int'), GETPOST('date_export_startday', 'int'), GETPOST('date_export_startyear', 'int'));
-$search_date_export_end = dol_mktime(0, 0, 0, GETPOST('date_export_endmonth', 'int'), GETPOST('date_export_endday', 'int'), GETPOST('date_export_endyear', 'int'));
+$search_date_export_end = dol_mktime(23, 59, 59, GETPOST('date_export_endmonth', 'int'), GETPOST('date_export_endday', 'int'), GETPOST('date_export_endyear', 'int'));
 
 //var_dump($search_date_start);exit;
 if (GETPOST("button_delmvt_x") || GETPOST("button_delmvt.x") || GETPOST("button_delmvt")) {
diff --git a/htdocs/accountancy/bookkeeping/listbyaccount.php b/htdocs/accountancy/bookkeeping/listbyaccount.php
index 24bcc4706c1..406664938cc 100644
--- a/htdocs/accountancy/bookkeeping/listbyaccount.php
+++ b/htdocs/accountancy/bookkeeping/listbyaccount.php
@@ -46,7 +46,7 @@ $search_date_endyear =  GETPOST('search_date_endyear', 'int');
 $search_date_endmonth =  GETPOST('search_date_endmonth', 'int');
 $search_date_endday =  GETPOST('search_date_endday', 'int');
 $search_date_start = dol_mktime(0, 0, 0, $search_date_startmonth, $search_date_startday, $search_date_startyear);
-$search_date_end = dol_mktime(0, 0, 0, $search_date_endmonth, $search_date_endday, $search_date_endyear);
+$search_date_end = dol_mktime(23, 59, 59, $search_date_endmonth, $search_date_endday, $search_date_endyear);
 $search_doc_date = dol_mktime(0, 0, 0, GETPOST('doc_datemonth', 'int'), GETPOST('doc_dateday', 'int'), GETPOST('doc_dateyear', 'int'));
 $search_date_export_startyear =  GETPOST('search_date_export_startyear', 'int');
 $search_date_export_startmonth =  GETPOST('search_date_export_startmonth', 'int');
diff --git a/htdocs/accountancy/customer/card.php b/htdocs/accountancy/customer/card.php
index 98e9151877e..88b199e76e3 100644
--- a/htdocs/accountancy/customer/card.php
+++ b/htdocs/accountancy/customer/card.php
@@ -1,7 +1,7 @@
 <?php
 /* Copyright (C) 2013-2014 Olivier Geffroy		<jeff@jeffinfo.com>
  * Copyright (C) 2013-2014 Florian Henry		<florian.henry@open-concept.pro>
- * Copyright (C) 2013-2017 Alexandre Spangaro	<aspangaro@open-dsi.fr>
+ * Copyright (C) 2013-2021 Alexandre Spangaro	<aspangaro@open-dsi.fr>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -61,7 +61,7 @@ if ($action == 'ventil' && $user->rights->accounting->bind->write) {
 		}
 
 		$sql = " UPDATE ".MAIN_DB_PREFIX."facturedet";
-		$sql .= " SET fk_code_ventilation = ".$codeventil;
+		$sql .= " SET fk_code_ventilation = ".((int) $codeventil);
 		$sql .= " WHERE rowid = ".((int) $id);
 
 		$resql = $db->query($sql);
@@ -100,10 +100,18 @@ $formaccounting = new FormAccounting($db);
 
 if (!empty($id)) {
 	$sql = "SELECT f.ref, f.rowid as facid, l.fk_product, l.description, l.price,";
-	$sql .= " l.qty, l.rowid, l.tva_tx, l.remise_percent, l.subprice, p.accountancy_code_sell as code_sell,";
+	$sql .= " l.qty, l.rowid, l.tva_tx, l.remise_percent, l.subprice,";
+	if (!empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED)) {
+		$sql .= " pa.accountancy_code_sell as code_sell,";
+	} else {
+		$sql .= " p.accountancy_code_sell as code_sell,";
+	}
 	$sql .= " l.fk_code_ventilation, aa.account_number, aa.label";
 	$sql .= " FROM ".MAIN_DB_PREFIX."facturedet as l";
 	$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product as p ON p.rowid = l.fk_product";
+	if (!empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED)) {
+		$sql .= " LEFT JOIN " . MAIN_DB_PREFIX . "product_accounting as pa ON pa.fk_product = p.rowid AND pa.entity = " . ((int) $conf->entity);
+	}
 	$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa ON l.fk_code_ventilation = aa.rowid";
 	$sql .= " INNER JOIN ".MAIN_DB_PREFIX."facture as f ON f.rowid = l.fk_facture";
 	$sql .= " WHERE f.fk_statut > 0 AND l.rowid = ".((int) $id);
diff --git a/htdocs/accountancy/customer/index.php b/htdocs/accountancy/customer/index.php
index a0da7ace065..354652c653c 100644
--- a/htdocs/accountancy/customer/index.php
+++ b/htdocs/accountancy/customer/index.php
@@ -1,7 +1,7 @@
 <?php
 /* Copyright (C) 2013       Olivier Geffroy		<jeff@jeffinfo.com>
  * Copyright (C) 2013-2014  Florian Henry		<florian.henry@open-concept.pro>
- * Copyright (C) 2013-2020  Alexandre Spangaro	<aspangaro@open-dsi.fr>
+ * Copyright (C) 2013-2021  Alexandre Spangaro	<aspangaro@open-dsi.fr>
  * Copyright (C) 2014       Juanjo Menent		<jmenent@2byte.es>
  * Copyright (C) 2015       Jean-François Ferry	<jfefe@aternatik.fr>
  *
@@ -125,19 +125,34 @@ if ($action == 'validatehistory') {
 	$sql = "SELECT f.rowid as facid, f.ref as ref, f.datef, f.type as ftype,";
 	$sql .= " l.rowid, l.fk_product, l.description, l.total_ht, l.fk_code_ventilation, l.product_type as type_l, l.tva_tx as tva_tx_line, l.vat_src_code,";
 	$sql .= " p.rowid as product_id, p.ref as product_ref, p.label as product_label, p.fk_product_type as type, p.tva_tx as tva_tx_prod,";
-	$sql .= " p.accountancy_code_sell as code_sell, p.accountancy_code_sell_intra as code_sell_intra, p.accountancy_code_sell_export as code_sell_export,";
+	if (!empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED)) {
+		$sql .= " pa.accountancy_code_sell as code_sell, pa.accountancy_code_sell_intra as code_sell_intra, pa.accountancy_code_sell_export as code_sell_export,";
+	} else {
+		$sql .= " p.accountancy_code_sell as code_sell, p.accountancy_code_sell_intra as code_sell_intra, p.accountancy_code_sell_export as code_sell_export,";
+	}
 	$sql .= " aa.rowid as aarowid, aa2.rowid as aarowid_intra, aa3.rowid as aarowid_export, aa4.rowid as aarowid_thirdparty,";
 	$sql .= " co.code as country_code, co.label as country_label,";
-	$sql .= " s.tva_intra, s.accountancy_code_sell as company_code_sell";
+	$sql .= " s.tva_intra,";
+	if (!empty($conf->global->ACCOUNTANCY_COMPANY_SHARED)) {
+		$sql .= " sa.accountancy_code_sell as company_code_sell";
+	} else {
+		$sql .= " s.accountancy_code_sell as company_code_sell";
+	}
+
 	$sql .= " FROM ".MAIN_DB_PREFIX."facture as f";
 	$sql .= " INNER JOIN ".MAIN_DB_PREFIX."societe as s ON s.rowid = f.fk_soc";
 	$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_country as co ON co.rowid = s.fk_pays ";
 	$sql .= " INNER JOIN ".MAIN_DB_PREFIX."facturedet as l ON f.rowid = l.fk_facture";
 	$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product as p ON p.rowid = l.fk_product";
-	$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa  ON p.accountancy_code_sell = aa.account_number         AND aa.active = 1  AND aa.fk_pcg_version = '".$db->escape($chartaccountcode)."' AND aa.entity = ".$conf->entity;
-	$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa2 ON p.accountancy_code_sell_intra = aa2.account_number  AND aa2.active = 1 AND aa2.fk_pcg_version = '".$db->escape($chartaccountcode)."' AND aa2.entity = ".$conf->entity;
-	$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa3 ON p.accountancy_code_sell_export = aa3.account_number AND aa3.active = 1 AND aa3.fk_pcg_version = '".$db->escape($chartaccountcode)."' AND aa3.entity = ".$conf->entity;
-	$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa4 ON s.accountancy_code_sell = aa4.account_number        AND aa4.active = 1 AND aa4.fk_pcg_version = '".$db->escape($chartaccountcode)."' AND aa4.entity = ".$conf->entity;
+	if (!empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED)) {
+		$sql .= " LEFT JOIN " . MAIN_DB_PREFIX . "product_perentity as pa ON pa.fk_product = p.rowid AND pa.entity = " . ((int) $conf->entity);
+	}
+	$alias_company_accounting = !empty($conf->global->ACCOUNTANCY_COMPANY_SHARED) ? "sa" : "s";
+	$alias_product_accounting = !empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED) ? "pa" : "p";
+	$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa  ON " . $alias_product_accounting . ".accountancy_code_sell = aa.account_number         AND aa.active = 1  AND aa.fk_pcg_version = '".$db->escape($chartaccountcode)."' AND aa.entity = ".$conf->entity;
+	$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa2 ON " . $alias_product_accounting . ".accountancy_code_sell_intra = aa2.account_number  AND aa2.active = 1 AND aa2.fk_pcg_version = '".$db->escape($chartaccountcode)."' AND aa2.entity = ".$conf->entity;
+	$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa3 ON " . $alias_product_accounting . ".accountancy_code_sell_export = aa3.account_number AND aa3.active = 1 AND aa3.fk_pcg_version = '".$db->escape($chartaccountcode)."' AND aa3.entity = ".$conf->entity;
+	$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa4 ON " . $alias_company_accounting . ".accountancy_code_sell = aa4.account_number        AND aa4.active = 1 AND aa4.fk_pcg_version = '".$db->escape($chartaccountcode)."' AND aa4.entity = ".$conf->entity;
 	$sql .= " WHERE f.fk_statut > 0 AND l.fk_code_ventilation <= 0";
 	$sql .= " AND l.product_type <= 2";
 
@@ -192,7 +207,7 @@ if ($action == 'validatehistory') {
 
 			if ($objp->aarowid_suggest > 0) {
 				$sqlupdate = "UPDATE ".MAIN_DB_PREFIX."facturedet";
-				$sqlupdate .= " SET fk_code_ventilation = ".$objp->aarowid_suggest;
+				$sqlupdate .= " SET fk_code_ventilation = ".((int) $objp->aarowid_suggest);
 				$sqlupdate .= " WHERE fk_code_ventilation <= 0 AND product_type <= 2 AND rowid = ".$objp->rowid;
 
 				$resqlupdate = $db->query($sqlupdate);
diff --git a/htdocs/accountancy/customer/lines.php b/htdocs/accountancy/customer/lines.php
index 6b025e6f3c1..42e4c268b86 100644
--- a/htdocs/accountancy/customer/lines.php
+++ b/htdocs/accountancy/customer/lines.php
@@ -1,6 +1,6 @@
 <?php
 /* Copyright (C) 2013-2016 Olivier Geffroy		<jeff@jeffinfo.com>
- * Copyright (C) 2013-2020 Alexandre Spangaro	<aspangaro@open-dsi.fr>
+ * Copyright (C) 2013-2021 Alexandre Spangaro	<aspangaro@open-dsi.fr>
  * Copyright (C) 2014-2015 Ari Elbaz (elarifr)	<github@accedinfo.com>
  * Copyright (C) 2014-2016 Florian Henry		<florian.henry@open-concept.pro>
  * Copyright (C) 2014	   Juanjo Menent		<jmenent@2byte.es>
@@ -182,9 +182,13 @@ print '<script type="text/javascript">
 $sql = "SELECT f.rowid as facid, f.ref as ref, f.type, f.datef, f.ref_client,";
 $sql .= " fd.rowid, fd.description, fd.product_type as line_type, fd.total_ht, fd.total_tva, fd.tva_tx, fd.vat_src_code, fd.total_ttc,";
 $sql .= " s.rowid as socid, s.nom as name, s.code_compta, s.code_client,";
-$sql .= " p.rowid as product_id, p.fk_product_type as product_type, p.ref as product_ref, p.label as product_label, p.tobuy, p.tosell,";
-$sql .= " p.accountancy_code_sell, p.accountancy_code_sell_intra, p.accountancy_code_sell_export,";
-$sql .= " aa.rowid as fk_compte, aa.account_number, aa.label, aa.labelshort,";
+$sql .= " p.rowid as product_id, p.fk_product_type as product_type, p.ref as product_ref, p.label as product_label,";
+if (empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED)) {
+	$sql .= " pa.accountancy_code_sell,";
+} else {
+	$sql .= " p.accountancy_code_sell,";
+}
+$sql .= " aa.rowid as fk_compte, aa.account_number, aa.label as label_account, aa.labelshort as labelshort_account,";
 $sql .= " fd.situation_percent,";
 $sql .= " co.code as country_code, co.label as country,";
 $sql .= " s.rowid as socid, s.nom as name, s.tva_intra, s.email, s.town, s.zip, s.fk_pays, s.client, s.fournisseur, s.code_client, s.code_fournisseur, s.code_compta as code_compta_client, s.code_compta_fournisseur";
@@ -193,6 +197,9 @@ $reshook = $hookmanager->executeHooks('printFieldListSelect', $parameters); // N
 $sql .= $hookmanager->resPrint;
 $sql .= " FROM ".MAIN_DB_PREFIX."facturedet as fd";
 $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product as p ON p.rowid = fd.fk_product";
+if (!empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED)) {
+	$sql .= " LEFT JOIN " . MAIN_DB_PREFIX . "product_accounting as pa ON pa.fk_product = p.rowid AND pa.entity = " . ((int) $conf->entity);
+}
 $sql .= " INNER JOIN ".MAIN_DB_PREFIX."accounting_account as aa ON aa.rowid = fd.fk_code_ventilation";
 $sql .= " INNER JOIN ".MAIN_DB_PREFIX."facture as f ON f.rowid = fd.fk_facture";
 $sql .= " INNER JOIN ".MAIN_DB_PREFIX."societe as s ON s.rowid = f.fk_soc";
diff --git a/htdocs/accountancy/customer/list.php b/htdocs/accountancy/customer/list.php
index 2e28ae4b566..07596350ef6 100644
--- a/htdocs/accountancy/customer/list.php
+++ b/htdocs/accountancy/customer/list.php
@@ -218,24 +218,43 @@ if (empty($chartaccountcode)) {
 $sql = "SELECT f.rowid as facid, f.ref as ref, f.datef, f.type as ftype,";
 $sql .= " l.rowid, l.fk_product, l.description, l.total_ht, l.fk_code_ventilation, l.product_type as type_l, l.tva_tx as tva_tx_line, l.vat_src_code,";
 $sql .= " p.rowid as product_id, p.ref as product_ref, p.label as product_label, p.fk_product_type as type, p.tva_tx as tva_tx_prod,";
-$sql .= " p.accountancy_code_sell as code_sell, p.accountancy_code_sell_intra as code_sell_intra, p.accountancy_code_sell_export as code_sell_export,";
-$sql .= " p.accountancy_code_buy as code_buy, p.accountancy_code_buy_intra as code_buy_intra, p.accountancy_code_buy_export as code_buy_export,";
+if (empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED)) {
+	$sql .= " pa.accountancy_code_sell as code_sell, pa.accountancy_code_sell_intra as code_sell_intra, pa.accountancy_code_sell_export as code_sell_export,";
+	$sql .= " pa.accountancy_code_buy as code_buy, pa.accountancy_code_buy_intra as code_buy_intra, pa.accountancy_code_buy_export as code_buy_export,";
+} else {
+	$sql .= " p.accountancy_code_sell as code_sell, p.accountancy_code_sell_intra as code_sell_intra, p.accountancy_code_sell_export as code_sell_export,";
+	$sql .= " p.accountancy_code_buy as code_buy, p.accountancy_code_buy_intra as code_buy_intra, p.accountancy_code_buy_export as code_buy_export,";
+}
 $sql .= " p.tosell as status, p.tobuy as status_buy,";
 $sql .= " aa.rowid as aarowid, aa2.rowid as aarowid_intra, aa3.rowid as aarowid_export, aa4.rowid as aarowid_thirdparty,";
 $sql .= " co.code as country_code, co.label as country_label,";
-$sql .= " s.rowid as socid, s.nom as name, s.tva_intra, s.email, s.town, s.zip, s.fk_pays, s.client, s.fournisseur, s.code_client, s.code_fournisseur, s.code_compta as code_compta_client, s.code_compta_fournisseur, s.accountancy_code_sell as company_code_sell";
+$sql .= " s.rowid as socid, s.nom as name, s.tva_intra, s.email, s.town, s.zip, s.fk_pays, s.client, s.fournisseur, s.code_client, s.code_fournisseur, s.code_compta as code_compta_client, s.code_compta_fournisseur,";
+if (!empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED)) {
+	$sql .= " sa.accountancy_code_sell as company_code_sell";
+} else {
+	$sql .= " s.accountancy_code_sell as company_code_sell";
+}
 $parameters = array();
 $reshook = $hookmanager->executeHooks('printFieldListSelect', $parameters); // Note that $action and $object may have been modified by hook
 $sql .= $hookmanager->resPrint;
 $sql .= " FROM ".MAIN_DB_PREFIX."facture as f";
 $sql .= " INNER JOIN ".MAIN_DB_PREFIX."societe as s ON s.rowid = f.fk_soc";
+if (!empty($conf->global->ACCOUNTANCY_COMPANY_SHARED)) {
+	$sql .= " LEFT JOIN " . MAIN_DB_PREFIX . "societe_accounting as sa ON sa.fk_soc = s.rowid AND sa.entity = " . ((int) $conf->entity);
+}
 $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_country as co ON co.rowid = s.fk_pays ";
 $sql .= " INNER JOIN ".MAIN_DB_PREFIX."facturedet as l ON f.rowid = l.fk_facture";
 $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product as p ON p.rowid = l.fk_product";
-$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa  ON p.accountancy_code_sell = aa.account_number         AND aa.active = 1  AND aa.fk_pcg_version = '".$db->escape($chartaccountcode)."' AND aa.entity = ".$conf->entity;
-$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa2 ON p.accountancy_code_sell_intra = aa2.account_number  AND aa2.active = 1 AND aa2.fk_pcg_version = '".$db->escape($chartaccountcode)."' AND aa2.entity = ".$conf->entity;
-$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa3 ON p.accountancy_code_sell_export = aa3.account_number AND aa3.active = 1 AND aa3.fk_pcg_version = '".$db->escape($chartaccountcode)."' AND aa3.entity = ".$conf->entity;
-$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa4 ON s.accountancy_code_sell = aa4.account_number        AND aa4.active = 1 AND aa4.fk_pcg_version = '".$db->escape($chartaccountcode)."' AND aa4.entity = ".$conf->entity;
+if (!empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED)) {
+	$sql .= " LEFT JOIN " . MAIN_DB_PREFIX . "product_accounting as pa ON pa.fk_product = p.rowid AND pa.entity = " . ((int) $conf->entity);
+}
+$alias_company_accounting = empty($conf->global->MAIN_COMPANY_PERENTITY_SHARED) ? "s" : "sa";
+$alias_product_accounting = empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED) ? "p" : "pa";
+$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa  ON " . $alias_product_accounting . ".accountancy_code_sell = aa.account_number         AND aa.active = 1  AND aa.fk_pcg_version = '".$db->escape($chartaccountcode)."' AND aa.entity = ".$conf->entity;
+$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa2 ON " . $alias_product_accounting . ".accountancy_code_sell_intra = aa2.account_number  AND aa2.active = 1 AND aa2.fk_pcg_version = '".$db->escape($chartaccountcode)."' AND aa2.entity = ".$conf->entity;
+$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa3 ON " . $alias_product_accounting . ".accountancy_code_sell_export = aa3.account_number AND aa3.active = 1 AND aa3.fk_pcg_version = '".$db->escape($chartaccountcode)."' AND aa3.entity = ".$conf->entity;
+$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa4 ON " . $alias_company_accounting . ".accountancy_code_sell = aa4.account_number        AND aa4.active = 1 AND aa4.fk_pcg_version = '".$db->escape($chartaccountcode)."' AND aa4.entity = ".$conf->entity;
+
 $sql .= " WHERE f.fk_statut > 0 AND l.fk_code_ventilation <= 0";
 $sql .= " AND l.product_type <= 2";
 // Define begin binding date
diff --git a/htdocs/accountancy/expensereport/card.php b/htdocs/accountancy/expensereport/card.php
index 200a493cfed..db270b9d2db 100644
--- a/htdocs/accountancy/expensereport/card.php
+++ b/htdocs/accountancy/expensereport/card.php
@@ -64,7 +64,7 @@ if ($action == 'ventil' && $user->rights->accounting->bind->write) {
 		}
 
 		$sql = " UPDATE ".MAIN_DB_PREFIX."expensereport_det";
-		$sql .= " SET fk_code_ventilation = ".$codeventil;
+		$sql .= " SET fk_code_ventilation = ".((int) $codeventil);
 		$sql .= " WHERE rowid = ".((int) $id);
 
 		$resql = $db->query($sql);
diff --git a/htdocs/accountancy/expensereport/list.php b/htdocs/accountancy/expensereport/list.php
index 84cd64bb44f..c7a1dec2d94 100644
--- a/htdocs/accountancy/expensereport/list.php
+++ b/htdocs/accountancy/expensereport/list.php
@@ -153,7 +153,7 @@ if ($massaction == 'ventil' && $user->rights->accounting->bind->write) {
 				$ko++;
 			} else {
 				$sql = " UPDATE ".MAIN_DB_PREFIX."expensereport_det";
-				$sql .= " SET fk_code_ventilation = ".$monCompte;
+				$sql .= " SET fk_code_ventilation = ".((int) $monCompte);
 				$sql .= " WHERE rowid = ".$monId;
 
 				$accountventilated = new AccountingAccount($db);
diff --git a/htdocs/accountancy/journal/sellsjournal.php b/htdocs/accountancy/journal/sellsjournal.php
index bdf525d2827..8944fa958d9 100644
--- a/htdocs/accountancy/journal/sellsjournal.php
+++ b/htdocs/accountancy/journal/sellsjournal.php
@@ -4,7 +4,7 @@
  * Copyright (C) 2011       Juanjo Menent           <jmenent@2byte.es>
  * Copyright (C) 2012       Regis Houssin           <regis.houssin@inodbox.com>
  * Copyright (C) 2013       Christophe Battarel     <christophe.battarel@altairis.fr>
- * Copyright (C) 2013-2018  Alexandre Spangaro      <aspangaro@open-dsi.fr>
+ * Copyright (C) 2013-2021  Alexandre Spangaro      <aspangaro@open-dsi.fr>
  * Copyright (C) 2013-2016  Florian Henry           <florian.henry@open-concept.pro>
  * Copyright (C) 2013-2016  Olivier Geffroy         <jeff@jeffinfo.com>
  * Copyright (C) 2014       Raphaël Doursenaud      <rdoursenaud@gpcsolutions.fr>
@@ -108,9 +108,16 @@ if (!GETPOSTISSET('date_startmonth') && (empty($date_start) || empty($date_end))
 $sql = "SELECT f.rowid, f.ref, f.type, f.datef as df, f.ref_client, f.date_lim_reglement as dlr, f.close_code,";
 $sql .= " fd.rowid as fdid, fd.description, fd.product_type, fd.total_ht, fd.total_tva, fd.total_localtax1, fd.total_localtax2, fd.tva_tx, fd.total_ttc, fd.situation_percent, fd.vat_src_code,";
 $sql .= " s.rowid as socid, s.nom as name, s.code_client, s.code_fournisseur, s.code_compta, s.code_compta_fournisseur,";
-$sql .= " p.rowid as pid, p.ref as pref, p.accountancy_code_sell, aa.rowid as fk_compte, aa.account_number as compte, aa.label as label_compte";
+$sql .= " p.rowid as pid, p.ref as pref, aa.rowid as fk_compte, aa.account_number as compte, aa.label as label_compte,";
+if (!empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED)) {
+	$sql .= " pa.accountancy_code_sell";
+} else {
+	$sql .= " p.accountancy_code_sell";
+}
 $sql .= " FROM ".MAIN_DB_PREFIX."facturedet as fd";
-$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product as p ON p.rowid = fd.fk_product";
+if (!empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED)) {
+	$sql .= " LEFT JOIN " . MAIN_DB_PREFIX . "product_accounting as pa ON pa.fk_product = p.rowid AND pa.entity = " . ((int) $conf->entity);
+}
 $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa ON aa.rowid = fd.fk_code_ventilation";
 $sql .= " JOIN ".MAIN_DB_PREFIX."facture as f ON f.rowid = fd.fk_facture";
 $sql .= " JOIN ".MAIN_DB_PREFIX."societe as s ON s.rowid = f.fk_soc";
diff --git a/htdocs/accountancy/supplier/card.php b/htdocs/accountancy/supplier/card.php
index eee2059c660..cd17df33776 100644
--- a/htdocs/accountancy/supplier/card.php
+++ b/htdocs/accountancy/supplier/card.php
@@ -64,7 +64,7 @@ if ($action == 'ventil' && $user->rights->accounting->bind->write) {
 		}
 
 		$sql = " UPDATE ".MAIN_DB_PREFIX."facture_fourn_det";
-		$sql .= " SET fk_code_ventilation = ".$codeventil;
+		$sql .= " SET fk_code_ventilation = ".((int) $codeventil);
 		$sql .= " WHERE rowid = ".((int) $id);
 
 		$resql = $db->query($sql);
diff --git a/htdocs/accountancy/supplier/index.php b/htdocs/accountancy/supplier/index.php
index 7ef09acf91a..fc295fdafa4 100644
--- a/htdocs/accountancy/supplier/index.php
+++ b/htdocs/accountancy/supplier/index.php
@@ -193,7 +193,7 @@ if ($action == 'validatehistory') {
 
 			if ($objp->aarowid_suggest > 0) {
 				$sqlupdate = "UPDATE ".MAIN_DB_PREFIX."facture_fourn_det";
-				$sqlupdate .= " SET fk_code_ventilation = ".$objp->aarowid_suggest;
+				$sqlupdate .= " SET fk_code_ventilation = ".((int) $objp->aarowid_suggest);
 				$sqlupdate .= " WHERE fk_code_ventilation <= 0 AND product_type <= 2 AND rowid = ".$objp->rowid;
 
 				$resqlupdate = $db->query($sqlupdate);
diff --git a/htdocs/accountancy/supplier/list.php b/htdocs/accountancy/supplier/list.php
index aa3f8b4a403..c322ebef9a2 100644
--- a/htdocs/accountancy/supplier/list.php
+++ b/htdocs/accountancy/supplier/list.php
@@ -177,7 +177,7 @@ if ($massaction == 'ventil') {
 				$ko++;
 			} else {
 				$sql = " UPDATE ".MAIN_DB_PREFIX."facture_fourn_det";
-				$sql .= " SET fk_code_ventilation = ".$monCompte;
+				$sql .= " SET fk_code_ventilation = ".((int) $monCompte);
 				$sql .= " WHERE rowid = ".$monId;
 
 				$accountventilated = new AccountingAccount($db);
@@ -223,24 +223,41 @@ if (empty($chartaccountcode)) {
 $sql = "SELECT f.rowid as facid, f.ref, f.ref_supplier, f.libelle as invoice_label, f.datef, f.type as ftype,";
 $sql .= " l.rowid, l.fk_product, l.description, l.total_ht, l.fk_code_ventilation, l.product_type as type_l, l.tva_tx as tva_tx_line, l.vat_src_code,";
 $sql .= " p.rowid as product_id, p.ref as product_ref, p.label as product_label, p.fk_product_type as type, p.tva_tx as tva_tx_prod,";
-$sql .= " p.accountancy_code_sell as code_sell, p.accountancy_code_sell_intra as code_sell_intra, p.accountancy_code_sell_export as code_sell_export,";
-$sql .= " p.accountancy_code_buy as code_buy, p.accountancy_code_buy_intra as code_buy_intra, p.accountancy_code_buy_export as code_buy_export,";
+if (!empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED)) {
+	$sql .= " pa.accountancy_code_sell as code_sell, pa.accountancy_code_sell_intra as code_sell_intra, pa.accountancy_code_sell_export as code_sell_export,";
+	$sql .= " pa.accountancy_code_buy as code_buy, pa.accountancy_code_buy_intra as code_buy_intra, pa.accountancy_code_buy_export as code_buy_export,";
+} else {
+	$sql .= " p.accountancy_code_sell as code_sell, p.accountancy_code_sell_intra as code_sell_intra, p.accountancy_code_sell_export as code_sell_export,";
+	$sql .= " p.accountancy_code_buy as code_buy, p.accountancy_code_buy_intra as code_buy_intra, p.accountancy_code_buy_export as code_buy_export,";
+}
 $sql .= " p.tosell as status, p.tobuy as status_buy,";
 $sql .= " aa.rowid as aarowid, aa2.rowid as aarowid_intra, aa3.rowid as aarowid_export, aa4.rowid as aarowid_thirdparty,";
 $sql .= " co.code as country_code, co.label as country_label,";
-$sql .= " s.rowid as socid, s.nom as name, s.tva_intra, s.email, s.town, s.zip, s.fk_pays, s.client, s.fournisseur, s.code_client, s.code_fournisseur, s.code_compta as code_compta_client, s.code_compta_fournisseur, s.accountancy_code_buy as company_code_buy";
+$sql .= " s.rowid as socid, s.nom as name, s.tva_intra, s.email, s.town, s.zip, s.fk_pays, s.client, s.fournisseur, s.code_client, s.code_fournisseur, s.code_compta as code_compta_client, s.code_compta_fournisseur,";
+if (!empty($conf->global->MAIN_COMPANY_PERENTITY_SHARED)) {
+	$sql .= " sa.accountancy_code_buy as company_code_buy";
+} else {
+	$sql .= " s.accountancy_code_buy as company_code_buy";
+}
 $parameters = array();
 $reshook = $hookmanager->executeHooks('printFieldListSelect', $parameters); // Note that $action and $object may have been modified by hook
 $sql .= $hookmanager->resPrint;
 $sql .= " FROM ".MAIN_DB_PREFIX."facture_fourn as f";
 $sql .= " INNER JOIN ".MAIN_DB_PREFIX."societe as s ON s.rowid = f.fk_soc";
+if (!empty($conf->global->MAIN_COMPANY_PERENTITY_SHARED)) {
+	$sql .= " LEFT JOIN " . MAIN_DB_PREFIX . "societe_accounting as sa ON sa.fk_soc = s.rowid AND sa.entity = " . ((int) $conf->entity);
+}
 $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_country as co ON co.rowid = s.fk_pays ";
 $sql .= " INNER JOIN ".MAIN_DB_PREFIX."facture_fourn_det as l ON f.rowid = l.fk_facture_fourn";
-$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product as p ON p.rowid = l.fk_product";
-$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa  ON p.accountancy_code_buy = aa.account_number         AND aa.active = 1  AND aa.fk_pcg_version = '".$db->escape($chartaccountcode)."' AND aa.entity = ".$conf->entity;
-$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa2 ON p.accountancy_code_buy_intra = aa2.account_number  AND aa2.active = 1 AND aa2.fk_pcg_version = '".$db->escape($chartaccountcode)."' AND aa2.entity = ".$conf->entity;
-$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa3 ON p.accountancy_code_buy_export = aa3.account_number AND aa3.active = 1 AND aa3.fk_pcg_version = '".$db->escape($chartaccountcode)."' AND aa3.entity = ".$conf->entity;
-$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa4 ON s.accountancy_code_buy = aa4.account_number        AND aa4.active = 1 AND aa4.fk_pcg_version = '".$db->escape($chartaccountcode)."' AND aa4.entity = ".$conf->entity;
+if (!empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED)) {
+	$sql .= " LEFT JOIN " . MAIN_DB_PREFIX . "product_accounting as pa ON pa.fk_product = p.rowid AND pa.entity = " . ((int) $conf->entity);
+}
+$alias_company_accounting = !empty($conf->global->MAIN_COMPANY_PERENTITY_SHARED) ? "sa" : "s";
+$alias_product_accounting = !empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED) ? "pa" : "p";
+$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa  ON " . $alias_product_accounting . ".accountancy_code_buy = aa.account_number         AND aa.active = 1  AND aa.fk_pcg_version = '".$db->escape($chartaccountcode)."' AND aa.entity = ".$conf->entity;
+$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa2 ON " . $alias_product_accounting . ".accountancy_code_buy_intra = aa2.account_number  AND aa2.active = 1 AND aa2.fk_pcg_version = '".$db->escape($chartaccountcode)."' AND aa2.entity = ".$conf->entity;
+$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa3 ON " . $alias_product_accounting . ".accountancy_code_buy_export = aa3.account_number AND aa3.active = 1 AND aa3.fk_pcg_version = '".$db->escape($chartaccountcode)."' AND aa3.entity = ".$conf->entity;
+$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa4 ON " . $alias_company_accounting . ".accountancy_code_buy = aa4.account_number        AND aa4.active = 1 AND aa4.fk_pcg_version = '".$db->escape($chartaccountcode)."' AND aa4.entity = ".$conf->entity;
 $sql .= " WHERE f.fk_statut > 0 AND l.fk_code_ventilation <= 0";
 $sql .= " AND l.product_type <= 2";
 // Define begin binding date
diff --git a/htdocs/adherents/card.php b/htdocs/adherents/card.php
index b75bce38ca9..9b28cc6473e 100644
--- a/htdocs/adherents/card.php
+++ b/htdocs/adherents/card.php
@@ -7,6 +7,7 @@
  * Copyright (C) 2012-2020  Philippe Grand          <philippe.grand@atoo-net.com>
  * Copyright (C) 2015-2018  Alexandre Spangaro      <aspangaro@open-dsi.fr>
  * Copyright (C) 2018-2020  Frédéric France         <frederic.france@netlogic.fr>
+ * Copyright (C) 2021       Waël Almoman            <info@almoman.com>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -84,12 +85,10 @@ if (!empty($canvas)) {
 // Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context
 $hookmanager->initHooks(array('membercard', 'globalcard'));
 
-// Security check
-$result = restrictedArea($user, 'adherent', $id, '', '', 'socid', 'rowid', 0);
-
-if ($id > 0) {
+// Fetch object
+if ($id > 0 || !empty($ref)) {
 	// Load member
-	$result = $object->fetch($id);
+	$result = $object->fetch($id, $ref);
 
 	// Define variables to know what current user can do on users
 	$canadduser = ($user->admin || $user->rights->user->user->creer);
@@ -97,9 +96,9 @@ if ($id > 0) {
 	if ($object->user_id) {
 		// $User is the user who edits, $object->user_id is the id of the related user in the edited member
 		$caneditfielduser = ((($user->id == $object->user_id) && $user->rights->user->self->creer)
-				|| (($user->id != $object->user_id) && $user->rights->user->user->creer));
+			|| (($user->id != $object->user_id) && $user->rights->user->user->creer));
 		$caneditpassworduser = ((($user->id == $object->user_id) && $user->rights->user->self->password)
-				|| (($user->id != $object->user_id) && $user->rights->user->user->password));
+			|| (($user->id != $object->user_id) && $user->rights->user->user->password));
 	}
 }
 
@@ -110,6 +109,8 @@ if ($id) {
 	$caneditfieldmember = $user->rights->adherent->creer;
 }
 
+// Security check
+$result = restrictedArea($user, 'adherent', $object->id, '', '', 'socid', 'rowid', 0);
 
 
 /*
@@ -331,62 +332,66 @@ if (empty($reshook)) {
 				}
 			}
 
-			$result = $object->update($user, 0, $nosyncuser, $nosyncuserpass);
+			if (!$error) {
+				$result = $object->update($user, 0, $nosyncuser, $nosyncuserpass);
 
-			if ($result >= 0 && !count($object->errors)) {
-				$categories = GETPOST('memcats', 'array');
-				$object->setCategories($categories);
+				if ($result >= 0 && !count($object->errors)) {
+					$categories = GETPOST('memcats', 'array');
+					$object->setCategories($categories);
 
-				// Logo/Photo save
-				$dir = $conf->adherent->dir_output.'/'.get_exdir(0, 0, 0, 1, $object, 'member').'/photos';
-				$file_OK = is_uploaded_file($_FILES['photo']['tmp_name']);
-				if ($file_OK) {
-					if (GETPOST('deletephoto')) {
-						require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
-						$fileimg = $conf->adherent->dir_output.'/'.get_exdir(0, 0, 0, 1, $object, 'member').'/photos/'.$object->photo;
-						$dirthumbs = $conf->adherent->dir_output.'/'.get_exdir(0, 0, 0, 1, $object, 'member').'/photos/thumbs';
-						dol_delete_file($fileimg);
-						dol_delete_dir_recursive($dirthumbs);
-					}
+					// Logo/Photo save
+					$dir = $conf->adherent->dir_output.'/'.get_exdir(0, 0, 0, 1, $object, 'member').'/photos';
+					$file_OK = is_uploaded_file($_FILES['photo']['tmp_name']);
+					if ($file_OK) {
+						if (GETPOST('deletephoto')) {
+							require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
+							$fileimg = $conf->adherent->dir_output.'/'.get_exdir(0, 0, 0, 1, $object, 'member').'/photos/'.$object->photo;
+							$dirthumbs = $conf->adherent->dir_output.'/'.get_exdir(0, 0, 0, 1, $object, 'member').'/photos/thumbs';
+							dol_delete_file($fileimg);
+							dol_delete_dir_recursive($dirthumbs);
+						}
 
-					if (image_format_supported($_FILES['photo']['name']) > 0) {
-						dol_mkdir($dir);
+						if (image_format_supported($_FILES['photo']['name']) > 0) {
+							dol_mkdir($dir);
 
-						if (@is_dir($dir)) {
-							$newfile = $dir.'/'.dol_sanitizeFileName($_FILES['photo']['name']);
-							if (!dol_move_uploaded_file($_FILES['photo']['tmp_name'], $newfile, 1, 0, $_FILES['photo']['error']) > 0) {
-								setEventMessages($langs->trans("ErrorFailedToSaveFile"), null, 'errors');
-							} else {
-								// Create thumbs
-								$object->addThumbs($newfile);
+							if (@is_dir($dir)) {
+								$newfile = $dir.'/'.dol_sanitizeFileName($_FILES['photo']['name']);
+								if (!dol_move_uploaded_file($_FILES['photo']['tmp_name'], $newfile, 1, 0, $_FILES['photo']['error']) > 0) {
+									setEventMessages($langs->trans("ErrorFailedToSaveFile"), null, 'errors');
+								} else {
+									// Create thumbs
+									$object->addThumbs($newfile);
+								}
 							}
+						} else {
+							setEventMessages("ErrorBadImageFormat", null, 'errors');
 						}
 					} else {
-						setEventMessages("ErrorBadImageFormat", null, 'errors');
+						switch ($_FILES['photo']['error']) {
+							case 1: //uploaded file exceeds the upload_max_filesize directive in php.ini
+							case 2: //uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the html form
+								$errors[] = "ErrorFileSizeTooLarge";
+								break;
+							case 3: //uploaded file was only partially uploaded
+								$errors[] = "ErrorFilePartiallyUploaded";
+								break;
+						}
+					}
+
+					$rowid = $object->id;
+					$id = $object->id;
+					$action = '';
+
+					if (!empty($backtopage)) {
+						header("Location: ".$backtopage);
+						exit;
 					}
 				} else {
-					switch ($_FILES['photo']['error']) {
-						case 1: //uploaded file exceeds the upload_max_filesize directive in php.ini
-						case 2: //uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the html form
-							$errors[] = "ErrorFileSizeTooLarge";
-							break;
-						case 3: //uploaded file was only partially uploaded
-							$errors[] = "ErrorFilePartiallyUploaded";
-							break;
-					}
-				}
-
-				$rowid = $object->id;
-				$id = $object->id;
-				$action = '';
-
-				if (!empty($backtopage)) {
-					header("Location: ".$backtopage);
-					exit;
+					setEventMessages($object->error, $object->errors, 'errors');
+					$action = '';
 				}
 			} else {
-				setEventMessages($object->error, $object->errors, 'errors');
-				$action = '';
+				$action = 'edit';
 			}
 		} else {
 			$action = 'edit';
@@ -550,7 +555,6 @@ if (empty($reshook)) {
 				$db->commit();
 				$rowid = $object->id;
 				$id = $object->id;
-				$action = '';
 			} else {
 				$db->rollback();
 
@@ -559,12 +563,41 @@ if (empty($reshook)) {
 				} else {
 					setEventMessages($object->error, $object->errors, 'errors');
 				}
-
-				$action = 'create';
 			}
-		} else {
-			$action = 'create';
+			// Auto-create thirdparty on member creation
+			if (!empty($conf->global->ADHERENT_DEFAULT_CREATE_THIRDPARTY)) {
+				if ($result > 0) {
+					// User creation
+					$company = new Societe($db);
+
+					$companyalias = '';
+					$fullname = $object->getFullName($langs);
+
+					if ($object->morphy == 'mor') {
+						$companyname = $object->company;
+						if (!empty($fullname)) {
+							$companyalias = $fullname;
+						}
+					} else {
+						$companyname = $fullname;
+						if (!empty($object->company)) {
+							$companyalias = $object->company;
+						}
+					}
+
+					$result = $company->create_from_member($object, $companyname, $companyalias);
+
+					if ($result < 0) {
+						$langs->load("errors");
+						setEventMessages($langs->trans($company->error), null, 'errors');
+						setEventMessages($company->error, $company->errors, 'errors');
+					}
+				} else {
+					setEventMessages($object->error, $object->errors, 'errors');
+				}
+			}
 		}
+		$action = ($result < 0 || !$error) ?  '' : 'create';
 	}
 
 	if ($user->rights->adherent->supprimer && $action == 'confirm_delete' && $confirm == 'yes') {
diff --git a/htdocs/adherents/class/adherent.class.php b/htdocs/adherents/class/adherent.class.php
index cf6f9d54649..eca8668e308 100644
--- a/htdocs/adherents/class/adherent.class.php
+++ b/htdocs/adherents/class/adherent.class.php
@@ -13,6 +13,7 @@
  * Copyright (C) 2018-2019	Thibault FOUCART		<support@ptibogxiv.net>
  * Copyright (C) 2019		Nicolas ZABOURI 		<info@inovea-conseil.com>
  * Copyright (C) 2020		Josep Lluís Amador 		<joseplluis@lliuretic.cat>
+ * Copyright (C) 2021           Waël Almoman                    <info@almoman.com>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
diff --git a/htdocs/adherents/class/adherent_type.class.php b/htdocs/adherents/class/adherent_type.class.php
index b4347277b5d..460cefdeed3 100644
--- a/htdocs/adherents/class/adherent_type.class.php
+++ b/htdocs/adherents/class/adherent_type.class.php
@@ -4,6 +4,7 @@
  * Copyright (C) 2009-2017	Regis Houssin			<regis.houssin@inodbox.com>
  * Copyright (C) 2016		Charlie Benke			<charlie@patas-monkey.com>
  * Copyright (C) 2018-2019  Thibault Foucart		<support@ptibogxiv.net>
+ * Copyright (C) 2021           Waël Almoman            <info@almoman.com>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
diff --git a/htdocs/adherents/document.php b/htdocs/adherents/document.php
index 88e31ebffb6..c359f539547 100644
--- a/htdocs/adherents/document.php
+++ b/htdocs/adherents/document.php
@@ -42,9 +42,6 @@ $ref = GETPOST('ref', 'alphanohtml');
 $action = GETPOST('action', 'aZ09');
 $confirm = GETPOST('confirm', 'alpha');
 
-// Security check
-$result = restrictedArea($user, 'adherent', $id);
-
 // Get parameters
 $limit = GETPOST('limit', 'int') ? GETPOST('limit', 'int') : $conf->liste_limit;
 $sortfield = GETPOST("sortfield", 'alpha');
@@ -63,8 +60,6 @@ if (!$sortfield) {
 	$sortfield = "name";
 }
 
-
-$form = new Form($db);
 $object = new Adherent($db);
 $membert = new AdherentType($db);
 $result = $object->fetch($id, $ref);
@@ -74,6 +69,33 @@ if ($result < 0) {
 }
 $upload_dir = $conf->adherent->dir_output."/".get_exdir(0, 0, 0, 1, $object, 'member');
 
+// Fetch object
+if ($id > 0 || !empty($ref)) {
+	// Load member
+	$result = $object->fetch($id, $ref);
+
+	// Define variables to know what current user can do on users
+	$canadduser = ($user->admin || $user->rights->user->user->creer);
+	// Define variables to know what current user can do on properties of user linked to edited member
+	if ($object->user_id) {
+		// $User is the user who edits, $object->user_id is the id of the related user in the edited member
+		$caneditfielduser = ((($user->id == $object->user_id) && $user->rights->user->self->creer)
+			|| (($user->id != $object->user_id) && $user->rights->user->user->creer));
+		$caneditpassworduser = ((($user->id == $object->user_id) && $user->rights->user->self->password)
+			|| (($user->id != $object->user_id) && $user->rights->user->user->password));
+	}
+}
+
+// Define variables to determine what the current user can do on the members
+$canaddmember = $user->rights->adherent->creer;
+// Define variables to determine what the current user can do on the properties of a member
+if ($id) {
+	$caneditfieldmember = $user->rights->adherent->creer;
+}
+
+// Security check
+$result = restrictedArea($user, 'adherent', $object->id, '', '', 'socid', 'rowid', 0);
+
 
 /*
  * Actions
diff --git a/htdocs/adherents/htpasswd.php b/htdocs/adherents/htpasswd.php
index a1c105bd192..e1f580a3656 100644
--- a/htdocs/adherents/htpasswd.php
+++ b/htdocs/adherents/htpasswd.php
@@ -26,7 +26,16 @@
 require '../main.inc.php';
 require_once DOL_DOCUMENT_ROOT.'/core/lib/security2.lib.php';
 
+$status = GETPOST('status', 'int');
+$cotis = GETPOST('cotis', 'int');
+
+$sortfield = GETPOST('sortfield', 'alphanohtml');
+$sortorder = GETPOST('sortorder', 'aZ09');
+
 // Security check
+if (empty($conf->adherent->enabled)) {
+	accessforbidden();
+}
 if (!$user->rights->adherent->export) {
 	accessforbidden();
 }
@@ -46,19 +55,10 @@ if (empty($sortorder)) {
 if (empty($sortfield)) {
 	$sortfield = "d.login";
 }
-if (!isset($statut)) {
-	$statut = 1;
-}
-
-if (!isset($cotis)) {
-	// by default, members must be up to date of subscription
-	$cotis = 1;
-}
-
 
 $sql = "SELECT d.login, d.pass, d.datefin";
 $sql .= " FROM ".MAIN_DB_PREFIX."adherent as d ";
-$sql .= " WHERE d.statut = ".$statut;
+$sql .= " WHERE d.statut = ".((int) $status);
 if ($cotis == 1) {
 	$sql .= " AND datefin > '".$db->idate($now)."'";
 }
@@ -70,6 +70,7 @@ if ($resql) {
 	$num = $db->num_rows($resql);
 	$i = 0;
 
+	$param = '';
 	print_barre_liste($langs->trans("HTPasswordExport"), $page, $_SERVER["PHP_SELF"], $param, $sortfield, $sortorder, '', 0);
 
 	print "<hr>\n";
diff --git a/htdocs/adherents/index.php b/htdocs/adherents/index.php
index 803ef89bb22..0340af431f7 100644
--- a/htdocs/adherents/index.php
+++ b/htdocs/adherents/index.php
@@ -5,6 +5,7 @@
  * Copyright (C) 2005-2012	Regis Houssin			<regis.houssin@inodbox.com>
  * Copyright (C) 2019       Nicolas ZABOURI         <info@inovea-conseil.com>
  * Copyright (C) 2021		Frédéric France			<frederic.france@netlgic.fr>
+ * Copyright (C) 2021       Waël Almoman            <info@almoman.com>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
diff --git a/htdocs/adherents/ldap.php b/htdocs/adherents/ldap.php
index 89baf2f5ec5..44d5ee5399b 100644
--- a/htdocs/adherents/ldap.php
+++ b/htdocs/adherents/ldap.php
@@ -32,7 +32,8 @@ require_once DOL_DOCUMENT_ROOT.'/adherents/class/adherent_type.class.php';
 // Load translation files required by the page
 $langs->loadLangs(array("companies", "members", "ldap", "admin"));
 
-$rowid = GETPOST('id', 'int');
+$id = GETPOST('id', 'int');
+$ref = GETPOST('ref', 'alphanohtml');
 $action = GETPOST('action', 'aZ09');
 
 // Protection
@@ -42,12 +43,34 @@ if ($user->socid > 0) {
 }
 
 $object = new Adherent($db);
-$result = $object->fetch($rowid);
-if (!$result) {
-	dol_print_error($db, "Failed to get adherent: ".$object->error);
-	exit;
+
+// Fetch object
+if ($id > 0 || !empty($ref)) {
+	// Load member
+	$result = $object->fetch($id, $ref);
+
+	// Define variables to know what current user can do on users
+	$canadduser = ($user->admin || $user->rights->user->user->creer);
+	// Define variables to know what current user can do on properties of user linked to edited member
+	if ($object->user_id) {
+		// $User is the user who edits, $object->user_id is the id of the related user in the edited member
+		$caneditfielduser = ((($user->id == $object->user_id) && $user->rights->user->self->creer)
+			|| (($user->id != $object->user_id) && $user->rights->user->user->creer));
+		$caneditpassworduser = ((($user->id == $object->user_id) && $user->rights->user->self->password)
+			|| (($user->id != $object->user_id) && $user->rights->user->user->password));
+	}
 }
 
+// Define variables to determine what the current user can do on the members
+$canaddmember = $user->rights->adherent->creer;
+// Define variables to determine what the current user can do on the properties of a member
+if ($id) {
+	$caneditfieldmember = $user->rights->adherent->creer;
+}
+
+// Security check
+$result = restrictedArea($user, 'adherent', $object->id, '', '', 'socid', 'rowid', 0);
+
 
 /*
  * Actions
diff --git a/htdocs/adherents/note.php b/htdocs/adherents/note.php
index 26fec04a5e6..cc216d794d1 100644
--- a/htdocs/adherents/note.php
+++ b/htdocs/adherents/note.php
@@ -33,9 +33,7 @@ $langs->loadLangs(array("companies", "members", "bills"));
 
 $action = GETPOST('action', 'aZ09');
 $id = GETPOST('id', 'int');
-
-// Security check
-$result = restrictedArea($user, 'adherent', $id);
+$ref = GETPOST('ref', 'alphanohtml');
 
 $object = new Adherent($db);
 $result = $object->fetch($id);
@@ -46,6 +44,34 @@ if ($result > 0) {
 
 $permissionnote = $user->rights->adherent->creer; // Used by the include of actions_setnotes.inc.php
 
+// Fetch object
+if ($id > 0 || !empty($ref)) {
+	// Load member
+	$result = $object->fetch($id, $ref);
+
+	// Define variables to know what current user can do on users
+	$canadduser = ($user->admin || $user->rights->user->user->creer);
+	// Define variables to know what current user can do on properties of user linked to edited member
+	if ($object->user_id) {
+		// $User is the user who edits, $object->user_id is the id of the related user in the edited member
+		$caneditfielduser = ((($user->id == $object->user_id) && $user->rights->user->self->creer)
+			|| (($user->id != $object->user_id) && $user->rights->user->user->creer));
+		$caneditpassworduser = ((($user->id == $object->user_id) && $user->rights->user->self->password)
+			|| (($user->id != $object->user_id) && $user->rights->user->user->password));
+	}
+}
+
+// Define variables to determine what the current user can do on the members
+$canaddmember = $user->rights->adherent->creer;
+// Define variables to determine what the current user can do on the properties of a member
+if ($id) {
+	$caneditfieldmember = $user->rights->adherent->creer;
+}
+
+// Security check
+$result = restrictedArea($user, 'adherent', $object->id, '', '', 'socid', 'rowid', 0);
+
+
 /*
  * Actions
  */
@@ -71,7 +97,7 @@ if ($id) {
 
 	print dol_get_fiche_head($head, 'note', $langs->trans("Member"), -1, 'user');
 
-	print "<form method=\"post\" action=\"".$_SERVER['PHP_SELF']."\">";
+	print '<form method="POST" action="'.$_SERVER['PHP_SELF'].'">';
 	print '<input type="hidden" name="token" value="'.newToken().'">';
 
 	$linkback = '<a href="'.DOL_URL_ROOT.'/adherents/list.php?restore_lastsearch_values=1">'.$langs->trans("BackToList").'</a>';
diff --git a/htdocs/adherents/subscription.php b/htdocs/adherents/subscription.php
index ecc0e1cfe47..54729e5ba8a 100644
--- a/htdocs/adherents/subscription.php
+++ b/htdocs/adherents/subscription.php
@@ -42,7 +42,9 @@ $langs->loadLangs(array("companies", "bills", "members", "users", "mails", 'othe
 
 $action = GETPOST('action', 'aZ09');
 $confirm = GETPOST('confirm', 'alpha');
-$rowid = GETPOST('rowid', 'int') ?GETPOST('rowid', 'int') : GETPOST('id', 'int');
+$id = GETPOST('rowid', 'int') ?GETPOST('rowid', 'int') : GETPOST('id', 'int');
+$rowid = $id;
+$ref = GETPOST('ref', 'alphanohtml');
 $typeid = GETPOST('typeid', 'int');
 $cancel = GETPOST('cancel');
 
@@ -66,10 +68,6 @@ if (!$sortorder) {
 	$sortorder = "DESC";
 }
 
-
-// Security check
-$result = restrictedArea($user, 'adherent', $rowid, '', 'cotisation');
-
 $object = new Adherent($db);
 $extrafields = new ExtraFields($db);
 $adht = new AdherentType($db);
@@ -82,29 +80,6 @@ $errmsg = '';
 $defaultdelay = 1;
 $defaultdelayunit = 'y';
 
-if ($rowid) {
-	// Load member
-	$result = $object->fetch($rowid);
-
-	// Define variables to know what current user can do on users
-	$canadduser = ($user->admin || $user->rights->user->user->creer);
-	// Define variables to know what current user can do on properties of user linked to edited member
-	if ($object->user_id) {
-		// $user is the user editing, $object->user_id is the user's id linked to the edited member
-		$caneditfielduser = ((($user->id == $object->user_id) && $user->rights->user->self->creer)
-		|| (($user->id != $object->user_id) && $user->rights->user->user->creer));
-		$caneditpassworduser = ((($user->id == $object->user_id) && $user->rights->user->self->password)
-		|| (($user->id != $object->user_id) && $user->rights->user->user->password));
-	}
-}
-
-// Define variables to know what current user can do on members
-$canaddmember = $user->rights->adherent->creer;
-// Define variables to know what current user can do on properties of a member
-if ($rowid) {
-	$caneditfieldmember = $user->rights->adherent->creer;
-}
-
 // Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context
 $hookmanager->initHooks(array('subscription'));
 
@@ -117,6 +92,33 @@ $datefrom = 0;
 $dateto = 0;
 $paymentdate = -1;
 
+// Fetch object
+if ($id > 0 || !empty($ref)) {
+	// Load member
+	$result = $object->fetch($id, $ref);
+
+	// Define variables to know what current user can do on users
+	$canadduser = ($user->admin || $user->rights->user->user->creer);
+	// Define variables to know what current user can do on properties of user linked to edited member
+	if ($object->user_id) {
+		// $User is the user who edits, $object->user_id is the id of the related user in the edited member
+		$caneditfielduser = ((($user->id == $object->user_id) && $user->rights->user->self->creer)
+			|| (($user->id != $object->user_id) && $user->rights->user->user->creer));
+		$caneditpassworduser = ((($user->id == $object->user_id) && $user->rights->user->self->password)
+			|| (($user->id != $object->user_id) && $user->rights->user->user->password));
+	}
+}
+
+// Define variables to determine what the current user can do on the members
+$canaddmember = $user->rights->adherent->creer;
+// Define variables to determine what the current user can do on the properties of a member
+if ($id) {
+	$caneditfieldmember = $user->rights->adherent->creer;
+}
+
+// Security check
+$result = restrictedArea($user, 'adherent', $object->id, '', '', 'socid', 'rowid', 0);
+
 
 /*
  * 	Actions
diff --git a/htdocs/adherents/vcard.php b/htdocs/adherents/vcard.php
index a53cacd2212..902206c7874 100644
--- a/htdocs/adherents/vcard.php
+++ b/htdocs/adherents/vcard.php
@@ -30,71 +30,100 @@ require_once DOL_DOCUMENT_ROOT.'/adherents/class/adherent.class.php';
 require_once DOL_DOCUMENT_ROOT.'/societe/class/societe.class.php';
 require_once DOL_DOCUMENT_ROOT.'/core/class/vcard.class.php';
 
-$adherent = new adherent($db);
-
-
 $id = GETPOST('id', 'int');
+$ref = GETPOST('ref', 'alphanohtml');
+
+$object = new adherent($db);
+
+// Fetch object
+if ($id > 0 || !empty($ref)) {
+	// Load member
+	$result = $object->fetch($id, $ref);
+
+	// Define variables to know what current user can do on users
+	$canadduser = ($user->admin || $user->rights->user->user->creer);
+	// Define variables to know what current user can do on properties of user linked to edited member
+	if ($object->user_id) {
+		// $User is the user who edits, $object->user_id is the id of the related user in the edited member
+		$caneditfielduser = ((($user->id == $object->user_id) && $user->rights->user->self->creer)
+			|| (($user->id != $object->user_id) && $user->rights->user->user->creer));
+		$caneditpassworduser = ((($user->id == $object->user_id) && $user->rights->user->self->password)
+			|| (($user->id != $object->user_id) && $user->rights->user->user->password));
+	}
+}
+
+// Define variables to determine what the current user can do on the members
+$canaddmember = $user->rights->adherent->creer;
+// Define variables to determine what the current user can do on the properties of a member
+if ($id) {
+	$caneditfieldmember = $user->rights->adherent->creer;
+}
 
 // Security check
-$result = restrictedArea($user, 'adherent', $id, '', '', 'socid', 'rowid', $objcanvas);
+$result = restrictedArea($user, 'adherent', $object->id, '', '', 'socid', 'rowid', 0);
 
 
-$result = $adherent->fetch($id);
-if ($result <= 0) {
-	dol_print_error($adherent->error);
-	exit;
-}
+/*
+ * Actions
+ */
 
-$physicalperson = 1;
+// None
+
+
+/*
+ * View
+ */
 
 $company = new Societe($db);
-if ($adherent->socid) {
-	$result = $company->fetch($adherent->socid);
+if ($object->socid) {
+	$result = $company->fetch($object->socid);
 }
 
+
+
 // We create VCard
 $v = new vCard();
 $v->setProdId('Dolibarr '.DOL_VERSION);
 
-$v->setUid('DOLIBARR-ADHERENTID-'.$adherent->id);
-$v->setName($adherent->lastname, $adherent->firstname, "", $adherent->civility, "");
-$v->setFormattedName($adherent->getFullName($langs, 1));
+$v->setUid('DOLIBARR-ADHERENTID-'.$object->id);
+$v->setName($object->lastname, $object->firstname, "", $object->civility, "");
+$v->setFormattedName($object->getFullName($langs, 1));
 
-$v->setPhoneNumber($adherent->phone_pro, "TYPE=WORK;VOICE");
-//$v->setPhoneNumber($adherent->phone_perso,"TYPE=HOME;VOICE");
-$v->setPhoneNumber($adherent->phone_mobile, "TYPE=CELL;VOICE");
-$v->setPhoneNumber($adherent->fax, "TYPE=WORK;FAX");
+$v->setPhoneNumber($object->phone_pro, "TYPE=WORK;VOICE");
+//$v->setPhoneNumber($object->phone_perso,"TYPE=HOME;VOICE");
+$v->setPhoneNumber($object->phone_mobile, "TYPE=CELL;VOICE");
+$v->setPhoneNumber($object->fax, "TYPE=WORK;FAX");
 
-$country = $adherent->country_code ? $adherent->country : '';
+$country = $object->country_code ? $object->country : '';
 
-$v->setAddress("", "", $adherent->address, $adherent->town, $adherent->state, $adherent->zip, $country, "TYPE=WORK;POSTAL");
-$v->setLabel("", "", $adherent->address, $adherent->town, $adherent->state, $adherent->zip, $country, "TYPE=WORK");
+$v->setAddress("", "", $object->address, $object->town, $object->state, $object->zip, $country, "TYPE=WORK;POSTAL");
+$v->setLabel("", "", $object->address, $object->town, $object->state, $object->zip, $country, "TYPE=WORK");
 
-$v->setEmail($adherent->email);
-$v->setNote($adherent->note_public);
-$v->setTitle($adherent->poste);
+$v->setEmail($object->email);
+$v->setNote($object->note_public);
+$v->setTitle($object->poste);
 
 // Data from linked company
 if ($company->id) {
 	$v->setURL($company->url, "TYPE=WORK");
-	if (!$adherent->phone_pro) {
+	if (!$object->phone_pro) {
 		$v->setPhoneNumber($company->phone, "TYPE=WORK;VOICE");
 	}
-	if (!$adherent->fax) {
+	if (!$object->fax) {
 		$v->setPhoneNumber($company->fax, "TYPE=WORK;FAX");
 	}
-	if (!$adherent->zip) {
+	if (!$object->zip) {
 		$v->setAddress("", "", $company->address, $company->town, $company->state, $company->zip, $company->country, "TYPE=WORK;POSTAL");
 	}
 	// when company e-mail is empty, use only adherent e-mail
 	if (empty(trim($company->email))) {
 		// was set before, don't set twice
-	} elseif (empty(trim($adherent->email))) {
+	} elseif (empty(trim($object->email))) {
 		// when adherent e-mail is empty, use only company e-mail
 		$v->setEmail($company->email);
-	} elseif (strtolower(end(explode("@", $adherent->email))) == strtolower(end(explode("@", $company->email)))) {
+	} elseif (strtolower(end(explode("@", $object->email))) == strtolower(end(explode("@", $company->email)))) {
 		// when e-mail domain of adherent and company are the same, use adherent e-mail at first (and company e-mail at second)
-		$v->setEmail($adherent->email);
+		$v->setEmail($object->email);
 
 		// support by Microsoft Outlook (2019 and possible earlier)
 		$v->setEmail($company->email, 'INTERNET');
@@ -103,7 +132,7 @@ if ($company->id) {
 		$v->setEmail($company->email);
 
 		// support by Microsoft Outlook (2019 and possible earlier)
-		$v->setEmail($adherent->email, 'INTERNET');
+		$v->setEmail($object->email, 'INTERNET');
 	}
 
 	// Si adherent lie a un tiers non de type "particulier"
@@ -113,9 +142,9 @@ if ($company->id) {
 }
 
 // Personal informations
-$v->setPhoneNumber($adherent->phone_perso, "TYPE=HOME;VOICE");
-if ($adherent->birth) {
-	$v->setBirthday($adherent->birth);
+$v->setPhoneNumber($object->phone_perso, "TYPE=HOME;VOICE");
+if ($object->birth) {
+	$v->setBirthday($object->birth);
 }
 
 $db->close();
diff --git a/htdocs/admin/dict.php b/htdocs/admin/dict.php
index 9d05ad00377..0f2601f0349 100644
--- a/htdocs/admin/dict.php
+++ b/htdocs/admin/dict.php
@@ -1915,10 +1915,10 @@ if ($id) {
 								$showfield = 0;
 							} elseif ($fieldlist[$field] == 'unicode') {
 								$valuetoshow = $langs->getCurrencySymbol($obj->code, 1);
-							} elseif ($fieldlist[$field] == 'label' && $tabname[$_GET["id"]] == MAIN_DB_PREFIX.'c_units') {
+							} elseif ($fieldlist[$field] == 'label' && $tabname[GETPOST("id", 'int')] == MAIN_DB_PREFIX.'c_units') {
 								$langs->load("products");
 								$valuetoshow = $langs->trans($obj->{$fieldlist[$field]});
-							} elseif ($fieldlist[$field] == 'short_label' && $tabname[$_GET["id"]] == MAIN_DB_PREFIX.'c_units') {
+							} elseif ($fieldlist[$field] == 'short_label' && $tabname[GETPOST("id", 'int')] == MAIN_DB_PREFIX.'c_units') {
 								$langs->load("products");
 								$valuetoshow = $langs->trans($obj->{$fieldlist[$field]});
 							} elseif (($fieldlist[$field] == 'unit') && ($tabname[$id] == MAIN_DB_PREFIX.'c_paper_format')) {
diff --git a/htdocs/admin/menus/index.php b/htdocs/admin/menus/index.php
index 197db4c4721..1db1adf50cf 100644
--- a/htdocs/admin/menus/index.php
+++ b/htdocs/admin/menus/index.php
@@ -111,13 +111,13 @@ if ($action == 'up') {
 	}
 
 	$sql = "UPDATE ".MAIN_DB_PREFIX."menu as m";
-	$sql .= " SET m.position = ".$previous['order'];
-	$sql .= " WHERE m.rowid = ".$current['rowid']; // Up the selected entry
+	$sql .= " SET m.position = ".((int) $previous['order']);
+	$sql .= " WHERE m.rowid = ".((int) $current['rowid']); // Up the selected entry
 	dol_syslog("admin/menus/index.php ".$sql);
 	$db->query($sql);
 	$sql = "UPDATE ".MAIN_DB_PREFIX."menu as m";
-	$sql .= " SET m.position = ".($current['order'] != $previous['order'] ? $current['order'] : $current['order'] + 1);
-	$sql .= " WHERE m.rowid = ".$previous['rowid']; // Descend celui du dessus
+	$sql .= " SET m.position = ".((int) ($current['order'] != $previous['order'] ? $current['order'] : $current['order'] + 1));
+	$sql .= " WHERE m.rowid = ".((int) $previous['rowid']); // Descend celui du dessus
 	dol_syslog("admin/menus/index.php ".$sql);
 	$db->query($sql);
 } elseif ($action == 'down') {
diff --git a/htdocs/admin/perms.php b/htdocs/admin/perms.php
index 31304c85819..f08a1497181 100644
--- a/htdocs/admin/perms.php
+++ b/htdocs/admin/perms.php
@@ -159,8 +159,8 @@ if ($result) {
 				// TODO Define familyposition
 				$family = (!empty($modules[$obj->module]->family_position) ? $modules[$obj->module]->family_position : '');
 				$familyposition = 0;
-				$sqlupdate = 'UPDATE '.MAIN_DB_PREFIX."rights_def SET module_position = ".$modules[$obj->module]->module_position.",";
-				$sqlupdate .= " family_position = ".$familyposition;
+				$sqlupdate = 'UPDATE '.MAIN_DB_PREFIX."rights_def SET module_position = ".((int) $modules[$obj->module]->module_position).",";
+				$sqlupdate .= " family_position = ".((int) $familyposition);
 				$sqlupdate .= " WHERE module_position = 0 AND module = '".$db->escape($obj->module)."'";
 				$db->query($sqlupdate);
 			}
diff --git a/htdocs/asterisk/wrapper.php b/htdocs/asterisk/wrapper.php
index 77a00aed302..7313fdfd2d5 100644
--- a/htdocs/asterisk/wrapper.php
+++ b/htdocs/asterisk/wrapper.php
@@ -75,6 +75,7 @@ function llxFooter()
 	print "\n".'</html>'."\n";
 }
 
+
 require_once '../main.inc.php';
 require_once DOL_DOCUMENT_ROOT.'/core/lib/functions.lib.php';
 require_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php';
@@ -117,10 +118,10 @@ if (!isset($conf->global->ASTERISK_MAX_RETRY)) {
 }
 
 
-$login = GETPOST('login');
-$password = GETPOST('password');
-$caller = GETPOST('caller');
-$called = GETPOST('called');
+$login = GETPOST('login', 'alphanohtml');
+$password = GETPOST('password', 'none');
+$caller = GETPOST('caller', 'alphanohtml');
+$called = GETPOST('called', 'alphanohtml');
 
 // IP address of Asterisk server
 $strHost = $conf->global->ASTERISK_HOST;
@@ -163,7 +164,7 @@ if ($resql) {
 	if ($obj) {
 		$found = $obj->name;
 	} else {
-		$found = $notfound;
+		$found = 'Not found';
 	}
 	$db->free($resql);
 } else {
@@ -177,7 +178,7 @@ if (!empty($number)) {
 	if ($pos === false) {
 		$errno = 0;
 		$errstr = 0;
-		$strCallerId = "Dolibarr call $found <".strtolower($number).">";
+		$strCallerId = "Dolibarr caller $found <".strtolower($number).">";
 		$oSocket = @fsockopen($strHost, $port, $errno, $errstr, 10);
 		if (!$oSocket) {
 			print '<body>'."\n";
@@ -211,7 +212,7 @@ if (!empty($number)) {
 		}
 	}
 } else {
-	print 'Bad parameters in URL. Must be '.$_SERVER['PHP_SELF'].'?caller=99999&called=99999&login=xxxxx&password=xxxxx';
+	print 'Bad parameters in URL. Must be '.dol_escape_htmltag($_SERVER['PHP_SELF']).'?caller=99999&called=99999&login=xxxxx&password=xxxxx';
 }
 
 // End of page
diff --git a/htdocs/bom/bom_note.php b/htdocs/bom/bom_note.php
index 99f6a708c05..5a3a2ec62b4 100644
--- a/htdocs/bom/bom_note.php
+++ b/htdocs/bom/bom_note.php
@@ -79,8 +79,8 @@ include DOL_DOCUMENT_ROOT.'/core/actions_setnotes.inc.php'; // Must be include,
 
 $form = new Form($db);
 
-//$help_url='EN:Customers_Orders|FR:Commandes_Clients|ES:Pedidos de clientes';
-$help_url = '';
+$help_url = 'EN:Module_BOM';
+
 llxHeader('', $langs->trans('BillOfMaterials'), $help_url);
 
 if ($id > 0 || !empty($ref)) {
diff --git a/htdocs/bom/tpl/index.html b/htdocs/bom/tpl/index.html
new file mode 100644
index 00000000000..8b137891791
--- /dev/null
+++ b/htdocs/bom/tpl/index.html
@@ -0,0 +1 @@
+
diff --git a/htdocs/cashdesk/affContenu.php b/htdocs/cashdesk/affContenu.php
index 7d9af18913e..d8e31f3b9c9 100644
--- a/htdocs/cashdesk/affContenu.php
+++ b/htdocs/cashdesk/affContenu.php
@@ -26,7 +26,7 @@
 require_once 'class/Facturation.class.php';
 
 // Si nouvelle vente, reinitialisation des donnees (destruction de l'objet et vidage de la table contenant la liste des articles)
-if ($_GET['id'] == 'NOUV') {
+if (GETPOST('id', 'int') == 'NOUV') {
 	unset($_SESSION['serObjFacturation']);
 	unset($_SESSION['poscart']);
 }
diff --git a/htdocs/categories/class/categorie.class.php b/htdocs/categories/class/categorie.class.php
index 94a1b89de8f..10cc15a2dc9 100644
--- a/htdocs/categories/class/categorie.class.php
+++ b/htdocs/categories/class/categorie.class.php
@@ -604,7 +604,7 @@ class Categorie extends CommonObject
 		/* FIX #1317 : Check for child category and move up 1 level*/
 		if (!$error) {
 			$sql = "UPDATE ".MAIN_DB_PREFIX."categorie";
-			$sql .= " SET fk_parent = ".$this->fk_parent;
+			$sql .= " SET fk_parent = ".((int) $this->fk_parent);
 			$sql .= " WHERE fk_parent = ".$this->id;
 
 			if (!$this->db->query($sql)) {
diff --git a/htdocs/comm/action/card.php b/htdocs/comm/action/card.php
index db26bc4ad22..74ff6c6aa62 100644
--- a/htdocs/comm/action/card.php
+++ b/htdocs/comm/action/card.php
@@ -80,16 +80,12 @@ $id = GETPOST('id', 'int');
 if ($user->socid) {
 	$socid = $user->socid;
 }
-$result = restrictedArea($user, 'agenda', $id, 'actioncomm&societe', 'myactions|allactions', 'fk_soc', 'id');
-if ($user->socid && $socid) {
-	$result = restrictedArea($user, 'societe', $socid);
-}
 
 $error = GETPOST("error");
 $donotclearsession = GETPOST('donotclearsession') ?GETPOST('donotclearsession') : 0;
 
-$cactioncomm = new CActionComm($db);
 $object = new ActionComm($db);
+$cactioncomm = new CActionComm($db);
 $contact = new Contact($db);
 $extrafields = new ExtraFields($db);
 $formfile = new FormFile($db);
@@ -132,6 +128,11 @@ if (!empty($conf->global->AGENDA_REMINDER_EMAIL)) {
 
 $TDurationTypes = array('y'=>$langs->trans('Years'), 'm'=>$langs->trans('Month'), 'w'=>$langs->trans('Weeks'), 'd'=>$langs->trans('Days'), 'h'=>$langs->trans('Hours'), 'i'=>$langs->trans('Minutes'));
 
+$result = restrictedArea($user, 'agenda', $object->id, 'actioncomm&societe', 'myactions|allactions', 'fk_soc', 'id');
+if ($user->socid && $socid) {
+	$result = restrictedArea($user, 'societe', $socid);
+}
+
 
 /*
  * Actions
diff --git a/htdocs/comm/action/document.php b/htdocs/comm/action/document.php
index 493cfb1a109..2ff3b1ade8c 100644
--- a/htdocs/comm/action/document.php
+++ b/htdocs/comm/action/document.php
@@ -54,7 +54,6 @@ if ($user->socid > 0) {
 	unset($_GET["action"]);
 	$action = '';
 }
-$result = restrictedArea($user, 'agenda', $id, 'actioncomm&societe', 'myactions|allactions', 'fk_soc', 'id');
 
 $object = new ActionComm($db);
 
@@ -84,10 +83,16 @@ if (!$sortfield) {
 $upload_dir = $conf->agenda->dir_output.'/'.dol_sanitizeFileName($object->ref);
 $modulepart = 'actions';
 
+$result = restrictedArea($user, 'agenda', $id, 'actioncomm&societe', 'myactions|allactions', 'fk_soc', 'id');
+if ($user->socid && $socid) {
+	$result = restrictedArea($user, 'societe', $socid);
+}
+
 
 /*
  * Actions
  */
+
 include DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php';
 
 
@@ -98,6 +103,7 @@ include DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php';
 $form = new Form($db);
 
 $help_url = 'EN:Module_Agenda_En|FR:Module_Agenda|ES:M&omodulodulo_Agenda';
+
 llxHeader('', $langs->trans("Agenda"), $help_url);
 
 
diff --git a/htdocs/comm/action/index.php b/htdocs/comm/action/index.php
index b8d443d8096..6e0bc4ab1e1 100644
--- a/htdocs/comm/action/index.php
+++ b/htdocs/comm/action/index.php
@@ -79,7 +79,6 @@ $socid = GETPOST("search_socid", "int") ?GETPOST("search_socid", "int") : GETPOS
 if ($user->socid) {
 	$socid = $user->socid;
 }
-$result = restrictedArea($user, 'agenda', 0, '', 'myactions');
 if ($socid < 0) {
 	$socid = '';
 }
@@ -155,6 +154,11 @@ $langs->loadLangs(array('agenda', 'other', 'commercial'));
 // Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context
 $hookmanager->initHooks(array('agenda'));
 
+$result = restrictedArea($user, 'agenda', 0, 'actioncomm&societe', 'myactions|allactions', 'fk_soc', 'id');
+if ($user->socid && $socid) {
+	$result = restrictedArea($user, 'societe', $socid);
+}
+
 
 /*
  * Actions
diff --git a/htdocs/comm/action/info.php b/htdocs/comm/action/info.php
index 2360f2925d9..f5d1c65b267 100644
--- a/htdocs/comm/action/info.php
+++ b/htdocs/comm/action/info.php
@@ -45,6 +45,9 @@ if ($user->socid > 0) {
 }
 
 $result = restrictedArea($user, 'agenda', $id, 'actioncomm&societe', 'myactions|allactions', 'fk_soc', 'id');
+if ($user->socid && $socid) {
+	$result = restrictedArea($user, 'societe', $socid);
+}
 
 
 /*
diff --git a/htdocs/comm/action/list.php b/htdocs/comm/action/list.php
index 888a13fb4b8..c5559e12fe9 100644
--- a/htdocs/comm/action/list.php
+++ b/htdocs/comm/action/list.php
@@ -128,7 +128,6 @@ $socid = GETPOST("search_socid", 'int') ?GETPOST("search_socid", 'int') : GETPOS
 if ($user->socid) {
 	$socid = $user->socid;
 }
-$result = restrictedArea($user, 'agenda', 0, '', 'myactions');
 if ($socid < 0) {
 	$socid = '';
 }
@@ -165,7 +164,11 @@ include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_list_array_fields.tpl.php';
 $object->fields = dol_sort_array($object->fields, 'position');
 $arrayfields = dol_sort_array($arrayfields, 'position');
 
-//var_dump($_POST);exit;
+$result = restrictedArea($user, 'agenda', 0, '', 'myactions');
+if ($user->socid && $socid) {
+	$result = restrictedArea($user, 'societe', $socid);
+}
+
 
 /*
  *	Actions
diff --git a/htdocs/comm/action/pertype.php b/htdocs/comm/action/pertype.php
index 3b55399a58a..74032b7fb01 100644
--- a/htdocs/comm/action/pertype.php
+++ b/htdocs/comm/action/pertype.php
@@ -75,7 +75,6 @@ $socid = GETPOST("search_socid", "int") ?GETPOST("search_socid", "int") : GETPOS
 if ($user->socid) {
 	$socid = $user->socid;
 }
-$result = restrictedArea($user, 'agenda', 0, '', 'myactions');
 if ($socid < 0) {
 	$socid = '';
 }
@@ -170,6 +169,11 @@ $langs->loadLangs(array('users', 'agenda', 'other', 'commercial'));
 // Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context
 $hookmanager->initHooks(array('agenda'));
 
+$result = restrictedArea($user, 'agenda', 0, '', 'myactions');
+if ($user->socid && $socid) {
+	$result = restrictedArea($user, 'societe', $socid);
+}
+
 
 /*
  * Actions
diff --git a/htdocs/comm/action/peruser.php b/htdocs/comm/action/peruser.php
index 8c440395083..dd6886fa196 100644
--- a/htdocs/comm/action/peruser.php
+++ b/htdocs/comm/action/peruser.php
@@ -71,12 +71,10 @@ if (!$sortfield) {
 	$sortfield = "a.datec";
 }
 
-// Security check
 $socid = GETPOST("search_socid", "int") ?GETPOST("search_socid", "int") : GETPOST("socid", "int");
 if ($user->socid) {
 	$socid = $user->socid;
 }
-$result = restrictedArea($user, 'agenda', 0, '', 'myactions');
 if ($socid < 0) {
 	$socid = '';
 }
@@ -177,6 +175,11 @@ $langs->loadLangs(array('users', 'agenda', 'other', 'commercial'));
 // Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context
 $hookmanager->initHooks(array('agenda'));
 
+$result = restrictedArea($user, 'agenda', 0, '', 'myactions');
+if ($user->socid && $socid) {
+	$result = restrictedArea($user, 'societe', $socid);
+}
+
 
 /*
  * Actions
diff --git a/htdocs/comm/action/rapport/index.php b/htdocs/comm/action/rapport/index.php
index 908819e1d1a..a90bc1cf5a3 100644
--- a/htdocs/comm/action/rapport/index.php
+++ b/htdocs/comm/action/rapport/index.php
@@ -59,7 +59,10 @@ $socid = GETPOST('socid', 'int');
 if ($user->socid) {
 	$socid = $user->socid;
 }
-$result = restrictedArea($user, 'agenda', $socid, '', 'myactions');
+$result = restrictedArea($user, 'agenda', 0, '', 'myactions');
+if ($user->socid && $socid) {
+	$result = restrictedArea($user, 'societe', $socid);
+}
 
 
 /*
diff --git a/htdocs/comm/admin/propaldet_extrafields.php b/htdocs/comm/admin/propaldet_extrafields.php
index 834722f2afd..19b7674449f 100644
--- a/htdocs/comm/admin/propaldet_extrafields.php
+++ b/htdocs/comm/admin/propaldet_extrafields.php
@@ -31,11 +31,6 @@ require '../../main.inc.php';
 require_once DOL_DOCUMENT_ROOT.'/core/lib/propal.lib.php';
 require_once DOL_DOCUMENT_ROOT.'/core/class/extrafields.class.php';
 
-
-if (!$user->admin) {
-	accessforbidden();
-}
-
 // Load translation files required by the page
 $langs->loadlangs(array('admin', 'other', 'propal'));
 
diff --git a/htdocs/comm/card.php b/htdocs/comm/card.php
index 8039241a899..3dc24f4c8b5 100644
--- a/htdocs/comm/card.php
+++ b/htdocs/comm/card.php
@@ -88,15 +88,10 @@ if (!empty($conf->notification->enabled)) {
 	$langs->load("mails");
 }
 
-// Security check
-$id = (GETPOST('socid', 'int') ? GETPOST('socid', 'int') : GETPOST('id', 'int'));
-if ($user->socid > 0) {
-	$id = $user->socid;
-}
-$result = restrictedArea($user, 'societe', $id, '&societe');
-
 $action = GETPOST('action', 'aZ09');
 
+$id = (GETPOST('socid', 'int') ? GETPOST('socid', 'int') : GETPOST('id', 'int'));
+
 $limit = GETPOST('limit', 'int') ? GETPOST('limit', 'int') : $conf->liste_limit;
 $sortfield = GETPOST("sortfield", 'alpha');
 $sortorder = GETPOST("sortorder", 'alpha');
@@ -124,15 +119,6 @@ $extrafields->fetch_name_optionals_label($object->table_element);
 // Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context
 $hookmanager->initHooks(array('thirdpartycomm', 'globalcard'));
 
-// Security check
-$result = restrictedArea($user, 'societe', $id, '&societe', '', 'fk_soc', 'rowid', 0);
-
-if ($object->id > 0) {
-	if (!($object->client > 0) || empty($user->rights->societe->lire)) {
-		accessforbidden();
-	}
-}
-
 $now = dol_now();
 
 if ($id > 0 && empty($object->id)) {
@@ -142,6 +128,17 @@ if ($id > 0 && empty($object->id)) {
 		dol_print_error($db, $object->error, $object->errors);
 	}
 }
+if ($object->id > 0) {
+	if (!($object->client > 0) || empty($user->rights->societe->lire)) {
+		accessforbidden();
+	}
+}
+
+// Security check
+if ($user->socid > 0) {
+	$id = $user->socid;
+}
+$result = restrictedArea($user, 'societe', $object->id, '&societe', '', 'fk_soc', 'rowid', 0);
 
 
 /*
diff --git a/htdocs/comm/contact.php b/htdocs/comm/contact.php
index 8a921e1c358..9945ca0e186 100644
--- a/htdocs/comm/contact.php
+++ b/htdocs/comm/contact.php
@@ -54,6 +54,7 @@ $begin = GETPOST('begin', 'alpha');
 // Security check
 $socid = GETPOST('socid', 'int');
 if ($user->socid) {
+	$action = '';
 	$socid = $user->socid;
 }
 $result = restrictedArea($user, 'societe', $socid, '');
diff --git a/htdocs/comm/index.php b/htdocs/comm/index.php
index b727a18b76f..97fa9eb0cfc 100644
--- a/htdocs/comm/index.php
+++ b/htdocs/comm/index.php
@@ -29,10 +29,6 @@
 
 require '../main.inc.php';
 
-if (!$user->rights->societe->lire) {
-	accessforbidden();
-}
-
 require_once DOL_DOCUMENT_ROOT.'/core/class/html.formfile.class.php';
 require_once DOL_DOCUMENT_ROOT.'/core/lib/agenda.lib.php';
 require_once DOL_DOCUMENT_ROOT.'/comm/action/class/actioncomm.class.php';
@@ -63,10 +59,21 @@ if (isset($user->socid) && $user->socid > 0) {
 $max = $conf->global->MAIN_SIZE_SHORTLIST_LIMIT;
 $now = dol_now();
 
+// Security check
+$socid = GETPOST("socid", 'int');
+if ($user->socid > 0) {
+	$action = '';
+	$id = $user->socid;
+}
+restrictedArea($user, 'societe', $id, '&societe', '', 'fk_soc', 'rowid', 0);
+
+
 /*
  * Actions
  */
 
+// None
+
 
 /*
  * View
diff --git a/htdocs/comm/mailing/advtargetemailing.php b/htdocs/comm/mailing/advtargetemailing.php
index 4b60fdd3464..2487e772373 100644
--- a/htdocs/comm/mailing/advtargetemailing.php
+++ b/htdocs/comm/mailing/advtargetemailing.php
@@ -42,11 +42,6 @@ if (!empty($conf->categorie->enabled)) {
 	$langs->load("categories");
 }
 
-// Security check
-if (!$user->rights->mailing->lire || $user->socid > 0) {
-	accessforbidden();
-}
-
 // Load variable for pagination
 $limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit;
 $sortfield = GETPOST('sortfield', 'aZ09comma');
@@ -99,6 +94,12 @@ if ($result < 0) {
 	}
 }
 
+// Security check
+if (!$user->rights->mailing->lire || (empty($conf->global->EXTERNAL_USERS_ARE_AUTHORIZED) && $user->socid > 0)) {
+	accessforbidden();
+}
+//$result = restrictedArea($user, 'mailing');
+
 
 /*
  * Actions
diff --git a/htdocs/comm/mailing/card.php b/htdocs/comm/mailing/card.php
index 3fc50d03eaf..f907bd98f58 100644
--- a/htdocs/comm/mailing/card.php
+++ b/htdocs/comm/mailing/card.php
@@ -40,10 +40,6 @@ require_once DOL_DOCUMENT_ROOT.'/core/class/extrafields.class.php';
 // Load translation files required by the page
 $langs->load("mails");
 
-if (!$user->rights->mailing->lire || (empty($conf->global->EXTERNAL_USERS_ARE_AUTHORIZED) && $user->socid > 0)) {
-	accessforbidden();
-}
-
 $id = (GETPOST('mailid', 'int') ? GETPOST('mailid', 'int') : GETPOST('id', 'int'));
 $action = GETPOST('action', 'aZ09');
 $cancel = GETPOST('cancel');
@@ -80,6 +76,10 @@ $listofmethods = array();
 $listofmethods['mail'] = 'PHP mail function';
 $listofmethods['smtps'] = 'SMTP/SMTPS socket library';
 
+// Security check
+if (!$user->rights->mailing->lire || (empty($conf->global->EXTERNAL_USERS_ARE_AUTHORIZED) && $user->socid > 0)) {
+	accessforbidden();
+}
 
 
 /*
diff --git a/htdocs/comm/mailing/cibles.php b/htdocs/comm/mailing/cibles.php
index a9095609ab7..336b6431281 100644
--- a/htdocs/comm/mailing/cibles.php
+++ b/htdocs/comm/mailing/cibles.php
@@ -35,12 +35,6 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php';
 // Load translation files required by the page
 $langs->load("mails");
 
-// Security check
-if (!$user->rights->mailing->lire || $user->socid > 0) {
-	accessforbidden();
-}
-
-
 // Load variable for pagination
 $limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit;
 $sortfield = GETPOST('sortfield', 'aZ09comma');
@@ -75,6 +69,13 @@ $object = new Mailing($db);
 $result = $object->fetch($id);
 
 
+// Security check
+if (!$user->rights->mailing->lire || (empty($conf->global->EXTERNAL_USERS_ARE_AUTHORIZED) && $user->socid > 0)) {
+	accessforbidden();
+}
+//$result = restrictedArea($user, 'mailing');
+
+
 /*
  * Actions
  */
diff --git a/htdocs/comm/mailing/info.php b/htdocs/comm/mailing/info.php
index f6aa8c2e509..74d6943a044 100644
--- a/htdocs/comm/mailing/info.php
+++ b/htdocs/comm/mailing/info.php
@@ -33,9 +33,10 @@ $id = GETPOST('id', 'int');
 $langs->load("mails");
 
 // Security check
-if (!$user->rights->mailing->lire || $user->socid > 0) {
+if (!$user->rights->mailing->lire || (empty($conf->global->EXTERNAL_USERS_ARE_AUTHORIZED) && $user->socid > 0)) {
 	accessforbidden();
 }
+//$result = restrictedArea($user, 'mailing');
 
 
 
diff --git a/htdocs/comm/mailing/list.php b/htdocs/comm/mailing/list.php
index 4f851eeee28..94db62d7b19 100644
--- a/htdocs/comm/mailing/list.php
+++ b/htdocs/comm/mailing/list.php
@@ -28,9 +28,6 @@ require_once DOL_DOCUMENT_ROOT.'/comm/mailing/class/mailing.class.php';
 // Load translation files required by the page
 $langs->load("mails");
 
-// Security check
-$result = restrictedArea($user, 'mailing');
-
 $sortfield = GETPOST("sortfield", 'alpha');
 $sortorder = GETPOST("sortorder", 'alpha');
 $limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit;
@@ -69,6 +66,11 @@ $fieldstosearchall = array(
 	'm.titre'=>'Ref',
 );
 
+// Security check
+if (!$user->rights->mailing->lire || (empty($conf->global->EXTERNAL_USERS_ARE_AUTHORIZED) && $user->socid > 0)) {
+	accessforbidden();
+}
+//$result = restrictedArea($user, 'mailing');
 
 
 
diff --git a/htdocs/comm/multiprix.php b/htdocs/comm/multiprix.php
index f1638e9dc37..a409a150778 100644
--- a/htdocs/comm/multiprix.php
+++ b/htdocs/comm/multiprix.php
@@ -40,6 +40,14 @@ if ($user->socid > 0) {
 	$_socid = $user->socid;
 }
 
+// Security check
+$socid = GETPOST("socid", 'int');
+if ($user->socid > 0) {
+	$action = '';
+	$id = $user->socid;
+}
+$result = restrictedArea($user, 'societe', $id, '&societe', '', 'fk_soc', 'rowid', 0);
+
 
 /*
  * Actions
diff --git a/htdocs/comm/propal/card.php b/htdocs/comm/propal/card.php
index dc923e4e1dc..4c4881472c8 100644
--- a/htdocs/comm/propal/card.php
+++ b/htdocs/comm/propal/card.php
@@ -89,12 +89,6 @@ $hideref = (GETPOST('hideref', 'int') ? GETPOST('hideref', 'int') : (!empty($con
 // Nombre de ligne pour choix de produit/service predefinis
 $NBLINES = 4;
 
-// Security check
-if (!empty($user->socid)) {
-	$socid = $user->socid;
-}
-$result = restrictedArea($user, 'propal', $id);
-
 $object = new Propal($db);
 $extrafields = new ExtraFields($db);
 
@@ -134,6 +128,14 @@ $permissionnote = $usercancreate; // Used by the include of actions_setnotes.inc
 $permissiondellink = $usercancreate; // Used by the include of actions_dellink.inc.php
 $permissiontoedit = $usercancreate; // Used by the include of actions_lineupdown.inc.php
 
+// Security check
+if (!empty($user->socid)) {
+	$socid = $user->socid;
+	$object->id = $user->socid;
+}
+restrictedArea($user, 'propal', $object->id);
+
+
 /*
  * Actions
  */
@@ -1324,9 +1326,9 @@ if (empty($reshook)) {
 		// Terms of payment
 		$result = $object->setPaymentTerms(GETPOST('cond_reglement_id', 'int'));
 	} elseif ($action == 'setremisepercent' && $usercancreate) {
-		$result = $object->set_remise_percent($user, $_POST['remise_percent']);
+		$result = $object->set_remise_percent($user, price2num(GETPOST('remise_percent')));
 	} elseif ($action == 'setremiseabsolue' && $usercancreate) {
-		$result = $object->set_remise_absolue($user, $_POST['remise_absolue']);
+		$result = $object->set_remise_absolue($user, price2num(GETPOST('remise_absolue')));
 	} elseif ($action == 'setmode' && $usercancreate) {
 		// Payment choice
 		$result = $object->setPaymentMethods(GETPOST('mode_reglement_id', 'int'));
@@ -1387,7 +1389,7 @@ if (empty($reshook)) {
 		} elseif ($action == 'swapstatut') {
 			// Toggle the status of a contact
 			if ($object->fetch($id) > 0) {
-				$result = $object->swapContactStatus(GETPOST('ligne'));
+				$result = $object->swapContactStatus(GETPOST('ligne', 'int'));
 			} else {
 				dol_print_error($db);
 			}
diff --git a/htdocs/comm/propal/class/propal.class.php b/htdocs/comm/propal/class/propal.class.php
index d9f1654e37c..819bf275758 100644
--- a/htdocs/comm/propal/class/propal.class.php
+++ b/htdocs/comm/propal/class/propal.class.php
@@ -1242,7 +1242,7 @@ class Propal extends CommonObject
 				/*if (! $error && $this->fk_delivery_address)
 				{
 					$sql = "UPDATE ".MAIN_DB_PREFIX."propal";
-					$sql.= " SET fk_delivery_address = ".$this->fk_delivery_address;
+					$sql.= " SET fk_delivery_address = ".((int) $this->fk_delivery_address);
 					$sql.= " WHERE ref = '".$this->db->escape($this->ref)."'";
 					$sql.= " AND entity = ".setEntity($this);
 
@@ -2213,7 +2213,7 @@ class Propal extends CommonObject
 			$this->db->begin();
 
 			$sql = "UPDATE ".MAIN_DB_PREFIX."propal ";
-			$sql .= " SET fk_input_reason = ".$id;
+			$sql .= " SET fk_input_reason = ".((int) $id);
 			$sql .= " WHERE rowid = ".$this->id;
 
 			dol_syslog(__METHOD__, LOG_DEBUG);
@@ -2332,13 +2332,13 @@ class Propal extends CommonObject
 		$remise = trim($remise) ?trim($remise) : 0;
 
 		if (!empty($user->rights->propal->creer)) {
-			$remise = price2num($remise);
+			$remise = price2num($remise, 2);
 
 			$error = 0;
 
 			$this->db->begin();
 
-			$sql = "UPDATE ".MAIN_DB_PREFIX."propal SET remise_percent = ".$remise;
+			$sql = "UPDATE ".MAIN_DB_PREFIX."propal SET remise_percent = ".((float) $remise);
 			$sql .= " WHERE rowid = ".$this->id." AND fk_statut = ".self::STATUS_DRAFT;
 
 			dol_syslog(__METHOD__, LOG_DEBUG);
@@ -2390,17 +2390,18 @@ class Propal extends CommonObject
 	public function set_remise_absolue($user, $remise, $notrigger = 0)
 	{
 		// phpcs:enable
-		$remise = trim($remise) ?trim($remise) : 0;
+		if (empty($remise)) {
+			$remise = 0;
+		}
+		$remise = price2num($remise);
 
 		if (!empty($user->rights->propal->creer)) {
-			$remise = price2num($remise);
-
 			$error = 0;
 
 			$this->db->begin();
 
-			$sql = "UPDATE ".MAIN_DB_PREFIX."propal ";
-			$sql .= " SET remise_absolue = ".$remise;
+			$sql = "UPDATE ".MAIN_DB_PREFIX."propal";
+			$sql .= " SET remise_absolue = ".((float) $remise);
 			$sql .= " WHERE rowid = ".$this->id." AND fk_statut = ".self::STATUS_DRAFT;
 
 			dol_syslog(__METHOD__, LOG_DEBUG);
@@ -2445,19 +2446,17 @@ class Propal extends CommonObject
 	 *	Reopen the commercial proposal
 	 *
 	 *	@param      User	$user		Object user that close
-	 *	@param      int		$statut		Statut
+	 *	@param      int		$status		Status
 	 *	@param      string	$note		Comment
 	 *  @param		int		$notrigger	1=Does not execute triggers, 0= execute triggers
 	 *	@return     int         		<0 if KO, >0 if OK
 	 */
-	public function reopen($user, $statut, $note = '', $notrigger = 0)
+	public function reopen($user, $status, $note = '', $notrigger = 0)
 	{
-
-		$this->statut = $statut;
 		$error = 0;
 
 		$sql = "UPDATE ".MAIN_DB_PREFIX."propal";
-		$sql .= " SET fk_statut = ".$this->statut.",";
+		$sql .= " SET fk_statut = ".$status.",";
 		if (!empty($note)) {
 			$sql .= " note_private = '".$this->db->escape($note)."',";
 		}
@@ -2494,6 +2493,9 @@ class Propal extends CommonObject
 			$this->db->rollback();
 			return -1 * $error;
 		} else {
+			$this->statut = $status;
+			$this->status = $status;
+
 			$this->db->commit();
 			return 1;
 		}
@@ -2612,7 +2614,7 @@ class Propal extends CommonObject
 		$newprivatenote = dol_concatdesc($this->note_private, $note);
 
 		$sql = "UPDATE ".MAIN_DB_PREFIX."propal";
-		$sql .= " SET fk_statut = ".$status.", note_private = '".$this->db->escape($newprivatenote)."', date_cloture='".$this->db->idate($now)."', fk_user_cloture=".$user->id;
+		$sql .= " SET fk_statut = ".((int) $status).", note_private = '".$this->db->escape($newprivatenote)."', date_cloture='".$this->db->idate($now)."', fk_user_cloture=".$user->id;
 		$sql .= " WHERE rowid = ".$this->id;
 
 		$resql = $this->db->query($sql);
@@ -3951,7 +3953,7 @@ class PropaleLigne extends CommonObjectLine
 		$sql .= ' pd.date_start, pd.date_end, pd.product_type';
 		$sql .= ' FROM '.MAIN_DB_PREFIX.'propaldet as pd';
 		$sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'product as p ON pd.fk_product = p.rowid';
-		$sql .= ' WHERE pd.rowid = '.$rowid;
+		$sql .= ' WHERE pd.rowid = '.((int) $rowid);
 
 		$result = $this->db->query($sql);
 		if ($result) {
diff --git a/htdocs/comm/propal/contact.php b/htdocs/comm/propal/contact.php
index 60d3836cfcb..09aa9fddb6c 100644
--- a/htdocs/comm/propal/contact.php
+++ b/htdocs/comm/propal/contact.php
@@ -40,12 +40,6 @@ $ref = GETPOST('ref', 'alpha');
 $lineid = GETPOST('lineid', 'int');
 $action = GETPOST('action', 'aZ09');
 
-// Security check
-if ($user->socid) {
-	$socid = $user->socid;
-}
-$result = restrictedArea($user, 'propal', $id);
-
 $object = new Propal($db);
 
 // Load object
@@ -67,6 +61,13 @@ if (!$error) {
 	exit;
 }
 
+// Security check
+if (!empty($user->socid)) {
+	$socid = $user->socid;
+	$object->id = $user->socid;
+}
+restrictedArea($user, 'propal', $object->id);
+
 
 /*
  * Add a new contact
@@ -93,7 +94,7 @@ if ($action == 'addcontact' && $user->rights->propale->creer) {
 } elseif ($action == 'swapstatut' && $user->rights->propale->creer) {
 	// Toggle the status of a contact
 	if ($object->id > 0) {
-		$result = $object->swapContactStatus(GETPOST('ligne'));
+		$result = $object->swapContactStatus(GETPOST('ligne', 'int'));
 	}
 } elseif ($action == 'deletecontact' && $user->rights->propale->creer) {
 	// Deletes a contact
diff --git a/htdocs/comm/propal/document.php b/htdocs/comm/propal/document.php
index 4c408adcb28..a3ddf4ae039 100644
--- a/htdocs/comm/propal/document.php
+++ b/htdocs/comm/propal/document.php
@@ -80,6 +80,13 @@ if (!$sortfield) {
 $object = new Propal($db);
 $object->fetch($id, $ref);
 
+// Security check
+if (!empty($user->socid)) {
+	$socid = $user->socid;
+	$object->id = $user->socid;
+}
+restrictedArea($user, 'propal', $object->id);
+
 
 /*
  * Actions
diff --git a/htdocs/comm/propal/index.php b/htdocs/comm/propal/index.php
index 2005e51571b..7b47915f0ea 100644
--- a/htdocs/comm/propal/index.php
+++ b/htdocs/comm/propal/index.php
@@ -26,15 +26,6 @@
  */
 
 require '../../main.inc.php';
-
-// Security check
-$socid = GETPOST('socid', 'int');
-if (isset($user->socid) && $user->socid > 0) {
-	$action = '';
-	$socid = $user->socid;
-}
-restrictedArea($user, 'propal');
-
 require_once DOL_DOCUMENT_ROOT.'/core/class/html.formfile.class.php';
 require_once DOL_DOCUMENT_ROOT.'/comm/propal/class/propal.class.php';
 
@@ -48,9 +39,19 @@ $langs->loadLangs(array('propal', 'companies'));
 $now = dol_now();
 $max = 5;
 
+// Security check
+$socid = GETPOST('socid', 'int');
+if (isset($user->socid) && $user->socid > 0) {
+	$action = '';
+	$socid = $user->socid;
+}
+restrictedArea($user, 'propal');
+
+
 /*
  * View
  */
+
 $propalstatic = new Propal($db);
 $companystatic = new Societe($db);
 $form = new Form($db);
diff --git a/htdocs/comm/propal/info.php b/htdocs/comm/propal/info.php
index 847b42edbc5..72e4f887496 100644
--- a/htdocs/comm/propal/info.php
+++ b/htdocs/comm/propal/info.php
@@ -39,18 +39,18 @@ $id = GETPOST('id', 'int');
 $ref = GETPOST('ref', 'alpha');
 $socid = GETPOST('socid', 'int');
 
-// Security check
-if (!empty($user->socid)) {
-	$socid = $user->socid;
-}
-$result = restrictedArea($user, 'propal', $id);
-
 $object = new Propal($db);
 if (!$object->fetch($id, $ref) > 0) {
 	dol_print_error($db);
 	exit;
 }
 
+// Security check
+if (!empty($user->socid)) {
+	$socid = $user->socid;
+	$object->id = $user->socid;
+}
+restrictedArea($user, 'propal', $object->id);
 
 
 /*
diff --git a/htdocs/comm/propal/list.php b/htdocs/comm/propal/list.php
index 453abff36b2..f5ac2ebae7a 100644
--- a/htdocs/comm/propal/list.php
+++ b/htdocs/comm/propal/list.php
@@ -843,31 +843,31 @@ if ($resql) {
 	if ($user->rights->societe->client->voir || $socid) {
 		$langs->load("commercial");
 		$moreforfilter .= '<div class="divsearchfield">';
-		$moreforfilter .= $langs->trans('ThirdPartiesOfSaleRepresentative').': ';
-		$moreforfilter .= $formother->select_salesrepresentatives($search_sale, 'search_sale', $user, 0, 1, 'maxwidth200');
+		$tmptitle = $langs->trans('ThirdPartiesOfSaleRepresentative');
+		$moreforfilter .= img_picto($tmptitle, 'user', 'class="pictofixedwidth"').$formother->select_salesrepresentatives($search_sale, 'search_sale', $user, 0, $tmptitle, 'maxwidth250');
 		$moreforfilter .= '</div>';
 	}
 	// If the user can view prospects other than his'
 	if ($user->rights->societe->client->voir || $socid) {
 		$moreforfilter .= '<div class="divsearchfield">';
-		$moreforfilter .= $langs->trans('LinkedToSpecificUsers').': ';
-		$moreforfilter .= $form->select_dolusers($search_user, 'search_user', 1, '', 0, '', '', 0, 0, 0, '', 0, '', 'maxwidth200');
+		$tmptitle =  $langs->trans('LinkedToSpecificUsers');
+		$moreforfilter .= img_picto($tmptitle, 'user', 'class="pictofixedwidth"').$form->select_dolusers($search_user, 'search_user', $tmptitle, '', 0, '', '', 0, 0, 0, '', 0, '', 'maxwidth250');
 		$moreforfilter .= '</div>';
 	}
 	// If the user can view products
 	if (!empty($conf->categorie->enabled) && $user->rights->categorie->lire && ($user->rights->produit->lire || $user->rights->service->lire)) {
 		include_once DOL_DOCUMENT_ROOT.'/categories/class/categorie.class.php';
 		$moreforfilter .= '<div class="divsearchfield">';
-		$moreforfilter .= $langs->trans('IncludingProductWithTag').': ';
+		$tmptitle = $langs->trans('IncludingProductWithTag');
 		$cate_arbo = $form->select_all_categories(Categorie::TYPE_PRODUCT, null, 'parent', null, null, 1);
-		$moreforfilter .= $form->selectarray('search_product_category', $cate_arbo, $search_product_category, 1, 0, 0, '', 0, 0, 0, 0, 'maxwidth300', 1);
+		$moreforfilter .= img_picto($tmptitle, 'category', 'class="pictofixedwidth"').$form->selectarray('search_product_category', $cate_arbo, $search_product_category, $tmptitle, 0, 0, '', 0, 0, 0, 0, 'maxwidth300', 1);
 		$moreforfilter .= '</div>';
 	}
 	if (!empty($conf->categorie->enabled) && $user->rights->categorie->lire) {
 		require_once DOL_DOCUMENT_ROOT.'/categories/class/categorie.class.php';
 		$moreforfilter .= '<div class="divsearchfield">';
-		$moreforfilter .= $langs->trans('CustomersProspectsCategoriesShort').': ';
-		$moreforfilter .= $formother->select_categories('customer', $search_categ_cus, 'search_categ_cus', 1);
+		$tmptitle = $langs->trans('CustomersProspectsCategoriesShort');
+		$moreforfilter .= img_picto($tmptitle, 'category', 'class="pictofixedwidth"').$formother->select_categories('customer', $search_categ_cus, 'search_categ_cus', 1, $tmptitle);
 		$moreforfilter .= '</div>';
 	}
 	$parameters = array();
diff --git a/htdocs/comm/propal/note.php b/htdocs/comm/propal/note.php
index 8c1e16dc6e8..0d880219bef 100644
--- a/htdocs/comm/propal/note.php
+++ b/htdocs/comm/propal/note.php
@@ -40,13 +40,19 @@ $id = GETPOST('id', 'int');
 $ref = GETPOST('ref', 'alpha');
 $action = GETPOST('action', 'aZ09');
 
-// Security check
-if ($user->socid) {
-	$socid = $user->socid;
-}
-$result = restrictedArea($user, 'propale', $id, 'propal');
+$now = dol_now();
 
 $object = new Propal($db);
+if ($id > 0 || !empty($ref)) {
+	$object->fetch($id, $ref);
+}
+
+// Security check
+if ($user->socid > 0) {
+	$socid = $user->socid;
+	$object->id = $user->socid;
+}
+restrictedArea($user, 'propal', $object->id, 'propal');
 
 
 /*
@@ -63,86 +69,78 @@ include DOL_DOCUMENT_ROOT.'/core/actions_setnotes.inc.php'; // Must be include,
  * View
  */
 
+$form = new Form($db);
+
 $help_url = 'EN:Commercial_Proposals|FR:Proposition_commerciale|ES:Presupuestos';
 
 llxHeader('', $langs->trans('Proposal'), $help_url);
 
-$form = new Form($db);
+if ($object->id > 0) {
+	if ($object->fetch_thirdparty() > 0) {
+		$head = propal_prepare_head($object);
+		print dol_get_fiche_head($head, 'note', $langs->trans('Proposal'), -1, 'propal');
 
-if ($id > 0 || !empty($ref)) {
-	if ($mesg) {
-		print $mesg;
-	}
-
-	$now = dol_now();
-
-	if ($object->fetch($id, $ref) > 0) {
-		if ($object->fetch_thirdparty() > 0) {
-			$head = propal_prepare_head($object);
-			print dol_get_fiche_head($head, 'note', $langs->trans('Proposal'), -1, 'propal');
-
-			$cssclass = 'titlefield';
-			//if ($action == 'editnote_public') $cssclass='titlefieldcreate';
-			//if ($action == 'editnote_private') $cssclass='titlefieldcreate';
+		$cssclass = 'titlefield';
+		//if ($action == 'editnote_public') $cssclass='titlefieldcreate';
+		//if ($action == 'editnote_private') $cssclass='titlefieldcreate';
 
 
-			// Proposal card
+		// Proposal card
 
-			$linkback = '<a href="'.DOL_URL_ROOT.'/comm/propal/list.php?restore_lastsearch_values=1'.(!empty($socid) ? '&socid='.$socid : '').'">'.$langs->trans("BackToList").'</a>';
+		$linkback = '<a href="'.DOL_URL_ROOT.'/comm/propal/list.php?restore_lastsearch_values=1'.(!empty($socid) ? '&socid='.$socid : '').'">'.$langs->trans("BackToList").'</a>';
 
 
-			$morehtmlref = '<div class="refidno">';
-			// Ref customer
-			$morehtmlref .= $form->editfieldkey("RefCustomer", 'ref_client', $object->ref_client, $object, 0, 'string', '', 0, 1);
-			$morehtmlref .= $form->editfieldval("RefCustomer", 'ref_client', $object->ref_client, $object, 0, 'string', '', null, null, '', 1);
-			// Thirdparty
-			$morehtmlref .= '<br>'.$langs->trans('ThirdParty').' : '.$object->thirdparty->getNomUrl(1);
-			// Project
-			if (!empty($conf->projet->enabled)) {
-				$langs->load("projects");
-				$morehtmlref .= '<br>'.$langs->trans('Project').' ';
-				if ($user->rights->propal->creer) {
-					if ($action != 'classify') {
-						//$morehtmlref.='<a class="editfielda" href="' . $_SERVER['PHP_SELF'] . '?action=classify&amp;id=' . $object->id . '">' . img_edit($langs->transnoentitiesnoconv('SetProject')) . '</a>';
-						$morehtmlref .= ' : ';
-					}
-					if ($action == 'classify') {
-						//$morehtmlref.=$form->form_project($_SERVER['PHP_SELF'] . '?id=' . $object->id, $object->socid, $object->fk_project, 'projectid', 0, 0, 1, 1);
-						$morehtmlref .= '<form method="post" action="'.$_SERVER['PHP_SELF'].'?id='.$object->id.'">';
-						$morehtmlref .= '<input type="hidden" name="action" value="classin">';
-						$morehtmlref .= '<input type="hidden" name="token" value="'.newToken().'">';
-						$morehtmlref .= $formproject->select_projects($object->socid, $object->fk_project, 'projectid', $maxlength, 0, 1, 0, 1, 0, 0, '', 1);
-						$morehtmlref .= '<input type="submit" class="button valignmiddle" value="'.$langs->trans("Modify").'">';
-						$morehtmlref .= '</form>';
-					} else {
-						$morehtmlref .= $form->form_project($_SERVER['PHP_SELF'].'?id='.$object->id, $object->socid, $object->fk_project, 'none', 0, 0, 0, 1);
-					}
+		$morehtmlref = '<div class="refidno">';
+		// Ref customer
+		$morehtmlref .= $form->editfieldkey("RefCustomer", 'ref_client', $object->ref_client, $object, 0, 'string', '', 0, 1);
+		$morehtmlref .= $form->editfieldval("RefCustomer", 'ref_client', $object->ref_client, $object, 0, 'string', '', null, null, '', 1);
+		// Thirdparty
+		$morehtmlref .= '<br>'.$langs->trans('ThirdParty').' : '.$object->thirdparty->getNomUrl(1);
+		// Project
+		if (!empty($conf->projet->enabled)) {
+			$langs->load("projects");
+			$morehtmlref .= '<br>'.$langs->trans('Project').' ';
+			if ($user->rights->propal->creer) {
+				if ($action != 'classify') {
+					//$morehtmlref.='<a class="editfielda" href="' . $_SERVER['PHP_SELF'] . '?action=classify&amp;id=' . $object->id . '">' . img_edit($langs->transnoentitiesnoconv('SetProject')) . '</a>';
+					$morehtmlref .= ' : ';
+				}
+				if ($action == 'classify') {
+					//$morehtmlref.=$form->form_project($_SERVER['PHP_SELF'] . '?id=' . $object->id, $object->socid, $object->fk_project, 'projectid', 0, 0, 1, 1);
+					$morehtmlref .= '<form method="post" action="'.$_SERVER['PHP_SELF'].'?id='.$object->id.'">';
+					$morehtmlref .= '<input type="hidden" name="action" value="classin">';
+					$morehtmlref .= '<input type="hidden" name="token" value="'.newToken().'">';
+					$morehtmlref .= $formproject->select_projects($object->socid, $object->fk_project, 'projectid', $maxlength, 0, 1, 0, 1, 0, 0, '', 1);
+					$morehtmlref .= '<input type="submit" class="button valignmiddle" value="'.$langs->trans("Modify").'">';
+					$morehtmlref .= '</form>';
 				} else {
-					if (!empty($object->fk_project)) {
-						$proj = new Project($db);
-						$proj->fetch($object->fk_project);
-						$morehtmlref .= '<a href="'.DOL_URL_ROOT.'/projet/card.php?id='.$object->fk_project.'" title="'.$langs->trans('ShowProject').'">';
-						$morehtmlref .= $proj->ref;
-						$morehtmlref .= '</a>';
-					} else {
-						$morehtmlref .= '';
-					}
+					$morehtmlref .= $form->form_project($_SERVER['PHP_SELF'].'?id='.$object->id, $object->socid, $object->fk_project, 'none', 0, 0, 0, 1);
+				}
+			} else {
+				if (!empty($object->fk_project)) {
+					$proj = new Project($db);
+					$proj->fetch($object->fk_project);
+					$morehtmlref .= '<a href="'.DOL_URL_ROOT.'/projet/card.php?id='.$object->fk_project.'" title="'.$langs->trans('ShowProject').'">';
+					$morehtmlref .= $proj->ref;
+					$morehtmlref .= '</a>';
+				} else {
+					$morehtmlref .= '';
 				}
 			}
-			$morehtmlref .= '</div>';
-
-			dol_banner_tab($object, 'ref', $linkback, 1, 'ref', 'ref', $morehtmlref);
-
-			print '<div class="fichecenter">';
-			print '<div class="underbanner clearboth"></div>';
-
-			$cssclass = "titlefield";
-			include DOL_DOCUMENT_ROOT.'/core/tpl/notes.tpl.php';
-
-			print '</div>';
-
-			print dol_get_fiche_end();
 		}
+		$morehtmlref .= '</div>';
+
+		dol_banner_tab($object, 'ref', $linkback, 1, 'ref', 'ref', $morehtmlref);
+
+		print '<div class="fichecenter">';
+		print '<div class="underbanner clearboth"></div>';
+
+		$cssclass = "titlefield";
+		include DOL_DOCUMENT_ROOT.'/core/tpl/notes.tpl.php';
+
+		print '</div>';
+
+		print dol_get_fiche_end();
 	}
 }
 
diff --git a/htdocs/comm/propal/stats/index.php b/htdocs/comm/propal/stats/index.php
index 4ae18df12f8..c0d92908aab 100644
--- a/htdocs/comm/propal/stats/index.php
+++ b/htdocs/comm/propal/stats/index.php
@@ -38,12 +38,6 @@ $WIDTH = DolGraph::getDefaultGraphSizeForStats('width');
 $HEIGHT = DolGraph::getDefaultGraphSizeForStats('height');
 
 $mode = GETPOSTISSET("mode") ? GETPOST("mode", 'aZ09') : 'customer';
-if ($mode == 'customer' && !$user->rights->propale->lire) {
-	accessforbidden();
-}
-if ($mode == 'supplier' && !$user->rights->supplier_proposal->lire) {
-	accessforbidden();
-}
 
 $object_status = GETPOST('object_status', 'intcomma');
 $typent_id = GETPOST('typent_id', 'int');
@@ -66,6 +60,13 @@ $endyear = $year;
 // Load translation files required by the page
 $langs->loadLangs(array('orders', 'companies', 'other', 'suppliers', 'supplier_proposal'));
 
+if ($mode == 'customer' && !$user->rights->propale->lire) {
+	accessforbidden();
+}
+if ($mode == 'supplier' && !$user->rights->supplier_proposal->lire) {
+	accessforbidden();
+}
+
 
 /*
  * View
diff --git a/htdocs/comm/prospect/index.php b/htdocs/comm/prospect/index.php
index ea44682b4a3..3aacd070ae4 100644
--- a/htdocs/comm/prospect/index.php
+++ b/htdocs/comm/prospect/index.php
@@ -30,11 +30,19 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/agenda.lib.php';
 // Load translation files required by the page
 $langs->load("propal");
 
-
 if ($user->socid > 0) {
 	$socid = $user->socid;
 }
 
+// Security check
+$socid = GETPOST('socid', 'int');
+if ($user->socid) {
+	$action = '';
+	$socid = $user->socid;
+}
+$result = restrictedArea($user, 'propal', $socid, '');
+
+
 
 /*
  *	View
diff --git a/htdocs/comm/prospect/recap-prospect.php b/htdocs/comm/prospect/recap-prospect.php
deleted file mode 100644
index 655dda87d0d..00000000000
--- a/htdocs/comm/prospect/recap-prospect.php
+++ /dev/null
@@ -1,90 +0,0 @@
-<?php
-/* Copyright (C) 2001-2004 Rodolphe Quiedeville <rodolphe@quiedeville.org>
- * Copyright (C) 2004-2010 Laurent Destailleur  <eldy@users.sourceforge.net>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 3 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program. If not, see <https://www.gnu.org/licenses/>.
- */
-
-/**
- *   	\file       htdocs/comm/prospect/recap-prospect.php
- *		\ingroup    societe
- *		\brief      Page with prospect summary
- */
-
-require '../../main.inc.php';
-require_once DOL_DOCUMENT_ROOT.'/core/lib/company.lib.php';
-require_once DOL_DOCUMENT_ROOT.'/compta/facture/class/facture.class.php';
-
-// Load translation files required by the page
-$langs->loadLangs(array('companies', 'other'));
-if (!empty($conf->facture->enabled)) {
-	$langs->load("bills");
-}
-
-// Security check
-$socid = $_GET["socid"];
-if ($user->socid > 0) {
-	$action = '';
-	$socid = $user->socid;
-}
-
-
-/*
- *	View
- */
-
-llxHeader();
-
-if ($socid > 0) {
-	$societe = new Societe($db);
-	$societe->fetch($socid);
-
-	/*
-	 * Affichage onglets
-	 */
-	$head = societe_prepare_head($societe);
-
-	print dol_get_fiche_head($head, 'prospect', $langs->trans("ThirdParty"), 0, 'company');
-
-
-	print "<table width=\"100%\">\n";
-	print '<tr><td valign="top" width="50%">';
-
-	print '<table class="border centpercent">';
-
-	// Name
-	print '<tr><td width="20%">'.$langs->trans("Thirdpary").'</td><td width="80%" colspan="3">'.$societe->getNomUrl(1).'</td></tr>';
-
-	// Prefix
-	if (!empty($conf->global->SOCIETE_USEPREFIX)) {  // Old not used prefix field
-		print '<tr><td>'.$langs->trans("Prefix").'</td><td colspan="3">';
-		print ($societe->prefix_comm ? $societe->prefix_comm : '&nbsp;');
-		print '</td></tr>';
-	}
-
-	print "</table>";
-
-	print "</td></tr></table>\n";
-
-	print '</div>';
-
-
-	print $langs->trans("FeatureNotYetAvailable");
-} else {
-	dol_print_error($db);
-}
-
-// End of page
-llxFooter();
-$db->close();
diff --git a/htdocs/comm/recap-client.php b/htdocs/comm/recap-client.php
index 6e82cc16c19..ee32c0dd016 100644
--- a/htdocs/comm/recap-client.php
+++ b/htdocs/comm/recap-client.php
@@ -33,12 +33,12 @@ if (!empty($conf->facture->enabled)) {
 }
 
 // Security check
-$socid = $_GET["socid"];
+$socid = GETPOST("socid", 'int');
 if ($user->socid > 0) {
 	$action = '';
-	$socid = $user->socid;
+	$id = $user->socid;
 }
-
+$result = restrictedArea($user, 'societe', $id, '&societe', '', 'fk_soc', 'rowid', 0);
 
 
 /*
diff --git a/htdocs/comm/remise.php b/htdocs/comm/remise.php
index 541983775a7..f9cec9d11c1 100644
--- a/htdocs/comm/remise.php
+++ b/htdocs/comm/remise.php
@@ -66,7 +66,7 @@ if (GETPOST('action', 'aZ09') == 'setremise') {
 			header("Location: ".$backtopage);
 			exit;
 		} else {
-			header("Location: remise.php?id=".$_GET["id"]);
+			header("Location: remise.php?id=".GETPOST("id", 'int'));
 			exit;
 		}
 	} else {
@@ -74,6 +74,12 @@ if (GETPOST('action', 'aZ09') == 'setremise') {
 	}
 }
 
+// Security check
+if ($user->socid > 0) {
+	$id = $user->socid;
+}
+$result = restrictedArea($user, 'societe', $id, '&societe', '', 'fk_soc', 'rowid', 0);
+
 
 /*
  * View
@@ -83,7 +89,6 @@ $form = new Form($db);
 
 llxHeader();
 
-
 /*********************************************************************************
  *
  * Mode fiche
diff --git a/htdocs/comm/remx.php b/htdocs/comm/remx.php
index 98ada17e54f..9abf348095e 100644
--- a/htdocs/comm/remx.php
+++ b/htdocs/comm/remx.php
@@ -24,6 +24,8 @@
  *		\brief      Page to edit absolute discounts for a customer
  */
 
+if (! defined('CSRFCHECK_WITH_TOKEN')) define('CSRFCHECK_WITH_TOKEN', '1');		// Force use of CSRF protection with tokens even for GET
+
 require '../main.inc.php';
 require_once DOL_DOCUMENT_ROOT.'/core/lib/company.lib.php';
 require_once DOL_DOCUMENT_ROOT.'/compta/facture/class/facture.class.php';
@@ -44,6 +46,12 @@ if ($user->socid > 0) {
 	$socid = $user->socid;
 }
 
+// Security check
+if ($user->socid > 0) {
+	$id = $user->socid;
+}
+$result = restrictedArea($user, 'societe', $id, '&societe', '', 'fk_soc', 'rowid', 0);
+
 
 /*
  * Actions
diff --git a/htdocs/commande/card.php b/htdocs/commande/card.php
index a46e7df6b75..4585c2dffb2 100644
--- a/htdocs/commande/card.php
+++ b/htdocs/commande/card.php
@@ -501,7 +501,7 @@ if (empty($reshook)) {
 			setEventMessages($object->error, $object->errors, 'errors');
 		}
 	} elseif ($action == 'setremise' && $usercancreate) {
-		$result = $object->setDiscount($user, GETPOST('remise'));
+		$result = $object->setDiscount($user, price2num(GETPOST('remise'), 2));
 		if ($result < 0) {
 			setEventMessages($object->error, $object->errors, 'errors');
 		}
@@ -515,7 +515,7 @@ if (empty($reshook)) {
 		}
 	} elseif ($action == 'setdate' && $usercancreate) {
 		// print "x ".$_POST['liv_month'].", ".$_POST['liv_day'].", ".$_POST['liv_year'];
-		$date = dol_mktime(0, 0, 0, GETPOST('order_month'), GETPOST('order_day'), GETPOST('order_year'));
+		$date = dol_mktime(0, 0, 0, GETPOST('order_month', 'int'), GETPOST('order_day', 'int'), GETPOST('order_year', 'int'));
 
 		$result = $object->set_date($user, $date);
 		if ($result < 0) {
@@ -1370,7 +1370,7 @@ if (empty($reshook)) {
 		} elseif ($action == 'swapstatut') {
 			// bascule du statut d'un contact
 			if ($object->id > 0) {
-				$result = $object->swapContactStatus(GETPOST('ligne'));
+				$result = $object->swapContactStatus(GETPOST('ligne', 'int'));
 			} else {
 				dol_print_error($db);
 			}
diff --git a/htdocs/commande/class/commande.class.php b/htdocs/commande/class/commande.class.php
index 14fc65cf18d..2f2f0a4d81c 100644
--- a/htdocs/commande/class/commande.class.php
+++ b/htdocs/commande/class/commande.class.php
@@ -2413,10 +2413,10 @@ class Commande extends CommonOrder
 
 			$this->db->begin();
 
-			$remise = price2num($remise);
+			$remise = price2num($remise, 2);
 
 			$sql = 'UPDATE '.MAIN_DB_PREFIX.'commande';
-			$sql .= ' SET remise_percent = '.$remise;
+			$sql .= ' SET remise_percent = '.((float) $remise);
 			$sql .= ' WHERE rowid = '.$this->id.' AND fk_statut = '.self::STATUS_DRAFT.' ;';
 
 			dol_syslog(__METHOD__, LOG_DEBUG);
@@ -2468,18 +2468,20 @@ class Commande extends CommonOrder
 	public function set_remise_absolue($user, $remise, $notrigger = 0)
 	{
 		// phpcs:enable
-		$remise = trim($remise) ?trim($remise) : 0;
+		if (empty($remise)) {
+			$remise = 0;
+		}
+
+		$remise = price2num($remise);
 
 		if ($user->rights->commande->creer) {
 			$error = 0;
 
 			$this->db->begin();
 
-			$remise = price2num($remise);
-
 			$sql = 'UPDATE '.MAIN_DB_PREFIX.'commande';
-			$sql .= ' SET remise_absolue = '.$remise;
-			$sql .= ' WHERE rowid = '.$this->id.' AND fk_statut = '.self::STATUS_DRAFT.' ;';
+			$sql .= ' SET remise_absolue = '.((float) $remise);
+			$sql .= ' WHERE rowid = '.$this->id.' AND fk_statut = '.self::STATUS_DRAFT;
 
 			dol_syslog(__METHOD__, LOG_DEBUG);
 			$resql = $this->db->query($sql);
@@ -2867,7 +2869,7 @@ class Commande extends CommonOrder
 			$this->db->begin();
 
 			$sql = 'UPDATE '.MAIN_DB_PREFIX.'commande SET';
-			$sql .= ' ref_client = '.(empty($ref_client) ? 'NULL' : '\''.$this->db->escape($ref_client).'\'');
+			$sql .= ' ref_client = '.(empty($ref_client) ? 'NULL' : "'".$this->db->escape($ref_client)."'");
 			$sql .= ' WHERE rowid = '.$this->id;
 
 			dol_syslog(__METHOD__.' this->id='.$this->id.', ref_client='.$ref_client, LOG_DEBUG);
@@ -4126,7 +4128,7 @@ class OrderLine extends CommonOrderLine
 		$sql .= ' cd.date_start, cd.date_end';
 		$sql .= ' FROM '.MAIN_DB_PREFIX.'commandedet as cd';
 		$sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'product as p ON cd.fk_product = p.rowid';
-		$sql .= ' WHERE cd.rowid = '.$rowid;
+		$sql .= ' WHERE cd.rowid = '.((int) $rowid);
 		$result = $this->db->query($sql);
 		if ($result) {
 			$objp = $this->db->fetch_object($result);
diff --git a/htdocs/commande/contact.php b/htdocs/commande/contact.php
index 0a576707e73..5e11c5cb030 100644
--- a/htdocs/commande/contact.php
+++ b/htdocs/commande/contact.php
@@ -75,14 +75,14 @@ if ($action == 'addcontact' && $user->rights->commande->creer) {
 } elseif ($action == 'swapstatut' && $user->rights->commande->creer) {
 	// bascule du statut d'un contact
 	if ($object->fetch($id)) {
-		$result = $object->swapContactStatus(GETPOST('ligne'));
+		$result = $object->swapContactStatus(GETPOST('ligne', 'int'));
 	} else {
 		dol_print_error($db);
 	}
 } elseif ($action == 'deletecontact' && $user->rights->commande->creer) {
 	// Efface un contact
 	$object->fetch($id);
-	$result = $object->delete_contact($_GET["lineid"]);
+	$result = $object->delete_contact(GETPOST("lineid", 'int'));
 
 	if ($result >= 0) {
 		header("Location: ".$_SERVER['PHP_SELF']."?id=".$object->id);
diff --git a/htdocs/commande/list.php b/htdocs/commande/list.php
index 0b850e6b0e8..df79a9edffd 100644
--- a/htdocs/commande/list.php
+++ b/htdocs/commande/list.php
@@ -806,39 +806,39 @@ if ($resql) {
 	if ($user->rights->societe->client->voir || $socid) {
 		$langs->load("commercial");
 		$moreforfilter .= '<div class="divsearchfield">';
-		$moreforfilter .= $langs->trans('ThirdPartiesOfSaleRepresentative').': ';
-		$moreforfilter .= $formother->select_salesrepresentatives($search_sale, 'search_sale', $user, 0, 1, 'maxwidth200');
+		$tmptitle = $langs->trans('ThirdPartiesOfSaleRepresentative');
+		$moreforfilter .= img_picto($tmptitle, 'user', 'class="pictofixedwidth"').$formother->select_salesrepresentatives($search_sale, 'search_sale', $user, 0, $tmptitle, 'maxwidth250');
 		$moreforfilter .= '</div>';
 	}
 	// If the user can view other users
 	if ($user->rights->user->user->lire) {
 		$moreforfilter .= '<div class="divsearchfield">';
-		$moreforfilter .= $langs->trans('LinkedToSpecificUsers').': ';
-		$moreforfilter .= $form->select_dolusers($search_user, 'search_user', 1, '', 0, '', '', 0, 0, 0, '', 0, '', 'maxwidth200');
+		$tmptitle = $langs->trans('LinkedToSpecificUsers');
+		$moreforfilter .= img_picto($tmptitle, 'user', 'class="pictofixedwidth"').$form->select_dolusers($search_user, 'search_user', $tmptitle, '', 0, '', '', 0, 0, 0, '', 0, '', 'maxwidth250');
 		$moreforfilter .= '</div>';
 	}
 	// If the user can view prospects other than his'
 	if (!empty($conf->categorie->enabled) && $user->rights->categorie->lire && ($user->rights->produit->lire || $user->rights->service->lire)) {
 		include_once DOL_DOCUMENT_ROOT.'/categories/class/categorie.class.php';
 		$moreforfilter .= '<div class="divsearchfield">';
-		$moreforfilter .= $langs->trans('IncludingProductWithTag').': ';
+		$tmptitle = $langs->trans('IncludingProductWithTag');
 		$cate_arbo = $form->select_all_categories(Categorie::TYPE_PRODUCT, null, 'parent', null, null, 1);
-		$moreforfilter .= $form->selectarray('search_product_category', $cate_arbo, $search_product_category, 1, 0, 0, '', 0, 0, 0, 0, 'maxwidth300', 1);
+		$moreforfilter .= img_picto($tmptitle, 'category', 'class="pictofixedwidth"').$form->selectarray('search_product_category', $cate_arbo, $search_product_category, $tmptitle, 0, 0, '', 0, 0, 0, 0, 'maxwidth300', 1);
 		$moreforfilter .= '</div>';
 	}
 	if (!empty($conf->categorie->enabled) && $user->rights->categorie->lire) {
 		require_once DOL_DOCUMENT_ROOT.'/categories/class/categorie.class.php';
 		$moreforfilter .= '<div class="divsearchfield">';
-		$moreforfilter .= $langs->trans('CustomersProspectsCategoriesShort').': ';
-		$moreforfilter .= $formother->select_categories('customer', $search_categ_cus, 'search_categ_cus', 1);
+		$tmptitle = $langs->trans('CustomersProspectsCategoriesShort');
+		$moreforfilter .= img_picto($tmptitle, 'category', 'class="pictofixedwidth"').$formother->select_categories('customer', $search_categ_cus, 'search_categ_cus', 1, $tmptitle);
 		$moreforfilter .= '</div>';
 	}
 	if (!empty($conf->expedition->enabled) && !empty($conf->global->WAREHOUSE_ASK_WAREHOUSE_DURING_ORDER)) {
 		require_once DOL_DOCUMENT_ROOT.'/product/class/html.formproduct.class.php';
 		$formproduct = new FormProduct($db);
 		$moreforfilter .= '<div class="divsearchfield">';
-		$moreforfilter .= $langs->trans('Warehouse').': ';
-		$moreforfilter .= $formproduct->selectWarehouses($search_warehouse, 'search_warehouse', '', 1);
+		$tmptitle = $langs->trans('Warehouse');
+		$moreforfilter .= img_picto($tmptitle, 'warehouse', 'class="pictofixedwidth"').$formproduct->selectWarehouses($search_warehouse, 'search_warehouse', '', $tmptitle);
 		$moreforfilter .= '</div>';
 	}
 	$parameters = array();
diff --git a/htdocs/compta/bank/annuel.php b/htdocs/compta/bank/annuel.php
index 686b14362cc..d771b307234 100644
--- a/htdocs/compta/bank/annuel.php
+++ b/htdocs/compta/bank/annuel.php
@@ -138,10 +138,11 @@ $head = bank_prepare_head($object);
 print dol_get_fiche_head($head, 'annual', $langs->trans("FinancialAccount"), 0, 'account');
 
 $title = $langs->trans("FinancialAccount")." : ".$object->label;
-$link = ($year_start ? "<a href='".$_SERVER["PHP_SELF"]."?account=".$object->id."&year_start=".($year_start - 1)."'>".img_previous('', 'class="valignbottom"')."</a> ".$langs->trans("Year")." <a href='".$_SERVER["PHP_SELF"]."?account=".$object->id."&year_start=".($year_start + 1)."'>".img_next('', 'class="valignbottom"')."</a>" : "");
+$link = ($year_start ? '<a href="'.$_SERVER["PHP_SELF"].'?account='.$object->id.'&year_start='.($year_start - 1).'">'.img_previous('', 'class="valignbottom"')."</a> ".$langs->trans("Year").' <a href="'.$_SERVER["PHP_SELF"].'?account='.$object->id.'&year_start='.($year_start + 1).'">'.img_next('', 'class="valignbottom"').'</a>' : '');
 
 $linkback = '<a href="'.DOL_URL_ROOT.'/compta/bank/list.php?restore_lastsearch_values=1">'.$langs->trans("BackToList").'</a>';
 
+$morehtmlref = '';
 
 if (!empty($id)) {
 	if (!preg_match('/,/', $id)) {
diff --git a/htdocs/compta/bank/bankentries_list.php b/htdocs/compta/bank/bankentries_list.php
index 22121fa7664..965e0f6c94b 100644
--- a/htdocs/compta/bank/bankentries_list.php
+++ b/htdocs/compta/bank/bankentries_list.php
@@ -211,7 +211,6 @@ if (GETPOST('button_removefilter_x', 'alpha') || GETPOST('button_removefilter.x'
 	$search_thirdparty_user = '';
 	$search_num_releve = '';
 	$search_conciliated = '';
-	$thirdparty = '';
 
 	$search_account = "";
 	if ($id > 0 || !empty($ref)) {
@@ -992,9 +991,9 @@ if ($resql) {
 
 			// Bank line
 			$moreforfilter .= '<div class="divsearchfield">';
-			$moreforfilter .= $langs->trans('RubriquesTransactions').' : ';
+			$tmptitle = $langs->trans('RubriquesTransactions');
 			$cate_arbo = $form->select_all_categories(Categorie::TYPE_BANK_LINE, $search_bid, 'parent', null, null, 1);
-			$moreforfilter .= $form->selectarray('search_bid', $cate_arbo, $search_bid, 1, 0, 0, '', 0, 0, 0, '', '', 1);
+			$moreforfilter .= img_picto($tmptitle, 'category', 'class="pictofixedwidth"').$form->selectarray('search_bid', $cate_arbo, $search_bid, $tmptitle, 0, 0, '', 0, 0, 0, '', '', 1);
 			$moreforfilter .= '</div>';
 		}
 	}
@@ -1561,12 +1560,12 @@ if ($resql) {
 
 		// Debit
 		if (!empty($arrayfields['b.debit']['checked'])) {
-			print '<td class="nowrap right">';
+			print '<td class="nowrap right"><span class="amount">';
 			if ($objp->amount < 0) {
 				print price($objp->amount * -1);
 				$totalarray['totaldeb'] += $objp->amount;
 			}
-			print "</td>\n";
+			print "</span></td>\n";
 			if (!$i) {
 				$totalarray['nbfield']++;
 			}
@@ -1577,12 +1576,12 @@ if ($resql) {
 
 		// Credit
 		if (!empty($arrayfields['b.credit']['checked'])) {
-			print '<td class="nowrap right">';
+			print '<td class="nowrap right"><span class="amount">';
 			if ($objp->amount > 0) {
 				print price($objp->amount);
 				$totalarray['totalcred'] += $objp->amount;
 			}
-			print "</td>\n";
+			print "</span></td>\n";
 			if (!$i) {
 				$totalarray['nbfield']++;
 			}
@@ -1717,9 +1716,9 @@ if ($resql) {
 					print '<td class="left tdoverflowmax50" title="'.$langs->trans("Totalforthispage").'">'.$langs->trans("Totalforthispage").'</td>';
 				}
 			} elseif ($totalarray['totaldebfield'] == $i) {
-				print '<td class="right">'.price(-1 * $totalarray['totaldeb']).'</td>';
+				print '<td class="right"><span class="amount">'.price(-1 * $totalarray['totaldeb']).'</span></td>';
 			} elseif ($totalarray['totalcredfield'] == $i) {
-				print '<td class="right">'.price($totalarray['totalcred']).'</td>';
+				print '<td class="right"><span class="amount">'.price($totalarray['totalcred']).'</span></td>';
 			} elseif ($i == $posconciliatecol) {
 				print '<td class="center">';
 				if ($user->rights->banque->consolidate && $action == 'reconcile') {
diff --git a/htdocs/compta/bank/budget.php b/htdocs/compta/bank/budget.php
index d3ffbb37916..3e40e45b58e 100644
--- a/htdocs/compta/bank/budget.php
+++ b/htdocs/compta/bank/budget.php
@@ -82,8 +82,8 @@ if ($result) {
 		print '<tr class="oddeven">';
 		print "<td><a href=\"".DOL_URL_ROOT."/compta/bank/bankentries_list.php?bid=$objp->rowid\">$objp->label</a></td>";
 		print '<td class="right">'.$objp->nombre.'</td>';
-		print '<td class="right">'.price(abs($objp->somme))."</td>";
-		print '<td class="right">'.price(abs(price2num($objp->somme / $objp->nombre, 'MT')))."</td>";
+		print '<td class="right"><span class="amount">'.price(abs($objp->somme))."</span></td>";
+		print '<td class="right"><span class="amount">'.price(abs(price2num($objp->somme / $objp->nombre, 'MT')))."</span></td>";
 		print "</tr>";
 		$i++;
 		$total += abs($objp->somme);
diff --git a/htdocs/compta/bank/card.php b/htdocs/compta/bank/card.php
index 33d4bc37aed..48335d38964 100644
--- a/htdocs/compta/bank/card.php
+++ b/htdocs/compta/bank/card.php
@@ -570,13 +570,13 @@ if ($action == 'create') {
 	/*                                                                            */
 	/* ************************************************************************** */
 
-	if (($_GET["id"] || $_GET["ref"]) && $action != 'edit') {
+	if ((GETPOST("id", 'int') || GETPOST("ref")) && $action != 'edit') {
 		$object = new Account($db);
-		if ($_GET["id"]) {
-			$object->fetch($_GET["id"]);
+		if (GETPOST("id", 'int')) {
+			$object->fetch(GETPOST("id", 'int'));
 		}
-		if ($_GET["ref"]) {
-			$object->fetch(0, $_GET["ref"]);
+		if (GETPOST("ref")) {
+			$object->fetch(0, GETPOST("ref"));
 			$_GET["id"] = $object->id;
 		}
 
diff --git a/htdocs/compta/bank/releve.php b/htdocs/compta/bank/releve.php
index be91d475d4d..dc71a1d2d27 100644
--- a/htdocs/compta/bank/releve.php
+++ b/htdocs/compta/bank/releve.php
@@ -346,7 +346,7 @@ if (empty($numref)) {
 					$balancestart[$objp->numr] = $obj->amount;
 					$db->free($resql);
 				}
-				print '<td class="right">'.price($balancestart[$objp->numr], '', $langs, 1, -1, -1, $conf->currency).'</td>';
+				print '<td class="right"><span class="amount">'.price($balancestart[$objp->numr], '', $langs, 1, -1, -1, $conf->currency).'</span></td>';
 
 				// Calculate end amount
 				$sql = "SELECT sum(b.amount) as amount";
@@ -359,7 +359,7 @@ if (empty($numref)) {
 					$content[$objp->numr] = $obj->amount;
 					$db->free($resql);
 				}
-				print '<td class="right">'.price(($balancestart[$objp->numr] + $content[$objp->numr]), '', $langs, 1, -1, -1, $conf->currency).'</td>';
+				print '<td class="right"><span class="amount">'.price(($balancestart[$objp->numr] + $content[$objp->numr]), '', $langs, 1, -1, -1, $conf->currency).'</span></td>';
 
 				print '<td class="center">';
 				if ($user->rights->banque->consolidate && $action != 'editbankreceipt') {
diff --git a/htdocs/compta/bank/various_payment/list.php b/htdocs/compta/bank/various_payment/list.php
index 65542598351..dcc1f4aef97 100644
--- a/htdocs/compta/bank/various_payment/list.php
+++ b/htdocs/compta/bank/various_payment/list.php
@@ -671,7 +671,7 @@ if ($result) {
 		if ($arrayfields['debit']['checked']) {
 			print '<td class="nowrap right">';
 			if ($obj->sens == 0) {
-				print price($obj->amount);
+				print '<span class="amount">'.price($obj->amount).'</span>';
 				$totalarray['val']['total_deb'] += $obj->amount;
 			}
 			if (!$i) {
@@ -687,7 +687,7 @@ if ($result) {
 		if ($arrayfields['credit']['checked']) {
 			print '<td class="nowrap right">';
 			if ($obj->sens == 1) {
-				print price($obj->amount);
+				print '<span class="amount">'.price($obj->amount).'</span>';
 				$totalarray['val']['total_cred'] += $obj->amount;
 			}
 			if (!$i) {
diff --git a/htdocs/compta/cashcontrol/cashcontrol_list.php b/htdocs/compta/cashcontrol/cashcontrol_list.php
index 3b97b967208..79ac1e1b708 100644
--- a/htdocs/compta/cashcontrol/cashcontrol_list.php
+++ b/htdocs/compta/cashcontrol/cashcontrol_list.php
@@ -31,14 +31,17 @@
 //if (! defined('NOCSRFCHECK'))              define('NOCSRFCHECK','1');					// Do not check CSRF attack (test on referer + on token if option MAIN_SECURITY_CSRF_WITH_TOKEN is on).
 //if (! defined('NOTOKENRENEWAL'))           define('NOTOKENRENEWAL','1');				// Do not roll the Anti CSRF token (used if MAIN_SECURITY_CSRF_WITH_TOKEN is on)
 //if (! defined('NOSTYLECHECK'))             define('NOSTYLECHECK','1');				// Do not check style html tag into posted data
-//if (! defined('NOIPCHECK'))                define('NOIPCHECK','1');					// Do not check IP defined into conf $dolibarr_main_restrict_ip
 //if (! defined('NOREQUIREMENU'))            define('NOREQUIREMENU','1');				// If there is no need to load and show top and left menu
 //if (! defined('NOREQUIREHTML'))            define('NOREQUIREHTML','1');				// If we don't need to load the html.form.class.php
 //if (! defined('NOREQUIREAJAX'))            define('NOREQUIREAJAX','1');       	  	// Do not load ajax.lib.php library
-//if (! defined("NOLOGIN"))                  define("NOLOGIN",'1');						// If this page is public (can be called outside logged session)
+//if (! defined("NOLOGIN"))                  define("NOLOGIN", '1');					// If this page is public (can be called outside logged session). This include the NOIPCHECK too.
+//if (! defined('NOIPCHECK'))                define('NOIPCHECK', '1');					// Do not check IP defined into conf $dolibarr_main_restrict_ip
 //if (! defined("MAIN_LANG_DEFAULT"))        define('MAIN_LANG_DEFAULT','auto');					// Force lang to a particular value
 //if (! defined("MAIN_AUTHENTICATION_MODE")) define('MAIN_AUTHENTICATION_MODE','aloginmodule');		// Force authentication handler
 //if (! defined("NOREDIRECTBYMAINTOLOGIN"))  define('NOREDIRECTBYMAINTOLOGIN',1);		// The main.inc.php does not make a redirect if not logged, instead show simple error message
+//if (! defined("FORCECSP"))                 define('FORCECSP', 'none');				// Disable all Content Security Policies
+//if (! defined('CSRFCHECK_WITH_TOKEN'))     define('CSRFCHECK_WITH_TOKEN', '1');		// Force use of CSRF protection with tokens even for GET
+//if (! defined('NOBROWSERNOTIF'))     		 define('NOBROWSERNOTIF', '1');				// Disable browser notification
 
 require '../../main.inc.php';
 require_once DOL_DOCUMENT_ROOT.'/compta/cashcontrol/class/cashcontrol.class.php';
@@ -66,7 +69,7 @@ $limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit;
 $sortfield = GETPOST('sortfield', 'aZ09comma');
 $sortorder = GETPOST('sortorder', 'aZ09comma');
 $page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int');
-if (empty($page) || $page == -1 || GETPOST('button_search', 'alpha') || GETPOST('button_removefilter', 'alpha') || (empty($toselect) && $massaction === '0')) {
+if (empty($page) || $page < 0 || GETPOST('button_search', 'alpha') || GETPOST('button_removefilter', 'alpha') || (empty($toselect) && $massaction === '0')) {
 	$page = 0;
 }     // If $page is not defined, or '' or -1 or if we click on clear filters or if we select empty mass action
 $offset = $limit * $page;
@@ -83,11 +86,13 @@ $hookmanager->initHooks(array('cashcontrol')); // Note that conf->hooks_modules
 
 // Fetch optionals attributes and labels
 $extrafields->fetch_name_optionals_label($object->table_element);
+//$extrafields->fetch_name_optionals_label($object->table_element_line);
 
 $search_array_options = $extrafields->getOptionalsFromPost($object->table_element, '', 'search_');
 
 // Default sort order (if not yet defined by previous GETPOST)
 if (!$sortfield) {
+	reset($object->fields);					// Reset is required to avoid key() to return null.
 	$sortfield = "t.".key($object->fields); // Set here default search field. By default 1st field in definition.
 }
 if (!$sortorder) {
@@ -95,12 +100,16 @@ if (!$sortorder) {
 }
 
 // Initialize array of search criterias
-$search_all = GETPOST("search_all", 'alpha');
+$search_all = GETPOST('search_all', 'alphanohtml') ? GETPOST('search_all', 'alphanohtml') : GETPOST('sall', 'alphanohtml');
 $search = array();
 foreach ($object->fields as $key => $val) {
-	if (GETPOST('search_'.$key, 'alpha')) {
+	if (GETPOST('search_'.$key, 'alpha') !== '') {
 		$search[$key] = GETPOST('search_'.$key, 'alpha');
 	}
+	if (preg_match('/^(date|timestamp|datetime)/', $val['type'])) {
+		$search[$key.'_dtstart'] = dol_mktime(0, 0, 0, GETPOST('search_'.$key.'_dtstartmonth', 'int'), GETPOST('search_'.$key.'_dtstartday', 'int'), GETPOST('search_'.$key.'_dtstartyear', 'int'));
+		$search[$key.'_dtend'] = dol_mktime(23, 59, 59, GETPOST('search_'.$key.'_dtendmonth', 'int'), GETPOST('search_'.$key.'_dtendday', 'int'), GETPOST('search_'.$key.'_dtendyear', 'int'));
+	}
 }
 
 // List of fields to search into when doing a "search in all"
@@ -161,6 +170,10 @@ if (empty($reshook)) {
 	if (GETPOST('button_removefilter_x', 'alpha') || GETPOST('button_removefilter.x', 'alpha') || GETPOST('button_removefilter', 'alpha')) { // All tests are required to be compatible with all browsers
 		foreach ($object->fields as $key => $val) {
 			$search[$key] = '';
+			if (preg_match('/^(date|timestamp|datetime)/', $val['type'])) {
+				$search[$key.'_dtstart'] = '';
+				$search[$key.'_dtend'] = '';
+			}
 		}
 		$toselect = '';
 		$search_array_options = array();
@@ -198,9 +211,7 @@ $title = $langs->trans('CashControl');
 // Build and execute select
 // --------------------------------------------------------------------
 $sql = 'SELECT ';
-foreach ($object->fields as $key => $val) {
-	$sql .= 't.'.$key.', ';
-}
+$sql .= $object->getFieldList('t');
 // Add fields from extrafields
 if (!empty($extrafields->attributes[$object->table_element]['label'])) {
 	foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) {
@@ -210,24 +221,48 @@ if (!empty($extrafields->attributes[$object->table_element]['label'])) {
 // Add fields from hooks
 $parameters = array();
 $reshook = $hookmanager->executeHooks('printFieldListSelect', $parameters, $object); // Note that $action and $object may have been modified by hook
-$sql .= $hookmanager->resPrint;
-$sql = preg_replace('/, $/', '', $sql);
+$sql .= preg_replace('/^,/', '', $hookmanager->resPrint);
+$sql = preg_replace('/,\s*$/', '', $sql);
 $sql .= " FROM ".MAIN_DB_PREFIX.$object->table_element." as t";
 if (is_array($extrafields->attributes[$object->table_element]['label']) && count($extrafields->attributes[$object->table_element]['label'])) {
 	$sql .= " LEFT JOIN ".MAIN_DB_PREFIX.$object->table_element."_extrafields as ef on (t.rowid = ef.fk_object)";
 }
+// Add table from hooks
+$parameters = array();
+$reshook = $hookmanager->executeHooks('printFieldListFrom', $parameters, $object); // Note that $action and $object may have been modified by hook
+$sql .= $hookmanager->resPrint;
 if ($object->ismultientitymanaged == 1) {
 	$sql .= " WHERE t.entity IN (".getEntity($object->element).")";
 } else {
 	$sql .= " WHERE 1 = 1";
 }
 foreach ($search as $key => $val) {
-	if ($key == 'status' && $search[$key] == -1) {
-		continue;
-	}
-	$mode_search = (($object->isInt($object->fields[$key]) || $object->isFloat($object->fields[$key])) ? 1 : 0);
-	if ($search[$key] != '') {
-		$sql .= natural_search($key, $search[$key], (($key == 'status') ? 2 : $mode_search));
+	if (array_key_exists($key, $object->fields)) {
+		if ($key == 'status' && $search[$key] == -1) {
+			continue;
+		}
+		$mode_search = (($object->isInt($object->fields[$key]) || $object->isFloat($object->fields[$key])) ? 1 : 0);
+		if ((strpos($object->fields[$key]['type'], 'integer:') === 0) || (strpos($object->fields[$key]['type'], 'sellist:') === 0)) {
+			if ($search[$key] == '-1' || $search[$key] === '0') {
+				$search[$key] = '';
+			}
+			$mode_search = 2;
+		}
+		if ($search[$key] != '') {
+			$sql .= natural_search($key, $search[$key], (($key == 'status') ? 2 : $mode_search));
+		}
+	} else {
+		if (preg_match('/(_dtstart|_dtend)$/', $key) && $search[$key] != '') {
+			$columnName=preg_replace('/(_dtstart|_dtend)$/', '', $key);
+			if (preg_match('/^(date|timestamp|datetime)/', $object->fields[$columnName]['type'])) {
+				if (preg_match('/_dtstart$/', $key)) {
+					$sql .= " AND t." . $columnName . " >= '" . $db->idate($search[$key]) . "'";
+				}
+				if (preg_match('/_dtend$/', $key)) {
+					$sql .= " AND t." . $columnName . " <= '" . $db->idate($search[$key]) . "'";
+				}
+			}
+		}
 	}
 }
 if ($search_all) {
@@ -241,20 +276,20 @@ $reshook = $hookmanager->executeHooks('printFieldListWhere', $parameters, $objec
 $sql .= $hookmanager->resPrint;
 
 /* If a group by is required
- $sql.= " GROUP BY "
- foreach($object->fields as $key => $val)
- {
- $sql.='t.'.$key.', ';
- }
- // Add fields from extrafields
- if (! empty($extrafields->attributes[$object->table_element]['label'])) {
- foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) $sql.=($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? "ef.".$key.', ' : '');
- // Add where from hooks
- $parameters=array();
- $reshook=$hookmanager->executeHooks('printFieldListGroupBy',$parameters);    // Note that $action and $object may have been modified by hook
- $sql.=$hookmanager->resPrint;
- $sql=preg_replace('/, $/','', $sql);
- */
+$sql.= " GROUP BY ";
+foreach($object->fields as $key => $val) {
+	$sql.='t.'.$key.', ';
+}
+// Add fields from extrafields
+if (! empty($extrafields->attributes[$object->table_element]['label'])) {
+	foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) $sql.=($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? "ef.".$key.', ' : '');
+}
+// Add where from hooks
+$parameters=array();
+$reshook=$hookmanager->executeHooks('printFieldListGroupBy',$parameters, $object);    // Note that $action and $object may have been modified by hook
+$sql.=$hookmanager->resPrint;
+$sql=preg_replace('/,\s*$/','', $sql);
+*/
 
 $sql .= $db->order($sortfield, $sortorder);
 
@@ -269,10 +304,12 @@ if (empty($conf->global->MAIN_DISABLE_FULL_SCANLIST)) {
 	}
 }
 // if total of record found is smaller than limit, no need to do paging and to restart another select with limits set.
-if (is_numeric($nbtotalofrecords) && $limit > $nbtotalofrecords) {
+if (is_numeric($nbtotalofrecords) && ($limit > $nbtotalofrecords || empty($limit))) {
 	$num = $nbtotalofrecords;
 } else {
-	$sql .= $db->plimit($limit + 1, $offset);
+	if ($limit) {
+		$sql .= $db->plimit($limit + 1, $offset);
+	}
 
 	$resql = $db->query($sql);
 	if (!$resql) {
@@ -284,10 +321,10 @@ if (is_numeric($nbtotalofrecords) && $limit > $nbtotalofrecords) {
 }
 
 // Direct jump if only one record found
-if ($num == 1 && !empty($conf->global->MAIN_SEARCH_DIRECT_OPEN_IF_ONLY_ONE) && $search_all) {
+if ($num == 1 && !empty($conf->global->MAIN_SEARCH_DIRECT_OPEN_IF_ONLY_ONE) && $search_all && !$page) {
 	$obj = $db->fetch_object($resql);
 	$id = $obj->rowid;
-	header("Location: ".dol_buildpath('/compta/cashcontrol/cashcontrol_card.php', 1).'?id='.$id);
+	header("Location: ".DOL_URL_ROOT.'/compta/cashcontrol/cashcontrol_card.php?id='.$id);
 	exit;
 }
 
@@ -295,7 +332,7 @@ if ($num == 1 && !empty($conf->global->MAIN_SEARCH_DIRECT_OPEN_IF_ONLY_ONE) && $
 // Output page
 // --------------------------------------------------------------------
 
-llxHeader('', $title, $help_url);
+llxHeader('', $title, $help_url, '', 0, 0, $morejs, $morecss, '', 'classforhorizontalscrolloftabs');
 
 // Example : Adding jquery code
 print '<script type="text/javascript" language="javascript">
@@ -322,13 +359,23 @@ if ($limit > 0 && $limit != $conf->liste_limit) {
 	$param .= '&limit='.urlencode($limit);
 }
 foreach ($search as $key => $val) {
-	$param .= '&search_'.$key.'='.urlencode($search[$key]);
+	if (is_array($search[$key]) && count($search[$key])) {
+		foreach ($search[$key] as $skey) {
+			$param .= '&search_'.$key.'[]='.urlencode($skey);
+		}
+	} else {
+		$param .= '&search_'.$key.'='.urlencode($search[$key]);
+	}
 }
 if ($optioncss != '') {
 	$param .= '&optioncss='.urlencode($optioncss);
 }
 // Add $param from extra fields
 include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_list_search_param.tpl.php';
+// Add $param from hooks
+$parameters = array();
+$reshook = $hookmanager->executeHooks('printFieldListSearchParam', $parameters, $object); // Note that $action and $object may have been modified by hook
+$param .= $hookmanager->resPrint;
 
 // List of mass actions available
 $arrayofmassactions = array(
@@ -341,7 +388,7 @@ if (GETPOST('nomassaction', 'int') || in_array($massaction, array('presend', 'pr
 }
 $massactionbutton = $form->selectMassAction('', $arrayofmassactions);
 
-print '<form method="POST" id="searchFormList" action="'.$_SERVER["PHP_SELF"].'">';
+print '<form method="POST" id="searchFormList" action="'.$_SERVER["PHP_SELF"].'">'."\n";
 if ($optioncss != '') {
 	print '<input type="hidden" name="optioncss" value="'.$optioncss.'">';
 }
@@ -365,11 +412,11 @@ $objecttmp = new CashControl($db);
 $trackid = 'cashfence'.$object->id;
 include DOL_DOCUMENT_ROOT.'/core/tpl/massactions_pre.tpl.php';
 
-if ($sall) {
+if ($search_all) {
 	foreach ($fieldstosearchall as $key => $val) {
 		$fieldstosearchall[$key] = $langs->trans($val);
 	}
-	print '<div class="divsearchfieldfilter">'.$langs->trans("FilterOnInto", $sall).join(', ', $fieldstosearchall).'</div>';
+	print '<div class="divsearchfieldfilter">'.$langs->trans("FilterOnInto", $search_all).join(', ', $fieldstosearchall).'</div>';
 }
 
 $moreforfilter = '';
@@ -396,7 +443,7 @@ $selectedfields = $form->multiSelectArrayWithCheckbox('selectedfields', $arrayfi
 $selectedfields .= (count($arrayofmassactions) ? $form->showCheckAddButtons('checkforselect', 1) : '');
 
 print '<div class="div-table-responsive">'; // You can use div-table-responsive-no-min if you dont need reserved height for your table
-print '<table class="tagtable liste'.($moreforfilter ? " listwithfilterbefore" : "").'">'."\n";
+print '<table class="tagtable nobottomiftotal liste'.($moreforfilter ? " listwithfilterbefore" : "").'">'."\n";
 
 
 // Fields title search
@@ -417,8 +464,17 @@ foreach ($object->fields as $key => $val) {
 		print '<td class="liste_titre'.($cssforfield ? ' '.$cssforfield : '').'">';
 		if (!empty($val['arrayofkeyval']) && is_array($val['arrayofkeyval'])) {
 			print $form->selectarray('search_'.$key, $val['arrayofkeyval'], $search[$key], $val['notnull'], 0, 0, '', 1, 0, 0, '', 'maxwidth100', 1);
-		} else {
+		} elseif ((strpos($val['type'], 'integer:') === 0) || (strpos($val['type'], 'sellist:')=== 0)) {
+			print $object->showInputField($val, $key, $search[$key], '', '', 'search_', 'maxwidth125', 1);
+		} elseif (!preg_match('/^(date|timestamp|datetime)/', $val['type'])) {
 			print '<input type="text" class="flat maxwidth75" name="search_'.$key.'" value="'.dol_escape_htmltag($search[$key]).'">';
+		} elseif (preg_match('/^(date|timestamp|datetime)/', $val['type'])) {
+			print '<div class="nowrap">';
+			print $form->selectDate($search[$key.'_dtstart'] ? $search[$key.'_dtstart'] : '', "search_".$key."_dtstart", 0, 0, 1, '', 1, 0, 0, '', '', '', '', 1, '', $langs->trans('From'));
+			print '</div>';
+			print '<div class="nowrap">';
+			print $form->selectDate($search[$key.'_dtend'] ? $search[$key.'_dtend'] : '', "search_".$key."_dtend", 0, 0, 1, '', 1, 0, 0, '', '', '', '', 1, '', $langs->trans('to'));
+			print '</div>';
 		}
 		print '</td>';
 	}
@@ -442,7 +498,7 @@ print '</tr>'."\n";
 // --------------------------------------------------------------------
 print '<tr class="liste_titre">';
 foreach ($object->fields as $key => $val) {
-	$cssforfield = (empty($val['css']) ? '' : $val['css']);
+	$cssforfield = (empty($val['csslist']) ? (empty($val['css']) ? '' : $val['css']) : $val['csslist']);
 	if ($key == 'status') {
 		$cssforfield .= ($cssforfield ? ' ' : '').'center';
 	} elseif (in_array($val['type'], array('date', 'datetime', 'timestamp'))) {
@@ -462,6 +518,7 @@ include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_list_search_title.tpl.php';
 $parameters = array('arrayfields'=>$arrayfields, 'param'=>$param, 'sortfield'=>$sortfield, 'sortorder'=>$sortorder);
 $reshook = $hookmanager->executeHooks('printFieldListTitle', $parameters, $object); // Note that $action and $object may have been modified by hook
 print $hookmanager->resPrint;
+// Action column
 print getTitleFieldOfList($selectedfields, 0, $_SERVER["PHP_SELF"], '', '', '', 'align="center"', $sortfield, $sortorder, 'maxwidthsearch ')."\n";
 print '</tr>'."\n";
 
@@ -481,24 +538,19 @@ if (is_array($extrafields->attributes[$object->table_element]['computed']) && co
 // --------------------------------------------------------------------
 $i = 0;
 $totalarray = array();
-while ($i < min($num, $limit)) {
+while ($i < ($limit ? min($num, $limit) : $num)) {
 	$obj = $db->fetch_object($resql);
 	if (empty($obj)) {
 		break; // Should not happen
 	}
 
 	// Store properties in $object
-	$object->id = $obj->rowid;
-	foreach ($object->fields as $key => $val) {
-		if (property_exists($obj, $key)) {
-			$object->$key = $obj->$key;
-		}
-	}
+	$object->setVarsFromFetchObj($obj);
 
 	// Show here line of result
 	print '<tr class="oddeven">';
 	foreach ($object->fields as $key => $val) {
-		$cssforfield = (empty($val['css']) ? '' : $val['css']);
+		$cssforfield = (empty($val['csslist']) ? (empty($val['css']) ? '' : $val['css']) : $val['csslist']);
 		if (in_array($val['type'], array('date', 'datetime', 'timestamp'))) {
 			$cssforfield .= ($cssforfield ? ' ' : '').'center';
 		} elseif ($key == 'status') {
@@ -511,7 +563,7 @@ while ($i < min($num, $limit)) {
 			$cssforfield .= ($cssforfield ? ' ' : '').'nowrap';
 		}
 
-		if (in_array($val['type'], array('double(24,8)', 'double(6,3)', 'integer', 'real', 'price')) && $key != 'status') {
+		if (in_array($val['type'], array('double(24,8)', 'double(6,3)', 'integer', 'real', 'price')) && !in_array($key, array('rowid', 'status'))) {
 			$cssforfield .= ($cssforfield ? ' ' : '').'right';
 		}
 
@@ -519,10 +571,8 @@ while ($i < min($num, $limit)) {
 			print '<td'.($cssforfield ? ' class="'.$cssforfield.'"' : '').'>';
 			if ($key == 'status') {
 				print $object->getLibStatut(5);
-			} elseif (in_array($val['type'], array('date', 'datetime', 'timestamp'))) {
-				print $object->showOutputField($val, $key, $db->jdate($obj->$key), '');
 			} else {
-				print $object->showOutputField($val, $key, $obj->$key, '');
+				print $object->showOutputField($val, $key, $object->$key, '');
 			}
 			print '</td>';
 			if (!$i) {
@@ -532,21 +582,21 @@ while ($i < min($num, $limit)) {
 				if (!$i) {
 					$totalarray['pos'][$totalarray['nbfield']] = 't.'.$key;
 				}
-				$totalarray['val']['t.'.$key] += $obj->$key;
+				$totalarray['val']['t.'.$key] += $object->$key;
 			}
 		}
 	}
 	// Extra fields
 	include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_list_print_fields.tpl.php';
 	// Fields from hook
-	$parameters = array('arrayfields'=>$arrayfields, 'obj'=>$obj, 'i'=>$i, 'totalarray'=>&$totalarray);
+	$parameters = array('arrayfields'=>$arrayfields, 'object'=>$object, 'obj'=>$obj, 'i'=>$i, 'totalarray'=>&$totalarray);
 	$reshook = $hookmanager->executeHooks('printFieldListValue', $parameters, $object); // Note that $action and $object may have been modified by hook
 	print $hookmanager->resPrint;
 	// Action column
-	print '<td class="nowrap" align="center">';
+	print '<td class="nowrap center">';
 	if ($massactionbutton || $massaction) {   // If we are in select mode (massactionbutton defined) or if we have already selected and sent an action ($massaction) defined
 		$selected = 0;
-		if (in_array($obj->rowid, $arrayofselected)) {
+		if (in_array($object->id, $arrayofselected)) {
 			$selected = 1;
 		}
 		print '<input id="cb'.$obj->rowid.'" class="flat checkforselect" type="checkbox" name="toselect[]" value="'.$obj->rowid.'"'.($selected ? ' checked="checked"' : '').'>';
@@ -587,6 +637,7 @@ print '</div>'."\n";
 
 print '</form>'."\n";
 
+/*
 if (in_array('builddoc', $arrayofmassactions) && ($nbtotalofrecords === '' || $nbtotalofrecords)) {
 	$hidegeneratedfilelistifempty = 1;
 	if ($massaction == 'builddoc' || $action == 'remove_file' || $show_files) {
@@ -601,11 +652,12 @@ if (in_array('builddoc', $arrayofmassactions) && ($nbtotalofrecords === '' || $n
 	$urlsource .= str_replace('&amp;', '&', $param);
 
 	$filedir = $diroutputmassaction;
-	$genallowed = $user->rights->monmodule->read;
-	$delallowed = $user->rights->monmodule->create;
+	$genallowed = $permissiontoread;
+	$delallowed = $permissiontoadd;
 
 	print $formfile->showdocuments('massfilesarea_monmodule', '', $filedir, $urlsource, 0, $delallowed, '', 1, 1, 0, 48, 1, $param, $title, '', '', '', null, $hidegeneratedfilelistifempty);
 }
+*/
 
 // End of page
 llxFooter();
diff --git a/htdocs/compta/cashcontrol/class/cashcontrol.class.php b/htdocs/compta/cashcontrol/class/cashcontrol.class.php
index 1b9860c976a..1563309a3c4 100644
--- a/htdocs/compta/cashcontrol/class/cashcontrol.class.php
+++ b/htdocs/compta/cashcontrol/class/cashcontrol.class.php
@@ -54,7 +54,31 @@ class CashControl extends CommonObject
 	 */
 	public $picto = 'cash-register';
 
-
+	/**
+	 *  'type' field format ('integer', 'integer:ObjectClass:PathToClass[:AddCreateButtonOrNot[:Filter]]', 'sellist:TableName:LabelFieldName[:KeyFieldName[:KeyFieldParent[:Filter]]]', 'varchar(x)', 'double(24,8)', 'real', 'price', 'text', 'text:none', 'html', 'date', 'datetime', 'timestamp', 'duration', 'mail', 'phone', 'url', 'password')
+	 *         Note: Filter can be a string like "(t.ref:like:'SO-%') or (t.date_creation:<:'20160101') or (t.nature:is:NULL)"
+	 *  'label' the translation key.
+	 *  'picto' is code of a picto to show before value in forms
+	 *  'enabled' is a condition when the field must be managed (Example: 1 or '$conf->global->MY_SETUP_PARAM)
+	 *  'position' is the sort order of field.
+	 *  'notnull' is set to 1 if not null in database. Set to -1 if we must set data to null if empty ('' or 0).
+	 *  'visible' says if field is visible in list (Examples: 0=Not visible, 1=Visible on list and create/update/view forms, 2=Visible on list only, 3=Visible on create/update/view form only (not list), 4=Visible on list and update/view form only (not create). 5=Visible on list and view only (not create/not update). Using a negative value means field is not shown by default on list but can be selected for viewing)
+	 *  'noteditable' says if field is not editable (1 or 0)
+	 *  'default' is a default value for creation (can still be overwrote by the Setup of Default Values if field is editable in creation form). Note: If default is set to '(PROV)' and field is 'ref', the default value will be set to '(PROVid)' where id is rowid when a new record is created.
+	 *  'index' if we want an index in database.
+	 *  'foreignkey'=>'tablename.field' if the field is a foreign key (it is recommanded to name the field fk_...).
+	 *  'searchall' is 1 if we want to search in this field when making a search from the quick search button.
+	 *  'isameasure' must be set to 1 if you want to have a total on list for this field. Field type must be summable like integer or double(24,8).
+	 *  'css' and 'cssview' and 'csslist' is the CSS style to use on field. 'css' is used in creation and update. 'cssview' is used in view mode. 'csslist' is used for columns in lists. For example: 'maxwidth200', 'wordbreak', 'tdoverflowmax200'
+	 *  'help' is a 'TranslationString' to use to show a tooltip on field. You can also use 'TranslationString:keyfortooltiponlick' for a tooltip on click.
+	 *  'showoncombobox' if value of the field must be visible into the label of the combobox that list record
+	 *  'disabled' is 1 if we want to have the field locked by a 'disabled' attribute. In most cases, this is never set into the definition of $fields into class, but is set dynamically by some part of code.
+	 *  'arraykeyval' to set list of value if type is a list of predefined values. For example: array("0"=>"Draft","1"=>"Active","-1"=>"Cancel")
+	 *  'autofocusoncreate' to have field having the focus on a create form. Only 1 field should have this property set to 1.
+	 *  'comment' is not used. You can store here any text of your choice. It is not used by application.
+	 *
+	 *  Note: To have value dynamic, you can set value to 0 in definition and edit the value on the fly into the constructor.
+	 */
 	public $fields = array(
 	'rowid' =>array('type'=>'integer', 'label'=>'ID', 'enabled'=>1, 'visible'=>-2, 'notnull'=>1, 'position'=>10),
 	'entity' =>array('type'=>'integer', 'label'=>'Entity', 'enabled'=>1, 'visible'=>0, 'notnull'=>1, 'position'=>15),
@@ -62,10 +86,10 @@ class CashControl extends CommonObject
 	'posmodule' =>array('type'=>'varchar(30)', 'label'=>'Module', 'enabled'=>1, 'visible'=>1, 'notnull'=>1, 'position'=>19),
 	'posnumber' =>array('type'=>'varchar(30)', 'label'=>'Terminal', 'enabled'=>1, 'visible'=>1, 'notnull'=>1, 'position'=>20, 'css'=>'center'),
 	'label' =>array('type'=>'varchar(255)', 'label'=>'Label', 'enabled'=>1, 'visible'=>0, 'position'=>24),
-	'opening' =>array('type'=>'price', 'label'=>'Opening', 'enabled'=>1, 'visible'=>1, 'position'=>25),
-	'cash' =>array('type'=>'price', 'label'=>'Cash', 'enabled'=>1, 'visible'=>1, 'position'=>30),
-	'cheque' =>array('type'=>'price', 'label'=>'Cheque', 'enabled'=>1, 'visible'=>1, 'position'=>33),
-	'card' =>array('type'=>'price', 'label'=>'CreditCard', 'enabled'=>1, 'visible'=>1, 'position'=>36),
+	'opening' =>array('type'=>'price', 'label'=>'Opening', 'enabled'=>1, 'visible'=>1, 'position'=>25, 'csslist'=>'amount'),
+	'cash' =>array('type'=>'price', 'label'=>'Cash', 'enabled'=>1, 'visible'=>1, 'position'=>30, 'csslist'=>'amount'),
+	'cheque' =>array('type'=>'price', 'label'=>'Cheque', 'enabled'=>1, 'visible'=>1, 'position'=>33, 'csslist'=>'amount'),
+	'card' =>array('type'=>'price', 'label'=>'CreditCard', 'enabled'=>1, 'visible'=>1, 'position'=>36, 'csslist'=>'amount'),
 	'year_close' =>array('type'=>'integer', 'label'=>'Year close', 'enabled'=>1, 'visible'=>1, 'notnull'=>1, 'position'=>50, 'css'=>'center'),
 	'month_close' =>array('type'=>'integer', 'label'=>'Month close', 'enabled'=>1, 'visible'=>1, 'position'=>55, 'css'=>'center'),
 	'day_close' =>array('type'=>'integer', 'label'=>'Day close', 'enabled'=>1, 'visible'=>1, 'position'=>60, 'css'=>'center'),
diff --git a/htdocs/compta/cashcontrol/report.php b/htdocs/compta/cashcontrol/report.php
index 95c18dbf261..ee13f5540a1 100644
--- a/htdocs/compta/cashcontrol/report.php
+++ b/htdocs/compta/cashcontrol/report.php
@@ -204,7 +204,7 @@ if ($resql) {
 		{
 			print '<tr class="oddeven">';
 			print '<td>'.$langs->trans("InitialBankBalance").' - '.$langs->trans("Cash").'</td>';
-			print '<td></td><td></td><td></td><td class="right">'.price($cashcontrol->opening).'</td>';
+			print '<td></td><td></td><td></td><td class="right"><span class="amount">'.price($cashcontrol->opening).'</span></td>';
 			print '</tr>';
 			$first = "no";
 		}*/
diff --git a/htdocs/compta/charges/index.php b/htdocs/compta/charges/index.php
index b238e47c50e..d3604b0d7cc 100644
--- a/htdocs/compta/charges/index.php
+++ b/htdocs/compta/charges/index.php
@@ -206,7 +206,7 @@ if (!empty($conf->tax->enabled) && $user->rights->tax->charges->lire) {
 			// Type
 			print '<td><a href="../sociales/list.php?filtre=cs.fk_type:'.$obj->type.'">'.$obj->label.'</a></td>';
 			// Expected to pay
-			print '<td class="right">'.price($obj->total).'</td>';
+			print '<td class="right"><span class="amount">'.price($obj->total).'</span></td>';
 			// Ref payment
 			$payment_sc_static->id = $obj->pid;
 			$payment_sc_static->ref = $obj->pid;
@@ -323,7 +323,7 @@ if (!empty($conf->tax->enabled) && $user->rights->tax->charges->lire) {
 			$tva_static->ref = $obj->label;
 			print "<td>".$tva_static->getNomUrl(1)."</td>\n";
 
-			print '<td class="right">'.price($obj->amount_tva)."</td>";
+			print '<td class="right"><span class="amount">'.price($obj->amount_tva)."</span></td>";
 
 			// Ref payment
 			$ptva_static->id = $obj->rowid;
@@ -359,7 +359,7 @@ if (!empty($conf->tax->enabled) && $user->rights->tax->charges->lire) {
 			}
 
 			// Paid
-			print '<td class="right">'.price($obj->amount)."</td>";
+			print '<td class="right"><span class="amount">'.price($obj->amount)."</span></td>";
 			print "</tr>\n";
 
 			$i++;
@@ -442,7 +442,7 @@ while ($j < $numlt) {
 
 			print "<td>".$obj->label."</td>\n";
 
-			print '<td class="right">'.price($obj->amount)."</td>";
+			print '<td class="right"><span class="amount">'.price($obj->amount)."</span></td>";
 
 			// Ref payment
 			$ptva_static->id = $obj->rowid;
@@ -450,7 +450,7 @@ while ($j < $numlt) {
 			print '<td class="left">'.$ptva_static->getNomUrl(1)."</td>\n";
 
 			print '<td class="center">'.dol_print_date($db->jdate($obj->dp), 'day')."</td>\n";
-			print '<td class="right">'.price($obj->amount)."</td>";
+			print '<td class="right"><span class="amount">'.price($obj->amount)."</span></td>";
 			print "</tr>\n";
 
 			$i++;
diff --git a/htdocs/compta/deplacement/class/deplacement.class.php b/htdocs/compta/deplacement/class/deplacement.class.php
index c34d89bfa2f..5562f797130 100644
--- a/htdocs/compta/deplacement/class/deplacement.class.php
+++ b/htdocs/compta/deplacement/class/deplacement.class.php
@@ -239,12 +239,12 @@ class Deplacement extends CommonObject
 		$this->db->begin();
 
 		$sql = "UPDATE ".MAIN_DB_PREFIX."deplacement ";
-		$sql .= " SET km = ".$this->km; // This is a distance or amount
+		$sql .= " SET km = ".((float) $this->km); // This is a distance or amount
 		$sql .= " , dated = '".$this->db->idate($this->date)."'";
 		$sql .= " , type = '".$this->db->escape($this->type)."'";
 		$sql .= " , fk_statut = '".$this->db->escape($this->statut)."'";
-		$sql .= " , fk_user = ".$this->fk_user;
-		$sql .= " , fk_user_modif = ".$user->id;
+		$sql .= " , fk_user = ".((int) $this->fk_user);
+		$sql .= " , fk_user_modif = ".((int) $user->id);
 		$sql .= " , fk_soc = ".($this->socid > 0 ? $this->socid : 'null');
 		$sql .= " , note_private = ".($this->note_private ? "'".$this->db->escape($this->note_private)."'" : "null");
 		$sql .= " , note_public = ".($this->note_public ? "'".$this->db->escape($this->note_public)."'" : "null");
diff --git a/htdocs/compta/deplacement/stats/index.php b/htdocs/compta/deplacement/stats/index.php
index 892b2b86dff..673cd7c1972 100644
--- a/htdocs/compta/deplacement/stats/index.php
+++ b/htdocs/compta/deplacement/stats/index.php
@@ -268,7 +268,7 @@ print '<br><br>';
 
 print '<div class="div-table-responsive-no-min">';
 print '<table class="border centpercent">';
-print '<tr height="24">';
+print '<tr>';
 print '<td class="center">'.$langs->trans("Year").'</td>';
 print '<td class="center">'.$langs->trans("Number").'</td>';
 print '<td class="center">'.$langs->trans("AmountTotal").'</td>';
@@ -280,14 +280,16 @@ foreach ($data as $val) {
 	$year = $val['year'];
 	while ($year && $oldyear > $year + 1) {	// If we have empty year
 		$oldyear--;
-		print '<tr height="24">';
+		print '<tr>';
 		print '<td align="center"><a href="'.$_SERVER["PHP_SELF"].'?year='.$oldyear.'&amp;mode='.$mode.'">'.$oldyear.'</a></td>';
 		print '<td class="right">0</td>';
 		print '<td class="right">0</td>';
 		print '<td class="right">0</td>';
 		print '</tr>';
 	}
-	print '<tr height="24">';
+
+	// Total
+	print '<tr>';
 	print '<td align="center"><a href="'.$_SERVER["PHP_SELF"].'?year='.$year.'&amp;mode='.$mode.'">'.$year.'</a></td>';
 	print '<td class="right">'.$val['nb'].'</td>';
 	print '<td class="right">'.price(price2num($val['total'], 'MT'), 1).'</td>';
diff --git a/htdocs/compta/facture/card.php b/htdocs/compta/facture/card.php
index fd8a9c1045d..b891ae6eec7 100644
--- a/htdocs/compta/facture/card.php
+++ b/htdocs/compta/facture/card.php
@@ -1778,7 +1778,7 @@ if (empty($reshook)) {
 							$product->fetch(GETPOST('idprod'.$i, 'int'));
 							$startday = dol_mktime(12, 0, 0, GETPOST('date_start'.$i.'month'), GETPOST('date_start'.$i.'day'), GETPOST('date_start'.$i.'year'));
 							$endday = dol_mktime(12, 0, 0, GETPOST('date_end'.$i.'month'), GETPOST('date_end'.$i.'day'), GETPOST('date_end'.$i.'year'));
-							$result = $object->addline($product->description, $product->price, price2num(GETPOST('qty'.$i), 'MS'), $product->tva_tx, $product->localtax1_tx, $product->localtax2_tx, $_POST['idprod'.$i], $_POST['remise_percent'.$i], $startday, $endday, 0, 0, '', $product->price_base_type, $product->price_ttc, $product->type, -1, 0, '', 0, 0, null, 0, '', 0, 100, '', $product->fk_unit);
+							$result = $object->addline($product->description, $product->price, price2num(GETPOST('qty'.$i), 'MS'), $product->tva_tx, $product->localtax1_tx, $product->localtax2_tx, GETPOST('idprod'.$i, 'int'), price2num(GETPOST('remise_percent'.$i)), $startday, $endday, 0, 0, '', $product->price_base_type, $product->price_ttc, $product->type, -1, 0, '', 0, 0, null, 0, '', 0, 100, '', $product->fk_unit);
 						}
 					}
 				}
@@ -2773,7 +2773,7 @@ if (empty($reshook)) {
 		} elseif ($action == 'swapstatut') {
 			// bascule du statut d'un contact
 			if ($object->fetch($id)) {
-				$result = $object->swapContactStatus(GETPOST('ligne'));
+				$result = $object->swapContactStatus(GETPOST('ligne', 'int'));
 			} else {
 				dol_print_error($db);
 			}
@@ -4733,8 +4733,8 @@ if ($action == 'create') {
 				if (!empty($conf->banque->enabled)) {
 					print '<td class="right"></td>';
 				}
-				print '<td class="right">'.price($prev_invoice->total_ht).'</td>';
-				print '<td class="right">'.price($prev_invoice->total_ttc).'</td>';
+				print '<td class="right"><span class="amount">'.price($prev_invoice->total_ht).'</span></td>';
+				print '<td class="right"><span class="amount">'.price($prev_invoice->total_ttc).'</span></td>';
 				print '<td class="right">'.$prev_invoice->getLibStatut(3, $tmptotalpaidforthisinvoice).'</td>';
 				print '</tr>';
 			}
@@ -4753,8 +4753,8 @@ if ($action == 'create') {
 		if (!empty($conf->banque->enabled)) {
 			print '<td class="right"></td>';
 		}
-		print '<td class="right">'.price($object->total_ht).'</td>';
-		print '<td class="right">'.price($object->total_ttc).'</td>';
+		print '<td class="right"><span class="amount">'.price($object->total_ht).'</span></td>';
+		print '<td class="right"><span class="amount">'.price($object->total_ttc).'</span></td>';
 		print '<td class="right">'.$object->getLibStatut(3, $object->getSommePaiement()).'</td>';
 		print '</tr>';
 
@@ -4808,8 +4808,8 @@ if ($action == 'create') {
 				if (!empty($conf->banque->enabled)) {
 					print '<td class="right"></td>';
 				}
-				print '<td class="right">'.price($next_invoice->total_ht).'</td>';
-				print '<td class="right">'.price($next_invoice->total_ttc).'</td>';
+				print '<td class="right"><span class="amount">'.price($next_invoice->total_ht).'</span></td>';
+				print '<td class="right"><span class="amount">'.price($next_invoice->total_ttc).'</span></td>';
 				print '<td class="right">'.$next_invoice->getLibStatut(3, $totalpaye).'</td>';
 				print '</tr>';
 			}
@@ -4914,7 +4914,7 @@ if ($action == 'create') {
 					}
 					print '</td>';
 				}
-				print '<td class="right">'.price($sign * $objp->amount).'</td>';
+				print '<td class="right"><span class="amount">'.price($sign * $objp->amount).'</span></td>';
 				print '<td class="center">';
 				if ($object->statut == Facture::STATUS_VALIDATED && $object->paye == 0 && $user->socid == 0) {
 					print '<a href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=deletepayment&token='.newToken().'&paiement_id='.$objp->rowid.'">';
@@ -4972,7 +4972,7 @@ if ($action == 'create') {
 				print $invoice->getNomUrl(0);
 				print '</span>';
 				print '</td>';
-				print '<td class="right">'.price($obj->amount_ttc).'</td>';
+				print '<td class="right"><span class="amount">'.price($obj->amount_ttc).'</span></td>';
 				print '<td class="right">';
 				print '<a href="'.$_SERVER["PHP_SELF"].'?facid='.$object->id.'&action=unlinkdiscount&discountid='.$obj->rowid.'">'.img_delete().'</a>';
 				print '</td></tr>';
@@ -4994,7 +4994,7 @@ if ($action == 'create') {
 			print '<span class="opacitymedium">';
 			print $form->textwithpicto($langs->trans("Discount"), $langs->trans("HelpEscompte"), - 1);
 			print '</span>';
-			print '</td><td class="right">'.price(price2num($object->total_ttc - $creditnoteamount - $depositamount - $totalpaye, 'MT')).'</td><td>&nbsp;</td></tr>';
+			print '</td><td class="right"><span class="amount">'.price(price2num($object->total_ttc - $creditnoteamount - $depositamount - $totalpaye, 'MT')).'</span></td><td>&nbsp;</td></tr>';
 			$resteapayeraffiche = 0;
 			$cssforamountpaymentcomplete = 'amountpaymentneutral';
 		}
@@ -5014,7 +5014,7 @@ if ($action == 'create') {
 			print '<span class="opacitymedium">';
 			print $form->textwithpicto($langs->trans("ProductReturned"), $langs->trans("HelpAbandonProductReturned"), - 1);
 			print '</span>';
-			print '</td><td class="right">'.price(price2num($object->total_ttc - $creditnoteamount - $depositamount - $totalpaye, 'MT')).'</td><td>&nbsp;</td></tr>';
+			print '</td><td class="right"><span class="amount">'.price(price2num($object->total_ttc - $creditnoteamount - $depositamount - $totalpaye, 'MT')).'</span></td><td>&nbsp;</td></tr>';
 			$resteapayeraffiche = 0;
 			$cssforamountpaymentcomplete = 'amountpaymentneutral';
 		}
@@ -5028,7 +5028,7 @@ if ($action == 'create') {
 			print '<span class="opacitymedium">';
 			print $form->textwithpicto($langs->trans("Abandoned"), $text, - 1);
 			print '</span>';
-			print '</td><td class="right">'.price(price2num($object->total_ttc - $creditnoteamount - $depositamount - $totalpaye, 'MT')).'</td><td>&nbsp;</td></tr>';
+			print '</td><td class="right"><span class="amount">'.price(price2num($object->total_ttc - $creditnoteamount - $depositamount - $totalpaye, 'MT')).'</span></td><td>&nbsp;</td></tr>';
 			$resteapayeraffiche = 0;
 			$cssforamountpaymentcomplete = 'amountpaymentneutral';
 		}
@@ -5037,7 +5037,7 @@ if ($action == 'create') {
 		print '<tr><td colspan="'.$nbcols.'" class="right">';
 		print '<span class="opacitymedium">';
 		print $langs->trans("Billed");
-		print '</td><td class="right">'.price($object->total_ttc).'</td><td>&nbsp;</td></tr>';
+		print '</td><td class="right"><span class="amount">'.price($object->total_ttc).'</span></td><td>&nbsp;</td></tr>';
 		// Remainder to pay
 		print '<tr><td colspan="'.$nbcols.'" class="right">';
 		print '<span class="opacitymedium">';
@@ -5047,7 +5047,7 @@ if ($action == 'create') {
 		}
 		print '</span>';
 		print '</td>';
-		print '<td class="right'.($resteapayeraffiche ? ' amountremaintopay' : (' '.$cssforamountpaymentcomplete)).'">'.price($resteapayeraffiche).'</td>';
+		print '<td class="right'.($resteapayeraffiche ? ' amountremaintopay' : (' '.$cssforamountpaymentcomplete)).'"><span class="amount">'.price($resteapayeraffiche).'</span></td>';
 		print '<td class="nowrap">&nbsp;</td></tr>';
 
 		// Retained warranty : usualy use on construction industry
@@ -5076,10 +5076,10 @@ if ($action == 'create') {
 		// Total already paid back
 		print '<tr><td colspan="'.$nbcols.'" class="right">';
 		print $langs->trans('AlreadyPaidBack');
-		print ' :</td><td class="right">'.price($sign * $totalpaye).'</td><td>&nbsp;</td></tr>';
+		print ' :</td><td class="right"><span class="amount">'.price($sign * $totalpaye).'</span></td><td>&nbsp;</td></tr>';
 
 		// Billed
-		print '<tr><td colspan="'.$nbcols.'" class="right">'.$langs->trans("Billed").' :</td><td class="right">'.price($sign * $object->total_ttc).'</td><td>&nbsp;</td></tr>';
+		print '<tr><td colspan="'.$nbcols.'" class="right">'.$langs->trans("Billed").' :</td><td class="right"><span class="amount">'.price($sign * $object->total_ttc).'</span></td><td>&nbsp;</td></tr>';
 
 		// Remainder to pay back
 		print '<tr><td colspan="'.$nbcols.'" class="right">';
diff --git a/htdocs/compta/facture/class/facture-rec.class.php b/htdocs/compta/facture/class/facture-rec.class.php
index 4119846e394..674b5917b17 100644
--- a/htdocs/compta/facture/class/facture-rec.class.php
+++ b/htdocs/compta/facture/class/facture-rec.class.php
@@ -2007,7 +2007,7 @@ class FactureLigneRec extends CommonInvoiceLine
 		$sql .= ' p.ref as product_ref, p.fk_product_type as fk_product_type, p.label as product_label, p.description as product_desc';
 		$sql .= ' FROM '.MAIN_DB_PREFIX.'facturedet_rec as l';
 		$sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'product as p ON l.fk_product = p.rowid';
-		$sql .= ' WHERE l.rowid = '.$rowid;
+		$sql .= ' WHERE l.rowid = '.((int) $rowid);
 		$sql .= ' ORDER BY l.rang';
 
 		dol_syslog('FactureRec::fetch', LOG_DEBUG);
diff --git a/htdocs/compta/facture/class/facture.class.php b/htdocs/compta/facture/class/facture.class.php
index e3079f227f1..111ace7c415 100644
--- a/htdocs/compta/facture/class/facture.class.php
+++ b/htdocs/compta/facture/class/facture.class.php
@@ -2289,7 +2289,7 @@ class Facture extends CommonInvoice
 			dol_syslog(get_class($this)."::delete", LOG_DEBUG);
 
 			if ($this->db->query($sqlef) && $this->db->query($sql) && $this->delete_linked_contact()) {
-				$sql = 'DELETE FROM '.MAIN_DB_PREFIX.'facture WHERE rowid = '.$rowid;
+				$sql = 'DELETE FROM '.MAIN_DB_PREFIX.'facture WHERE rowid = '.((int) $rowid);
 
 				dol_syslog(get_class($this)."::delete", LOG_DEBUG);
 
@@ -3735,14 +3735,14 @@ class Facture extends CommonInvoice
 		}
 
 		if ($user->rights->facture->creer) {
-			$remise = price2num($remise);
+			$remise = price2num($remise, 2);
 
 			$error = 0;
 
 			$this->db->begin();
 
 			$sql = 'UPDATE '.MAIN_DB_PREFIX.'facture';
-			$sql .= ' SET remise_percent = '.$remise;
+			$sql .= ' SET remise_percent = '.((float) $remise);
 			$sql .= ' WHERE rowid = '.$this->id;
 			$sql .= ' AND fk_statut = '.self::STATUS_DRAFT;
 
@@ -3804,7 +3804,7 @@ class Facture extends CommonInvoice
 			$remise = price2num($remise);
 
 			$sql = 'UPDATE '.MAIN_DB_PREFIX.'facture';
-			$sql .= ' SET remise_absolue = '.$remise;
+			$sql .= ' SET remise_absolue = '.((float) $remise);
 			$sql .= ' WHERE rowid = '.$this->id;
 			$sql .= ' AND fk_statut = '.self::STATUS_DRAFT;
 
@@ -4982,7 +4982,7 @@ class FactureLigne extends CommonInvoiceLine
 		$sql .= ' p.ref as product_ref, p.label as product_label, p.description as product_desc';
 		$sql .= ' FROM '.MAIN_DB_PREFIX.'facturedet as fd';
 		$sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'product as p ON fd.fk_product = p.rowid';
-		$sql .= ' WHERE fd.rowid = '.$rowid;
+		$sql .= ' WHERE fd.rowid = '.((int) $rowid);
 
 		$result = $this->db->query($sql);
 		if ($result) {
diff --git a/htdocs/compta/facture/contact.php b/htdocs/compta/facture/contact.php
index 19e76b15c5c..2105e197e1f 100644
--- a/htdocs/compta/facture/contact.php
+++ b/htdocs/compta/facture/contact.php
@@ -82,7 +82,7 @@ if ($action == 'addcontact' && $user->rights->facture->creer) {
 	}
 } elseif ($action == 'swapstatut' && $user->rights->facture->creer) {
 	// Toggle the status of a contact
-	$result = $object->swapContactStatus(GETPOST('ligne'));
+	$result = $object->swapContactStatus(GETPOST('ligne', 'int'));
 } elseif ($action == 'deletecontact' && $user->rights->facture->creer) {
 	// Deletes a contact
 	$result = $object->delete_contact($lineid);
diff --git a/htdocs/compta/facture/index.php b/htdocs/compta/facture/index.php
index a4d6dd6fec7..ba0d8e2f2aa 100644
--- a/htdocs/compta/facture/index.php
+++ b/htdocs/compta/facture/index.php
@@ -285,7 +285,7 @@ function getDraftTable($maxCount = 500, $socid = 0)
 		$result .= '<tr class="oddeven">';
 		$result .= '<td class="nowrap">'.$objectstatic->getNomUrl(1).'</td>';
 		$result .= '<td>'.$companystatic->getNomUrl(1, 'customer', 24).'</td>';
-		$result .= '<td class="right">'.price($obj->total_ttc).'</td>';
+		$result .= '<td class="right"><span class="amount">'.price($obj->total_ttc).'</span></td>';
 		$result .= '</tr>';
 
 		$i++;
@@ -299,7 +299,7 @@ function getDraftTable($maxCount = 500, $socid = 0)
 	} elseif ($total > 0) {
 		$result .= '<tr class="liste_total">';
 		$result .= '<td colspan="2" class="right">'.$langs->trans("Total").'</td>';
-		$result .= '<td class="right">'.price($total).'</td>';
+		$result .= '<td class="right"><span class="amount">'.price($total).'</span></td>';
 		$result .= '</tr>';
 	}
 
@@ -508,7 +508,7 @@ function getOpenTable($maxCount = 500, $socid = 0)
 
 		$result .= '<td class="left">'.$companystatic->getNomUrl(1, 'customer', 44).'</td>';
 		$result .= '<td class="right">'.dol_print_date($db->jdate($obj->df), 'day').'</td>';
-		$result .= '<td class="right">'.price($obj->total_ttc).'</td>';
+		$result .= '<td class="right"><span class="amount">'.price($obj->total_ttc).'</span></td>';
 
 		$result .= '</tr>';
 
diff --git a/htdocs/compta/facture/stats/index.php b/htdocs/compta/facture/stats/index.php
index 96c414db350..9fcfff783b3 100644
--- a/htdocs/compta/facture/stats/index.php
+++ b/htdocs/compta/facture/stats/index.php
@@ -384,9 +384,9 @@ foreach ($data as $val) {
 	print '<td align="center"><a href="'.$_SERVER["PHP_SELF"].'?year='.$year.'&amp;mode='.$mode.($socid > 0 ? '&socid='.$socid : '').($userid > 0 ? '&userid='.$userid : '').'">'.$year.'</a></td>';
 	print '<td class="right">'.$val['nb'].'</td>';
 	print '<td class="right" style="'.(($val['nb_diff'] >= 0) ? 'color: green;' : 'color: red;').'">'.round($val['nb_diff']).'</td>';
-	print '<td class="right">'.price(price2num($val['total'], 'MT'), 1).'</td>';
+	print '<td class="right"><span class="amount">'.price(price2num($val['total'], 'MT'), 1).'</span></td>';
 	print '<td class="right" style="'.(($val['total_diff'] >= 0) ? 'color: green;' : 'color: red;').'">'.round($val['total_diff']).'</td>';
-	print '<td class="right">'.price(price2num($val['avg'], 'MT'), 1).'</td>';
+	print '<td class="right"><span class="amount">'.price(price2num($val['avg'], 'MT'), 1).'</span></td>';
 	print '<td class="right" style="'.(($val['avg_diff'] >= 0) ? 'color: green;' : 'color: red;').'">'.round($val['avg_diff']).'</td>';
 	print '</tr>';
 	$oldyear = $year;
diff --git a/htdocs/compta/index.php b/htdocs/compta/index.php
index 9c3544b512e..a24bce0e0e2 100644
--- a/htdocs/compta/index.php
+++ b/htdocs/compta/index.php
@@ -351,7 +351,7 @@ if ((!empty($conf->fournisseur->enabled) && empty($conf->global->MAIN_USE_NEW_SU
 				print '<td class="nowrap tdoverflowmax100">';
 				print $companystatic->getNomUrl(1, 'supplier');
 				print '</td>';
-				print '<td class="right">'.price($obj->total_ttc).'</td>';
+				print '<td class="right"><span class="amount">'.price($obj->total_ttc).'</span></td>';
 				print '</tr>';
 				$tot_ttc += $obj->total_ttc;
 				$i++;
@@ -620,7 +620,7 @@ if ((!empty($conf->fournisseur->enabled) && empty($conf->global->MAIN_USE_NEW_SU
 				print $thirdpartystatic->getNomUrl(1, 'supplier');
 				print '</td>';
 				if (!empty($conf->global->MAIN_SHOW_HT_ON_SUMMARY)) {
-					print '<td class="right">'.price($obj->total_ht).'</td>';
+					print '<td class="right"><span class="amount">'.price($obj->total_ht).'</span></td>';
 				}
 				print '<td class="nowrap right">'.price($obj->total_ttc).'</td>';
 				print '<td class="right">'.dol_print_date($db->jdate($obj->tms), 'day').'</td>';
@@ -951,7 +951,7 @@ if (!empty($conf->facture->enabled) && !empty($conf->commande->enabled) && $user
 				print $societestatic->getNomUrl(1, 'customer');
 				print '</td>';
 				if (!empty($conf->global->MAIN_SHOW_HT_ON_SUMMARY)) {
-					print '<td class="right">'.price($obj->total_ht).'</td>';
+					print '<td class="right"><span class="amount">'.price($obj->total_ht).'</span></td>';
 				}
 				print '<td class="nowrap right">'.price($obj->total_ttc).'</td>';
 				print '<td class="nowrap right">'.price($obj->total_ttc - $obj->tot_fttc).'</td>';
@@ -974,10 +974,10 @@ if (!empty($conf->facture->enabled) && !empty($conf->commande->enabled) && $user
 
 			print '<tr class="liste_total"><td colspan="2">'.$langs->trans("Total").' &nbsp; <font style="font-weight: normal">('.$langs->trans("RemainderToBill").': '.price($tot_tobill).')</font> </td>';
 			if (!empty($conf->global->MAIN_SHOW_HT_ON_SUMMARY)) {
-				print '<td class="right">'.price($tot_ht).'</td>';
+				print '<td class="right"><span class="amount">'.price($tot_ht).'</span></td>';
 			}
-			print '<td class="nowrap right">'.price($tot_ttc).'</td>';
-			print '<td class="nowrap right">'.price($tot_tobill).'</td>';
+			print '<td class="nowrap right"><span class="amount">'.price($tot_ttc).'</span></td>';
+			print '<td class="nowrap right"><span class="amount">'.price($tot_tobill).'</span></td>';
 			print '<td>&nbsp;</td>';
 			print '</tr>';
 			print '</table></div><br>';
@@ -1110,10 +1110,10 @@ if (!empty($conf->facture->enabled) && $user->rights->facture->lire) {
 				print '</td>';
 				print '<td class="right">'.dol_print_date($db->jdate($obj->datelimite), 'day').'</td>';
 				if (!empty($conf->global->MAIN_SHOW_HT_ON_SUMMARY)) {
-					print '<td class="right">'.price($obj->total_ht).'</td>';
+					print '<td class="right"><span class="amount">'.price($obj->total_ht).'</span></td>';
 				}
-				print '<td class="nowrap right">'.price($obj->total_ttc).'</td>';
-				print '<td class="nowrap right">'.price($obj->am).'</td>';
+				print '<td class="nowrap right"><span class="amount">'.price($obj->total_ttc).'</span></td>';
+				print '<td class="nowrap right"><span class="amount">'.price($obj->am).'</span></td>';
 				print '<td>'.$tmpinvoice->getLibStatut(3, $obj->am).'</td>';
 				print '</tr>';
 
@@ -1139,10 +1139,10 @@ if (!empty($conf->facture->enabled) && $user->rights->facture->lire) {
 			print '<tr class="liste_total"><td colspan="2">'.$langs->trans("Total").' &nbsp; <font style="font-weight: normal">('.$langs->trans("RemainderToTake").': '.price($total_ttc - $totalam).')</font> </td>';
 			print '<td>&nbsp;</td>';
 			if (!empty($conf->global->MAIN_SHOW_HT_ON_SUMMARY)) {
-				print '<td class="right">'.price($total).'</td>';
+				print '<td class="right"><span class="amount">'.price($total).'</span></td>';
 			}
-			print '<td class="nowrap right">'.price($total_ttc).'</td>';
-			print '<td class="nowrap right">'.price($totalam).'</td>';
+			print '<td class="nowrap right"><span class="amount">'.price($total_ttc).'</span></td>';
+			print '<td class="nowrap right"><span class="amount">'.price($totalam).'</span></td>';
 			print '<td>&nbsp;</td>';
 			print '</tr>';
 		} else {
@@ -1260,10 +1260,10 @@ if ((!empty($conf->fournisseur->enabled) && empty($conf->global->MAIN_USE_NEW_SU
 				print '<td class="nowrap tdoverflowmax100">'.$societestatic->getNomUrl(1, 'supplier').'</td>';
 				print '<td class="right">'.dol_print_date($db->jdate($obj->date_lim_reglement), 'day').'</td>';
 				if (!empty($conf->global->MAIN_SHOW_HT_ON_SUMMARY)) {
-					print '<td class="right">'.price($obj->total_ht).'</td>';
+					print '<td class="right"><span class="amount">'.price($obj->total_ht).'</span></td>';
 				}
-				print '<td class="nowrap right">'.price($obj->total_ttc).'</td>';
-				print '<td class="nowrap right">'.price($obj->am).'</td>';
+				print '<td class="nowrap right"><span class="amount">'.price($obj->total_ttc).'</span></td>';
+				print '<td class="nowrap right"><span class="amount">'.price($obj->am).'</span></td>';
 				print '<td>'.$facstatic->getLibStatut(3, $obj->am).'</td>';
 				print '</tr>';
 				$total += $obj->total_ht;
diff --git a/htdocs/compta/journal/sellsjournal.php b/htdocs/compta/journal/sellsjournal.php
index 46c56f3dca5..e8b5a7e44b2 100644
--- a/htdocs/compta/journal/sellsjournal.php
+++ b/htdocs/compta/journal/sellsjournal.php
@@ -111,10 +111,18 @@ $idpays = $p[0];
 $sql = "SELECT f.rowid, f.ref, f.type, f.datef, f.ref_client,";
 $sql .= " fd.product_type, fd.total_ht, fd.total_tva, fd.tva_tx, fd.total_ttc, fd.localtax1_tx, fd.localtax2_tx, fd.total_localtax1, fd.total_localtax2, fd.rowid as id, fd.situation_percent,";
 $sql .= " s.rowid as socid, s.nom as name, s.code_compta, s.client,";
-$sql .= " p.rowid as pid, p.ref as pref, p.accountancy_code_sell,";
+$sql .= " p.rowid as pid, p.ref as pref,";
+if (!empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED)) {
+	$sql .= " pa.accountancy_code_sell,";
+} else {
+	$sql .= " p.accountancy_code_sell,";
+}
 $sql .= " ct.accountancy_code_sell as account_tva, ct.recuperableonly";
 $sql .= " FROM ".MAIN_DB_PREFIX."facturedet as fd";
 $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product as p ON p.rowid = fd.fk_product";
+if (!empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED)) {
+	$sql .= " LEFT JOIN " . MAIN_DB_PREFIX . "product_accounting as pa ON pa.fk_product = p.rowid AND pa.entity = " . ((int) $conf->entity);
+}
 $sql .= " JOIN ".MAIN_DB_PREFIX."facture as f ON f.rowid = fd.fk_facture";
 $sql .= " JOIN ".MAIN_DB_PREFIX."societe as s ON s.rowid = f.fk_soc";
 $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_tva ct ON fd.tva_tx = ct.taux AND fd.info_bits = ct.recuperableonly AND ct.fk_pays = ".((int) $idpays);
diff --git a/htdocs/compta/localtax/list.php b/htdocs/compta/localtax/list.php
index 8742589a6a9..dd77938366a 100644
--- a/htdocs/compta/localtax/list.php
+++ b/htdocs/compta/localtax/list.php
@@ -91,7 +91,7 @@ if ($result) {
 		$i++;
 	}
 	print '<tr class="liste_total"><td colspan="4">'.$langs->trans("Total").'</td>';
-	print '<td class="right">'.price($total).'</td></tr>';
+	print '<td class="right"><span class="amount">'.price($total).'</span></td></tr>';
 
 	print "</table>";
 	$db->free($result);
diff --git a/htdocs/compta/localtax/quadri_detail.php b/htdocs/compta/localtax/quadri_detail.php
index a2904c861f4..969376209eb 100644
--- a/htdocs/compta/localtax/quadri_detail.php
+++ b/htdocs/compta/localtax/quadri_detail.php
@@ -492,8 +492,8 @@ if (!is_array($x_coll) || !is_array($x_paye)) {
 			print '<td class="nowrap right">&nbsp;</td>';
 			print '<td class="right">&nbsp;</td>';
 		}
-		print '<td class="right">'.price(price2num($subtot_coll_total_ht, 'MT')).'</td>';
-		print '<td class="nowrap right">'.price(price2num($subtot_coll_vat, 'MT')).'</td>';
+		print '<td class="right"><span class="amount">'.price(price2num($subtot_coll_total_ht, 'MT')).'</span></td>';
+		print '<td class="nowrap right"><span class="amount">'.price(price2num($subtot_coll_vat, 'MT')).'</span></td>';
 		print '</tr>';
 	}
 
@@ -505,8 +505,8 @@ if (!is_array($x_coll) || !is_array($x_paye)) {
 			print '<td class="nowrap right">&nbsp;</td>';
 			print '<td class="right">&nbsp;</td>';
 		}
-		print '<td class="right">'.price(price2num(0, 'MT')).'</td>';
-		print '<td class="nowrap right">'.price(price2num(0, 'MT')).'</td>';
+		print '<td class="right"><span class="amount">'.price(price2num(0, 'MT')).'</span></td>';
+		print '<td class="nowrap right"><span class="amount">'.price(price2num(0, 'MT')).'</span></td>';
 		print '</tr>';
 	}
 
@@ -643,8 +643,8 @@ if (!is_array($x_coll) || !is_array($x_paye)) {
 			print '<td class="nowrap right">&nbsp;</td>';
 			print '<td class="right">&nbsp;</td>';
 		}
-		print '<td class="right">'.price(price2num($subtot_paye_total_ht, 'MT')).'</td>';
-		print '<td class="nowrap right">'.price(price2num($subtot_paye_vat, 'MT')).'</td>';
+		print '<td class="right"><span class="amount">'.price(price2num($subtot_paye_total_ht, 'MT')).'</span></td>';
+		print '<td class="nowrap right"><span class="amount">'.price(price2num($subtot_paye_vat, 'MT')).'</span></td>';
 		print '</tr>';
 	}
 
@@ -656,8 +656,8 @@ if (!is_array($x_coll) || !is_array($x_paye)) {
 			print '<td class="nowrap right">&nbsp;</td>';
 			print '<td class="right">&nbsp;</td>';
 		}
-		print '<td class="right">'.price(price2num(0, 'MT')).'</td>';
-		print '<td class="nowrap right">'.price(price2num(0, 'MT')).'</td>';
+		print '<td class="right"><span class="amount">'.price(price2num(0, 'MT')).'</span></td>';
+		print '<td class="nowrap right"><span class="amount">'.price(price2num(0, 'MT')).'</span></td>';
 		print '</tr>';
 	}
 
diff --git a/htdocs/compta/paiement.php b/htdocs/compta/paiement.php
index 7f03f4a569c..94b114c03d8 100644
--- a/htdocs/compta/paiement.php
+++ b/htdocs/compta/paiement.php
@@ -713,17 +713,17 @@ if ($action == 'create' || $action == 'confirm_paiement' || $action == 'add_paie
 					}
 
 					// Price
-					print '<td class="right">'.price($sign * $objp->total_ttc).'</td>';
+					print '<td class="right"><span class="amount">'.price($sign * $objp->total_ttc).'</span></td>';
 
 					// Received + already paid
-					print '<td class="right">'.price($sign * $paiement);
+					print '<td class="right"><span class="amount">'.price($sign * $paiement);
 					if ($creditnotes) {
 						print '<span class="opacitymedium">+'.price($creditnotes).'</span>';
 					}
 					if ($deposits) {
 						print '<span class="opacitymedium">+'.price($deposits).'</span>';
 					}
-					print '</td>';
+					print '</span></td>';
 
 					// Remain to take or to pay back
 					print '<td class="right">'.price($sign * $remaintopay).'</td>';
@@ -901,7 +901,7 @@ if (!GETPOST('action', 'aZ09')) {
 			print '<td><a href="'.DOL_URL_ROOT.'/compta/facture/card.php?facid='.$objp->facid.'">'.$objp->ref."</a></td>\n";
 			print '<td>'.dol_print_date($db->jdate($objp->dp))."</td>\n";
 			print '<td>'.$objp->paiement_type.' '.$objp->num_payment."</td>\n";
-			print '<td class="right">'.price($objp->amount).'</td>';
+			print '<td class="right"><span class="amount">'.price($objp->amount).'</span></td>';
 			print '<td>&nbsp;</td>';
 			print '</tr>';
 
diff --git a/htdocs/compta/paiement/card.php b/htdocs/compta/paiement/card.php
index 9096bfa5e5d..d43e1a2c84b 100644
--- a/htdocs/compta/paiement/card.php
+++ b/htdocs/compta/paiement/card.php
@@ -365,13 +365,13 @@ if ($resql) {
 				print '</td>';
 			}
 			// Expected to pay
-			print '<td class="right">'.price($objp->total_ttc).'</td>';
+			print '<td class="right"><span class="amount">'.price($objp->total_ttc).'</span></td>';
 
 			// Amount payed
-			print '<td class="right">'.price($objp->amount).'</td>';
+			print '<td class="right"><span class="amount">'.price($objp->amount).'</span></td>';
 
 			// Remain to pay
-			print '<td class="right">'.price($remaintopay).'</td>';
+			print '<td class="right"><span class="amount">'.price($remaintopay).'</span></td>';
 
 			// Status
 			print '<td class="right">'.$invoice->getLibStatut(5, $alreadypayed).'</td>';
diff --git a/htdocs/compta/paiement/cheque/card.php b/htdocs/compta/paiement/cheque/card.php
index 86153e4b38d..39b5ded892b 100644
--- a/htdocs/compta/paiement/cheque/card.php
+++ b/htdocs/compta/paiement/cheque/card.php
@@ -462,7 +462,7 @@ if ($action == 'new') {
 				print '<td>'.$value["numero"]."</td>\n";
 				print '<td>'.$value["emetteur"]."</td>\n";
 				print '<td>'.$value["banque"]."</td>\n";
-				print '<td class="right">'.price($value["amount"], 0, $langs, 1, -1, -1, $conf->currency).'</td>';
+				print '<td class="right"><span class="amount">'.price($value["amount"], 0, $langs, 1, -1, -1, $conf->currency).'</span></td>';
 
 				// Link to payment
 				print '<td class="center">';
@@ -639,7 +639,7 @@ if ($action == 'new') {
 				print '<td class="center">'.($objp->num_chq ? $objp->num_chq : '&nbsp;').'</td>';
 				print '<td>'.dol_trunc($objp->emetteur, 24).'</td>';
 				print '<td>'.dol_trunc($objp->banque, 24).'</td>';
-				print '<td class="right">'.price($objp->amount).'</td>';
+				print '<td class="right"><span class="amount">'.price($objp->amount).'</span></td>';
 				// Link to payment
 				print '<td class="center">';
 				$paymentstatic->id = $objp->pid;
diff --git a/htdocs/compta/paiement/cheque/class/remisecheque.class.php b/htdocs/compta/paiement/cheque/class/remisecheque.class.php
index 8af9d5a6543..71e8ab10b38 100644
--- a/htdocs/compta/paiement/cheque/class/remisecheque.class.php
+++ b/htdocs/compta/paiement/cheque/class/remisecheque.class.php
@@ -236,8 +236,8 @@ class RemiseCheque extends CommonObject
 
 					if ($checkremise) {
 						$sql = "UPDATE ".MAIN_DB_PREFIX."bank";
-						$sql .= " SET fk_bordereau = ".$this->id;
-						$sql .= " WHERE rowid = ".$lineid;
+						$sql .= " SET fk_bordereau = ".((int) $this->id);
+						$sql .= " WHERE rowid = ".((int) $lineid);
 
 						$resql = $this->db->query($sql);
 						if (!$resql) {
diff --git a/htdocs/compta/paiement/cheque/index.php b/htdocs/compta/paiement/cheque/index.php
index 8bdbb7478a7..8bde7fac19e 100644
--- a/htdocs/compta/paiement/cheque/index.php
+++ b/htdocs/compta/paiement/cheque/index.php
@@ -131,7 +131,7 @@ if ($resql) {
 		print '<td>'.dol_print_date($db->jdate($objp->db), 'day').'</td>';
 		print '<td class="nowraponall">'.$accountstatic->getNomUrl(1).'</td>';
 		print '<td class="right">'.$objp->nbcheque.'</td>';
-		print '<td class="right">'.price($objp->amount).'</td>';
+		print '<td class="right"><span class="amount">'.price($objp->amount).'</span></td>';
 		print '<td class="right">'.$checkdepositstatic->LibStatut($objp->statut, 3).'</td>';
 
 		print '</tr>';
diff --git a/htdocs/compta/paiement/cheque/list.php b/htdocs/compta/paiement/cheque/list.php
index c13472dd1fe..0c4a6d9c478 100644
--- a/htdocs/compta/paiement/cheque/list.php
+++ b/htdocs/compta/paiement/cheque/list.php
@@ -228,7 +228,7 @@ if ($resql) {
 			print '<td class="right">'.$objp->nbcheque.'</td>';
 
 			// Amount
-			print '<td class="right">'.price($objp->amount).'</td>';
+			print '<td class="right"><span class="amount">'.price($objp->amount).'</span></td>';
 
 			// Statut
 			print '<td class="right">';
diff --git a/htdocs/compta/paiement/list.php b/htdocs/compta/paiement/list.php
index 75c63620b0b..1e99cf8676f 100644
--- a/htdocs/compta/paiement/list.php
+++ b/htdocs/compta/paiement/list.php
@@ -547,7 +547,7 @@ while ($i < min($num, $limit)) {
 
 	// Amount
 	if (!empty($arrayfields['p.amount']['checked'])) {
-		print '<td class="right">'.price($objp->amount).'</td>';
+		print '<td class="right"><span class="amount">'.price($objp->amount).'</span></td>';
 		if (!$i) {
 			$totalarray['nbfield']++;
 		}
diff --git a/htdocs/compta/paiement/tovalidate.php b/htdocs/compta/paiement/tovalidate.php
index f41d40115b6..4e464243df6 100644
--- a/htdocs/compta/paiement/tovalidate.php
+++ b/htdocs/compta/paiement/tovalidate.php
@@ -120,7 +120,7 @@ if ($resql) {
 		print '<td><a href="'.DOL_URL_ROOT.'/compta/paiement/card.php?id='.$objp->rowid.'">'.img_object($langs->trans("ShowPayment"), "payment").' '.$objp->rowid.'</a></td>';
 		print '<td width="80" align="center">'.dol_print_date($db->jdate($objp->dp), 'day')."</td>\n";
 		print "<td>$objp->paiement_type $objp->num_payment</td>\n";
-		print '<td class="right">'.price($objp->amount).'</td>';
+		print '<td class="right"><span class="amount">'.price($objp->amount).'</span></td>';
 		print '<td class="center">';
 
 		if ($objp->statut == 0) {
diff --git a/htdocs/compta/paiement_charge.php b/htdocs/compta/paiement_charge.php
index e796f039f80..6b47dacdd9d 100644
--- a/htdocs/compta/paiement_charge.php
+++ b/htdocs/compta/paiement_charge.php
@@ -266,11 +266,11 @@ if ($action == 'create') {
 			print "<td align=\"center\"><b>!!!</b></td>\n";
 		}
 
-		print '<td class="right">'.price($objp->amount)."</td>";
+		print '<td class="right"><span class="amount">'.price($objp->amount)."</span></td>";
 
-		print '<td class="right">'.price($sumpaid)."</td>";
+		print '<td class="right"><span class="amount">'.price($sumpaid)."</span></td>";
 
-		print '<td class="right">'.price($objp->amount - $sumpaid)."</td>";
+		print '<td class="right"><span class="amount">'.price($objp->amount - $sumpaid)."</span></td>";
 
 		print '<td class="center">';
 		if ($sumpaid < $objp->amount) {
diff --git a/htdocs/compta/paiement_vat.php b/htdocs/compta/paiement_vat.php
index 7fc81e5ac27..64952def30d 100644
--- a/htdocs/compta/paiement_vat.php
+++ b/htdocs/compta/paiement_vat.php
@@ -262,11 +262,11 @@ if ($action == 'create') {
 			print "<td align=\"center\"><b>!!!</b></td>\n";
 		}
 
-		print '<td class="right">'.price($objp->amount)."</td>";
+		print '<td class="right"><span class="amount">'.price($objp->amount)."</span></td>";
 
-		print '<td class="right">'.price($sumpaid)."</td>";
+		print '<td class="right"><span class="amount">'.price($sumpaid)."</span></td>";
 
-		print '<td class="right">'.price($objp->amount - $sumpaid)."</td>";
+		print '<td class="right"><span class="amount">'.price($objp->amount - $sumpaid)."</span></td>";
 
 		print '<td class="center">';
 
diff --git a/htdocs/compta/payment_sc/card.php b/htdocs/compta/payment_sc/card.php
index 7be99cead28..c75974077c3 100644
--- a/htdocs/compta/payment_sc/card.php
+++ b/htdocs/compta/payment_sc/card.php
@@ -207,11 +207,11 @@ if ($resql) {
 			// Label
 			print '<td>'.$objp->label.'</td>';
 			// Expected to pay
-			print '<td class="right">'.price($objp->sc_amount).'</td>';
+			print '<td class="right"><span class="amount">'.price($objp->sc_amount).'</span></td>';
 			// Status
 			print '<td class="center">'.$socialcontrib->getLibStatut(4, $objp->amount).'</td>';
 			// Amount paid
-			print '<td class="right">'.price($objp->amount).'</td>';
+			print '<td class="right"><span class="amount">'.price($objp->amount).'</span></td>';
 			print "</tr>\n";
 			if ($objp->paye == 1) {	// If at least one invoice is paid, disable delete
 				$disable_delete = 1;
@@ -242,7 +242,7 @@ if (! empty($conf->global->BILL_ADD_PAYMENT_VALIDATION))
 	{
 		if ($user->rights->facture->paiement)
 		{
-			print '<a class="butAction" href="card.php?id='.$_GET['id'].'&amp;facid='.$objp->facid.'&amp;action=valide">'.$langs->trans('Valid').'</a>';
+			print '<a class="butAction" href="card.php?id='.GETPOST('id', 'int').'&amp;facid='.$objp->facid.'&amp;action=valide">'.$langs->trans('Valid').'</a>';
 		}
 	}
 }
diff --git a/htdocs/compta/payment_vat/card.php b/htdocs/compta/payment_vat/card.php
index 70d958932e5..1b615bcbb8d 100644
--- a/htdocs/compta/payment_vat/card.php
+++ b/htdocs/compta/payment_vat/card.php
@@ -263,11 +263,11 @@ if ($resql) {
 			// Label
 			print '<td>'.$objp->label.'</td>';
 			// Expected to pay
-			print '<td class="right">'.price($objp->tva_amount).'</td>';
+			print '<td class="right"><span class="amount">'.price($objp->tva_amount).'</span></td>';
 			// Status
 			print '<td class="center">'.$tva->getLibStatut(4, $objp->amount).'</td>';
 			// Amount payed
-			print '<td class="right">'.price($objp->amount).'</td>';
+			print '<td class="right"><span class="amount">'.price($objp->amount).'</span></td>';
 			print "</tr>\n";
 			if ($objp->paye == 1) {	// If at least one invoice is paid, disable delete
 				$disable_delete = 1;
@@ -298,7 +298,7 @@ if (! empty($conf->global->BILL_ADD_PAYMENT_VALIDATION))
 	{
 		if ($user->rights->facture->paiement)
 		{
-			print '<a class="butAction" href="card.php?id='.$_GET['id'].'&amp;facid='.$objp->facid.'&amp;action=valide">'.$langs->trans('Valid').'</a>';
+			print '<a class="butAction" href="card.php?id='.GETPOST('id', 'int').'&amp;facid='.$objp->facid.'&amp;action=valide">'.$langs->trans('Valid').'</a>';
 		}
 	}
 }
@@ -307,7 +307,7 @@ if (! empty($conf->global->BILL_ADD_PAYMENT_VALIDATION))
 if ($action == '') {
 	if ($user->rights->tax->charges->supprimer) {
 		if (!$disable_delete) {
-			print '<a class="butActionDelete" href="card.php?id='.$_GET['id'].'&amp;action=delete">'.$langs->trans('Delete').'</a>';
+			print '<a class="butActionDelete" href="card.php?id='.GETPOST('id', 'int').'&amp;action=delete&amp;token='.newToken().'">'.$langs->trans('Delete').'</a>';
 		} else {
 			print '<a class="butActionRefused classfortooltip" href="#" title="'.dol_escape_htmltag($langs->trans("CantRemovePaymentVATPaid")).'">'.$langs->trans('Delete').'</a>';
 		}
diff --git a/htdocs/compta/paymentbybanktransfer/index.php b/htdocs/compta/paymentbybanktransfer/index.php
index a705353112c..5d76ae4d8b4 100644
--- a/htdocs/compta/paymentbybanktransfer/index.php
+++ b/htdocs/compta/paymentbybanktransfer/index.php
@@ -84,9 +84,9 @@ print '</a>';
 print '</td></tr>';
 
 print '<tr class="oddeven"><td>'.$langs->trans("AmountToWithdraw").'</td>';
-print '<td class="right">';
+print '<td class="right"><span class="amount">';
 print price($bprev->SommeAPrelever('bank-transfer'), '', '', 1, -1, -1, 'auto');
-print '</td></tr></table></div><br>';
+print '</span></td></tr></table></div><br>';
 
 
 
@@ -216,8 +216,8 @@ if ($result) {
 			print $bprev->getNomUrl(1);
 			print "</td>\n";
 			print '<td>'.dol_print_date($db->jdate($obj->datec), "dayhour")."</td>\n";
-			print '<td class="right">'.price($obj->amount)."</td>\n";
-			print '<td class="right">'.$bprev->getLibStatut(3)."</td>\n";
+			print '<td class="right"><span class="amount">'.price($obj->amount)."</span></td>\n";
+			print '<td class="right"><span class="amount">'.$bprev->getLibStatut(3)."</span></td>\n";
 
 			print "</tr>\n";
 			$i++;
diff --git a/htdocs/compta/prelevement/card.php b/htdocs/compta/prelevement/card.php
index d04e7131edc..20a11effdad 100644
--- a/htdocs/compta/prelevement/card.php
+++ b/htdocs/compta/prelevement/card.php
@@ -423,7 +423,7 @@ if ($id > 0 || $ref) {
 			print $thirdparty->getNomUrl(1);
 			print "</td>\n";
 
-			print '<td class="right">'.price($obj->amount)."</td>\n";
+			print '<td class="right"><span class="amount">'.price($obj->amount)."</span></td>\n";
 
 			print '<td class="right">';
 
diff --git a/htdocs/compta/prelevement/class/bonprelevement.class.php b/htdocs/compta/prelevement/class/bonprelevement.class.php
index 3d04cf1f6a5..3ea11463415 100644
--- a/htdocs/compta/prelevement/class/bonprelevement.class.php
+++ b/htdocs/compta/prelevement/class/bonprelevement.class.php
@@ -579,7 +579,7 @@ class BonPrelevement extends CommonObject
 			$sql = "UPDATE ".MAIN_DB_PREFIX."prelevement_bons ";
 			$sql .= " SET fk_user_trans = ".$user->id;
 			$sql .= " , date_trans = '".$this->db->idate($date)."'";
-			$sql .= " , method_trans = ".$method;
+			$sql .= " , method_trans = ".((int) $method);
 			$sql .= " , statut = ".self::STATUS_TRANSFERED;
 			$sql .= " WHERE rowid = ".$this->id;
 			$sql .= " AND entity = ".$conf->entity;
diff --git a/htdocs/compta/prelevement/create.php b/htdocs/compta/prelevement/create.php
index e12c50b75f5..6793fb0a893 100644
--- a/htdocs/compta/prelevement/create.php
+++ b/htdocs/compta/prelevement/create.php
@@ -503,7 +503,7 @@ if ($result)
 
 		print '<td class="center">'.dol_print_date($db->jdate($obj->datec),'day')."</td>\n";
 
-		print '<td class="right">'.price($obj->amount,0,$langs,0,0,-1,$conf->currency)."</td>\n";
+		print '<td class="right"><span class="amount">'.price($obj->amount,0,$langs,0,0,-1,$conf->currency)."</span></td>\n";
 
 		print "</tr>\n";
 		$i++;
diff --git a/htdocs/compta/prelevement/factures.php b/htdocs/compta/prelevement/factures.php
index 23511a4a00a..9cfeb860d33 100644
--- a/htdocs/compta/prelevement/factures.php
+++ b/htdocs/compta/prelevement/factures.php
@@ -281,10 +281,10 @@ if ($resql) {
 		print "</td>\n";
 
 		// Amount of invoice
-		print '<td class="right">'.price($obj->total_ttc)."</td>\n";
+		print '<td class="right"><span class="amount">'.price($obj->total_ttc)."</span></td>\n";
 
 		// Amount requested
-		print '<td class="right">'.price($obj->amount_requested)."</td>\n";
+		print '<td class="right"><span class="amount">'.price($obj->amount_requested)."</span></td>\n";
 
 		// Status of requests
 		print '<td class="center">';
diff --git a/htdocs/compta/prelevement/fiche-rejet.php b/htdocs/compta/prelevement/fiche-rejet.php
index 9a4f209e134..b202d8ce0b7 100644
--- a/htdocs/compta/prelevement/fiche-rejet.php
+++ b/htdocs/compta/prelevement/fiche-rejet.php
@@ -222,7 +222,7 @@ if ($resql) {
 			print '</a></td>';
 			print '<td><a href="'.DOL_URL_ROOT.'/comm/card.php?socid='.$obj->socid.'">'.$obj->name."</a></td>\n";
 
-			print '<td class="right">'.price($obj->amount)."</td>\n";
+			print '<td class="right"><span class="amount">'.price($obj->amount)."</span></td>\n";
 			print '<td>'.$rej->motifs[$obj->motif].'</td>';
 
 			print '<td class="center">'.yn($obj->afacturer).'</td>';
@@ -240,7 +240,7 @@ if ($resql) {
 	if ($num > 0) {
 		print '<tr class="liste_total"><td>&nbsp;</td>';
 		print '<td class="liste_total">'.$langs->trans("Total").'</td>';
-		print '<td class="right">'.price($total)."</td>\n";
+		print '<td class="right"><span class="amount">'.price($total)."</span></td>\n";
 		print '<td colspan="3">&nbsp;</td>';
 		print "</tr>\n";
 	}
diff --git a/htdocs/compta/prelevement/index.php b/htdocs/compta/prelevement/index.php
index 6e537159721..c0d13f6b16f 100644
--- a/htdocs/compta/prelevement/index.php
+++ b/htdocs/compta/prelevement/index.php
@@ -84,9 +84,9 @@ print '</a>';
 print '</td></tr>';
 
 print '<tr class="oddeven"><td>'.$langs->trans("AmountToWithdraw").'</td>';
-print '<td class="right">';
+print '<td class="right"><span class="amount">';
 print price($bprev->SommeAPrelever('direct-debit'), '', '', 1, -1, -1, 'auto');
-print '</td></tr></table></div><br>';
+print '</span></td></tr></table></div><br>';
 
 
 
@@ -218,7 +218,7 @@ if ($result) {
 			print $bprev->getNomUrl(1);
 			print "</td>\n";
 			print '<td>'.dol_print_date($db->jdate($obj->datec), "dayhour")."</td>\n";
-			print '<td class="right">'.price($obj->amount)."</td>\n";
+			print '<td class="right"><span class="amount">'.price($obj->amount)."</span></td>\n";
 			print '<td class="right">'.$bprev->getLibStatut(3)."</td>\n";
 
 			print "</tr>\n";
diff --git a/htdocs/compta/prelevement/line.php b/htdocs/compta/prelevement/line.php
index 73c985355b1..dce5dd39b60 100644
--- a/htdocs/compta/prelevement/line.php
+++ b/htdocs/compta/prelevement/line.php
@@ -301,7 +301,7 @@ if ($id) {
 			print '<td><a href="'.DOL_URL_ROOT.'/comm/card.php?socid='.$obj->socid.'">';
 			print img_object($langs->trans("ShowCompany"), "company").' '.$obj->name."</a></td>\n";
 
-			print '<td class="right">'.price($obj->total_ttc)."</td>\n";
+			print '<td class="right"><span class="amount">'.price($obj->total_ttc)."</span></td>\n";
 
 			print '<td class="right">';
 			$invoicestatic->fetch($obj->facid);
diff --git a/htdocs/compta/prelevement/list.php b/htdocs/compta/prelevement/list.php
index a966e8e8b93..0818dbb61d1 100644
--- a/htdocs/compta/prelevement/list.php
+++ b/htdocs/compta/prelevement/list.php
@@ -266,7 +266,7 @@ if ($result) {
 
 			print '<td class="center">'.dol_print_date($db->jdate($obj->datec), 'day')."</td>\n";
 
-			print '<td class="right">'.price($obj->amount)."</td>\n";
+			print '<td class="right"><span class="amount">'.price($obj->amount)."</span></td>\n";
 
 			print '<td>&nbsp;</td>';
 
diff --git a/htdocs/compta/prelevement/orders_list.php b/htdocs/compta/prelevement/orders_list.php
index eda6be0cd98..5c6f058bff1 100644
--- a/htdocs/compta/prelevement/orders_list.php
+++ b/htdocs/compta/prelevement/orders_list.php
@@ -205,7 +205,7 @@ if ($result) {
 
 			print '<td class="center">'.dol_print_date($db->jdate($obj->datec), 'day')."</td>\n";
 
-			print '<td class="right">'.price($obj->amount)."</td>\n";
+			print '<td class="right"><span class="amount">'.price($obj->amount)."</span></td>\n";
 
 			print '<td class="right">';
 			print $bon->LibStatut($obj->statut, 3);
diff --git a/htdocs/compta/recap-compta.php b/htdocs/compta/recap-compta.php
index f7abdab9c79..9f9ee72cc6d 100644
--- a/htdocs/compta/recap-compta.php
+++ b/htdocs/compta/recap-compta.php
@@ -286,7 +286,7 @@ if ($id > 0) {
 				$totalCredit += ($data['amount'] > 0) ? 0 : abs($data['amount']);
 
 				// Balance
-				print '<td class="right">'.price($data['balance'])."</td>\n";
+				print '<td class="right"><span class="amount">'.price($data['balance'])."</span></td>\n";
 
 				// Author
 				print '<td class="nowrap right">';
diff --git a/htdocs/compta/resultat/clientfourn.php b/htdocs/compta/resultat/clientfourn.php
index a22c0c51b73..14fc650db97 100644
--- a/htdocs/compta/resultat/clientfourn.php
+++ b/htdocs/compta/resultat/clientfourn.php
@@ -311,7 +311,7 @@ if ($modecompta == 'BOOKKEEPING') {
 				print '<tr class="oddeven">';
 				print '<td>&nbsp;</td>';
 				print '<td>'.$objp->pcg_type.($objp->name ? ' ('.$objp->name.')' : '')."</td>\n";
-				print '<td class="right">'.price($objp->amount)."</td>\n";
+				print '<td class="right"><span class="amount">'.price($objp->amount)."</span></td>\n";
 				print "</tr>\n";
 
 				$total_ht += (isset($objp->amount) ? $objp->amount : 0);
@@ -350,7 +350,7 @@ if ($modecompta == 'BOOKKEEPING') {
 							print '<tr>';
 							print '<td></td>';
 							print '<td class="tdoverflowmax200"> &nbsp; &nbsp; '.length_accountg($cpt['account_number']).' - '.$cpt['account_label'].'</td>';
-							print '<td class="right">'.price($resultN).'</td>';
+							print '<td class="right"><span class="amount">'.price($resultN).'</span></td>';
 							print "</tr>\n";
 						}
 					}
@@ -420,9 +420,9 @@ if ($modecompta == 'BOOKKEEPING') {
 			print "<td>".$langs->trans("Bills").' <a href="'.DOL_URL_ROOT.'/compta/facture/list.php?socid='.$objp->socid.'">'.$objp->name."</td>\n";
 
 			if ($modecompta == 'CREANCES-DETTES') {
-				print '<td class="right">'.price($objp->amount_ht)."</td>\n";
+				print '<td class="right"><span class="amount">'.price($objp->amount_ht)."</span></td>\n";
 			}
-			print '<td class="right">'.price($objp->amount_ttc)."</td>\n";
+			print '<td class="right"><span class="amount">'.price($objp->amount_ttc)."</span></td>\n";
 
 			$total_ht += (isset($objp->amount_ht) ? $objp->amount_ht : 0);
 			$total_ttc += $objp->amount_ttc;
@@ -465,9 +465,9 @@ if ($modecompta == 'BOOKKEEPING') {
 					print "<td>".$langs->trans("Bills")." ".$langs->trans("Other")." (".$langs->trans("PaymentsNotLinkedToInvoice").")\n";
 
 					if ($modecompta == 'CREANCES-DETTES') {
-						print '<td class="right">'.price($objp->amount_ht)."</td>\n";
+						print '<td class="right"><span class="amount">'.price($objp->amount_ht)."</span></td>\n";
 					}
-					print '<td class="right">'.price($objp->amount_ttc)."</td>\n";
+					print '<td class="right"><span class="amount">'.price($objp->amount_ttc)."</span></td>\n";
 
 					$total_ht += (isset($objp->amount_ht) ? $objp->amount_ht : 0);
 					$total_ttc += $objp->amount_ttc;
@@ -557,9 +557,9 @@ if ($modecompta == 'BOOKKEEPING') {
 					print "<td>".$langs->trans("Donation")." <a href=\"".DOL_URL_ROOT."/don/list.php?search_company=".$obj->name."&search_name=".$obj->firstname." ".$obj->lastname."\">".$obj->name." ".$obj->firstname." ".$obj->lastname."</a></td>\n";
 
 					if ($modecompta == 'CREANCES-DETTES') {
-						print '<td class="right">'.price($obj->amount).'</td>';
+						print '<td class="right"><span class="amount">'.price($obj->amount).'</span></td>';
 					}
-					print '<td class="right">'.price($obj->amount).'</td>';
+					print '<td class="right"><span class="amount">'.price($obj->amount).'</span></td>';
 					print '</tr>';
 					$i++;
 				}
@@ -638,9 +638,9 @@ if ($modecompta == 'BOOKKEEPING') {
 				print "<td>".$langs->trans("Bills")." <a href=\"".DOL_URL_ROOT."/fourn/facture/list.php?socid=".$objp->socid."\">".$objp->name."</a></td>\n";
 
 				if ($modecompta == 'CREANCES-DETTES') {
-					print '<td class="right">'.price(-$objp->amount_ht)."</td>\n";
+					print '<td class="right"><span class="amount">'.price(-$objp->amount_ht)."</span></td>\n";
 				}
-				print '<td class="right">'.price(-$objp->amount_ttc)."</td>\n";
+				print '<td class="right"><span class="amount">'.price(-$objp->amount_ttc)."</span></td>\n";
 
 				$total_ht -= (isset($objp->amount_ht) ? $objp->amount_ht : 0);
 				$total_ttc -= $objp->amount_ttc;
@@ -733,9 +733,9 @@ if ($modecompta == 'BOOKKEEPING') {
 				print '<tr class="oddeven"><td>&nbsp;</td>';
 				print '<td>'.$obj->label.'</td>';
 				if ($modecompta == 'CREANCES-DETTES') {
-					print '<td class="right">'.price(-$obj->amount).'</td>';
+					print '<td class="right"><span class="amount">'.price(-$obj->amount).'</span></td>';
 				}
-				print '<td class="right">'.price(-$obj->amount).'</td>';
+				print '<td class="right"><span class="amount">'.price(-$obj->amount).'</span></td>';
 				print '</tr>';
 				$i++;
 			}
@@ -820,9 +820,9 @@ if ($modecompta == 'BOOKKEEPING') {
 				print '<tr class="oddeven"><td>&nbsp;</td>';
 				print '<td>'.$obj->label.'</td>';
 				if ($modecompta == 'CREANCES-DETTES') {
-					print '<td class="right">'.price(-$obj->amount).'</td>';
+					print '<td class="right"><span class="amount">'.price(-$obj->amount).'</span></td>';
 				}
-				print '<td class="right">'.price(-$obj->amount).'</td>';
+				print '<td class="right"><span class="amount">'.price(-$obj->amount).'</span></td>';
 				print '</tr>';
 				$i++;
 			}
@@ -903,9 +903,9 @@ if ($modecompta == 'BOOKKEEPING') {
 					print "<td>".$langs->trans("Salary")." <a href=\"".DOL_URL_ROOT."/salaries/list.php?filtre=s.fk_user=".$obj->fk_user."\">".$obj->firstname." ".$obj->lastname."</a></td>\n";
 
 					if ($modecompta == 'CREANCES-DETTES') {
-						print '<td class="right">'.price(-$obj->amount).'</td>';
+						print '<td class="right"><span class="amount">'.price(-$obj->amount).'</span></td>';
 					}
-					print '<td class="right">'.price(-$obj->amount).'</td>';
+					print '<td class="right"><span class="amount">'.price(-$obj->amount).'</span></td>';
 					print '</tr>';
 					$i++;
 				}
@@ -989,9 +989,9 @@ if ($modecompta == 'BOOKKEEPING') {
 					print "<td>".$langs->trans("ExpenseReport")." <a href=\"".DOL_URL_ROOT."/expensereport/list.php?search_user=".$obj->userid."\">".$obj->firstname." ".$obj->lastname."</a></td>\n";
 
 					if ($modecompta == 'CREANCES-DETTES') {
-						print '<td class="right">'.price(-$obj->amount_ht).'</td>';
+						print '<td class="right"><span class="amount">'.price(-$obj->amount_ht).'</span></td>';
 					}
-					print '<td class="right">'.price(-$obj->amount_ttc).'</td>';
+					print '<td class="right"><span class="amount">'.price(-$obj->amount_ttc).'</span></td>';
 					print '</tr>';
 				}
 			} else {
@@ -1050,9 +1050,9 @@ if ($modecompta == 'BOOKKEEPING') {
 			print '<tr class="oddeven"><td>&nbsp;</td>';
 			print "<td>".$langs->trans("Debit")."</td>\n";
 			if ($modecompta == 'CREANCES-DETTES') {
-				print '<td class="right">'.price(-$obj->amount).'</td>';
+				print '<td class="right"><span class="amount">'.price(-$obj->amount).'</span></td>';
 			}
-			print '<td class="right">'.price(-$obj->amount)."</td>\n";
+			print '<td class="right"><span class="amount">'.price(-$obj->amount)."</span></td>\n";
 			print "</tr>\n";
 
 			// Credit (payment received from customer for example)
@@ -1067,9 +1067,9 @@ if ($modecompta == 'BOOKKEEPING') {
 			print '<tr class="oddeven"><td>&nbsp;</td>';
 			print "<td>".$langs->trans("Credit")."</td>\n";
 			if ($modecompta == 'CREANCES-DETTES') {
-				print '<td class="right">'.price($obj->amount).'</td>';
+				print '<td class="right"><span class="amount">'.price($obj->amount).'</span></td>';
 			}
-			print '<td class="right">'.price($obj->amount)."</td>\n";
+			print '<td class="right"><span class="amount">'.price($obj->amount)."</span></td>\n";
 			print "</tr>\n";
 
 			// Total
@@ -1117,9 +1117,9 @@ if ($modecompta == 'BOOKKEEPING') {
 				print '<tr class="oddeven"><td>&nbsp;</td>';
 				print "<td>".$loan_static->getNomUrl(1).' - '.$obj->label."</td>\n";
 				if ($modecompta == 'CREANCES-DETTES') {
-					print '<td class="right">'.price(-$obj->amount).'</td>';
+					print '<td class="right"><span class="amount">'.price(-$obj->amount).'</span></td>';
 				}
-				print '<td class="right">'.price(-$obj->amount)."</td>\n";
+				print '<td class="right"><span class="amount">'.price(-$obj->amount)."</span></td>\n";
 				print "</tr>\n";
 				$subtotal_ht -= $obj->amount;
 				$subtotal_ttc -= $obj->amount;
@@ -1205,7 +1205,7 @@ if ($modecompta == 'BOOKKEEPING') {
 			print '<tr class="oddeven"><td>&nbsp;</td>';
 			print "<td>".$langs->trans("VATToPay")."</td>\n";
 			print '<td class="right">&nbsp;</td>'."\n";
-			print '<td class="right">'.price($amount)."</td>\n";
+			print '<td class="right"><span class="amount">'.price($amount)."</span></td>\n";
 			print "</tr>\n";
 
 			// VAT to retreive
@@ -1263,7 +1263,7 @@ if ($modecompta == 'BOOKKEEPING') {
 			print '<tr class="oddeven"><td>&nbsp;</td>';
 			print '<td>'.$langs->trans("VATToCollect")."</td>\n";
 			print '<td class="right">&nbsp;</td>'."\n";
-			print '<td class="right">'.price($amount)."</td>\n";
+			print '<td class="right"><span class="amount">'.price($amount)."</span></td>\n";
 			print "</tr>\n";
 		} else {
 			// VAT really already paid
@@ -1319,7 +1319,7 @@ if ($modecompta == 'BOOKKEEPING') {
 			if ($modecompta == 'CREANCES-DETTES') {
 				print '<td <class="right"></td>'."\n";
 			}
-			print '<td class="right">'.price($amount)."</td>\n";
+			print '<td class="right"><span class="amount">'.price($amount)."</span></td>\n";
 			print "</tr>\n";
 
 			// VAT really received
@@ -1375,7 +1375,7 @@ if ($modecompta == 'BOOKKEEPING') {
 			if ($modecompta == 'CREANCES-DETTES') {
 				print '<td class="right"></td>'."\n";
 			}
-			print '<td class="right">'.price($amount)."</td>\n";
+			print '<td class="right"><span class="amount">'.price($amount)."</span></td>\n";
 			print "</tr>\n";
 		}
 	}
diff --git a/htdocs/compta/resultat/result.php b/htdocs/compta/resultat/result.php
index 8ef75bf5846..67bc2d2e61f 100644
--- a/htdocs/compta/resultat/result.php
+++ b/htdocs/compta/resultat/result.php
@@ -500,18 +500,18 @@ if ($modecompta == 'CREANCES-DETTES') {
 				}
 				print '</td>';
 
-				print '<td class="right">'.price($totCat['NP']).'</td>';
-				print '<td class="right">'.price($totCat['N']).'</td>';
+				print '<td class="right"><span class="amount">'.price($totCat['NP']).'</span></td>';
+				print '<td class="right"><span class="amount">'.price($totCat['N']).'</span></td>';
 
 				// Each month
 				foreach ($totCat['M'] as $k => $v) {
 					if (($k + 1) >= $date_startmonth) {
-						print '<td class="right">'.price($v).'</td>';
+						print '<td class="right"><span class="amount">'.price($v).'</span></td>';
 					}
 				}
 				foreach ($totCat['M'] as $k => $v) {
 					if (($k + 1) < $date_startmonth) {
-						print '<td class="right">'.price($v).'</td>';
+						print '<td class="right"><span class="amount">'.price($v).'</span></td>';
 					}
 				}
 
@@ -531,20 +531,20 @@ if ($modecompta == 'CREANCES-DETTES') {
 							print ' - ';
 							print $cpt['account_label'];
 							print '</td>';
-							print '<td class="right">'.price($resultNP).'</td>';
-							print '<td class="right">'.price($resultN).'</td>';
+							print '<td class="right"><span class="amount">'.price($resultNP).'</span></td>';
+							print '<td class="right"><span class="amount">'.price($resultN).'</span></td>';
 
 							// Make one call for each month
 							foreach ($months as $k => $v) {
 								if (($k + 1) >= $date_startmonth) {
 									$resultM = $totPerAccount[$cpt['account_number']]['M'][$k];
-									print '<td class="right">'.price($resultM).'</td>';
+									print '<td class="right"><span class="amount">'.price($resultM).'</span>/td>';
 								}
 							}
 							foreach ($months as $k => $v) {
 								if (($k + 1) < $date_startmonth) {
 									$resultM = $totPerAccount[$cpt['account_number']]['M'][$k];
-									print '<td class="right">'.price($resultM).'</td>';
+									print '<td class="right"><span class="amount">'.price($resultM).'</span></td>';
 								}
 							}
 							print "</tr>\n";
diff --git a/htdocs/compta/sociales/card.php b/htdocs/compta/sociales/card.php
index c26c62fb7ed..b8562829066 100644
--- a/htdocs/compta/sociales/card.php
+++ b/htdocs/compta/sociales/card.php
@@ -677,7 +677,7 @@ if ($id > 0) {
 						}
 						print '</td>';
 					}
-					print '<td class="right">'.price($objp->amount)."</td>\n";
+					print '<td class="right"><span class="amount">'.price($objp->amount)."</span></td>\n";
 					print "</tr>";
 					$totalpaye += $objp->amount;
 					$i++;
diff --git a/htdocs/compta/sociales/class/paymentsocialcontribution.class.php b/htdocs/compta/sociales/class/paymentsocialcontribution.class.php
index 8f7f13e6043..3207e533521 100644
--- a/htdocs/compta/sociales/class/paymentsocialcontribution.class.php
+++ b/htdocs/compta/sociales/class/paymentsocialcontribution.class.php
@@ -636,7 +636,7 @@ class PaymentSocialContribution extends CommonObject
 	public function update_fk_bank($id_bank)
 	{
 		// phpcs:enable
-		$sql = "UPDATE ".MAIN_DB_PREFIX."paiementcharge SET fk_bank = ".$id_bank." WHERE rowid = ".$this->id;
+		$sql = "UPDATE ".MAIN_DB_PREFIX."paiementcharge SET fk_bank = ".((int) $id_bank)." WHERE rowid = ".$this->id;
 
 		dol_syslog(get_class($this)."::update_fk_bank", LOG_DEBUG);
 		$result = $this->db->query($sql);
diff --git a/htdocs/compta/sociales/list.php b/htdocs/compta/sociales/list.php
index 48c6936a225..0614532605f 100644
--- a/htdocs/compta/sociales/list.php
+++ b/htdocs/compta/sociales/list.php
@@ -37,6 +37,7 @@ if ($user->socid) {
 $result = restrictedArea($user, 'tax', '', '', 'charges');
 
 require_once DOL_DOCUMENT_ROOT.'/compta/sociales/class/chargesociales.class.php';
+require_once DOL_DOCUMENT_ROOT.'/compta/bank/class/account.class.php';
 require_once DOL_DOCUMENT_ROOT.'/core/class/html.formsocialcontrib.class.php';
 require_once DOL_DOCUMENT_ROOT.'/core/class/html.formother.class.php';
 require_once DOL_DOCUMENT_ROOT.'/core/lib/date.lib.php';
@@ -63,6 +64,8 @@ $search_year_lim	= GETPOST('search_year_lim', 'int');
 $search_project_ref = GETPOST('search_project_ref', 'alpha');
 $search_project = GETPOST('search_project', 'alpha');
 $search_users = GETPOST('search_users');
+$search_type = GETPOST('search_type', 'int');
+$search_account				= GETPOST('search_account', 'int');
 
 $limit = GETPOST('limit', 'int') ? GETPOST('limit', 'int') : $conf->liste_limit;
 $sortfield			= GETPOST("sortfield", 'alpha');
@@ -103,13 +106,19 @@ $arrayfields = array(
 	'cs.rowid'		=>array('label'=>"Ref", 'checked'=>1, 'position'=>10),
 	'cs.libelle'	=>array('label'=>"Label", 'checked'=>1, 'position'=>20),
 	'cs.fk_type'	=>array('label'=>"Type", 'checked'=>1, 'position'=>30),
-	'cs.fk_user'	=>array('label'=>"Employee", 'checked'=>1, 'position'=>30),
-	'p.ref'			=>array('label'=>"ProjectRef", 'checked'=>1, 'position'=>40, 'enable'=>(!empty($conf->projet->enabled))),
-	'cs.date_ech'	=>array('label'=>"Date", 'checked'=>1, 'position'=>50),
-	'cs.periode'	=>array('label'=>"PeriodEndDate", 'checked'=>1, 'position'=>60),
-	'cs.amount'		=>array('label'=>"Amount", 'checked'=>1, 'position'=>70),
-	'cs.paye'		=>array('label'=>"Status", 'checked'=>1, 'position'=>80),
+	'cs.date_ech'	=>array('label'=>"Date", 'checked'=>1, 'position'=>40),
+	'cs.periode'	=>array('label'=>"PeriodEndDate", 'checked'=>1, 'position'=>50),
+	'p.ref'			=>array('label'=>"ProjectRef", 'checked'=>1, 'position'=>60, 'enable'=>(!empty($conf->projet->enabled))),
+	'cs.fk_user'	=>array('label'=>"Employee", 'checked'=>1, 'position'=>70),
+	'cs.fk_mode_reglement'	=>array('checked'=>1, 'position'=>80, 'label'=>"DefaultPaymentMode"),
+	'cs.amount'		=>array('label'=>"Amount", 'checked'=>1, 'position'=>100),
+	'cs.paye'		=>array('label'=>"Status", 'checked'=>1, 'position'=>110),
 );
+
+if (!empty($conf->banque->enabled)) {
+	$arrayfields['cs.fk_account'] = array('checked'=>1, 'position'=>90, 'label'=>"DefaultBankAccount");
+}
+
 $arrayfields = dol_sort_array($arrayfields, 'position');
 
 // Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context
@@ -144,6 +153,8 @@ if (empty($reshook)) {
 		$search_project_ref = '';
 		$search_project = '';
 		$search_users = '';
+		$search_type = '';
+		$search_account = '';
 		$search_array_options = array();
 	}
 }
@@ -154,6 +165,7 @@ if (empty($reshook)) {
 
 $form = new Form($db);
 $formother = new FormOther($db);
+$bankstatic = new Account($db);
 $formsocialcontrib = new FormSocialContrib($db);
 $chargesociale_static = new ChargeSociales($db);
 if (!empty($conf->projet->enabled)) {
@@ -167,10 +179,13 @@ $sql .= " cs.amount, cs.date_ech, cs.libelle as label, cs.paye, cs.periode,";
 if (!empty($conf->projet->enabled)) {
 	$sql .= " p.rowid as project_id, p.ref as project_ref, p.title as project_label,";
 }
-$sql .= " c.libelle as type_label,";
-$sql .= " SUM(pc.amount) as alreadypayed";
+$sql .= " c.libelle as type_label, cs.fk_account,";
+$sql .= " ba.label as blabel, ba.ref as bref, ba.number as bnumber, ba.account_number, ba.iban_prefix as iban, ba.bic, ba.currency_code, ba.clos,";
+$sql .= " SUM(pc.amount) as alreadypayed, pay.code as payment_code";
 $sql .= " FROM ".MAIN_DB_PREFIX."c_chargesociales as c,";
 $sql .= " ".MAIN_DB_PREFIX."chargesociales as cs";
+$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."bank_account as ba ON (cs.fk_account = ba.rowid)";
+$sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'c_paiement as pay ON (cs.fk_mode_reglement = pay.id)';
 if (!empty($conf->projet->enabled)) {
 	$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."projet as p ON p.rowid = cs.fk_projet";
 }
@@ -193,6 +208,12 @@ if (!empty($conf->projet->enabled)) {
 if (!empty($search_users)) {
 	$sql .= ' AND cs.fk_user IN('.implode(', ', $search_users).')';
 }
+if (!empty($search_type) && $search_type > 0) {
+	$sql .= ' AND cs.fk_mode_reglement='.$search_type;
+}
+if (!empty($search_account) && $search_account > 0) {
+	$sql .= ' AND cs.fk_account='.$search_account;
+}
 if ($search_amount) {
 	$sql .= natural_search("cs.amount", $search_amount, 1);
 }
@@ -212,7 +233,7 @@ if ($year > 0) {
 if ($search_typeid) {
 	$sql .= " AND cs.fk_type=".$db->escape($search_typeid);
 }
-$sql .= " GROUP BY cs.rowid, cs.fk_type, cs.fk_user, cs.amount, cs.date_ech, cs.libelle, cs.paye, cs.periode, c.libelle";
+$sql .= " GROUP BY cs.rowid, cs.fk_type, cs.fk_user, cs.amount, cs.date_ech, cs.libelle, cs.paye, cs.periode, c.libelle, cs.fk_account, ba.label, ba.ref, ba.number, ba.account_number, ba.iban_prefix, ba.bic, ba.currency_code, ba.clos";
 if (!empty($conf->projet->enabled)) {
 	$sql .= ", p.rowid, p.ref, p.title";
 }
@@ -263,6 +284,12 @@ if ($search_users) {
 		$param .= '&search_users[]='.urlencode($id_user);
 	}
 }
+if ($search_type) {
+	$param .= '&search_type='.urlencode($search_type);
+}
+if ($search_account) {
+	$param .= '&search_account='.$search_account;
+}
 if ($search_status != '' && $search_status != '-1') {
 	$param .= '&search_status='.urlencode($search_status);
 }
@@ -346,19 +373,6 @@ if (!empty($arrayfields['cs.fk_type']['checked'])) {
 	print '</td>';
 }
 
-if (!empty($arrayfields['cs.fk_user']['checked'])) {
-	// Employee
-	print '<td class="liste_titre" align="left">';
-	print $form->select_dolusers($search_users, 'search_users', 1, null, 0, '', '', '0', '0', 0, '', 0, '', '', 0, 0, true);
-}
-
-// Filter: Project ref
-if (!empty($arrayfields['p.ref']['checked'])) {
-	print '<td class="liste_titre">';
-	print '<input type="text" class="flat" size="6" name="search_project_ref" value="'.$search_project_ref.'">';
-	print '</td>';
-}
-
 // Filter: Date (placeholder)
 if (!empty($arrayfields['cs.date_ech']['checked'])) {
 	print '<td class="liste_titre">';
@@ -376,6 +390,33 @@ if (!empty($arrayfields['cs.periode']['checked'])) {
 	print '</td>';
 }
 
+// Filter: Project ref
+if (!empty($arrayfields['p.ref']['checked'])) {
+	print '<td class="liste_titre">';
+	print '<input type="text" class="flat" size="6" name="search_project_ref" value="'.$search_project_ref.'">';
+	print '</td>';
+}
+
+if (!empty($arrayfields['cs.fk_user']['checked'])) {
+	// Employee
+	print '<td class="liste_titre" align="left">';
+	print $form->select_dolusers($search_users, 'search_users', 1, null, 0, '', '', '0', '0', 0, '', 0, '', '', 0, 0, true);
+}
+
+// Filter: Type
+if (!empty($arrayfields['cs.fk_mode_reglement']['checked'])) {
+	print '<td class="liste_titre left">';
+	$form->select_types_paiements($search_type, 'search_type', '', 0, 1, 1, 16);
+	print '</td>';
+}
+
+// Filter: Bank Account
+if (!empty($arrayfields['cs.fk_account']['checked'])) {
+	print '<td class="liste_titre left">';
+	$form->select_comptes($search_account, 'search_account', 0, '', 1);
+	print '</td>';
+}
+
 // Filter: Amount
 if (!empty($arrayfields['cs.amount']['checked'])) {
 	print '<td class="liste_titre right">';
@@ -416,18 +457,24 @@ if (!empty($arrayfields['cs.libelle']['checked'])) {
 if (!empty($arrayfields['cs.fk_type']['checked'])) {
 	print_liste_field_titre($arrayfields['cs.fk_type']['label'], $_SERVER["PHP_SELF"], "cs.fk_type", '', $param, 'class="left"', $sortfield, $sortorder);
 }
-if (!empty($arrayfields['cs.fk_user']['checked'])) {
-	print_liste_field_titre("Employee", $_SERVER["PHP_SELF"], "u.lastname", "", $param, 'class="left"', $sortfield, $sortorder);
-}
-if (!empty($arrayfields['p.ref']['checked'])) {
-	print_liste_field_titre($arrayfields['p.ref']['label'], $_SERVER["PHP_SELF"], "p.ref", '', $param, '', $sortfield, $sortorder);
-}
 if (!empty($arrayfields['cs.date_ech']['checked'])) {
 	print_liste_field_titre($arrayfields['cs.date_ech']['label'], $_SERVER["PHP_SELF"], "cs.date_ech", '', $param, 'align="center"', $sortfield, $sortorder);
 }
 if (!empty($arrayfields['cs.periode']['checked'])) {
 	print_liste_field_titre($arrayfields['cs.periode']['label'], $_SERVER["PHP_SELF"], "cs.periode", '', $param, 'align="center"', $sortfield, $sortorder);
 }
+if (!empty($arrayfields['p.ref']['checked'])) {
+	print_liste_field_titre($arrayfields['p.ref']['label'], $_SERVER["PHP_SELF"], "p.ref", '', $param, '', $sortfield, $sortorder);
+}
+if (!empty($arrayfields['cs.fk_user']['checked'])) {
+	print_liste_field_titre("Employee", $_SERVER["PHP_SELF"], "u.lastname", "", $param, 'class="left"', $sortfield, $sortorder);
+}
+if (!empty($arrayfields['cs.fk_mode_reglement']['checked'])) {
+	print_liste_field_titre($arrayfields['cs.fk_mode_reglement']['label'], $_SERVER["PHP_SELF"], "cs.fk_mode_reglement", '', $param, 'class="right"', $sortfield, $sortorder);
+}
+if (!empty($arrayfields['cs.fk_account']['checked'])) {
+	print_liste_field_titre($arrayfields['cs.fk_account']['label'], $_SERVER["PHP_SELF"], "cs.fk_account", '', $param, 'class="right"', $sortfield, $sortorder);
+}
 if (!empty($arrayfields['cs.amount']['checked'])) {
 	print_liste_field_titre($arrayfields['cs.amount']['label'], $_SERVER["PHP_SELF"], "cs.amount", '', $param, 'class="right"', $sortfield, $sortorder);
 }
@@ -492,37 +539,6 @@ while ($i < min($num, $limit)) {
 		}
 	}
 
-	if (!empty($arrayfields['cs.fk_user']['checked'])) {
-		// Employee
-		print "<td>";
-		if (!empty($obj->fk_user)) {
-			if (!empty($TLoadedUsers[$obj->fk_user])) {
-				$ustatic = $TLoadedUsers[$obj->fk_user];
-			} else {
-				$ustatic = new User($db);
-				$ustatic->fetch($obj->fk_user);
-				$TLoadedUsers[$obj->fk_user] = $ustatic;
-			}
-			print $ustatic->getNomUrl(-1);
-		}
-		print "</td>\n";
-		if (!$i) {
-			$totalarray['nbfield']++;
-		}
-	}
-
-	// Project ref
-	if (!empty($arrayfields['p.ref']['checked'])) {
-		print '<td class="nowrap">';
-		if ($obj->project_id > 0) {
-			print $projectstatic->getNomUrl(1);
-		}
-		print '</td>';
-		if (!$i) {
-			$totalarray['nbfield']++;
-		}
-	}
-
 	// Date
 	if (!empty($arrayfields['cs.date_ech']['checked'])) {
 		print '<td class="center">'.dol_print_date($db->jdate($obj->date_ech), 'day').'</td>';
@@ -545,6 +561,70 @@ while ($i < min($num, $limit)) {
 		}
 	}
 
+	// Project ref
+	if (!empty($arrayfields['p.ref']['checked'])) {
+		print '<td class="nowrap">';
+		if ($obj->project_id > 0) {
+			print $projectstatic->getNomUrl(1);
+		}
+		print '</td>';
+		if (!$i) {
+			$totalarray['nbfield']++;
+		}
+	}
+
+	if (!empty($arrayfields['cs.fk_user']['checked'])) {
+		// Employee
+		print "<td>";
+		if (!empty($obj->fk_user)) {
+			if (!empty($TLoadedUsers[$obj->fk_user])) {
+				$ustatic = $TLoadedUsers[$obj->fk_user];
+			} else {
+				$ustatic = new User($db);
+				$ustatic->fetch($obj->fk_user);
+				$TLoadedUsers[$obj->fk_user] = $ustatic;
+			}
+			print $ustatic->getNomUrl(-1);
+		}
+		print "</td>\n";
+		if (!$i) {
+			$totalarray['nbfield']++;
+		}
+	}
+
+	// Type
+	if (!empty($arrayfields['cs.fk_mode_reglement']['checked'])) {
+		print '<td>';
+		if (!empty($obj->payment_code)) print $langs->trans("PaymentTypeShort".$obj->payment_code);
+		print '</td>';
+		if (!$i) {
+			$totalarray['nbfield']++;
+		}
+	}
+
+	// Account
+	if (!empty($arrayfields['cs.fk_account']['checked'])) {
+		print '<td>';
+		if ($obj->fk_account > 0) {
+			$bankstatic->id = $obj->fk_account;
+			$bankstatic->ref = $obj->bref;
+			$bankstatic->number = $obj->bnumber;
+			$bankstatic->iban = $obj->iban;
+			$bankstatic->bic = $obj->bic;
+			$bankstatic->currency_code = $langs->trans("Currency".$obj->currency_code);
+			$bankstatic->account_number = $obj->account_number;
+			$bankstatic->clos = $obj->clos;
+
+			//$accountingjournal->fetch($obj->fk_accountancy_journal);
+			//$bankstatic->accountancy_journal = $accountingjournal->getNomUrl(0, 1, 1, '', 1);
+
+			$bankstatic->label = $obj->blabel;
+			print $bankstatic->getNomUrl(1);
+		}
+		print '</td>';
+		if (!$i) $totalarray['nbfield']++;
+	}
+
 	// Amount
 	if (!empty($arrayfields['cs.amount']['checked'])) {
 		print '<td class="nowrap right">'.price($obj->amount).'</td>';
diff --git a/htdocs/compta/sociales/payments.php b/htdocs/compta/sociales/payments.php
index 21f599f42dc..c11f13c14fa 100644
--- a/htdocs/compta/sociales/payments.php
+++ b/htdocs/compta/sociales/payments.php
@@ -30,6 +30,7 @@
 
 require '../../main.inc.php';
 require_once DOL_DOCUMENT_ROOT.'/compta/tva/class/tva.class.php';
+require_once DOL_DOCUMENT_ROOT.'/user/class/user.class.php';
 require_once DOL_DOCUMENT_ROOT.'/compta/sociales/class/chargesociales.class.php';
 require_once DOL_DOCUMENT_ROOT.'/compta/sociales/class/paymentsocialcontribution.class.php';
 require_once DOL_DOCUMENT_ROOT.'/salaries/class/salary.class.php';
@@ -44,7 +45,7 @@ $hookmanager = new HookManager($db);
 $hookmanager->initHooks(array('specialexpensesindex'));
 
 // Load translation files required by the page
-$langs->loadLangs(array('compta', 'bills'));
+$langs->loadLangs(array('compta', 'bills', 'hrm'));
 
 // Security check
 if ($user->socid) {
@@ -96,8 +97,10 @@ if (GETPOST('button_removefilter_x', 'alpha') || GETPOST('button_removefilter.x'
 $tva_static = new Tva($db);
 $socialcontrib = new ChargeSociales($db);
 $payment_sc_static = new PaymentSocialContribution($db);
+$userstatic = new User($db);
 $sal_static = new Salary($db);
 $accountstatic = new Account($db);
+$accountlinestatic = new AccountLine($db);
 $formsocialcontrib = new FormSocialContrib($db);
 
 $title = $langs->trans("SocialContributionsPayments");
@@ -140,13 +143,15 @@ $sql = "SELECT c.id, c.libelle as label,";
 $sql .= " cs.rowid, cs.libelle, cs.fk_type as type, cs.periode, cs.date_ech, cs.amount as total,";
 $sql .= " pc.rowid as pid, pc.datep, pc.amount as totalpaye, pc.num_paiement as num_payment, pc.fk_bank,";
 $sql .= " pct.code as payment_code,";
-$sql .= " ba.rowid as bid, ba.ref as bref, ba.number as bnumber, ba.account_number, ba.fk_accountancy_journal, ba.label as blabel";
+$sql .= " u.rowid uid, u.lastname, u.firstname, u.email, u.login, u.admin,";
+$sql .= " ba.rowid as bid, ba.ref as bref, ba.number as bnumber, ba.account_number, ba.fk_accountancy_journal, ba.label as blabel, ba.iban_prefix as iban, ba.bic, ba.currency_code, ba.clos";
 $sql .= " FROM ".MAIN_DB_PREFIX."c_chargesociales as c,";
 $sql .= " ".MAIN_DB_PREFIX."chargesociales as cs";
-$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."paiementcharge as pc ON pc.fk_charge = cs.rowid";
+$sql .= " INNER JOIN ".MAIN_DB_PREFIX."paiementcharge as pc ON pc.fk_charge = cs.rowid";
 $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_paiement as pct ON pc.fk_typepaiement = pct.id";
 $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."bank as b ON pc.fk_bank = b.rowid";
 $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."bank_account as ba ON b.fk_account = ba.rowid";
+$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."user as u ON u.rowid = cs.fk_user";
 $sql .= " WHERE cs.fk_type = c.id";
 $sql .= " AND cs.entity IN (".getEntity("tax").")";
 if ($search_sc_type > 0) {
@@ -160,7 +165,11 @@ if ($year > 0) {
 	$sql .= " OR (cs.periode IS NULL AND cs.date_ech between '".$db->idate(dol_get_first_day($year))."' AND '".$db->idate(dol_get_last_day($year))."')";
 	$sql .= ")";
 }
-if (preg_match('/^cs\./', $sortfield) || preg_match('/^c\./', $sortfield) || preg_match('/^pc\./', $sortfield) || preg_match('/^pct\./', $sortfield)) {
+if (preg_match('/^cs\./', $sortfield)
+	|| preg_match('/^c\./', $sortfield)
+	|| preg_match('/^pc\./', $sortfield)
+	|| preg_match('/^pct\./', $sortfield)
+	|| preg_match('/^u\./', $sortfield)) {
 		$sql .= $db->order($sortfield, $sortorder);
 }
 
@@ -208,8 +217,11 @@ print '<td class="liste_titre"></td>';
 print '<td class="liste_titre"></td>';
 print '<td class="liste_titre"></td>';
 print '<td class="liste_titre"></td>';
+print '<td class="liste_titre"></td>';
+print '<td class="liste_titre"></td>';
 if (!empty($conf->banque->enabled)) {
 	print '<td class="liste_titre"></td>';
+	print '<td class="liste_titre"></td>';
 }
 print '<td class="liste_titre"></td>';
 print '<td class="liste_titre center">';
@@ -219,16 +231,19 @@ print '</td>';
 print "</tr>\n";
 
 print '<tr class="liste_titre">';
-print_liste_field_titre("PeriodEndDate", $_SERVER["PHP_SELF"], "cs.date_ech", "", $param, 'width="140px"', $sortfield, $sortorder);
-print_liste_field_titre("Label", $_SERVER["PHP_SELF"], "c.libelle", "", $param, '', $sortfield, $sortorder);
-print_liste_field_titre("Type", $_SERVER["PHP_SELF"], "cs.fk_type", "", $param, '', $sortfield, $sortorder);
-print_liste_field_titre("ExpectedToPay", $_SERVER["PHP_SELF"], "cs.amount", "", $param, 'class="right"', $sortfield, $sortorder);
 print_liste_field_titre("RefPayment", $_SERVER["PHP_SELF"], "pc.rowid", "", $param, '', $sortfield, $sortorder);
+print_liste_field_titre("SocialContribution", $_SERVER["PHP_SELF"], "c.libelle", "", $param, '', $sortfield, $sortorder);
+print_liste_field_titre("Type", $_SERVER["PHP_SELF"], "cs.fk_type", "", $param, '', $sortfield, $sortorder);
+print_liste_field_titre("PeriodEndDate", $_SERVER["PHP_SELF"], "cs.date_ech", "", $param, 'width="140px"', $sortfield, $sortorder);
 print_liste_field_titre("DatePayment", $_SERVER["PHP_SELF"], "pc.datep", "", $param, 'align="center"', $sortfield, $sortorder);
-print_liste_field_titre("Type", $_SERVER["PHP_SELF"], "pct.code", "", $param, '', $sortfield, $sortorder);
+print_liste_field_titre("Employee", $_SERVER["PHP_SELF"], "u.rowid", "", $param, "", $sortfield, $sortorder);
+print_liste_field_titre("PaymentMode", $_SERVER["PHP_SELF"], "pct.code", "", $param, '', $sortfield, $sortorder);
+print_liste_field_titre("Numero", $_SERVER["PHP_SELF"], "pc.num_paiement", "", $param, '', $sortfield, $sortorder, '', 'ChequeOrTransferNumber');
 if (!empty($conf->banque->enabled)) {
+	print_liste_field_titre("BankTransactionLine", $_SERVER["PHP_SELF"], "pc.fk_bank", "", $param, '', $sortfield, $sortorder);
 	print_liste_field_titre("Account", $_SERVER["PHP_SELF"], "ba.label", "", $param, "", $sortfield, $sortorder);
 }
+print_liste_field_titre("ExpectedToPay", $_SERVER["PHP_SELF"], "cs.amount", "", $param, 'class="right"', $sortfield, $sortorder);
 print_liste_field_titre("PayedByThisPayment", $_SERVER["PHP_SELF"], "pc.amount", "", $param, 'class="right"', $sortfield, $sortorder);
 print_liste_field_titre('');
 print "</tr>\n";
@@ -246,52 +261,80 @@ $totalpaye = 0;
 while ($i < min($num, $limit)) {
 	$obj = $db->fetch_object($resql);
 	print '<tr class="oddeven">';
+	// Ref payment
+	$payment_sc_static->id = $obj->pid;
+	$payment_sc_static->ref = $obj->pid;
+	print '<td>'.$payment_sc_static->getNomUrl(1)."</td>\n";
+	// Label
+	print '<td>';
+	$socialcontrib->id = $obj->rowid;
+	$socialcontrib->ref = empty($obj->libelle) ? $obj->label : $obj->libelle;
+	$socialcontrib->label = empty($obj->libelle) ? $obj->label : $obj->libelle;
+	print $socialcontrib->getNomUrl(1, '20');
+	print '</td>';
+	// Type
+	print '<td title="'.dol_escape_htmltag($obj->label).'" class="tdmaxoverflow300">'.$obj->label.'</td>';
 	// Date
 	$date = $obj->periode;
 	if (empty($date)) {
 		$date = $obj->date_ech;
 	}
 	print '<td>'.dol_print_date($date, 'day').'</td>';
-	// Label
-	print '<td>';
-	$socialcontrib->id = $obj->rowid;
-	$socialcontrib->ref = $obj->label;
-	$socialcontrib->label = $obj->label;
-	print $socialcontrib->getNomUrl(1, '20');
-	print '</td>';
-	// Type
-	print '<td title="'.dol_escape_htmltag($obj->label).'" class="tdmaxoverflow300">'.$obj->label.'</td>';
-	// Expected to pay
-	print '<td class="right">'.price($obj->total).'</td>';
-	// Ref payment
-	$payment_sc_static->id = $obj->pid;
-	$payment_sc_static->ref = $obj->pid;
-	print '<td>'.$payment_sc_static->getNomUrl(1)."</td>\n";
 	// Date payment
 	print '<td class="center">'.dol_print_date($db->jdate($obj->datep), 'day').'</td>';
+
+	// Employee
+	print "<td>";
+	if (!empty($obj->uid)) {
+		$userstatic->id = $obj->uid;
+		$userstatic->lastname = $obj->lastname;
+		$userstatic->firstname = $obj->firstname;
+		$userstatic->admin = $obj->admin;
+		$userstatic->login = $obj->login;
+		$userstatic->email = $obj->email;
+		$userstatic->socid = $obj->fk_soc;
+		$userstatic->statut = $obj->status;
+		print $userstatic->getNomUrl(1);
+		print "</td>\n";
+	}
+
 	// Type payment
 	print '<td>';
 	if ($obj->payment_code) {
 		print $langs->trans("PaymentTypeShort".$obj->payment_code).' ';
 	}
-	print $obj->num_payment.'</td>';
+	print '</td>';
+
+	print '<td>'.$obj->num_payment.'</td>';
+
 	// Account
 	if (!empty($conf->banque->enabled)) {
+		// Bank transaction
+		print '<td>';
+		$accountlinestatic->id = $obj->fk_bank;
+		print $accountlinestatic->getNomUrl(1);
+		print '</td>';
+
 		print '<td>';
 		if ($obj->fk_bank > 0) {
-			//$accountstatic->fetch($obj->fk_bank);
 			$accountstatic->id = $obj->bid;
 			$accountstatic->ref = $obj->bref;
 			$accountstatic->number = $obj->bnumber;
 			$accountstatic->accountancy_number = $obj->account_number;
 			$accountstatic->accountancy_journal = $obj->accountancy_journal;
 			$accountstatic->label = $obj->blabel;
+			$accountstatic->iban = $obj->iban;
+			$accountstatic->bic = $obj->bic;
+			$accountstatic->currency_code = $langs->trans("Currency".$obj->currency_code);
+			$accountstatic->clos = $obj->clos;
 			print $accountstatic->getNomUrl(1);
 		} else {
 			print '&nbsp;';
 		}
 		print '</td>';
 	}
+	// Expected to pay
+	print '<td class="right">'.price($obj->total).'</td>';
 	// Paid
 	print '<td class="right">';
 	if ($obj->totalpaye) {
@@ -315,8 +358,11 @@ print '<td class="liste_total right"></td>'; // A total here has no sense
 print '<td align="center" class="liste_total">&nbsp;</td>';
 print '<td align="center" class="liste_total">&nbsp;</td>';
 print '<td align="center" class="liste_total">&nbsp;</td>';
+print '<td align="center" class="liste_total">&nbsp;</td>';
+print '<td align="center" class="liste_total">&nbsp;</td>';
 if (!empty($conf->banque->enabled)) {
 	print '<td></td>';
+	print '<td></td>';
 }
 print '<td class="liste_total right">'.price($totalpaye)."</td>";
 print '<td></td>';
diff --git a/htdocs/compta/stats/cabyprodserv.php b/htdocs/compta/stats/cabyprodserv.php
index 4ecbe6d56d0..6ca284a5f2b 100644
--- a/htdocs/compta/stats/cabyprodserv.php
+++ b/htdocs/compta/stats/cabyprodserv.php
@@ -280,6 +280,11 @@ if ($modecompta == 'CREANCES-DETTES') {
 	$sql = "SELECT DISTINCT p.rowid as rowid, p.ref as ref, p.label as label, p.fk_product_type as product_type,";
 	$sql .= " SUM(l.total_ht) as amount, SUM(l.total_ttc) as amount_ttc,";
 	$sql .= " SUM(CASE WHEN f.type = 2 THEN -l.qty ELSE l.qty END) as qty";
+
+	$parameters = array();
+	$hookmanager->executeHooks('printFieldListSelect', $parameters);
+	$sql .= $hookmanager->resPrint;
+
 	$sql .= " FROM ".MAIN_DB_PREFIX."facture as f";
 	if ($selected_soc > 0) {
 		$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as soc ON (soc.rowid = f.fk_soc)";
@@ -291,6 +296,11 @@ if ($modecompta == 'CREANCES-DETTES') {
 	} elseif ($selected_cat) { 	// Into a specific category
 		$sql .= ", ".MAIN_DB_PREFIX."categorie as c, ".MAIN_DB_PREFIX."categorie_product as cp";
 	}
+
+	$parameters = array();
+	$hookmanager->executeHooks('printFieldListFrom', $parameters);
+	$sql .= $hookmanager->resPrint;
+
 	$sql .= " WHERE l.fk_facture = f.rowid";
 	$sql .= " AND f.fk_statut in (1,2)";
 	$sql .= " AND l.product_type in (0,1)";
@@ -333,6 +343,11 @@ if ($modecompta == 'CREANCES-DETTES') {
 		$sql .= " AND soc.rowid=".$selected_soc;
 	}
 	$sql .= " AND f.entity IN (".getEntity('invoice').")";
+
+	$parameters = array();
+	$hookmanager->executeHooks('printFieldListWhere', $parameters);
+	$sql .= $hookmanager->resPrint;
+
 	$sql .= " GROUP BY p.rowid, p.ref, p.label, p.fk_product_type";
 	$sql .= $db->order($sortfield, $sortorder);
 
@@ -394,6 +409,11 @@ if ($modecompta == 'CREANCES-DETTES') {
 
 	print '<td colspan="5" class="right">';
 	print '<input type="image" class="liste_titre" name="button_search" src="'.img_picto($langs->trans("Search"), 'search.png', '', '', 1).'"  value="'.dol_escape_htmltag($langs->trans("Search")).'" title="'.dol_escape_htmltag($langs->trans("Search")).'">';
+
+	$parameters = array();
+	$reshook = $hookmanager->executeHooks('printFieldListeTitle', $parameters);
+	print $hookmanager->resPrint;
+
 	print '</td></tr>';
 
 	// Array header
diff --git a/htdocs/compta/tva/card.php b/htdocs/compta/tva/card.php
index fdb1e3336df..2a116c6376b 100755
--- a/htdocs/compta/tva/card.php
+++ b/htdocs/compta/tva/card.php
@@ -675,7 +675,7 @@ if ($id) {
 					}
 					print '</td>';
 				}
-				print '<td class="right">'.price($objp->amount)."</td>\n";
+				print '<td class="right"><span class="amount">'.price($objp->amount)."</span></td>\n";
 				print "</tr>";
 				$totalpaye += $objp->amount;
 				$i++;
diff --git a/htdocs/compta/tva/class/paymentvat.class.php b/htdocs/compta/tva/class/paymentvat.class.php
index 9ba1bd2ed1d..f8a397bdb9a 100644
--- a/htdocs/compta/tva/class/paymentvat.class.php
+++ b/htdocs/compta/tva/class/paymentvat.class.php
@@ -620,7 +620,7 @@ class PaymentVAT extends CommonObject
 	public function update_fk_bank($id_bank)
 	{
         // phpcs:enable
-		$sql = "UPDATE ".MAIN_DB_PREFIX."payment_vat SET fk_bank = ".$id_bank." WHERE rowid = ".$this->id;
+		$sql = "UPDATE ".MAIN_DB_PREFIX."payment_vat SET fk_bank = ".((int) $id_bank)." WHERE rowid = ".$this->id;
 
 		dol_syslog(get_class($this)."::update_fk_bank", LOG_DEBUG);
 		$result = $this->db->query($sql);
diff --git a/htdocs/compta/tva/clients.php b/htdocs/compta/tva/clients.php
index 5b990258672..7860f7e3c02 100644
--- a/htdocs/compta/tva/clients.php
+++ b/htdocs/compta/tva/clients.php
@@ -558,8 +558,8 @@ if (!is_array($x_coll) || !is_array($x_paye)) {
 				print '<td class="nowrap right">&nbsp;</td>';
 				print '<td class="right">&nbsp;</td>';
 			}
-			print '<td class="right">'.price(price2num($subtot_coll_total_ht, 'MT')).'</td>';
-			print '<td class="nowrap right">'.price(price2num($subtot_coll_vat, 'MT')).'</td>';
+			print '<td class="right"><span class="amount">'.price(price2num($subtot_coll_total_ht, 'MT')).'</span></td>';
+			print '<td class="nowrap right"><span class="amount">'.price(price2num($subtot_coll_vat, 'MT')).'</span></td>';
 			print '</tr>';
 		}
 	}
@@ -748,8 +748,8 @@ if (!is_array($x_coll) || !is_array($x_paye)) {
 				print '<td class="nowrap right">&nbsp;</td>';
 				print '<td class="right">&nbsp;</td>';
 			}
-			print '<td class="right">'.price(price2num($subtot_paye_total_ht, 'MT')).'</td>';
-			print '<td class="nowrap right">'.price(price2num($subtot_paye_vat, 'MT')).'</td>';
+			print '<td class="right"><span class="amount">'.price(price2num($subtot_paye_total_ht, 'MT')).'</span></td>';
+			print '<td class="nowrap right"><span class="amount">'.price(price2num($subtot_paye_vat, 'MT')).'</span></td>';
 			print '</tr>';
 		}
 	}
diff --git a/htdocs/compta/tva/list.php b/htdocs/compta/tva/list.php
index c7146023aab..16e780e4b0d 100644
--- a/htdocs/compta/tva/list.php
+++ b/htdocs/compta/tva/list.php
@@ -85,10 +85,15 @@ $arrayfields = array(
 	't.rowid'			=>array('checked'=>1, 'position'=>10, 'label'=>"Ref",),
 	't.label'			=>array('checked'=>1, 'position'=>20, 'label'=>"Label"),
 	't.datev'			=>array('checked'=>1, 'position'=>30, 'label'=>"PeriodEndDate"),
-	't.fk_typepayment'	=>array('checked'=>1, 'position'=>50, 'label'=>"Type"),
+	't.fk_typepayment'	=>array('checked'=>1, 'position'=>50, 'label'=>"DefaultPaymentMode"),
 	't.amount'			=>array('checked'=>1, 'position'=>90, 'label'=>"Amount"),
 	't.status'			=>array('checked'=>1, 'position'=>90, 'label'=>"Status"),
 );
+
+if (!empty($conf->banque->enabled)) {
+	$arrayfields['t.fk_account'] = array('checked'=>1, 'position'=>60, 'label'=>"DefaultBankAccount");
+}
+
 $arrayfields = dol_sort_array($arrayfields, 'position');
 
 // Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context
@@ -139,11 +144,14 @@ $bankline = new AccountLine($db);
 
 llxHeader('', $langs->trans("VATDeclarations"));
 
-$sql = 'SELECT t.rowid, t.amount, t.label, t.datev, t.datep, t.paye, t.fk_typepayment as type, t.num_payment, pst.code as payment_code,';
+$sql = 'SELECT t.rowid, t.amount, t.label, t.datev, t.datep, t.paye, t.fk_typepayment as type, t.fk_account,';
+$sql.= ' ba.label as blabel, ba.ref as bref, ba.number as bnumber, ba.account_number, ba.iban_prefix as iban, ba.bic, ba.currency_code, ba.clos,';
+$sql.= ' t.num_payment, pst.code as payment_code,';
 $sql .= ' SUM(ptva.amount) as alreadypayed';
 $sql .= ' FROM '.MAIN_DB_PREFIX.'tva as t';
-$sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'c_paiement as pst ON t.fk_typepayment = pst.id';
-$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."payment_vat as ptva ON ptva.fk_tva = t.rowid";
+$sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'c_paiement as pst ON (t.fk_typepayment = pst.id)';
+$sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'bank_account as ba ON (t.fk_account = ba.rowid)';
+$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."payment_vat as ptva ON (ptva.fk_tva = t.rowid)";
 $sql .= ' WHERE t.entity IN ('.getEntity($object->element).')';
 
 if (!empty($search_ref)) {
@@ -168,7 +176,7 @@ if (!empty($search_type) && $search_type > 0) {
 	$sql .= ' AND t.fk_typepayment='.$search_type;
 }
 if (!empty($search_account) && $search_account > 0) {
-	$sql .= ' AND b.fk_account='.$search_account;
+	$sql .= ' AND t.fk_account='.$search_account;
 }
 if (!empty($search_amount)) {
 	$sql .= natural_search('t.amount', price2num(trim($search_amount)), 1);
@@ -177,7 +185,7 @@ if ($search_status != '' && $search_status >= 0) {
 	$sql .= " AND t.paye = ".$db->escape($search_status);
 }
 
-$sql .= " GROUP BY t.rowid, t.amount, t.label, t.datev, t.datep, t.paye, t.fk_typepayment, t.num_payment, pst.code";
+$sql .= " GROUP BY t.rowid, t.amount, t.label, t.datev, t.datep, t.paye, t.fk_typepayment, t.fk_account, ba.label, ba.ref, ba.number, ba.account_number, ba.iban_prefix, ba.bic, ba.currency_code, ba.clos, t.num_payment, pst.code";
 $sql .= $db->order($sortfield, $sortorder);
 
 $nbtotalofrecords = '';
@@ -353,6 +361,13 @@ if (!empty($arrayfields['t.fk_typepayment']['checked'])) {
 	print '</td>';
 }
 
+// Filter: Bank Account
+if (!empty($arrayfields['t.fk_account']['checked'])) {
+	print '<td class="liste_titre left">';
+	$form->select_comptes($search_account, 'search_account', 0, '', 1);
+	print '</td>';
+}
+
 // Filter: Amount
 if (!empty($arrayfields['t.amount']['checked'])) {
 	print '<td class="liste_titre right">';
@@ -396,6 +411,9 @@ if (!empty($arrayfields['t.datev']['checked'])) {
 if (!empty($arrayfields['t.fk_typepayment']['checked'])) {
 	print_liste_field_titre($arrayfields['t.fk_typepayment']['label'], $_SERVER['PHP_SELF'], 't.fk_typepayment', '', $param, '', $sortfield, $sortorder, 'left ');
 }
+if (!empty($arrayfields['t.fk_account']['checked'])) {
+	print_liste_field_titre($arrayfields['t.fk_account']['label'], $_SERVER['PHP_SELF'], 't.fk_account', '', $param, '', $sortfield, $sortorder, 'left ');
+}
 if (!empty($arrayfields['t.amount']['checked'])) {
 	print_liste_field_titre($arrayfields['t.amount']['label'], $_SERVER['PHP_SELF'], 't.amount', '', $param, '', $sortfield, $sortorder, 'right ');
 }
@@ -462,30 +480,36 @@ while ($i < min($num, $limit)) {
 
 	// Type
 	if (!empty($arrayfields['t.fk_typepayment']['checked'])) {
-		print '<td>'.$langs->trans("PaymentTypeShort".$obj->payment_code).'</td>';
+		print '<td>';
+		if (!empty($obj->payment_code)) print $langs->trans("PaymentTypeShort".$obj->payment_code);
+		print '</td>';
 		if (!$i) {
 			$totalarray['nbfield']++;
 		}
 	}
 
 	// Account
-	/*if (!empty($arrayfields['ba.label']['checked'])) {
+	if (!empty($arrayfields['t.fk_account']['checked'])) {
 		print '<td>';
-		if ($obj->fk_bank > 0) {
-			$bankstatic->id = $obj->bid;
+		if ($obj->fk_account > 0) {
+			$bankstatic->id = $obj->fk_account;
 			$bankstatic->ref = $obj->bref;
 			$bankstatic->number = $obj->bnumber;
+			$bankstatic->iban = $obj->iban;
+			$bankstatic->bic = $obj->bic;
+			$bankstatic->currency_code = $langs->trans("Currency".$obj->currency_code);
 			$bankstatic->account_number = $obj->account_number;
+			$bankstatic->clos = $obj->clos;
 
-			$accountingjournal->fetch($obj->fk_accountancy_journal);
-			$bankstatic->accountancy_journal = $accountingjournal->getNomUrl(0, 1, 1, '', 1);
+			//$accountingjournal->fetch($obj->fk_accountancy_journal);
+			//$bankstatic->accountancy_journal = $accountingjournal->getNomUrl(0, 1, 1, '', 1);
 
 			$bankstatic->label = $obj->blabel;
 			print $bankstatic->getNomUrl(1);
 		}
 		print '</td>';
 		if (!$i) $totalarray['nbfield']++;
-	}*/
+	}
 
 	// Amount
 	if (!empty($arrayfields['t.amount']['checked'])) {
diff --git a/htdocs/compta/tva/payments.php b/htdocs/compta/tva/payments.php
index 4eec7ca85a1..83399d5a5c8 100644
--- a/htdocs/compta/tva/payments.php
+++ b/htdocs/compta/tva/payments.php
@@ -75,6 +75,7 @@ if (!$sortorder) {
 
 $tva_static = new Tva($db);
 $tva = new Tva($db);
+$accountlinestatic = new AccountLine($db);
 $payment_vat_static = new PaymentVAT($db);
 $sal_static = new PaymentSalary($db);
 
@@ -119,17 +120,21 @@ if (!empty($conf->tax->enabled) && $user->rights->tax->charges->lire) {
 	print '<table class="noborder centpercent">';
 	print '<tr class="liste_titre">';
 	print_liste_field_titre("RefPayment", $_SERVER["PHP_SELF"], "ptva.rowid", "", $param, '', $sortfield, $sortorder);
-	print_liste_field_titre("DatePayment", $_SERVER["PHP_SELF"], "ptva.datep", "", $param, 'align="center"', $sortfield, $sortorder);
-	print_liste_field_titre("Type", $_SERVER["PHP_SELF"], "pct.code", "", $param, '', $sortfield, $sortorder);
-	print_liste_field_titre("BankAccount", $_SERVER["PHP_SELF"], "bank.ref", "", $param, '', $sortfield, $sortorder);
 	print_liste_field_titre("VATDeclaration", $_SERVER["PHP_SELF"], "tva.label", "", $param, '', $sortfield, $sortorder);
-	//print_liste_field_titre("TypeContrib", $_SERVER["PHP_SELF"], "tva.fk_type", "", $param, '', $sortfield, $sortorder);
 	print_liste_field_titre("PeriodEndDate", $_SERVER["PHP_SELF"], "tva.datev", "", $param, 'width="140px"', $sortfield, $sortorder);
+	print_liste_field_titre("DatePayment", $_SERVER["PHP_SELF"], "ptva.datep", "", $param, 'align="center"', $sortfield, $sortorder);
+	print_liste_field_titre("PaymentMode", $_SERVER["PHP_SELF"], "pct.code", "", $param, '', $sortfield, $sortorder);
+	print_liste_field_titre("Numero", $_SERVER["PHP_SELF"], "pc.num_paiement", "", $param, '', $sortfield, $sortorder, '', 'ChequeOrTransferNumber');
+	if (!empty($conf->banque->enabled)) {
+		print_liste_field_titre("BankTransactionLine", $_SERVER["PHP_SELF"], "ptva.fk_bank", "", $param, '', $sortfield, $sortorder);
+		print_liste_field_titre("BankAccount", $_SERVER["PHP_SELF"], "bank.ref", "", $param, '', $sortfield, $sortorder);
+	}
+	//print_liste_field_titre("TypeContrib", $_SERVER["PHP_SELF"], "tva.fk_type", "", $param, '', $sortfield, $sortorder);
 	print_liste_field_titre("ExpectedToPay", $_SERVER["PHP_SELF"], "tva.amount", "", $param, 'class="right"', $sortfield, $sortorder);
 	print_liste_field_titre("PayedByThisPayment", $_SERVER["PHP_SELF"], "ptva.amount", "", $param, 'class="right"', $sortfield, $sortorder);
 	print "</tr>\n";
 
-	$sql = "SELECT tva.rowid, tva.label as label, b.fk_account";
+	$sql = "SELECT tva.rowid, tva.label as label, b.fk_account, ptva.fk_bank";
 	$sql .= ", tva.datev";
 	$sql .= ", tva.amount as total,";
 	$sql .= " ptva.rowid as pid, ptva.datep, ptva.amount as totalpaye, ptva.num_paiement as num_payment,";
@@ -175,22 +180,10 @@ if (!empty($conf->tax->enabled) && $user->rights->tax->charges->lire) {
 			$payment_vat_static->ref = $obj->pid;
 
 			print '<tr class="oddeven">';
+
 			// Ref payment
 			print '<td>'.$payment_vat_static->getNomUrl(1)."</td>\n";
-			// Date payment
-			print '<td class="center">'.dol_print_date($db->jdate($obj->datep), 'day').'</td>';
-			// Type payment
-			print '<td>';
-			if ($obj->payment_code) {
-				print $langs->trans("PaymentTypeShort".$obj->payment_code).' ';
-			}
-			print $obj->num_payment.'</td>';
-			// Account
-			print '<td>';
-			$account = new Account($db);
-			$account->fetch($obj->fk_account);
-			print $account->getNomUrl(1);
-			print '</td>';
+
 			// Label
 			print '<td>';
 			$tva->id = $obj->rowid;
@@ -198,13 +191,43 @@ if (!empty($conf->tax->enabled) && $user->rights->tax->charges->lire) {
 			$tva->label = $obj->label;
 			print $tva->getNomUrl(1, '20');
 			print '</td>';
-			// Type
-			//print '<td><a href="../tva/list.php?filtre=tva.fk_type:'.$obj->type.'">'.$obj->type_label.'</a></td>';
+
 			// Date
 			$date = $obj->datev;
 			print '<td>'.dol_print_date($date, 'day').'</td>';
+
+			// Date payment
+			print '<td class="center">'.dol_print_date($db->jdate($obj->datep), 'day').'</td>';
+
+			// Type payment
+			print '<td>';
+			if ($obj->payment_code) {
+				print $langs->trans("PaymentTypeShort".$obj->payment_code).' ';
+			}
+			print '</td>';
+
+			// Chq number
+			print '<td>'.$obj->num_payment.'</td>';
+
+			if (!empty($conf->banque->enabled)) {
+				// Bank transaction
+				print '<td>';
+				$accountlinestatic->id = $obj->fk_bank;
+				print $accountlinestatic->getNomUrl(1);
+				print '</td>';
+
+				// Account
+				print '<td>';
+				$account = new Account($db);
+				$account->fetch($obj->fk_account);
+				print $account->getNomUrl(1);
+				print '</td>';
+			}
+
+			// Type
+			//print '<td><a href="../tva/list.php?filtre=tva.fk_type:'.$obj->type.'">'.$obj->type_label.'</a></td>';
 			// Expected to pay
-			print '<td class="right">'.price($obj->total).'</td>';
+			print '<td class="right"><span class="amount">'.price($obj->total).'</span></td>';
 			// Paid
 			print '<td class="right">';
 			if ($obj->totalpaye) {
@@ -222,6 +245,10 @@ if (!empty($conf->tax->enabled) && $user->rights->tax->charges->lire) {
 		print '<td class="liste_total right"></td>'; // A total here has no sense
 		//print '<td align="center" class="liste_total">&nbsp;</td>';
 		print '<td align="center" class="liste_total">&nbsp;</td>';
+		if (!empty($conf->banque->enabled)) {
+			print '<td align="center" class="liste_total">&nbsp;</td>';
+			print '<td align="center" class="liste_total">&nbsp;</td>';
+		}
 		print '<td align="center" class="liste_total">&nbsp;</td>';
 		print '<td align="center" class="liste_total">&nbsp;</td>';
 		print '<td class="liste_total right">'.price($totalpaye)."</td>";
diff --git a/htdocs/compta/tva/quadri_detail.php b/htdocs/compta/tva/quadri_detail.php
index d3871968ed5..acf0bec8899 100644
--- a/htdocs/compta/tva/quadri_detail.php
+++ b/htdocs/compta/tva/quadri_detail.php
@@ -595,8 +595,8 @@ if (!is_array($x_coll) || !is_array($x_paye)) {
 			print '<td class="nowrap right">&nbsp;</td>';
 			print '<td class="right">&nbsp;</td>';
 		}
-		print '<td class="right">'.price(price2num($subtot_coll_total_ht, 'MT')).'</td>';
-		print '<td class="nowrap right">'.price(price2num($subtot_coll_vat, 'MT')).'</td>';
+		print '<td class="right"><span class="amount">'.price(price2num($subtot_coll_total_ht, 'MT')).'</span></td>';
+		print '<td class="nowrap right"><span class="amount">'.price(price2num($subtot_coll_vat, 'MT')).'</span></td>';
 		print '</tr>';
 	}
 
@@ -831,8 +831,8 @@ if (!is_array($x_coll) || !is_array($x_paye)) {
 			print '<td class="nowrap right">&nbsp;</td>';
 			print '<td class="right">&nbsp;</td>';
 		}
-		print '<td class="right">'.price(price2num($subtot_paye_total_ht, 'MT')).'</td>';
-		print '<td class="nowrap right">'.price(price2num($subtot_paye_vat, 'MT')).'</td>';
+		print '<td class="right"><span class="amount">'.price(price2num($subtot_paye_total_ht, 'MT')).'</span></td>';
+		print '<td class="nowrap right"><span class="amount">'.price(price2num($subtot_paye_vat, 'MT')).'</span></td>';
 		print '</tr>';
 	}
 
@@ -844,8 +844,8 @@ if (!is_array($x_coll) || !is_array($x_paye)) {
 			print '<td class="nowrap right">&nbsp;</td>';
 			print '<td class="right">&nbsp;</td>';
 		}
-		print '<td class="right">'.price(price2num(0, 'MT')).'</td>';
-		print '<td class="nowrap right">'.price(price2num(0, 'MT')).'</td>';
+		print '<td class="right"><span class="amount">'.price(price2num(0, 'MT')).'</span></td>';
+		print '<td class="nowrap right"><span class="amount">'.price(price2num(0, 'MT')).'</span></td>';
 		print '</tr>';
 	}
 
diff --git a/htdocs/contact/class/contact.class.php b/htdocs/contact/class/contact.class.php
index 5e0c65e1b70..6305a01c999 100644
--- a/htdocs/contact/class/contact.class.php
+++ b/htdocs/contact/class/contact.class.php
@@ -1651,7 +1651,7 @@ class Contact extends CommonObject
 
 		// Desactive utilisateur
 		$sql = "UPDATE ".MAIN_DB_PREFIX."socpeople";
-		$sql .= " SET statut = ".$this->statut;
+		$sql .= " SET statut = ".((int) $this->statut);
 		$sql .= " WHERE rowid = ".$this->id;
 		$result = $this->db->query($sql);
 
diff --git a/htdocs/contrat/card.php b/htdocs/contrat/card.php
index 88627ca0698..5c0ad2747ba 100644
--- a/htdocs/contrat/card.php
+++ b/htdocs/contrat/card.php
@@ -54,6 +54,8 @@ $langs->loadLangs(array("contracts", "orders", "companies", "bills", "products",
 
 $action = GETPOST('action', 'aZ09');
 $confirm = GETPOST('confirm', 'alpha');
+$cancel = GETPOST('cancel', 'alpha');
+
 $socid = GETPOST('socid', 'int');
 $id = GETPOST('id', 'int');
 $ref = GETPOST('ref', 'alpha');
@@ -113,7 +115,7 @@ if (empty($reshook)) {
 	include DOL_DOCUMENT_ROOT.'/core/actions_dellink.inc.php'; // Must be include, not include_once
 
 	if ($action == 'confirm_active' && $confirm == 'yes' && $user->rights->contrat->activer) {
-		$result = $object->active_line($user, GETPOST('ligne'), GETPOST('date'), GETPOST('dateend'), GETPOST('comment'));
+		$result = $object->active_line($user, GETPOST('ligne', 'int'), GETPOST('date'), GETPOST('dateend'), GETPOST('comment'));
 
 		if ($result > 0) {
 			header("Location: ".$_SERVER['PHP_SELF']."?id=".$object->id);
@@ -127,7 +129,7 @@ if (empty($reshook)) {
 			setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("DateEnd")), null, 'errors');
 		}
 		if (!$error) {
-			$result = $object->close_line($user, GETPOST('ligne'), GETPOST('dateend'), urldecode(GETPOST('comment')));
+			$result = $object->close_line($user, GETPOST('ligne', 'int'), GETPOST('dateend'), urldecode(GETPOST('comment')));
 			if ($result > 0) {
 				header("Location: ".$_SERVER['PHP_SELF']."?id=".$object->id);
 				exit;
@@ -931,10 +933,10 @@ if (empty($reshook)) {
 			}
 		} elseif ($action == 'swapstatut') {
 			// bascule du statut d'un contact
-			$result = $object->swapContactStatus(GETPOST('ligne'));
+			$result = $object->swapContactStatus(GETPOST('ligne', 'int'));
 		} elseif ($action == 'deletecontact') {
 			// Efface un contact
-			$result = $object->delete_contact(GETPOST('lineid'));
+			$result = $object->delete_contact(GETPOST('lineid', 'int'));
 
 			if ($result >= 0) {
 				header("Location: ".$_SERVER['PHP_SELF']."?id=".$object->id);
@@ -1747,25 +1749,25 @@ if ($action == 'create') {
 				'text' => $langs->trans("ConfirmMoveToAnotherContractQuestion"),
 				array('type' => 'select', 'name' => 'newcid', 'values' => $arraycontractid));
 
-				print $form->formconfirm($_SERVER["PHP_SELF"]."?id=".$object->id."&lineid=".GETPOST('rowid'), $langs->trans("MoveToAnotherContract"), $langs->trans("ConfirmMoveToAnotherContract"), "confirm_move", $formquestion);
+				print $form->formconfirm($_SERVER["PHP_SELF"]."?id=".$object->id."&lineid=".GETPOST('rowid', 'int'), $langs->trans("MoveToAnotherContract"), $langs->trans("ConfirmMoveToAnotherContract"), "confirm_move", $formquestion);
 				print '<table class="notopnoleftnoright" width="100%"><tr class="oddeven" height="6"><td></td></tr></table>';
 			}
 
 			/*
 			 * Confirmation de la validation activation
 			 */
-			if ($action == 'active' && !$_REQUEST["cancel"] && $user->rights->contrat->activer && $object->lines[$cursorline - 1]->id == GETPOST('ligne')) {
+			if ($action == 'active' && !$cancel && $user->rights->contrat->activer && $object->lines[$cursorline - 1]->id == GETPOST('ligne', 'int')) {
 				$dateactstart = dol_mktime(12, 0, 0, GETPOST('remonth'), GETPOST('reday'), GETPOST('reyear'));
 				$dateactend   = dol_mktime(12, 0, 0, GETPOST('endmonth'), GETPOST('endday'), GETPOST('endyear'));
 				$comment      = GETPOST('comment', 'alpha');
-				print $form->formconfirm($_SERVER["PHP_SELF"]."?id=".$object->id."&ligne=".GETPOST('ligne')."&date=".$dateactstart."&dateend=".$dateactend."&comment=".urlencode($comment), $langs->trans("ActivateService"), $langs->trans("ConfirmActivateService", dol_print_date($dateactstart, "%A %d %B %Y")), "confirm_active", '', 0, 1);
+				print $form->formconfirm($_SERVER["PHP_SELF"]."?id=".$object->id."&ligne=".GETPOST('ligne', 'int')."&date=".$dateactstart."&dateend=".$dateactend."&comment=".urlencode($comment), $langs->trans("ActivateService"), $langs->trans("ConfirmActivateService", dol_print_date($dateactstart, "%A %d %B %Y")), "confirm_active", '', 0, 1);
 				print '<table class="notopnoleftnoright" width="100%"><tr class="oddeven" height="6"><td></td></tr></table>';
 			}
 
 			/*
 			 * Confirmation de la validation fermeture
 			 */
-			if ($action == 'closeline' && !$_REQUEST["cancel"] && $user->rights->contrat->activer && $object->lines[$cursorline - 1]->id == GETPOST('ligne')) {
+			if ($action == 'closeline' && !$cancel && $user->rights->contrat->activer && $object->lines[$cursorline - 1]->id == GETPOST('ligne', 'int')) {
 				$dateactstart = dol_mktime(12, 0, 0, GETPOST('remonth'), GETPOST('reday'), GETPOST('reyear'));
 				$dateactend   = dol_mktime(12, 0, 0, GETPOST('endmonth'), GETPOST('endday'), GETPOST('endyear'));
 				$comment      = GETPOST('comment', 'alpha');
@@ -1843,8 +1845,8 @@ if ($action == 'create') {
 			}
 
 			// Form to activate line
-			if ($user->rights->contrat->activer && $action == 'activateline' && $object->lines[$cursorline - 1]->id == GETPOST('ligne')) {
-				print '<form name="active" action="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&amp;ligne='.GETPOST('ligne').'&amp;action=active" method="post">';
+			if ($user->rights->contrat->activer && $action == 'activateline' && $object->lines[$cursorline - 1]->id == GETPOST('ligne', 'int')) {
+				print '<form name="active" action="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&amp;ligne='.GETPOST('ligne', 'int').'&amp;action=active" method="post">';
 				print '<input type="hidden" name="token" value="'.newToken().'">';
 
 				print '<table class="noborder tableforservicepart2'.($cursorline < $nbofservices ? ' boxtablenobottom' : '').'" width="100%">';
@@ -1893,7 +1895,7 @@ if ($action == 'create') {
 				print '</form>';
 			}
 
-			if ($user->rights->contrat->activer && $action == 'unactivateline' && $object->lines[$cursorline - 1]->id == GETPOST('ligne')) {
+			if ($user->rights->contrat->activer && $action == 'unactivateline' && $object->lines[$cursorline - 1]->id == GETPOST('ligne', 'int')) {
 				/**
 				 * Disable a contract line
 				 */
diff --git a/htdocs/contrat/contact.php b/htdocs/contrat/contact.php
index 35b7268109b..3d0be4d9552 100644
--- a/htdocs/contrat/contact.php
+++ b/htdocs/contrat/contact.php
@@ -85,7 +85,7 @@ if ($action == 'addcontact' && $user->rights->contrat->creer) {
 // bascule du statut d'un contact
 if ($action == 'swapstatut' && $user->rights->contrat->creer) {
 	if ($object->fetch($id)) {
-		$result = $object->swapContactStatus(GETPOST('ligne'));
+		$result = $object->swapContactStatus(GETPOST('ligne', 'int'));
 	} else {
 		dol_print_error($db, $object->error);
 	}
@@ -94,7 +94,7 @@ if ($action == 'swapstatut' && $user->rights->contrat->creer) {
 // Delete contact
 if ($action == 'deletecontact' && $user->rights->contrat->creer) {
 	$object->fetch($id);
-	$result = $object->delete_contact($_GET["lineid"]);
+	$result = $object->delete_contact(GETPOST("lineid", 'int'));
 
 	if ($result >= 0) {
 		header("Location: ".$_SERVER['PHP_SELF']."?id=".$object->id);
diff --git a/htdocs/contrat/list.php b/htdocs/contrat/list.php
index 27cbf5a3a70..60215abb847 100644
--- a/htdocs/contrat/list.php
+++ b/htdocs/contrat/list.php
@@ -488,24 +488,24 @@ $moreforfilter = '';
 if ($user->rights->societe->client->voir || $socid) {
 	$langs->load("commercial");
 	$moreforfilter .= '<div class="divsearchfield">';
-	$moreforfilter .= $langs->trans('ThirdPartiesOfSaleRepresentative').': ';
-	$moreforfilter .= $formother->select_salesrepresentatives($search_sale, 'search_sale', $user, 0, 1, 'maxwidth200');
+	$tmpttile = $langs->trans('ThirdPartiesOfSaleRepresentative');
+	$moreforfilter .= img_picto($tmptitle, 'user', 'class="pictofixedwidth"').$formother->select_salesrepresentatives($search_sale, 'search_sale', $user, 0, $tmpttile, 'maxwidth250');
 	$moreforfilter .= '</div>';
 }
 // If the user can view other users
 if ($user->rights->user->user->lire) {
 	$moreforfilter .= '<div class="divsearchfield">';
-	$moreforfilter .= $langs->trans('LinkedToSpecificUsers').': ';
-	$moreforfilter .= $form->select_dolusers($search_user, 'search_user', 1, '', 0, '', '', 0, 0, 0, '', 0, '', 'maxwidth200');
+	$tmpttile = $langs->trans('LinkedToSpecificUsers');
+	$moreforfilter .= img_picto($tmptitle, 'user', 'class="pictofixedwidth"').$form->select_dolusers($search_user, 'search_user', $tmpttile, '', 0, '', '', 0, 0, 0, '', 0, '', 'maxwidth250');
 	$moreforfilter .= '</div>';
 }
 // If the user can view categories of products
 if (!empty($conf->categorie->enabled) && $user->rights->categorie->lire && ($user->rights->produit->lire || $user->rights->service->lire)) {
 	include_once DOL_DOCUMENT_ROOT.'/categories/class/categorie.class.php';
 	$moreforfilter .= '<div class="divsearchfield">';
-	$moreforfilter .= $langs->trans('IncludingProductWithTag').': ';
+	$tmpttile = $langs->trans('IncludingProductWithTag');
 	$cate_arbo = $form->select_all_categories(Categorie::TYPE_PRODUCT, null, 'parent', null, null, 1);
-	$moreforfilter .= $form->selectarray('search_product_category', $cate_arbo, $search_product_category, 1, 0, 0, '', 0, 0, 0, 0, 'maxwidth300', 1);
+	$moreforfilter .= img_picto($tmptitle, 'category', 'class="pictofixedwidth"').$form->selectarray('search_product_category', $cate_arbo, $search_product_category, $tmpttile, 0, 0, '', 0, 0, 0, 0, 'maxwidth300', 1);
 	$moreforfilter .= '</div>';
 }
 
diff --git a/htdocs/core/actions_massactions.inc.php b/htdocs/core/actions_massactions.inc.php
index 057443d09b4..13cb7126769 100644
--- a/htdocs/core/actions_massactions.inc.php
+++ b/htdocs/core/actions_massactions.inc.php
@@ -1321,7 +1321,7 @@ if (!$error && ($massaction == 'delete' || ($action == 'delete' && $confirm == '
 			}
 
 			if ($objectclass == "Task" && $objecttmp->hasChildren() > 0) {
-				$sql = "UPDATE ".MAIN_DB_PREFIX."projet_task SET fk_task_parent = 0 WHERE fk_task_parent = ".$objecttmp->id;
+				$sql = "UPDATE ".MAIN_DB_PREFIX."projet_task SET fk_task_parent = 0 WHERE fk_task_parent = ".((int) $objecttmp->id);
 				$res = $db->query($sql);
 
 				if (!$res) {
diff --git a/htdocs/core/boxes/box_members_by_type.php b/htdocs/core/boxes/box_members_by_type.php
index 79610a3e988..5bc05b6fabd 100644
--- a/htdocs/core/boxes/box_members_by_type.php
+++ b/htdocs/core/boxes/box_members_by_type.php
@@ -3,6 +3,7 @@
  * Copyright (C) 2004-2017 Laurent Destailleur  <eldy@users.sourceforge.net>
  * Copyright (C) 2005-2012 Regis Houssin        <regis.houssin@inodbox.com>
  * Copyright (C) 2015-2020 Frederic France      <frederic.france@netlogic.fr>
+ * Copyright (C) 2021      Waël Almoman         <info@almoman.com>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -93,12 +94,14 @@ class box_members_by_type extends ModeleBoxes
 			$MembersToValidate = array();
 			$MembersValidated = array();
 			$MemberUpToDate = array();
+			$MembersExcluded = array();
 			$MembersResiliated = array();
 
-			$SommeA = 0;
-			$SommeB = 0;
-			$SommeC = 0;
-			$SommeD = 0;
+			$SumToValidate = 0;
+			$SumValidated = 0;
+			$SumUpToDate = 0;
+			$SumResiliated = 0;
+			$SumExcluded = 0;
 
 			$AdherentType = array();
 
@@ -132,6 +135,9 @@ class box_members_by_type extends ModeleBoxes
 					if ($objp->statut == 1) {
 						$MembersValidated[$objp->rowid] = $objp->somme;
 					}
+					if ($objp->statut == -2) {
+						$MembersExcluded[$objp->rowid] = $objp->somme;
+					}
 					if ($objp->statut == 0) {
 						$MembersResiliated[$objp->rowid] = $objp->somme;
 					}
@@ -181,16 +187,22 @@ class box_members_by_type extends ModeleBoxes
 					'td' => 'class="right"',
 					'text' => $langs->trans("UpToDate"),
 				);
+				$this->info_box_contents[$line][] = array(
+					'td' => 'class="right"',
+					'text' => $langs->trans("MembersStatusExcluded"),
+				);
 				$this->info_box_contents[$line][] = array(
 					'td' => 'class="right"',
 					'text' => $langs->trans("MembersStatusResiliated"),
 				);
 				$line++;
 				foreach ($AdherentType as $key => $adhtype) {
-					$SommeA += isset($MembersToValidate[$key]) ? $MembersToValidate[$key] : 0;
-					$SommeB += isset($MembersValidated[$key]) ? $MembersValidated[$key] - (isset($MemberUpToDate[$key]) ? $MemberUpToDate[$key] : 0) : 0;
-					$SommeC += isset($MemberUpToDate[$key]) ? $MemberUpToDate[$key] : 0;
-					$SommeD += isset($MembersResiliated[$key]) ? $MembersResiliated[$key] : 0;
+					$SumToValidate += isset($MembersToValidate[$key]) ? $MembersToValidate[$key] : 0;
+					$SumValidated += isset($MembersValidated[$key]) ? $MembersValidated[$key] - (isset($MembersUpToDate[$key]) ? $MembersUpToDate[$key] : 0) : 0;
+					$SumUpToDate += isset($MembersUpToDate[$key]) ? $MembersUpToDate[$key] : 0;
+					$SumExcluded += isset($MembersExcluded[$key]) ? $MembersExcluded [$key] : 0;
+					$SumResiliated += isset($MembersResiliated[$key]) ? $MembersResiliated[$key] : 0;
+
 					$this->info_box_contents[$line][] = array(
 						'td' => 'class="tdoverflowmax150 maxwidth150onsmartphone"',
 						'text' => $adhtype->getNomUrl(1, dol_size(32)),
@@ -211,6 +223,11 @@ class box_members_by_type extends ModeleBoxes
 						'text' => (isset($MemberUpToDate[$key]) && $MemberUpToDate[$key] > 0 ? $MemberUpToDate[$key] : '') . ' ' . $staticmember->LibStatut(1, 1, $now, 3),
 						'asis' => 1,
 					);
+					$this->info_box_contents[$line][] = array(
+						'td' => 'class="right"',
+						'text' => (isset($MembersExcluded[$key]) && $MembersExcluded[$key] > 0 ? $MembersExcluded[$key] : '') . ' ' . $staticmember->LibStatut(-2, 1, $now, 3),
+						'asis' => 1,
+					);
 					$this->info_box_contents[$line][] = array(
 						'td' => 'class="right"',
 						'text' => (isset($MembersResiliated[$key]) && $MembersResiliated[$key] > 0 ? $MembersResiliated[$key] : '') . ' ' . $staticmember->LibStatut(0, 1, 0, 3),
@@ -232,22 +249,27 @@ class box_members_by_type extends ModeleBoxes
 					);
 					$this->info_box_contents[$line][] = array(
 						'td' => 'class="liste_total right"',
-						'text' => $SommeA.' '.$staticmember->LibStatut(-1, 1, 0, 3),
+						'text' => $SumToValidate.' '.$staticmember->LibStatut(-1, 1, 0, 3),
 						'asis' => 1
 					);
 					$this->info_box_contents[$line][] = array(
 						'td' => 'class="liste_total right"',
-						'text' => $SommeB.' '.$staticmember->LibStatut(1, 1, 0, 3),
+						'text' => $SumValidated.' '.$staticmember->LibStatut(1, 1, 0, 3),
 						'asis' => 1
 					);
 					$this->info_box_contents[$line][] = array(
 						'td' => 'class="liste_total right"',
-						'text' => $SommeC.' '.$staticmember->LibStatut(1, 1, $now, 3),
+						'text' => $SumUpToDate.' '.$staticmember->LibStatut(1, 1, $now, 3),
 						'asis' => 1
 					);
 					$this->info_box_contents[$line][] = array(
 						'td' => 'class="liste_total right"',
-						'text' => $SommeD.' '.$staticmember->LibStatut(0, 1, 0, 3),
+						'text' => $SumExcluded.' '.$staticmember->LibStatut(-2, 1, 0, 3),
+						'asis' => 1
+					);
+					$this->info_box_contents[$line][] = array(
+						'td' => 'class="liste_total right"',
+						'text' => $SumResiliated.' '.$staticmember->LibStatut(0, 1, 0, 3),
 						'asis' => 1
 					);
 				}
diff --git a/htdocs/core/class/canvas.class.php b/htdocs/core/class/canvas.class.php
index 7541c58a889..4ae94d43136 100644
--- a/htdocs/core/class/canvas.class.php
+++ b/htdocs/core/class/canvas.class.php
@@ -107,6 +107,7 @@ class Canvas
 		$this->card = $card;
 		$this->dirmodule = $module;
 		// Correct values if canvas is into an external module
+		$regs = array();
 		if (preg_match('/^([^@]+)@([^@]+)$/i', $canvas, $regs)) {
 			$this->canvas = $regs[1];
 			$this->dirmodule = $regs[2];
diff --git a/htdocs/core/class/commonobject.class.php b/htdocs/core/class/commonobject.class.php
index 8fa0ad9c8a5..9406c1e3ae5 100644
--- a/htdocs/core/class/commonobject.class.php
+++ b/htdocs/core/class/commonobject.class.php
@@ -358,7 +358,7 @@ abstract class CommonObject
 	/**
 	 * @var string
 	 * @deprecated
-	 * @see model_pdf
+	 * @see $model_pdf
 	 */
 	public $modelpdf;
 
@@ -1338,7 +1338,7 @@ abstract class CommonObject
 		$sql = "SELECT ec.datecreate, ec.statut, ec.fk_socpeople, ec.fk_c_type_contact,";
 		$sql .= " tc.code, tc.libelle";
 		$sql .= " FROM (".MAIN_DB_PREFIX."element_contact as ec, ".MAIN_DB_PREFIX."c_type_contact as tc)";
-		$sql .= " WHERE ec.rowid =".$rowid;
+		$sql .= " WHERE ec.rowid =".((int) $rowid);
 		$sql .= " AND ec.fk_c_type_contact=tc.rowid";
 		$sql .= " AND tc.element = '".$this->db->escape($this->element)."'";
 
@@ -2201,22 +2201,22 @@ abstract class CommonObject
 		$sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element;
 		if (!empty($this->fields['fk_project'])) {		// Common case
 			if ($projectid) {
-				$sql .= ' SET fk_project = '.$projectid;
+				$sql .= ' SET fk_project = '.((int) $projectid);
 			} else {
 				$sql .= ' SET fk_project = NULL';
 			}
-			$sql .= ' WHERE rowid = '.$this->id;
+			$sql .= ' WHERE rowid = '.((int) $this->id);
 		} elseif ($this->table_element == 'actioncomm') {	// Special case for actioncomm
 			if ($projectid) {
-				$sql .= ' SET fk_project = '.$projectid;
+				$sql .= ' SET fk_project = '.((int) $projectid);
 			} else {
 				$sql .= ' SET fk_project = NULL';
 			}
-			$sql .= ' WHERE id = '.$this->id;
+			$sql .= ' WHERE id = '.((int) $this->id);
 		} else // Special case for old architecture objects
 		{
 			if ($projectid) {
-				$sql .= ' SET fk_projet = '.$projectid;
+				$sql .= ' SET fk_projet = '.((int) $projectid);
 			} else {
 				$sql .= ' SET fk_projet = NULL';
 			}
@@ -2225,7 +2225,7 @@ abstract class CommonObject
 
 		dol_syslog(get_class($this)."::setProject", LOG_DEBUG);
 		if ($this->db->query($sql)) {
-			$this->fk_project = $projectid;
+			$this->fk_project = ((int) $projectid);
 			return 1;
 		} else {
 			dol_print_error($this->db);
@@ -2649,7 +2649,7 @@ abstract class CommonObject
 			$fieldname = 'fk_address';
 		}
 
-		$sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element." SET ".$fieldname." = ".$id;
+		$sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element." SET ".$fieldname." = ".((int) $id);
 		$sql .= " WHERE rowid = ".$this->id." AND fk_statut = 0";
 
 		if ($this->db->query($sql)) {
@@ -2695,7 +2695,7 @@ abstract class CommonObject
 		dol_syslog(get_class($this).'::setShippingMethod('.$shipping_method_id.')');
 
 		$sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element;
-		$sql .= " SET fk_shipping_method = ".$shipping_method_id;
+		$sql .= " SET fk_shipping_method = ".((int) $shipping_method_id);
 		$sql .= " WHERE rowid=".((int) $this->id);
 		$resql = $this->db->query($sql);
 		if (!$resql) {
@@ -2742,7 +2742,7 @@ abstract class CommonObject
 		dol_syslog(get_class($this).'::setWarehouse('.$warehouse_id.')');
 
 		$sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element;
-		$sql .= " SET fk_warehouse = ".$warehouse_id;
+		$sql .= " SET fk_warehouse = ".((int) $warehouse_id);
 		$sql .= " WHERE rowid=".((int) $this->id);
 
 		if ($this->db->query($sql)) {
@@ -2819,7 +2819,7 @@ abstract class CommonObject
 		dol_syslog(get_class($this).'::setBankAccount('.$fk_account.')');
 
 		$sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element;
-		$sql .= " SET fk_account = ".$fk_account;
+		$sql .= " SET fk_account = ".((int) $fk_account);
 		$sql .= " WHERE rowid=".((int) $this->id);
 
 		$resql = $this->db->query($sql);
@@ -3067,7 +3067,7 @@ abstract class CommonObject
 			$sql .= ' AND rang = '.($rang - 1);
 			if ($this->db->query($sql)) {
 				$sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element_line.' SET '.$fieldposition.' = '.($rang - 1);
-				$sql .= ' WHERE rowid = '.$rowid;
+				$sql .= ' WHERE rowid = '.((int) $rowid);
 				if (!$this->db->query($sql)) {
 					dol_print_error($this->db);
 				}
@@ -3098,7 +3098,7 @@ abstract class CommonObject
 			$sql .= ' AND rang = '.($rang + 1);
 			if ($this->db->query($sql)) {
 				$sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element_line.' SET '.$fieldposition.' = '.($rang + 1);
-				$sql .= ' WHERE rowid = '.$rowid;
+				$sql .= ' WHERE rowid = '.((int) $rowid);
 				if (!$this->db->query($sql)) {
 					dol_print_error($this->db);
 				}
@@ -8411,7 +8411,7 @@ abstract class CommonObject
 		// If we have a field ref with a default value of (PROV)
 		if (!$error) {
 			if (key_exists('ref', $this->fields) && $this->fields['ref']['notnull'] > 0 && !is_null($this->fields['ref']['default']) && $this->fields['ref']['default'] == '(PROV)') {
-				$sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element." SET ref = '(PROV".$this->id.")' WHERE (ref = '(PROV)' OR ref = '') AND rowid = ".$this->id;
+				$sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element." SET ref = '(PROV".$this->id.")' WHERE (ref = '(PROV)' OR ref = '') AND rowid = ".((int) $this->id);
 				$resqlupdate = $this->db->query($sql);
 
 				if ($resqlupdate === false) {
diff --git a/htdocs/core/class/discount.class.php b/htdocs/core/class/discount.class.php
index 4afcf295d40..a1c2b1fbf8c 100644
--- a/htdocs/core/class/discount.class.php
+++ b/htdocs/core/class/discount.class.php
@@ -421,17 +421,17 @@ class DiscountAbsolute
 		$sql = "UPDATE ".MAIN_DB_PREFIX."societe_remise_except";
 		if (!empty($this->discount_type)) {
 			if ($rowidline) {
-				$sql .= " SET fk_invoice_supplier_line = ".$rowidline;
+				$sql .= " SET fk_invoice_supplier_line = ".((int) $rowidline);
 			}
 			if ($rowidinvoice) {
-				$sql .= " SET fk_invoice_supplier = ".$rowidinvoice;
+				$sql .= " SET fk_invoice_supplier = ".((int) $rowidinvoice);
 			}
 		} else {
 			if ($rowidline) {
-				$sql .= " SET fk_facture_line = ".$rowidline;
+				$sql .= " SET fk_facture_line = ".((int) $rowidline);
 			}
 			if ($rowidinvoice) {
-				$sql .= " SET fk_facture = ".$rowidinvoice;
+				$sql .= " SET fk_facture = ".((int) $rowidinvoice);
 			}
 		}
 		$sql .= " WHERE rowid = ".$this->id;
diff --git a/htdocs/core/class/html.form.class.php b/htdocs/core/class/html.form.class.php
index f12aed42aca..628c6a2ff04 100644
--- a/htdocs/core/class/html.form.class.php
+++ b/htdocs/core/class/html.form.class.php
@@ -1931,9 +1931,9 @@ class Form
 		}
 
 		if (empty($conf->global->MAIN_FIRSTNAME_NAME_POSITION)) {	// MAIN_FIRSTNAME_NAME_POSITION is 0 means firstname+lastname
-			$sql .= " ORDER BY u.firstname ASC";
+			$sql .= " ORDER BY u.statut DESC, u.firstname ASC, u.lastname ASC";
 		} else {
-			$sql .= " ORDER BY u.lastname ASC";
+			$sql .= " ORDER BY u.statut DESC, u.lastname ASC, u.firstname ASC";
 		}
 
 		dol_syslog(get_class($this)."::select_dolusers", LOG_DEBUG);
diff --git a/htdocs/core/class/html.formcategory.class.php b/htdocs/core/class/html.formcategory.class.php
index 320a1cd2a49..518a8f93290 100644
--- a/htdocs/core/class/html.formcategory.class.php
+++ b/htdocs/core/class/html.formcategory.class.php
@@ -49,11 +49,13 @@ class FormCategory extends Form
 		$categoryArray = $this->select_all_categories($type, "", "", 64, 0, 1);
 		$categoryArray[-2] = "- ".$langs->trans('NotCategorized')." -";
 
+		$tmptitle = $langs->trans("Category");
+
 		$filter = '';
 		$filter .= '<div class="divsearchfield">';
-		$filter .= img_picto($langs->trans("Categories"), 'category', 'class="pictofixedwidth"');
+		$filter .= img_picto($tmptitle, 'category', 'class="pictofixedwidth"');
 		//$filter .= $langs->trans('Categories').": ";
-		$filter .= Form::multiselectarray($htmlName, $categoryArray, $preSelected, 0, 0, "minwidth300");
+		$filter .= Form::multiselectarray($htmlName, $categoryArray, $preSelected, 0, 0, "minwidth300", 0, 0, '', '', $tmptitle);
 		$filter .= "</div>";
 
 		return $filter;
diff --git a/htdocs/core/class/html.formcompany.class.php b/htdocs/core/class/html.formcompany.class.php
index 2af5cae96f6..7b82e5be253 100644
--- a/htdocs/core/class/html.formcompany.class.php
+++ b/htdocs/core/class/html.formcompany.class.php
@@ -713,7 +713,7 @@ class FormCompany extends Form
 			if ($resql) {
 				print '<select class="flat'.($morecss ? ' '.$morecss : '').'" id="'.$htmlname.'" name="'.$htmlname.'"';
 				if ($conf->use_javascript_ajax) {
-					$javaScript = "window.location='".$_SERVER['PHP_SELF']."?".$var_id."=".($forceid > 0 ? $forceid : $object->id).$moreparam."&".$htmlname."=' + form.".$htmlname.".options[form.".$htmlname.".selectedIndex].value;";
+					$javaScript = "window.location='".dol_escape_js($_SERVER['PHP_SELF'])."?".$var_id."=".($forceid > 0 ? $forceid : $object->id).$moreparam."&".$htmlname."=' + form.".$htmlname.".options[form.".$htmlname.".selectedIndex].value;";
 					print ' onChange="'.$javaScript.'"';
 				}
 				print '>';
diff --git a/htdocs/core/class/html.formother.class.php b/htdocs/core/class/html.formother.class.php
index 78212ca3580..18f3fd0f3ce 100644
--- a/htdocs/core/class/html.formother.class.php
+++ b/htdocs/core/class/html.formother.class.php
@@ -481,7 +481,12 @@ class FormOther
 				$sql_usr .= $hookmanager->resArray[1];
 			}
 		}
-		$sql_usr .= " ORDER BY statut DESC, lastname ASC"; // Do not use 'ORDER BY u.statut' here, not compatible with the UNION.
+
+		if (empty($conf->global->MAIN_FIRSTNAME_NAME_POSITION)) {	// MAIN_FIRSTNAME_NAME_POSITION is 0 means firstname+lastname
+			$sql_usr .= " ORDER BY status DESC, firstname ASC, lastname ASC";
+		} else {
+			$sql_usr .= " ORDER BY status DESC, lastname ASC, firstname ASC";
+		}
 		//print $sql_usr;exit;
 
 		$resql_usr = $this->db->query($sql_usr);
diff --git a/htdocs/core/lib/files.lib.php b/htdocs/core/lib/files.lib.php
index 0cd03ebb475..8c73ca6fd1c 100644
--- a/htdocs/core/lib/files.lib.php
+++ b/htdocs/core/lib/files.lib.php
@@ -2243,6 +2243,7 @@ function dol_check_secure_access_document($modulepart, $original_file, $entity,
 		$modulepart = 'user';
 	}
 
+	//print 'dol_check_secure_access_document modulepart='.$modulepart.' original_file='.$original_file.' entity='.$entity;
 	dol_syslog('dol_check_secure_access_document modulepart='.$modulepart.' original_file='.$original_file.' entity='.$entity);
 
 	// We define $accessallowed and $sqlprotectagainstexternals
@@ -2727,7 +2728,7 @@ function dol_check_secure_access_document($modulepart, $original_file, $entity,
 	} elseif ($modulepart == 'export' && !empty($conf->export->dir_temp)) {
 		// Wrapping for export module
 		// Note that a test may not be required because we force the dir of download on the directory of the user that export
-		$accessallowed = $user->rights->export->run;
+		$accessallowed = $user->rights->export->lire;
 		$original_file = $conf->export->dir_temp.'/'.$fuser->id.'/'.$original_file;
 	} elseif ($modulepart == 'import' && !empty($conf->import->dir_temp)) {
 		// Wrapping for import module
diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php
index 403aa59e66a..e7a47edf5d2 100644
--- a/htdocs/core/lib/functions.lib.php
+++ b/htdocs/core/lib/functions.lib.php
@@ -9,14 +9,14 @@
  * Copyright (C) 2008		Raphael Bertrand (Resultic)	<raphael.bertrand@resultic.fr>
  * Copyright (C) 2010-2018	Juanjo Menent				<jmenent@2byte.es>
  * Copyright (C) 2013		Cédric Salvador				<csalvador@gpcsolutions.fr>
- * Copyright (C) 2013-2017	Alexandre Spangaro			<aspangaro@open-dsi.fr>
+ * Copyright (C) 2013-2021	Alexandre Spangaro			<aspangaro@open-dsi.fr>
  * Copyright (C) 2014		Cédric GROSS				<c.gross@kreiz-it.fr>
  * Copyright (C) 2014-2015	Marcos García				<marcosgdf@gmail.com>
  * Copyright (C) 2015		Jean-François Ferry			<jfefe@aternatik.fr>
  * Copyright (C) 2018-2021  Frédéric France             <frederic.france@netlogic.fr>
  * Copyright (C) 2019       Thibault Foucart            <support@ptibogxiv.net>
  * Copyright (C) 2020       Open-Dsi         			<support@open-dsi.fr>
- * Copyright (C) 2021       Gauthier VERDOL         <gauthier.verdol@atm-consulting.fr>
+ * Copyright (C) 2021       Gauthier VERDOL         	<gauthier.verdol@atm-consulting.fr>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -746,12 +746,14 @@ function checkVal($out = '', $check = 'alphanohtml', $filter = null, $options =
 		case 'alpha':		// No html and no ../ and "
 		case 'alphanohtml':	// Recommended for most scalar parameters and search parameters
 			if (!is_array($out)) {
-				$out = dol_string_nohtmltag($out, 0);
-				// '"' is dangerous because param in url can close the href= or src= and add javascript functions.
-				// '../' is dangerous because it allows dir transversals
 				$out = trim($out);
 				do {
 					$oldstringtoclean = $out;
+					// Remove html tags
+					$out = dol_string_nohtmltag($out, 0);
+					// Remove also other dangerous string sequences
+					// '"' is dangerous because param in url can close the href= or src= and add javascript functions.
+					// '../' is dangerous because it allows dir transversals
 					// Note &#38, '&#0000038', '&#x26'... is a simple char like '&' alone but there is no reason to accept such way to encode input data.
 					$out = str_ireplace(array('&#38', '&#0000038', '&#x26', '&quot', '&#34', '&#0000034', '&#x22', '"', '&#47', '&#0000047', '&#x2F', '../'), '', $out);
 				} while ($oldstringtoclean != $out);
@@ -760,25 +762,28 @@ function checkVal($out = '', $check = 'alphanohtml', $filter = null, $options =
 			break;
 		case 'alphawithlgt':		// No " and no ../ but we keep balanced < > tags with no special chars inside. Can be used for email string like "Name <email>"
 			if (!is_array($out)) {
-				$out = dol_html_entity_decode($out, ENT_COMPAT | ENT_HTML5, 'UTF-8');
-				// '"' is dangerous because param in url can close the href= or src= and add javascript functions.
-				// '../' is dangerous because it allows dir transversals
 				$out = trim($out);
 				do {
 					$oldstringtoclean = $out;
+					// Remove html tags
+					$out = dol_html_entity_decode($out, ENT_COMPAT | ENT_HTML5, 'UTF-8');
+					// '"' is dangerous because param in url can close the href= or src= and add javascript functions.
+					// '../' is dangerous because it allows dir transversals
 					// Note &#38, '&#0000038', '&#x26'... is a simple char like '&' alone but there is no reason to accept such way to encode input data.
 					$out = str_ireplace(array('&#38', '&#0000038', '&#x26', '&quot', '&#34', '&#0000034', '&#x22', '"', '&#47', '&#0000047', '&#x2F', '../'), '', $out);
 				} while ($oldstringtoclean != $out);
 			}
 			break;
 		case 'restricthtml':		// Recommended for most html textarea
-			$out = dol_string_onlythesehtmltags($out, 0, 1, 1);
-
-			// We should also exclude non expected attributes
-			if (!empty($conf->global->MAIN_RESTRICTHTML_REMOVE_ALSO_BAD_ATTRIBUTES)) {
-				$out = dol_string_onlythesehtmlattributes($out);
-			}
+			do {
+				$oldstringtoclean = $out;
+				$out = dol_string_onlythesehtmltags($out, 0, 1, 1);
 
+				// We should also exclude non expected attributes
+				if (!empty($conf->global->MAIN_RESTRICTHTML_REMOVE_ALSO_BAD_ATTRIBUTES)) {
+					$out = dol_string_onlythesehtmlattributes($out);
+				}
+			} while ($oldstringtoclean != $out);
 			break;
 		case 'custom':
 			if (empty($filter)) {
@@ -3605,7 +3610,7 @@ function img_picto($titlealt, $picto, $moreatt = '', $pictoisfullpath = false, $
 				'salary'=>'wallet', 'shipment'=>'dolly', 'stock'=>'box-open', 'stats' => 'chart-bar', 'split'=>'code-branch', 'stripe'=>'stripe-s', 'supplier_invoice'=>'file-invoice-dollar', 'technic'=>'cogs', 'ticket'=>'ticket-alt',
 				'timespent'=>'clock', 'title_setup'=>'tools', 'title_accountancy'=>'money-check-alt', 'title_bank'=>'university', 'title_hrm'=>'umbrella-beach',
 				'title_agenda'=>'calendar-alt',
-				'uparrow'=>'mail-forward', 'vcard'=>'address-card',
+				'uparrow'=>'share', 'vcard'=>'address-card',
 				'jabber'=>'comment-o',
 				'website'=>'globe-americas',
 				'conferenceorbooth'=>'chalkboard-teacher', 'eventorganization'=>'project-diagram'
diff --git a/htdocs/core/lib/loan.lib.php b/htdocs/core/lib/loan.lib.php
index c86d0ecce13..4692c0b938b 100644
--- a/htdocs/core/lib/loan.lib.php
+++ b/htdocs/core/lib/loan.lib.php
@@ -90,20 +90,27 @@ function loan_prepare_head($object)
 /**
  * Calculate remaining loan mensuality and interests
  *
- * @param   int     $mens		Value of this mensuality (interests include, set 0 if we don't paid interests for this mensuality)
- * @param   float   $capital    Remaining capital for this mensuality
- * @param   float   $rate		Loan rate
- * @param   int     $echance	Actual loan term
- * @param   int   	$nbterm  	Total number of term for this loan
- * @return  array				Array with remaining capital, interest, and mensuality for each remaining terms
+ * @param   float   $mens				Value of this mensuality (interests include, set 0 if we don't paid interests for this mensuality)
+ * @param   float   $capital    		Remaining capital for this mensuality
+ * @param   float   $rate				Loan rate
+ * @param   int     $numactualloadterm	Actual loan term
+ * @param   int   	$nbterm  			Total number of term for this loan
+ * @return  array						Array with remaining capital, interest, and mensuality for each remaining terms
  */
-function loanCalcMonthlyPayment($mens, $capital, $rate, $echance, $nbterm)
+function loanCalcMonthlyPayment($mens, $capital, $rate, $numactualloadterm, $nbterm)
 {
 	global $conf, $db;
 	require_once DOL_DOCUMENT_ROOT.'/loan/class/loanschedule.class.php';
 	$object = new LoanSchedule($db);
 	$output = array();
 
+	// Sanitize data in case of
+	$mens = price2num($mens);
+	$capital = price2num($capital);
+	$rate = price2num($rate);
+	$numactualloadterm = ((int) $numactualloadterm);
+	$nbterm = ((int) $nbterm);
+
 	// If mensuality is 0 we don't pay interests and remaining capital not modified
 	if ($mens == 0) {
 		$int = 0;
@@ -113,18 +120,18 @@ function loanCalcMonthlyPayment($mens, $capital, $rate, $echance, $nbterm)
 		$int = round($int, 2, PHP_ROUND_HALF_UP);
 		$cap_rest = round($capital - ($mens - $int), 2, PHP_ROUND_HALF_UP);
 	}
-	$output[$echance] = array('cap_rest'=>$cap_rest, 'cap_rest_str'=>price($cap_rest, 0, '', 1, -1, -1, $conf->currency), 'interet'=>$int, 'interet_str'=>price($int, 0, '', 1, -1, -1, $conf->currency), 'mens'=>$mens);
+	$output[$numactualloadterm] = array('cap_rest'=>$cap_rest, 'cap_rest_str'=>price($cap_rest, 0, '', 1, -1, -1, $conf->currency), 'interet'=>$int, 'interet_str'=>price($int, 0, '', 1, -1, -1, $conf->currency), 'mens'=>$mens);
 
-	$echance++;
+	$numactualloadterm++;
 	$capital = $cap_rest;
-	while ($echance <= $nbterm) {
-		$mens = round($object->calcMonthlyPayments($capital, $rate, $nbterm - $echance + 1), 2, PHP_ROUND_HALF_UP);
+	while ($numactualloadterm <= $nbterm) {
+		$mens = round($object->calcMonthlyPayments($capital, $rate, $nbterm - $numactualloadterm + 1), 2, PHP_ROUND_HALF_UP);
 
 		$int = ($capital * ($rate / 12));
 		$int = round($int, 2, PHP_ROUND_HALF_UP);
 		$cap_rest = round($capital - ($mens - $int), 2, PHP_ROUND_HALF_UP);
 
-		$output[$echance] = array(
+		$output[$numactualloadterm] = array(
 			'cap_rest' => $cap_rest,
 			'cap_rest_str' => price($cap_rest, 0, '', 1, -1, -1, $conf->currency),
 			'interet' => $int,
@@ -133,7 +140,7 @@ function loanCalcMonthlyPayment($mens, $capital, $rate, $echance, $nbterm)
 		);
 
 		$capital = $cap_rest;
-		$echance++;
+		$numactualloadterm++;
 	}
 
 	return $output;
diff --git a/htdocs/core/menus/standard/eldy.lib.php b/htdocs/core/menus/standard/eldy.lib.php
index 99fcea707e2..be02fb46408 100644
--- a/htdocs/core/menus/standard/eldy.lib.php
+++ b/htdocs/core/menus/standard/eldy.lib.php
@@ -322,7 +322,7 @@ function print_eldy_menu($db, $atarget, $type_user, &$tabMenu, &$menu, $noout =
 		'id' => $id,
 		'idsel' => 'bank',
 		'classname' =>  $classname = ($_SESSION["mainmenu"] && $_SESSION["mainmenu"] == "bank") ? 'class="tmenusel"' : 'class="tmenu"',
-		'prefix' => img_picto('', 'bank', 'class="fa-fw paddingright"'),
+		'prefix' => img_picto('', 'bank_account', 'class="fa-fw paddingright"'),
 		'session' => (($_SESSION["mainmenu"] && $_SESSION["mainmenu"] == "bank") ? 0 : 1),
 		'loadLangs' => array("compta", "banks"),
 		'submenus' => array(),
@@ -347,7 +347,7 @@ function print_eldy_menu($db, $atarget, $type_user, &$tabMenu, &$menu, $noout =
 		'id' => $id,
 		'idsel' => 'accountancy',
 		'classname' =>  $classname = ($_SESSION["mainmenu"] && $_SESSION["mainmenu"] == "accountancy") ? 'class="tmenusel"' : 'class="tmenu"',
-		'prefix' => img_picto('', 'account', 'class="fa-fw paddingright"'),
+		'prefix' => img_picto('', 'accountancy', 'class="fa-fw paddingright"'),
 		'session' => (($_SESSION["mainmenu"] && $_SESSION["mainmenu"] == "accountancy") ? 0 : 1),
 		'loadLangs' => array("compta", "accountancy", "assets", "intracommreport"),
 		'submenus' => array(),
diff --git a/htdocs/core/modules/commande/doc/pdf_einstein.modules.php b/htdocs/core/modules/commande/doc/pdf_einstein.modules.php
index ebae616c45b..73a50ea47c2 100644
--- a/htdocs/core/modules/commande/doc/pdf_einstein.modules.php
+++ b/htdocs/core/modules/commande/doc/pdf_einstein.modules.php
@@ -278,6 +278,9 @@ class pdf_einstein extends ModelePDFCommandes
 				global $action;
 				$reshook = $hookmanager->executeHooks('beforePDFCreation', $parameters, $object, $action); // Note that $action and $object may have been modified by some hooks
 
+				// Set nblines with the new command lines content after hook
+				$nblines = count($object->lines);
+
 				// Create pdf instance
 				$pdf = pdf_getInstance($this->format);
 				$default_font_size = pdf_getPDFFontSize($outputlangs); // Must be after pdf_getInstance
diff --git a/htdocs/core/modules/commande/doc/pdf_eratosthene.modules.php b/htdocs/core/modules/commande/doc/pdf_eratosthene.modules.php
index 17837529354..708bb491610 100644
--- a/htdocs/core/modules/commande/doc/pdf_eratosthene.modules.php
+++ b/htdocs/core/modules/commande/doc/pdf_eratosthene.modules.php
@@ -323,6 +323,9 @@ class pdf_eratosthene extends ModelePDFCommandes
 				global $action;
 				$reshook = $hookmanager->executeHooks('beforePDFCreation', $parameters, $object, $action); // Note that $action and $object may have been modified by some hooks
 
+				// Set nblines with the new command lines content after hook
+				$nblines = count($object->lines);
+
 				// Create pdf instance
 				$pdf = pdf_getInstance($this->format);
 				$default_font_size = pdf_getPDFFontSize($outputlangs); // Must be after pdf_getInstance
diff --git a/htdocs/core/modules/mailings/modules_mailings.php b/htdocs/core/modules/mailings/modules_mailings.php
index cb7eb93b074..96dc6de934f 100644
--- a/htdocs/core/modules/mailings/modules_mailings.php
+++ b/htdocs/core/modules/mailings/modules_mailings.php
@@ -132,14 +132,14 @@ class MailingTargets // This can't be abstract as it is used for some method
 		// phpcs:enable
 		// Mise a jour nombre de destinataire dans table des mailings
 		$sql = "SELECT COUNT(*) nb FROM ".MAIN_DB_PREFIX."mailing_cibles";
-		$sql .= " WHERE fk_mailing = ".$mailing_id;
+		$sql .= " WHERE fk_mailing = ".((int) $mailing_id);
 		$result = $this->db->query($sql);
 		if ($result) {
 			$obj = $this->db->fetch_object($result);
 			$nb = $obj->nb;
 
 			$sql = "UPDATE ".MAIN_DB_PREFIX."mailing";
-			$sql .= " SET nbemail = ".$nb." WHERE rowid = ".$mailing_id;
+			$sql .= " SET nbemail = ".$nb." WHERE rowid = ".((int) $mailing_id);
 			if (!$this->db->query($sql)) {
 				dol_syslog($this->db->error());
 				$this->error = $this->db->error();
diff --git a/htdocs/core/modules/modCashDesk.class.php b/htdocs/core/modules/modCashDesk.class.php
index 8e9ca1131b9..ba6c7ddce6c 100644
--- a/htdocs/core/modules/modCashDesk.class.php
+++ b/htdocs/core/modules/modCashDesk.class.php
@@ -98,6 +98,8 @@ class modCashDesk extends DolibarrModules
 									'type'=>'top', // This is a Top menu entry
 									'titre'=>'PointOfSaleShort',
 									'mainmenu'=>'cashdesk',
+									'leftmenu'=>'',
+									'prefix' => img_picto('', $this->picto, 'class="paddingright pictofixedwidth"'),
 									'url'=>'/cashdesk/index.php?user=__USER_LOGIN__',
 									'langs'=>'cashdesk', // Lang file to use (without .lang) by module. File must be in langs/code_CODE/ directory.
 									'position'=>900,
diff --git a/htdocs/core/modules/modExport.class.php b/htdocs/core/modules/modExport.class.php
index 6a47b7b74fd..278a70e6339 100644
--- a/htdocs/core/modules/modExport.class.php
+++ b/htdocs/core/modules/modExport.class.php
@@ -78,14 +78,14 @@ class modExport extends DolibarrModules
 
 		$r++;
 		$this->rights[$r][0] = 1201;
-		$this->rights[$r][1] = 'Lire les exports';
+		$this->rights[$r][1] = 'Read exports';
 		$this->rights[$r][2] = 'r';
 		$this->rights[$r][3] = 0;
 		$this->rights[$r][4] = 'lire';
 
 		$r++;
 		$this->rights[$r][0] = 1202;
-		$this->rights[$r][1] = 'Creer/modifier un export';
+		$this->rights[$r][1] = 'Creeate/modify export';
 		$this->rights[$r][2] = 'w';
 		$this->rights[$r][3] = 0;
 		$this->rights[$r][4] = 'creer';
diff --git a/htdocs/core/modules/modFacture.class.php b/htdocs/core/modules/modFacture.class.php
index efa3aeea536..25653fb216a 100644
--- a/htdocs/core/modules/modFacture.class.php
+++ b/htdocs/core/modules/modFacture.class.php
@@ -4,6 +4,7 @@
  * Copyright (C) 2004		Sebastien Di Cintio		<sdicintio@ressource-toi.org>
  * Copyright (C) 2004		Benoit Mortier			<benoit.mortier@opensides.be>
  * Copyright (C) 2005-2012	Regis Houssin			<regis.houssin@inodbox.com>
+ * Copyright (C) 2021		Alexandre Spangaro		<aspangaro@open-dsi.fr>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -206,6 +207,7 @@ class modFacture extends DolibarrModules
 		//--------
 		$r = 1;
 
+		$alias_product_accounting = empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED) ? "pa" : "p";
 		$this->export_code[$r] = $this->rights_class.'_'.$r;
 		$this->export_label[$r] = 'CustomersInvoicesAndInvoiceLines'; // Translation key (used only if key ExportDataset_xxx_z not found)
 		$this->export_icon[$r] = 'invoice';
@@ -226,7 +228,7 @@ class modFacture extends DolibarrModules
 			'fd.subprice'=>"LineUnitPrice", 'fd.tva_tx'=>"LineVATRate", 'fd.qty'=>"LineQty", 'fd.total_ht'=>"LineTotalHT", 'fd.total_tva'=>"LineTotalVAT",
 			'fd.total_ttc'=>"LineTotalTTC", 'fd.date_start'=>"DateStart", 'fd.date_end'=>"DateEnd", 'fd.special_code'=>'SpecialCode',
 			'fd.product_type'=>"TypeOfLineServiceOrProduct", 'fd.fk_product'=>'ProductId', 'p.ref'=>'ProductRef', 'p.label'=>'ProductLabel',
-			'p.accountancy_code_sell'=>'ProductAccountancySellCode'
+			$alias_product_accounting . '.accountancy_code_sell'=>'ProductAccountancySellCode'
 		);
 		if (!empty($conf->multicurrency->enabled)) {
 			$this->export_fields_array[$r]['f.multicurrency_code'] = 'Currency';
@@ -249,7 +251,7 @@ class modFacture extends DolibarrModules
 			'pj.ref'=>'Text', 'pj.title'=>'Text', 'fd.rowid'=>'Numeric', 'fd.label'=>'Text', 'fd.description'=>"Text", 'fd.subprice'=>"Numeric", 'fd.tva_tx'=>"Numeric",
 			'fd.qty'=>"Numeric", 'fd.total_ht'=>"Numeric", 'fd.total_tva'=>"Numeric", 'fd.total_ttc'=>"Numeric", 'fd.date_start'=>"Date", 'fd.date_end'=>"Date",
 			'fd.special_code'=>'Numeric', 'fd.product_type'=>"Numeric", 'fd.fk_product'=>'List:product:label', 'p.ref'=>'Text', 'p.label'=>'Text',
-			'p.accountancy_code_sell'=>'Text'
+			$alias_product_accounting . '.accountancy_code_sell'=>'Text'
 		);
 		if (!empty($conf->cashdesk->enabled) || !empty($conf->takepos->enabled) || !empty($conf->global->INVOICE_SHOW_POS)) {
 			$this->export_TypeFields_array[$r]['f.module_source'] = 'Text';
@@ -261,7 +263,7 @@ class modFacture extends DolibarrModules
 			's.tva_intra'=>'company', 'pj.ref'=>'project', 'pj.title'=>'project', 'fd.rowid'=>'invoice_line', 'fd.label'=>"invoice_line", 'fd.description'=>"invoice_line",
 			'fd.subprice'=>"invoice_line", 'fd.total_ht'=>"invoice_line", 'fd.total_tva'=>"invoice_line", 'fd.total_ttc'=>"invoice_line", 'fd.tva_tx'=>"invoice_line",
 			'fd.qty'=>"invoice_line", 'fd.date_start'=>"invoice_line", 'fd.date_end'=>"invoice_line", 'fd.special_code'=>'invoice_line',
-			'fd.product_type'=>'invoice_line', 'fd.fk_product'=>'product', 'p.ref'=>'product', 'p.label'=>'product', 'p.accountancy_code_sell'=>'product',
+			'fd.product_type'=>'invoice_line', 'fd.fk_product'=>'product', 'p.ref'=>'product', 'p.label'=>'product', $alias_product_accounting . '.accountancy_code_sell'=>'product',
 			'f.fk_user_author'=>'user', 'uc.login'=>'user', 'f.fk_user_valid'=>'user', 'uv.login'=>'user'
 		);
 		$this->export_special_array[$r] = array('none.rest'=>'getRemainToPay');
@@ -293,6 +295,9 @@ class modFacture extends DolibarrModules
 		$this->export_sql_end[$r] .= ' , '.MAIN_DB_PREFIX.'facturedet as fd';
 		$this->export_sql_end[$r] .= ' LEFT JOIN '.MAIN_DB_PREFIX.'facturedet_extrafields as extra2 on fd.rowid = extra2.fk_object';
 		$this->export_sql_end[$r] .= ' LEFT JOIN '.MAIN_DB_PREFIX.'product as p on (fd.fk_product = p.rowid)';
+		if (!empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED)) {
+			$this->export_sql_end[$r] .= " LEFT JOIN " . MAIN_DB_PREFIX . "product_accounting as pa ON pa.fk_product = p.rowid AND pa.entity = " . ((int) $conf->entity);
+		}
 		$this->export_sql_end[$r] .= ' LEFT JOIN '.MAIN_DB_PREFIX.'product_extrafields as extra3 on p.rowid = extra3.fk_object';
 		$this->export_sql_end[$r] .= ' WHERE f.fk_soc = s.rowid AND f.rowid = fd.fk_facture';
 		$this->export_sql_end[$r] .= ' AND f.entity IN ('.getEntity('invoice').')';
diff --git a/htdocs/core/modules/modProduct.class.php b/htdocs/core/modules/modProduct.class.php
index 2599f2f19fb..85cf49ebf73 100644
--- a/htdocs/core/modules/modProduct.class.php
+++ b/htdocs/core/modules/modProduct.class.php
@@ -1,13 +1,13 @@
 <?php
-/* Copyright (C) 2003      Rodolphe Quiedeville <rodolphe@quiedeville.org>
- * Copyright (C) 2004-2012 Laurent Destailleur  <eldy@users.sourceforge.net>
- * Copyright (C) 2004      Sebastien Di Cintio  <sdicintio@ressource-toi.org>
- * Copyright (C) 2004      Benoit Mortier       <benoit.mortier@opensides.be>
- * Copyright (C) 2005-2012 Regis Houssin        <regis.houssin@inodbox.com>
- * Copyright (C) 2012-2013 Juanjo Menent		<jmenent@2byte.es>
- * Copyright (C) 2014      Christophe Battarel	<contact@altairis.fr>
- * Copyright (C) 2014      Cedric Gross			<c.gross@kreiz-it.fr>
- * Copyright (C) 2020	   Alexandre Spangaro	<aspangaro@open-dsi.fr>
+/* Copyright (C) 2003		Rodolphe Quiedeville	<rodolphe@quiedeville.org>
+ * Copyright (C) 2004-2012	Laurent Destailleur		<eldy@users.sourceforge.net>
+ * Copyright (C) 2004		Sebastien Di Cintio		<sdicintio@ressource-toi.org>
+ * Copyright (C) 2004		Benoit Mortier			<benoit.mortier@opensides.be>
+ * Copyright (C) 2005-2012	Regis Houssin			<regis.houssin@inodbox.com>
+ * Copyright (C) 2012-2013	Juanjo Menent			<jmenent@2byte.es>
+ * Copyright (C) 2014		Christophe Battarel		<contact@altairis.fr>
+ * Copyright (C) 2014		Cedric Gross			<c.gross@kreiz-it.fr>
+ * Copyright (C) 2020-2021	Alexandre Spangaro		<aspangaro@open-dsi.fr>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -176,6 +176,7 @@ class modProduct extends DolibarrModules
 		//--------
 		$r = 0;
 
+		$alias_product_accounting = empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED) ? "pa" : "p";
 		$r++;
 		$this->export_code[$r] = $this->rights_class.'_'.$r;
 		$this->export_label[$r] = "Products"; // Translation key (used only if key ExportDataset_xxx_z not found)
@@ -185,9 +186,9 @@ class modProduct extends DolibarrModules
 			'p.fk_product_type'=>'Type', 'p.tosell'=>"OnSell", 'p.tobuy'=>"OnBuy",
 			'p.description'=>"Description", 'p.url'=>"PublicUrl",
 			'p.customcode'=>'CustomCode', 'p.fk_country'=>'IDCountry',
-			'p.accountancy_code_sell'=>"ProductAccountancySellCode", 'p.accountancy_code_sell_intra'=>"ProductAccountancySellIntraCode",
-			'p.accountancy_code_sell_export'=>"ProductAccountancySellExportCode", 'p.accountancy_code_buy'=>"ProductAccountancyBuyCode",
-			'p.accountancy_code_buy_intra'=>"ProductAccountancyBuyIntraCode", 'p.accountancy_code_buy_export'=>"ProductAccountancyBuyExportCode",
+			$alias_product_accounting . '.accountancy_code_sell'=>"ProductAccountancySellCode", $alias_product_accounting . '.accountancy_code_sell_intra'=>"ProductAccountancySellIntraCode",
+			$alias_product_accounting . '.accountancy_code_sell_export'=>"ProductAccountancySellExportCode", $alias_product_accounting . '.accountancy_code_buy'=>"ProductAccountancyBuyCode",
+			$alias_product_accounting . '.accountancy_code_buy_intra'=>"ProductAccountancyBuyIntraCode", $alias_product_accounting . '.accountancy_code_buy_export'=>"ProductAccountancyBuyExportCode",
 			'p.note'=>"NotePrivate", 'p.note_public'=>'NotePublic',
 			'p.weight'=>"Weight", 'p.weight_units'=>"WeightUnits", 'p.length'=>"Length", 'p.length_units'=>"LengthUnits", 'p.width'=>"Width", 'p.width_units'=>"WidthUnits", 'p.height'=>"Height", 'p.height_units'=>"HeightUnits",
 			'p.surface'=>"Surface", 'p.surface_units'=>"SurfaceUnits", 'p.volume'=>"Volume", 'p.volume_units'=>"VolumeUnits",
@@ -230,8 +231,8 @@ class modProduct extends DolibarrModules
 			'p.ref'=>"Text", 'p.label'=>"Text",
 			'p.fk_product_type'=>'Numeric', 'p.tosell'=>"Boolean", 'p.tobuy'=>"Boolean",
 			'p.description'=>"Text", 'p.url'=>"Text",
-			'p.accountancy_code_sell'=>"Text", 'p.accountancy_code_sell_intra'=>"Text", 'p.accountancy_code_sell_export'=>"Text",
-			'p.accountancy_code_buy'=>"Text", 'p.accountancy_code_buy_intra'=>"Text", 'p.accountancy_code_buy_export'=>"Text",
+			$alias_product_accounting . '.accountancy_code_sell'=>"Text", $alias_product_accounting . '.accountancy_code_sell_intra'=>"Text", $alias_product_accounting . '.accountancy_code_sell_export'=>"Text",
+			$alias_product_accounting . '.accountancy_code_buy'=>"Text", $alias_product_accounting . '.accountancy_code_buy_intra'=>"Text", $alias_product_accounting . '.accountancy_code_buy_export'=>"Text",
 			'p.note'=>"Text", 'p.note_public'=>"Text",
 			'p.weight'=>"Numeric", 'p.length'=>"Numeric", 'p.width'=>"Numeric", 'p.height'=>"Numeric", 'p.surface'=>"Numeric", 'p.volume'=>"Numeric",
 			'p.customcode'=>'Text',
@@ -293,6 +294,9 @@ class modProduct extends DolibarrModules
 		}
 		$this->export_sql_start[$r] = 'SELECT DISTINCT ';
 		$this->export_sql_end[$r]  = ' FROM '.MAIN_DB_PREFIX.'product as p';
+		if (!empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED)) {
+			$this->export_sql_end[$r] .= " LEFT JOIN " . MAIN_DB_PREFIX . "product_accounting as pa ON pa.fk_product = p.rowid AND pa.entity = " . ((int) $conf->entity);
+		}
 		if (!empty($conf->global->EXPORTTOOL_CATEGORIES)) {
 			$this->export_sql_end[$r] .= ' LEFT JOIN '.MAIN_DB_PREFIX.'categorie_product as cp ON cp.fk_product = p.rowid LEFT JOIN '.MAIN_DB_PREFIX.'categorie as cat ON cp.fk_categorie = cat.rowid';
 		}
@@ -386,9 +390,9 @@ class modProduct extends DolibarrModules
 			$this->export_permission[$r] = array(array("produit", "export"));
 			$this->export_fields_array[$r] = array(
 				'p.rowid'=>"Id", 'p.ref'=>"Ref", 'p.label'=>"Label", 'p.description'=>"Description", 'p.url'=>"PublicUrl",
-				'p.accountancy_code_sell'=>"ProductAccountancySellCode", 'p.accountancy_code_sell_intra'=>"ProductAccountancySellIntraCode",
-				'p.accountancy_code_sell_export'=>"ProductAccountancySellExportCode", 'p.accountancy_code_buy'=>"ProductAccountancyBuyCode",
-				'p.accountancy_code_buy_intra'=>"ProductAccountancyBuyIntraCode", 'p.accountancy_code_buy_export'=>"ProductAccountancyBuyExportCode",
+				$alias_product_accounting . '.accountancy_code_sell'=>"ProductAccountancySellCode", $alias_product_accounting . '.accountancy_code_sell_intra'=>"ProductAccountancySellIntraCode",
+				$alias_product_accounting . '.accountancy_code_sell_export'=>"ProductAccountancySellExportCode", $alias_product_accounting . '.accountancy_code_buy'=>"ProductAccountancyBuyCode",
+				$alias_product_accounting . '.accountancy_code_buy_intra'=>"ProductAccountancyBuyIntraCode", $alias_product_accounting . '.accountancy_code_buy_export'=>"ProductAccountancyBuyExportCode",
 				'p.note'=>"NotePrivate", 'p.note_public'=>'NotePublic',
 				'p.weight'=>"Weight", 'p.length'=>"Length", 'p.surface'=>"Surface", 'p.volume'=>"Volume", 'p.customcode'=>'CustomCode',
 				'p.price_base_type'=>"PriceBase", 'p.price'=>"UnitPriceHT", 'p.price_ttc'=>"UnitPriceTTC", 'p.tva_tx'=>'VATRate', 'p.tosell'=>"OnSell",
@@ -403,8 +407,8 @@ class modProduct extends DolibarrModules
 			$this->export_fields_array[$r] = array_merge($this->export_fields_array[$r], array('pa.qty'=>'Qty', 'pa.incdec'=>'ComposedProductIncDecStock'));
 			$this->export_TypeFields_array[$r] = array(
 				'p.ref'=>"Text", 'p.label'=>"Text", 'p.description'=>"Text", 'p.url'=>"Text",
-				'p.accountancy_code_sell'=>"Text", 'p.accountancy_code_sell_intra'=>"Text", 'p.accountancy_code_sell_export'=>"Text",
-				'p.accountancy_code_buy'=>"Text", 'p.accountancy_code_buy_intra'=>"Text", 'p.accountancy_code_buy_export'=>"Text",
+				$alias_product_accounting . '.accountancy_code_sell'=>"Text", $alias_product_accounting . '.accountancy_code_sell_intra'=>"Text", $alias_product_accounting . '.accountancy_code_sell_export'=>"Text",
+				$alias_product_accounting . '.accountancy_code_buy'=>"Text", $alias_product_accounting . '.accountancy_code_buy_intra'=>"Text", $alias_product_accounting . '.accountancy_code_buy_export'=>"Text",
 				'p.note'=>"Text", 'p.note_public'=>"Text",
 				'p.weight'=>"Numeric", 'p.length'=>"Numeric", 'p.surface'=>"Numeric", 'p.volume'=>"Numeric", 'p.customcode'=>'Text',
 				'p.price_base_type'=>"Text", 'p.price'=>"Numeric", 'p.price_ttc'=>"Numeric", 'p.tva_tx'=>'Numeric', 'p.tosell'=>"Boolean", 'p.tobuy'=>"Boolean",
@@ -419,8 +423,8 @@ class modProduct extends DolibarrModules
 			$this->export_TypeFields_array[$r] = array_merge($this->export_TypeFields_array[$r], array('pa.qty'=>'Numeric'));
 			$this->export_entities_array[$r] = array(
 				'p.rowid'=>"virtualproduct", 'p.ref'=>"virtualproduct", 'p.label'=>"virtualproduct", 'p.description'=>"virtualproduct", 'p.url'=>"virtualproduct",
-				'p.accountancy_code_sell'=>'virtualproduct', 'p.accountancy_code_sell_intra'=>'virtualproduct', 'p.accountancy_code_sell_export'=>'virtualproduct',
-				'p.accountancy_code_buy'=>'virtualproduct', 'p.accountancy_code_buy_intra'=>'virtualproduct', 'p.accountancy_code_buy_export'=>'virtualproduct',
+				$alias_product_accounting . '.accountancy_code_sell'=>'virtualproduct', $alias_product_accounting . '.accountancy_code_sell_intra'=>'virtualproduct', $alias_product_accounting . '.accountancy_code_sell_export'=>'virtualproduct',
+				$alias_product_accounting . '.accountancy_code_buy'=>'virtualproduct', $alias_product_accounting . '.accountancy_code_buy_intra'=>'virtualproduct', $alias_product_accounting . '.accountancy_code_buy_export'=>'virtualproduct',
 				'p.note'=>"virtualproduct", 'p.length'=>"virtualproduct",
 				'p.surface'=>"virtualproduct", 'p.volume'=>"virtualproduct", 'p.weight'=>"virtualproduct", 'p.customcode'=>'virtualproduct',
 				'p.price_base_type'=>"virtualproduct", 'p.price'=>"virtualproduct", 'p.price_ttc'=>"virtualproduct", 'p.tva_tx'=>"virtualproduct",
@@ -441,7 +445,10 @@ class modProduct extends DolibarrModules
 			$this->export_entities_array[$r] = array_merge($this->export_entities_array[$r], array('p2.rowid'=>"subproduct", 'p2.ref'=>"subproduct", 'p2.label'=>"subproduct", 'p2.description'=>"subproduct"));
 			$this->export_sql_start[$r] = 'SELECT DISTINCT ';
 			$this->export_sql_end[$r]  = ' FROM '.MAIN_DB_PREFIX.'product as p';
-			$this->export_sql_end[$r] .= ' LEFT JOIN '.MAIN_DB_PREFIX.'product_extrafields as extra ON p.rowid = extra.fk_object,';
+			if (!empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED)) {
+				$this->export_sql_end[$r] .= " LEFT JOIN " . MAIN_DB_PREFIX . "product_accounting as pa ON pa.fk_product = p.rowid AND pa.entity = " . ((int) $conf->entity);
+			}
+			$this->export_sql_end[$r] .=' LEFT JOIN '.MAIN_DB_PREFIX.'product_extrafields as extra ON p.rowid = extra.fk_object,';
 			$this->export_sql_end[$r] .= ' '.MAIN_DB_PREFIX.'product_association as pa, '.MAIN_DB_PREFIX.'product as p2';
 			$this->export_sql_end[$r] .= ' WHERE p.entity IN ('.getEntity('product').')'; // For product and service profile
 			$this->export_sql_end[$r] .= ' AND p.rowid = pa.fk_product_pere AND p2.rowid = pa.fk_product_fils';
diff --git a/htdocs/core/modules/modRecruitment.class.php b/htdocs/core/modules/modRecruitment.class.php
index f7cd37c16be..3d4e88872ef 100644
--- a/htdocs/core/modules/modRecruitment.class.php
+++ b/htdocs/core/modules/modRecruitment.class.php
@@ -62,7 +62,7 @@ class modRecruitment extends DolibarrModules
 		// Used only if file README.md and README-LL.md not found.
 		$this->descriptionlong = "Manage and follow recruitment campaign for new job positions";
 		// Possible values for version are: 'development', 'experimental', 'dolibarr', 'dolibarr_deprecated' or a version string like 'x.y.z'
-		$this->version = 'experimental';
+		$this->version = 'dolibarr';
 		// Url to the file with your last numberversion of this module
 		//$this->url_last_version = 'http://www.example.com/versionmodule.txt';
 
diff --git a/htdocs/core/modules/modService.class.php b/htdocs/core/modules/modService.class.php
index 13ff4618483..dda0447371a 100644
--- a/htdocs/core/modules/modService.class.php
+++ b/htdocs/core/modules/modService.class.php
@@ -1,10 +1,10 @@
 <?php
-/* Copyright (C) 2003      Rodolphe Quiedeville <rodolphe@quiedeville.org>
- * Copyright (C) 2004-2014 Laurent Destailleur  <eldy@users.sourceforge.net>
- * Copyright (C) 2004      Sebastien Di Cintio  <sdicintio@ressource-toi.org>
- * Copyright (C) 2004      Benoit Mortier       <benoit.mortier@opensides.be>
- * Copyright (C) 2005-2012 Regis Houssin        <regis.houssin@inodbox.com>
- * Copyright (C) 2020	   Alexandre Spangaro	<aspangaro@open-dsi.fr>
+/* Copyright (C) 2003		Rodolphe Quiedeville	<rodolphe@quiedeville.org>
+ * Copyright (C) 2004-2014	Laurent Destailleur		<eldy@users.sourceforge.net>
+ * Copyright (C) 2004		Sebastien Di Cintio		<sdicintio@ressource-toi.org>
+ * Copyright (C) 2004		Benoit Mortier			<benoit.mortier@opensides.be>
+ * Copyright (C) 2005-2012	Regis Houssin			<regis.houssin@inodbox.com>
+ * Copyright (C) 2020-2021	Alexandre Spangaro		<aspangaro@open-dsi.fr>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -143,6 +143,7 @@ class modService extends DolibarrModules
 		//--------
 		$r = 0;
 
+		$alias_product_accounting = empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED) ? "pa" : "p";
 		$r++;
 		$this->export_code[$r] = $this->rights_class.'_'.$r;
 		$this->export_label[$r] = "Services"; // Translation key (used only if key ExportDataset_xxx_z not found)
@@ -152,9 +153,9 @@ class modService extends DolibarrModules
 			'p.fk_product_type'=>'Type', 'p.tosell'=>"OnSell", 'p.tobuy'=>"OnBuy",
 			'p.description'=>"Description", 'p.url'=>"PublicUrl",
 			'p.customcode'=>'CustomCode', 'p.fk_country'=>'IDCountry',
-			'p.accountancy_code_sell'=>"ProductAccountancySellCode", 'p.accountancy_code_sell_intra'=>"ProductAccountancySellIntraCode",
-			'p.accountancy_code_sell_export'=>"ProductAccountancySellExportCode", 'p.accountancy_code_buy'=>"ProductAccountancyBuyCode",
-			'p.accountancy_code_buy_intra'=>"ProductAccountancyBuyIntraCode", 'p.accountancy_code_buy_export'=>"ProductAccountancyBuyExportCode",
+			$alias_product_accounting . '.accountancy_code_sell'=>"ProductAccountancySellCode", $alias_product_accounting . '.accountancy_code_sell_intra'=>"ProductAccountancySellIntraCode",
+			$alias_product_accounting . '.accountancy_code_sell_export'=>"ProductAccountancySellExportCode", $alias_product_accounting . '.accountancy_code_buy'=>"ProductAccountancyBuyCode",
+			$alias_product_accounting . '.accountancy_code_buy_intra'=>"ProductAccountancyBuyIntraCode", $alias_product_accounting . '.accountancy_code_buy_export'=>"ProductAccountancyBuyExportCode",
 			'p.note'=>"NotePrivate", 'p.note_public'=>'NotePublic',
 			'p.weight'=>"Weight", 'p.length'=>"Length", 'p.width'=>"Width", 'p.height'=>"Height", 'p.surface'=>"Surface", 'p.volume'=>"Volume",
 			'p.duration'=>"Duration",
@@ -194,9 +195,9 @@ class modService extends DolibarrModules
 		$this->export_TypeFields_array[$r] = array(
 			'p.ref'=>"Text", 'p.label'=>"Text",
 			'p.fk_product_type'=>'Numeric', 'p.tosell'=>"Boolean", 'p.tobuy'=>"Boolean",
-			'p.description'=>"Text", 'p.url'=>"Text", 'p.accountancy_code_sell'=>"Text",
-			'p.accountancy_code_sell_intra'=>"Text", 'p.accountancy_code_sell_export'=>"Text", 'p.accountancy_code_buy'=>"Text",
-			'p.accountancy_code_buy_intra'=>"Text", 'p.accountancy_code_buy_export'=>"Text",
+			'p.description'=>"Text", 'p.url'=>"Text",
+			$alias_product_accounting . '.accountancy_code_sell'=>"Text", $alias_product_accounting . '.accountancy_code_sell_intra'=>"Text", $alias_product_accounting . '.accountancy_code_sell_export'=>"Text",
+			$alias_product_accounting . '.accountancy_code_buy'=>"Text", $alias_product_accounting . '.accountancy_code_buy_intra'=>"Text", $alias_product_accounting . '.accountancy_code_buy_export'=>"Text",
 			'p.note'=>"Text", 'p.note_public'=>"Text",
 			'p.weight'=>"Numeric", 'p.length'=>"Numeric", 'p.width'=>"Numeric", 'p.height'=>"Numeric", 'p.surface'=>"Numeric", 'p.volume'=>"Numeric",
 			'p.customcode'=>'Text',
@@ -256,6 +257,9 @@ class modService extends DolibarrModules
 		}
 		$this->export_sql_start[$r] = 'SELECT DISTINCT ';
 		$this->export_sql_end[$r]  = ' FROM '.MAIN_DB_PREFIX.'product as p';
+		if (!empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED)) {
+			$this->export_sql_end[$r] .= " LEFT JOIN " . MAIN_DB_PREFIX . "product_accounting as pa ON pa.fk_product = p.rowid AND pa.entity = " . ((int) $conf->entity);
+		}
 		if (!empty($conf->global->EXPORTTOOL_CATEGORIES)) {
 			$this->export_sql_end[$r] .= ' LEFT JOIN '.MAIN_DB_PREFIX.'categorie_product as cp ON cp.fk_product = p.rowid LEFT JOIN '.MAIN_DB_PREFIX.'categorie as cat ON cp.fk_categorie = cat.rowid';
 		}
@@ -277,7 +281,7 @@ class modService extends DolibarrModules
 				$r++;
 				$this->export_code[$r] = $this->rights_class.'_'.$r;
 				$this->export_label[$r] = "ProductsMultiPrice"; // Translation key (used only if key ExportDataset_xxx_z not found)
-				$this->export_permission[$r] = array(array("produit", "export"));
+				$this->export_permission[$r] = array(array("service", "export"));
 				$this->export_fields_array[$r] = array('p.rowid'=>"Id", 'p.ref'=>"Ref",
 					'pr.price_base_type'=>"PriceBase", 'pr.price_level'=>"PriceLevel",
 					'pr.price'=>"PriceLevelUnitPriceHT", 'pr.price_ttc'=>"PriceLevelUnitPriceTTC",
@@ -311,7 +315,7 @@ class modService extends DolibarrModules
 				$r++;
 				$this->export_code[$r] = $this->rights_class.'_'.$r;
 				$this->export_label[$r] = "ProductsPricePerCustomer"; // Translation key (used only if key ExportDataset_xxx_z not found)
-				$this->export_permission[$r] = array(array("produit", "export"));
+				$this->export_permission[$r] = array(array("service", "export"));
 				$this->export_fields_array[$r] = array('p.rowid'=>"Id", 'p.ref'=>"Ref",
 					's.nom'=>'ThirdParty',
 					'pr.price_base_type'=>"PriceBase",
@@ -344,12 +348,12 @@ class modService extends DolibarrModules
 				$r++;
 				$this->export_code[$r] = $this->rights_class.'_'.$r;
 				$this->export_label[$r] = "AssociatedProducts"; // Translation key (used only if key ExportDataset_xxx_z not found)
-				$this->export_permission[$r] = array(array("produit", "export"));
+				$this->export_permission[$r] = array(array("service", "export"));
 				$this->export_fields_array[$r] = array(
 					'p.rowid'=>"Id", 'p.ref'=>"Ref", 'p.label'=>"Label", 'p.description'=>"Description", 'p.url'=>"PublicUrl",
-					'p.accountancy_code_sell'=>"ProductAccountancySellCode", 'p.accountancy_code_sell_intra'=>"ProductAccountancySellIntraCode",
-					'p.accountancy_code_sell_export'=>"ProductAccountancySellExportCode", 'p.accountancy_code_buy'=>"ProductAccountancyBuyCode",
-					'p.accountancy_code_buy_intra'=>"ProductAccountancyBuyIntraCode", 'p.accountancy_code_buy_export'=>"ProductAccountancyBuyExportCode",
+					$alias_product_accounting . '.accountancy_code_sell'=>"ProductAccountancySellCode", $alias_product_accounting . '.accountancy_code_sell_intra'=>"ProductAccountancySellIntraCode",
+					$alias_product_accounting . '.accountancy_code_sell_export'=>"ProductAccountancySellExportCode", $alias_product_accounting . '.accountancy_code_buy'=>"ProductAccountancyBuyCode",
+					$alias_product_accounting . '.accountancy_code_buy_intra'=>"ProductAccountancyBuyIntraCode", $alias_product_accounting . '.accountancy_code_buy_export'=>"ProductAccountancyBuyExportCode",
 					'p.note'=>"NotePrivate", 'p.note_public'=>'NotePublic',
 					'p.weight'=>"Weight", 'p.length'=>"Length", 'p.surface'=>"Surface", 'p.volume'=>"Volume", 'p.customcode'=>'CustomCode',
 					'p.price_base_type'=>"PriceBase", 'p.price'=>"UnitPriceHT", 'p.price_ttc'=>"UnitPriceTTC", 'p.tva_tx'=>'VATRate', 'p.tosell'=>"OnSell",
@@ -364,8 +368,8 @@ class modService extends DolibarrModules
 				$this->export_fields_array[$r] = array_merge($this->export_fields_array[$r], array('pa.qty'=>'Qty', 'pa.incdec'=>'ComposedProductIncDecStock'));
 				$this->export_TypeFields_array[$r] = array(
 					'p.ref'=>"Text", 'p.label'=>"Text", 'p.description'=>"Text", 'p.url'=>"Text",
-					'p.accountancy_code_sell'=>"Text", 'p.accountancy_code_sell_intra'=>"Text", 'p.accountancy_code_sell_export'=>"Text",
-					'p.accountancy_code_buy'=>"Text", 'p.accountancy_code_buy_intra'=>"Text", 'p.accountancy_code_buy_export'=>"Text",
+					$alias_product_accounting . 'p.accountancy_code_sell'=>"Text", $alias_product_accounting . '.accountancy_code_sell_intra'=>"Text", $alias_product_accounting . '.accountancy_code_sell_export'=>"Text",
+					$alias_product_accounting . 'p.accountancy_code_buy'=>"Text", $alias_product_accounting . '.accountancy_code_buy_intra'=>"Text", $alias_product_accounting . '.accountancy_code_buy_export'=>"Text",
 					'p.note'=>"Text", 'p.note_public'=>"Text",
 					'p.weight'=>"Numeric", 'p.length'=>"Numeric", 'p.surface'=>"Numeric", 'p.volume'=>"Numeric", 'p.customcode'=>'Text',
 					'p.price_base_type'=>"Text", 'p.price'=>"Numeric", 'p.price_ttc'=>"Numeric", 'p.tva_tx'=>'Numeric', 'p.tosell'=>"Boolean", 'p.tobuy'=>"Boolean",
@@ -380,8 +384,8 @@ class modService extends DolibarrModules
 				$this->export_TypeFields_array[$r] = array_merge($this->export_TypeFields_array[$r], array('pa.qty'=>'Numeric'));
 				$this->export_entities_array[$r] = array(
 					'p.rowid'=>"virtualproduct", 'p.ref'=>"virtualproduct", 'p.label'=>"virtualproduct", 'p.description'=>"virtualproduct", 'p.url'=>"virtualproduct",
-					'p.accountancy_code_sell'=>'virtualproduct', 'p.accountancy_code_sell_intra'=>'virtualproduct', 'p.accountancy_code_sell_export'=>'virtualproduct',
-					'p.accountancy_code_buy'=>'virtualproduct', 'p.accountancy_code_buy_intra'=>'virtualproduct', 'p.accountancy_code_buy_export'=>'virtualproduct',
+					$alias_product_accounting . '.accountancy_code_sell'=>'virtualproduct', $alias_product_accounting . '.accountancy_code_sell_intra'=>'virtualproduct', $alias_product_accounting . '.accountancy_code_sell_export'=>'virtualproduct',
+					$alias_product_accounting . '.accountancy_code_buy'=>'virtualproduct', $alias_product_accounting . '.accountancy_code_buy_intra'=>'virtualproduct', $alias_product_accounting . '.accountancy_code_buy_export'=>'virtualproduct',
 					'p.note'=>"virtualproduct", 'p.length'=>"virtualproduct",
 					'p.surface'=>"virtualproduct", 'p.volume'=>"virtualproduct", 'p.weight'=>"virtualproduct", 'p.customcode'=>'virtualproduct',
 					'p.price_base_type'=>"virtualproduct", 'p.price'=>"virtualproduct", 'p.price_ttc'=>"virtualproduct", 'p.tva_tx'=>"virtualproduct",
@@ -402,6 +406,9 @@ class modService extends DolibarrModules
 				$this->export_entities_array[$r] = array_merge($this->export_entities_array[$r], array('p2.rowid'=>"subproduct", 'p2.ref'=>"subproduct", 'p2.label'=>"subproduct", 'p2.description'=>"subproduct"));
 				$this->export_sql_start[$r] = 'SELECT DISTINCT ';
 				$this->export_sql_end[$r]  = ' FROM '.MAIN_DB_PREFIX.'product as p';
+				if (!empty($conf->global->ACCOUNTANCY_COMPANY_SHARED)) {
+					$this->export_sql_end[$r] .= " LEFT JOIN " . MAIN_DB_PREFIX . "societe_accounting as sa ON sa.fk_soc = s.rowid AND sa.entity = " . ((int) $conf->entity);
+				}
 				$this->export_sql_end[$r] .= ' LEFT JOIN '.MAIN_DB_PREFIX.'product_extrafields as extra ON p.rowid = extra.fk_object,';
 				$this->export_sql_end[$r] .= ' '.MAIN_DB_PREFIX.'product_association as pa, '.MAIN_DB_PREFIX.'product as p2';
 				$this->export_sql_end[$r] .= ' WHERE p.entity IN ('.getEntity('product').')'; // For product and service profile
diff --git a/htdocs/core/modules/societe/doc/doc_generic_odt.modules.php b/htdocs/core/modules/societe/doc/doc_generic_odt.modules.php
index ff9e4da5f0c..c6579700c9d 100644
--- a/htdocs/core/modules/societe/doc/doc_generic_odt.modules.php
+++ b/htdocs/core/modules/societe/doc/doc_generic_odt.modules.php
@@ -245,6 +245,7 @@ class doc_generic_odt extends ModeleThirdPartyDoc
 				$newfileformat = substr($newfile, strrpos($newfile, '.') + 1);
 				if (!empty($conf->global->MAIN_DOC_USE_OBJECT_THIRDPARTY_NAME)) {
 					$newfiletmp = dol_sanitizeFileName(dol_string_nospecial($object->name)).'-'.$newfiletmp;
+					$newfiletmp = preg_replace('/__+/', '_', $newfiletmp);	// Replace repeated _ into one _ (to avoid string with substitution syntax)
 				}
 				if (!empty($conf->global->MAIN_DOC_USE_TIMING)) {
 					$format = $conf->global->MAIN_DOC_USE_TIMING;
diff --git a/htdocs/don/card.php b/htdocs/don/card.php
index 283a8e6b2da..1dfade00bec 100644
--- a/htdocs/don/card.php
+++ b/htdocs/don/card.php
@@ -275,7 +275,7 @@ include DOL_DOCUMENT_ROOT.'/core/actions_builddoc.inc.php';
 // Remove file in doc form
 /*if ($action == 'remove_file')
 {
-	$object = new Don($db, 0, $_GET['id']);
+	$object = new Don($db, 0, GETPOST('id', 'int'));
 	if ($object->fetch($id))
 	{
 		require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
@@ -329,7 +329,7 @@ if ($action == 'builddoc')
  * View
  */
 
-$help_url = 'EN:Module_Donations|FR:Module_Dons|ES:M&oacute;dulo_Donaciones';
+$help_url = 'EN:Module_Donations|FR:Module_Dons|ES:M&oacute;dulo_Donaciones|DE:Modul_Spenden';
 
 llxHeader('', $langs->trans("Donation"), $help_url);
 
diff --git a/htdocs/don/class/don.class.php b/htdocs/don/class/don.class.php
index a5fb676e314..257eb309f25 100644
--- a/htdocs/don/class/don.class.php
+++ b/htdocs/don/class/don.class.php
@@ -702,7 +702,7 @@ class Don extends CommonObject
 
 		$this->db->begin();
 
-		$sql = "UPDATE ".MAIN_DB_PREFIX."don SET fk_statut = 1, fk_user_valid = ".$userid." WHERE rowid = ".$id." AND fk_statut = 0";
+		$sql = "UPDATE ".MAIN_DB_PREFIX."don SET fk_statut = 1, fk_user_valid = ".((int) $userid)." WHERE rowid = ".((int) $id)." AND fk_statut = 0";
 
 		$resql = $this->db->query($sql);
 		if ($resql) {
diff --git a/htdocs/don/document.php b/htdocs/don/document.php
index 08667c6ab4c..63551a12fa3 100644
--- a/htdocs/don/document.php
+++ b/htdocs/don/document.php
@@ -102,8 +102,10 @@ if (!empty($conf->projet->enabled)) {
 }
 
 $title = $langs->trans('Donation')." - ".$langs->trans('Documents');
-$helpurl = "";
-llxHeader('', $title, $helpurl);
+
+$help_url = 'EN:Module_Donations|FR:Module_Dons|ES:M&oacute;dulo_Donaciones|DE:Modul_Spenden';
+
+llxHeader('', $title, $help_url);
 
 
 if ($object->id) {
diff --git a/htdocs/don/index.php b/htdocs/don/index.php
index 9415a1e928b..98a4bdcde08 100644
--- a/htdocs/don/index.php
+++ b/htdocs/don/index.php
@@ -53,7 +53,8 @@ $donation_static = new Don($db);
 
 $donstatic = new Don($db);
 
-$help_url = 'EN:Module_Donations|FR:Module_Dons|ES:M&oacute;dulo_Donaciones';
+$help_url = 'EN:Module_Donations|FR:Module_Dons|ES:M&oacute;dulo_Donaciones|DE:Modul_Spenden';
+
 llxHeader('', $langs->trans("Donations"), $help_url);
 
 $nb = array();
diff --git a/htdocs/don/info.php b/htdocs/don/info.php
index 866ff4baf22..8d8f4065dda 100644
--- a/htdocs/don/info.php
+++ b/htdocs/don/info.php
@@ -57,8 +57,10 @@ if ($action == 'classin' && $user->rights->don->creer) {
  * View
  */
 $title = $langs->trans('Donation')." - ".$langs->trans('Info');
-$helpurl = "";
-llxHeader('', $title, $helpurl);
+
+$help_url = 'EN:Module_Donations|FR:Module_Dons|ES:M&oacute;dulo_Donaciones|DE:Modul_Spenden';
+
+llxHeader('', $title, $help_url);
 
 $form = new Form($db);
 if (!empty($conf->projet->enabled)) {
diff --git a/htdocs/don/list.php b/htdocs/don/list.php
index 9a2d1402e17..0c8f51281a3 100644
--- a/htdocs/don/list.php
+++ b/htdocs/don/list.php
@@ -97,7 +97,9 @@ if (!empty($conf->projet->enabled)) {
 	$projectstatic = new Project($db);
 }
 
-llxHeader('', $langs->trans("Donations"), 'EN:Module_Donations|FR:Module_Dons|ES:M&oacute;dulo_Donaciones');
+$help_url = 'EN:Module_Donations|FR:Module_Dons|ES:M&oacute;dulo_Donaciones|DE:Modul_Spenden';
+
+llxHeader('', $langs->trans("Donations"), $help_url);
 
 // Genere requete de liste des dons
 $sql = "SELECT d.rowid, d.datedon, d.fk_soc as socid, d.firstname, d.lastname, d.societe,";
@@ -292,7 +294,7 @@ if ($resql) {
 			}
 			print "</td>\n";
 		}
-		print '<td class="right">'.price($objp->amount).'</td>';
+		print '<td class="right"><span class="amount">'.price($objp->amount).'</span></td>';
 		print '<td class="right">'.$donationstatic->LibStatut($objp->status, 5).'</td>';
 		print '<td></td>';
 		print "</tr>";
diff --git a/htdocs/don/note.php b/htdocs/don/note.php
index fa0122eaba2..2e153d73b95 100644
--- a/htdocs/don/note.php
+++ b/htdocs/don/note.php
@@ -70,8 +70,10 @@ if ($action == 'classin' && $user->rights->don->creer) {
  */
 
 $title = $langs->trans('Donation')." - ".$langs->trans('Notes');
-$helpurl = "";
-llxHeader('', $title, $helpurl);
+
+$help_url = 'EN:Module_Donations|FR:Module_Dons|ES:M&oacute;dulo_Donaciones|DE:Modul_Spenden';
+
+llxHeader('', $title, $help_url);
 
 $form = new Form($db);
 if (!empty($conf->projet->enabled)) {
diff --git a/htdocs/emailcollector/class/index.html b/htdocs/emailcollector/class/index.html
new file mode 100644
index 00000000000..8b137891791
--- /dev/null
+++ b/htdocs/emailcollector/class/index.html
@@ -0,0 +1 @@
+
diff --git a/htdocs/emailcollector/lib/index.html b/htdocs/emailcollector/lib/index.html
new file mode 100644
index 00000000000..8b137891791
--- /dev/null
+++ b/htdocs/emailcollector/lib/index.html
@@ -0,0 +1 @@
+
diff --git a/htdocs/eventorganization/conferenceorbooth_contact.php b/htdocs/eventorganization/conferenceorbooth_contact.php
index d42cc78adcb..d93c76576a6 100644
--- a/htdocs/eventorganization/conferenceorbooth_contact.php
+++ b/htdocs/eventorganization/conferenceorbooth_contact.php
@@ -110,7 +110,7 @@ if ($action == 'addcontact' && $permission) {	// Add a new contact
 	}
 } elseif ($action == 'swapstatut' && $permission) {
 	// Toggle the status of a contact
-	$result = $object->swapContactStatus(GETPOST('ligne'));
+	$result = $object->swapContactStatus(GETPOST('ligne', 'int'));
 } elseif ($action == 'deletecontact' && $permission) {
 	// Deletes a contact
 	$result = $object->delete_contact($lineid);
diff --git a/htdocs/expedition/class/expedition.class.php b/htdocs/expedition/class/expedition.class.php
index c251fdaf7cd..ed6f7a25eaf 100644
--- a/htdocs/expedition/class/expedition.class.php
+++ b/htdocs/expedition/class/expedition.class.php
@@ -2682,7 +2682,7 @@ class ExpeditionLigne extends CommonObjectLine
 	{
 		$sql = 'SELECT ed.rowid, ed.fk_expedition, ed.fk_entrepot, ed.fk_origin_line, ed.qty, ed.rang';
 		$sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element.' as ed';
-		$sql .= ' WHERE ed.rowid = '.$rowid;
+		$sql .= ' WHERE ed.rowid = '.((int) $rowid);
 		$result = $this->db->query($sql);
 		if ($result) {
 			$objp = $this->db->fetch_object($result);
diff --git a/htdocs/expedition/contact.php b/htdocs/expedition/contact.php
index 174b97b4a7e..d1bcab57412 100644
--- a/htdocs/expedition/contact.php
+++ b/htdocs/expedition/contact.php
@@ -96,7 +96,7 @@ if ($action == 'addcontact' && $user->rights->expedition->creer) {
 	}
 } elseif ($action == 'swapstatut' && $user->rights->expedition->creer) {
 	// bascule du statut d'un contact
-	$result = $objectsrc->swapContactStatus(GETPOST('ligne'));
+	$result = $objectsrc->swapContactStatus(GETPOST('ligne', 'int'));
 } elseif ($action == 'deletecontact' && $user->rights->expedition->creer) {
 	// Efface un contact
 	$result = $objectsrc->delete_contact(GETPOST("lineid"));
diff --git a/htdocs/expensereport/ajax/ajaxik.php b/htdocs/expensereport/ajax/ajaxik.php
index 72c38959ef8..c2cc8345671 100644
--- a/htdocs/expensereport/ajax/ajaxik.php
+++ b/htdocs/expensereport/ajax/ajaxik.php
@@ -17,7 +17,7 @@
  */
 
 /**
- *       \file       htdocs/expensereport/ajax/ajaxprojet.php
+ *       \file       htdocs/expensereport/ajax/ajaxik.php
  *       \ingroup    expensereport
  *       \brief      File to return Ajax response on third parties request
  */
@@ -49,19 +49,19 @@ require_once DOL_DOCUMENT_ROOT.'/expensereport/class/expensereport_ik.class.php'
 // Load translation files required by the page
 $langs->loadlangs(array('errors', 'trips'));
 
+$fk_expense = GETPOST('fk_expense', 'int');
+$fk_c_exp_tax_cat = GETPOST('fk_c_exp_tax_cat', 'int');
+
+// Security check
+$result = restrictedArea($user, 'expensereport', $fk_expense, 'expensereport');
+
+
 /*
  * View
  */
 
 top_httphead();
 
-
-dol_syslog(join(',', $_POST));
-
-$fk_expense = GETPOST('fk_expense');
-$fk_c_exp_tax_cat = GETPOST('fk_c_exp_tax_cat');
-
-
 if (empty($fk_expense) || $fk_expense < 0) {
 	echo json_encode(array('error' => $langs->transnoentitiesnoconv('ErrorBadValueForParameter', $fk_expense, 'fk_expense')));
 } elseif (empty($fk_c_exp_tax_cat) || $fk_c_exp_tax_cat < 0) {
@@ -82,7 +82,7 @@ if (empty($fk_expense) || $fk_expense < 0) {
 				echo json_encode(array('error' => $langs->transnoentitiesnoconv('ErrorRecordNotFound'), 'range' => $range));
 			} else {
 				$ikoffset = price($range->ikoffset, 0, $langs, 1, -1, -1, $conf->currency);
-				echo json_encode(array('up' => $range->coef, 'ikoffset' => $range->ikoffset, 'title' => $langs->transnoentitiesnoconv('ExpenseRangeOffset', $offset), 'comment' => 'offset should be apply on addline or updateline'));
+				echo json_encode(array('up' => $range->coef, 'ikoffset' => $range->ikoffset, 'title' => $langs->transnoentitiesnoconv('ExpenseRangeOffset', $ikoffset), 'comment' => 'offset should be applied on addline or updateline'));
 			}
 		}
 	}
diff --git a/htdocs/expensereport/ajax/ajaxprojet.php b/htdocs/expensereport/ajax/ajaxprojet.php
deleted file mode 100644
index 8549d62fa62..00000000000
--- a/htdocs/expensereport/ajax/ajaxprojet.php
+++ /dev/null
@@ -1,95 +0,0 @@
-<?php
-/* Copyright (C) 2006      Andre Cianfarani     <acianfa@free.fr>
- * Copyright (C) 2005-2009 Regis Houssin        <regis.houssin@inodbox.com>
- * Copyright (C) 2007-2010 Laurent Destailleur  <eldy@users.sourceforge.net>
- * Copyright (C) 2010      Cyrille de Lambert   <info@auguria.net>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 3 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program. If not, see <https://www.gnu.org/licenses/>.
- */
-
-/**
- *       \file       htdocs/expensereport/ajax/ajaxprojet.php
- *       \ingroup    expensereport
- *       \brief      File to return Ajax response on third parties request
- */
-
-if (!defined('NOTOKENRENEWAL')) {
-	define('NOTOKENRENEWAL', 1); // Disables token renewal
-}
-if (!defined('NOREQUIREMENU')) {
-	define('NOREQUIREMENU', '1');
-}
-if (!defined('NOREQUIREHTML')) {
-	define('NOREQUIREHTML', '1');
-}
-if (!defined('NOREQUIREAJAX')) {
-	define('NOREQUIREAJAX', '1');
-}
-if (!defined('NOREQUIRESOC')) {
-	define('NOREQUIRESOC', '1');
-}
-if (!defined('NOCSRFCHECK')) {
-	define('NOCSRFCHECK', '1');
-}
-
-$res = 0;
-require '../../main.inc.php';
-
-
-/*
- * View
- */
-
-// Ajout directives pour resoudre bug IE
-//header('Cache-Control: Public, must-revalidate');
-//header('Pragma: public');
-
-//top_htmlhead("", "", 1);  // Replaced with top_httphead. An ajax page does not need html header.
-top_httphead();
-
-//print '<!-- Ajax page called with url '.dol_escape_htmltag($_SERVER["PHP_SELF"]).'?'.dol_escape_htmltag($_SERVER["QUERY_STRING"]).' -->'."\n";
-
-dol_syslog(join(',', $_GET));
-
-
-// Generation liste des projets
-if (GETPOST('fk_projet') != '') {
-	$return_arr = array();
-
-	$sql = "SELECT p.rowid, p.ref, p.title, s.nom";
-	$sql .= " FROM ".MAIN_DB_PREFIX."projet as p";
-	$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON p.fk_soc = s.rowid";
-	if (!empty($_GET["fk_projet"])) {
-		$sql .= " WHERE p.ref LIKE '%".$db->escape($_GET["fk_projet"])."%' OR p.title LIKE '%".$db->escape($_GET["fk_projet"])."%' OR s.nom LIKE '%".$db->escape($_GET["fk_projet"])."%'"; // Add other filters
-	}
-	$sql .= " ORDER BY p.ref ASC";
-
-	$resql = $db->query($sql);
-	if ($resql) {
-		while ($row = $db->fetch_array($resql)) {
-			$label = $row['ref'].' - '.$row['title'];
-			$row_array['label'] = $label;
-			$row_array['value'] = $label;
-			$row_array['key'] = $row['rowid'];
-
-			array_push($return_arr, $row_array);
-		}
-
-		echo json_encode($return_arr);
-	} else {
-		echo json_encode(array('nom'=>'Error', 'label'=>'Error', 'key'=>'Error', 'value'=>'Error'));
-	}
-} else {
-	echo json_encode(array('nom'=>'ErrorBadParameter', 'label'=>'ErrorBadParameter', 'key'=>'ErrorBadParameter', 'value'=>'ErrorBadParameter'));
-}
diff --git a/htdocs/expensereport/card.php b/htdocs/expensereport/card.php
index 1c3e8594c41..a4c565bc1be 100644
--- a/htdocs/expensereport/card.php
+++ b/htdocs/expensereport/card.php
@@ -67,14 +67,6 @@ $socid = GETPOST('socid', 'int') ?GETPOST('socid', 'int') : GETPOST('socid_id',
 
 $childids = $user->getAllChildIds(1);
 
-// Security check
-$id = GETPOST("id", 'int');
-if ($user->socid) {
-	$socid = $user->socid;
-}
-$result = restrictedArea($user, 'expensereport', $id, 'expensereport');
-
-
 // Hack to use expensereport dir
 $rootfordata = DOL_DATA_ROOT;
 $rootforuser = DOL_DATA_ROOT;
@@ -111,10 +103,8 @@ $permissionnote = $user->rights->expensereport->creer; // Used by the include of
 $permissiondellink = $user->rights->expensereport->creer; // Used by the include of actions_dellink.inc.php
 $permissiontoadd = $user->rights->expensereport->creer; // Used by the include of actions_addupdatedelete.inc.php and actions_lineupdown.inc.php
 
-
 $upload_dir = $conf->expensereport->dir_output.'/'.dol_sanitizeFileName($object->ref);
 
-
 if ($object->id > 0) {
 	// Check current user can read this expense report
 	$canread = 0;
@@ -129,6 +119,13 @@ if ($object->id > 0) {
 	}
 }
 
+// Security check
+$id = GETPOST("id", 'int');
+if ($user->socid) {
+	$socid = $user->socid;
+}
+$result = restrictedArea($user, 'expensereport', $object->id, 'expensereport');
+
 
 /*
  * Actions
@@ -1194,7 +1191,7 @@ if (empty($reshook)) {
 			}
 
 			$object->update_totaux_del($object_ligne->total_ht, $object_ligne->total_tva);
-			header("Location: ".$_SERVER["PHP_SELF"]."?id=".$_GET['id']);
+			header("Location: ".$_SERVER["PHP_SELF"]."?id=".GETPOST('id', 'int'));
 			exit;
 		} else {
 			setEventMessages($object->error, $object->errors, 'errors');
diff --git a/htdocs/expensereport/class/expensereport.class.php b/htdocs/expensereport/class/expensereport.class.php
index 496f57812a6..681675fd54c 100644
--- a/htdocs/expensereport/class/expensereport.class.php
+++ b/htdocs/expensereport/class/expensereport.class.php
@@ -1384,7 +1384,7 @@ class ExpenseReport extends CommonObject
 			$this->db->begin();
 
 			$sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element;
-			$sql .= " SET ref = '".$this->db->escape($this->ref)."', fk_statut = ".self::STATUS_APPROVED.", fk_user_approve = ".$fuser->id.",";
+			$sql .= " SET ref = '".$this->db->escape($this->ref)."', fk_statut = ".self::STATUS_APPROVED.", fk_user_approve = ".((int) $fuser->id).",";
 			$sql .= " date_approve='".$this->db->idate($this->date_approve)."'";
 			$sql .= ' WHERE rowid = '.$this->id;
 			if ($this->db->query($sql)) {
@@ -1434,7 +1434,7 @@ class ExpenseReport extends CommonObject
 		// date de refus
 		if ($this->status != self::STATUS_REFUSED) {
 			$sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element;
-			$sql .= " SET ref = '".$this->db->escape($this->ref)."', fk_statut = ".self::STATUS_REFUSED.", fk_user_refuse = ".$fuser->id.",";
+			$sql .= " SET ref = '".$this->db->escape($this->ref)."', fk_statut = ".self::STATUS_REFUSED.", fk_user_refuse = ".((int) $fuser->id).",";
 			$sql .= " date_refuse='".$this->db->idate($now)."',";
 			$sql .= " detail_refuse='".$this->db->escape($details)."',";
 			$sql .= " fk_user_approve = NULL";
@@ -1558,7 +1558,7 @@ class ExpenseReport extends CommonObject
 			$this->db->begin();
 
 			$sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element;
-			$sql .= " SET fk_statut = ".self::STATUS_CANCELED.", fk_user_cancel = ".$fuser->id;
+			$sql .= " SET fk_statut = ".self::STATUS_CANCELED.", fk_user_cancel = ".((int) $fuser->id);
 			$sql .= ", date_cancel='".$this->db->idate($this->date_cancel)."'";
 			$sql .= " ,detail_cancel='".$this->db->escape($detail)."'";
 			$sql .= ' WHERE rowid = '.$this->id;
@@ -2173,7 +2173,7 @@ class ExpenseReport extends CommonObject
 		$this->db->begin();
 
 		$sql = 'DELETE FROM '.MAIN_DB_PREFIX.$this->table_element_line;
-		$sql .= ' WHERE rowid = '.$rowid;
+		$sql .= ' WHERE rowid = '.((int) $rowid);
 
 		dol_syslog(get_class($this)."::deleteline sql=".$sql);
 		$result = $this->db->query($sql);
@@ -2628,7 +2628,7 @@ class ExpenseReportLine
 		$sql .= ' FROM '.MAIN_DB_PREFIX.'expensereport_det as fde';
 		$sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'c_type_fees as ctf ON fde.fk_c_type_fees=ctf.id'; // Sometimes type of expense report has been removed, so we use a left join here.
 		$sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'projet as pjt ON fde.fk_projet=pjt.rowid';
-		$sql .= ' WHERE fde.rowid = '.$rowid;
+		$sql .= ' WHERE fde.rowid = '.((int) $rowid);
 
 		$result = $this->db->query($sql);
 
diff --git a/htdocs/expensereport/class/expensereport_ik.class.php b/htdocs/expensereport/class/expensereport_ik.class.php
index 18a0503cdd7..6c6623c30c7 100644
--- a/htdocs/expensereport/class/expensereport_ik.class.php
+++ b/htdocs/expensereport/class/expensereport_ik.class.php
@@ -137,7 +137,7 @@ class ExpenseReportIk extends CoreObject
 	 * @param int   $fk_c_exp_tax_cat   category
 	 * @return boolean|array
 	 */
-	public static function getRangeByUser(User $userauthor, $fk_c_exp_tax_cat)
+	public static function getRangeByUser(User $userauthor, int $fk_c_exp_tax_cat)
 	{
 		$default_range = (int) $userauthor->default_range; // if not defined, then 0
 		$ranges = self::getRangesByCategory($fk_c_exp_tax_cat);
@@ -157,23 +157,24 @@ class ExpenseReportIk extends CoreObject
 	 * @param int	$active				active
 	 * @return array
 	 */
-	public static function getRangesByCategory($fk_c_exp_tax_cat, $active = 1)
+	public static function getRangesByCategory(int $fk_c_exp_tax_cat, $active = 1)
 	{
 		global $db;
 
 		$ranges = array();
 
+		dol_syslog(get_called_class().'::getRangesByCategory for fk_c_exp_tax_cat='.$fk_c_exp_tax_cat, LOG_DEBUG);
+
 		$sql = 'SELECT r.rowid FROM '.MAIN_DB_PREFIX.'c_exp_tax_range r';
 		if ($active) {
 			$sql .= ' INNER JOIN '.MAIN_DB_PREFIX.'c_exp_tax_cat c ON (r.fk_c_exp_tax_cat = c.rowid)';
 		}
-		$sql .= ' WHERE r.fk_c_exp_tax_cat = '.$fk_c_exp_tax_cat;
+		$sql .= ' WHERE r.fk_c_exp_tax_cat = '.((int) $fk_c_exp_tax_cat);
 		if ($active) {
 			$sql .= ' AND r.active = 1 AND c.active = 1';
 		}
 		$sql .= ' ORDER BY r.range_ik';
 
-		dol_syslog(get_called_class().'::getRangesByCategory sql='.$sql, LOG_DEBUG);
 		$resql = $db->query($sql);
 		if ($resql) {
 			$num = $db->num_rows($resql);
diff --git a/htdocs/expensereport/class/paymentexpensereport.class.php b/htdocs/expensereport/class/paymentexpensereport.class.php
index c9cf0cdaf41..c673316d491 100644
--- a/htdocs/expensereport/class/paymentexpensereport.class.php
+++ b/htdocs/expensereport/class/paymentexpensereport.class.php
@@ -607,7 +607,7 @@ class PaymentExpenseReport extends CommonObject
 	public function update_fk_bank($id_bank)
 	{
 		// phpcs:enable
-		$sql = "UPDATE ".MAIN_DB_PREFIX."payment_expensereport SET fk_bank = ".$id_bank." WHERE rowid = ".$this->id;
+		$sql = "UPDATE ".MAIN_DB_PREFIX."payment_expensereport SET fk_bank = ".((int) $id_bank)." WHERE rowid = ".((int) $this->id);
 
 		dol_syslog(get_class($this)."::update_fk_bank", LOG_DEBUG);
 		$result = $this->db->query($sql);
diff --git a/htdocs/fichinter/card-rec.php b/htdocs/fichinter/card-rec.php
index e687169fe50..b7280c2f4a4 100644
--- a/htdocs/fichinter/card-rec.php
+++ b/htdocs/fichinter/card-rec.php
@@ -83,17 +83,17 @@ $extrafields = new ExtraFields($db);
 
 
 $arrayfields = array(
-	'f.titre'=>array('label'=>$langs->trans("Ref"), 'checked'=>1),
-	's.nom'=>array('label'=>$langs->trans("ThirdParty"), 'checked'=>1),
-	'f.fk_contrat'=>array('label'=>$langs->trans("Contract"), 'checked'=>1),
-	'f.duree'=>array('label'=>$langs->trans("Duration"), 'checked'=>1),
-	'f.total_ttc'=>array('label'=>$langs->trans("AmountTTC"), 'checked'=>1),
-	'f.frequency'=>array('label'=>$langs->trans("RecurringInvoiceTemplate"), 'checked'=>1),
-	'f.nb_gen_done'=>array('label'=>$langs->trans("NbOfGenerationDone"), 'checked'=>1),
-	'f.date_last_gen'=>array('label'=>$langs->trans("DateLastGeneration"), 'checked'=>1),
-	'f.date_when'=>array('label'=>$langs->trans("NextDateToExecution"), 'checked'=>1),
-	'f.datec'=>array('label'=>$langs->trans("DateCreation"), 'checked'=>0, 'position'=>500),
-	'f.tms'=>array('label'=>$langs->trans("DateModificationShort"), 'checked'=>0, 'position'=>500),
+	'f.titre'=>array('label'=>"Ref", 'checked'=>1),
+	's.nom'=>array('label'=>"ThirdParty", 'checked'=>1),
+	'f.fk_contrat'=>array('label'=>"Contract", 'checked'=>1),
+	'f.duree'=>array('label'=>"Duration", 'checked'=>1),
+	'f.total_ttc'=>array('label'=>"AmountTTC", 'checked'=>1),
+	'f.frequency'=>array('label'=>"RecurringInvoiceTemplate", 'checked'=>1),
+	'f.nb_gen_done'=>array('label'=>"NbOfGenerationDoneShort", 'checked'=>1),
+	'f.date_last_gen'=>array('label'=>"DateLastGeneration", 'checked'=>1),
+	'f.date_when'=>array('label'=>"NextDateToExecution", 'checked'=>1),
+	'f.datec'=>array('label'=>"DateCreation", 'checked'=>0, 'position'=>500),
+	'f.tms'=>array('label'=>"DateModificationShort", 'checked'=>0, 'position'=>500),
 );
 
 
@@ -580,15 +580,13 @@ if ($action == 'create') {
 			print '<div class="ficheaddleft">';
 			print '<div class="underbanner clearboth"></div>';
 
-			print '<table class="border centpercent">';
-
 			$title = $langs->trans("Recurrence");
 			print load_fiche_titre($title, '', 'calendar');
 
 			print '<table class="border centpercent">';
 
 			// if "frequency" is empty or = 0, the reccurence is disabled
-			print '<tr><td style="width: 50%">';
+			print '<tr><td class="titlefield">';
 			print '<table class="nobordernopadding" width="100%"><tr><td>';
 			print $langs->trans('Frequency');
 			print '</td>';
@@ -663,7 +661,7 @@ if ($action == 'create') {
 				print '<table class="border centpercent">';
 
 				// Nb of generation already done
-				print '<tr><td style="width: 50%">'.$langs->trans("NbOfGenerationDone").'</td>';
+				print '<tr><td class="titlefield">'.$langs->trans("NbOfGenerationOfRecordDone").'</td>';
 				print '<td>';
 				print $object->nb_gen_done ? $object->nb_gen_done : '0';
 				print '</td>';
@@ -817,7 +815,7 @@ if ($action == 'create') {
 			print_liste_field_titre("Duration", $_SERVER['PHP_SELF'], 'f.duree', '', '', 'width="50px"', $sortfield, $sortorder, 'right ');
 			// Recurring or not
 			print_liste_field_titre("Frequency", $_SERVER['PHP_SELF'], "f.frequency", "", "", 'width="100px"', $sortfield, $sortorder, 'center ');
-			print_liste_field_titre("NbOfGenerationDone", $_SERVER['PHP_SELF'], "f.nb_gen_done", "", "", 'width="100px"', $sortfield, $sortorder, 'center ');
+			print_liste_field_titre("NbOfGenerationDoneShort", $_SERVER['PHP_SELF'], "f.nb_gen_done", "", "", 'width="100px"', $sortfield, $sortorder, 'center ');
 			print_liste_field_titre("DateLastGeneration", $_SERVER['PHP_SELF'], "f.date_last_gen", "", "", 'width="100px"', $sortfield, $sortorder, 'center ');
 			print_liste_field_titre("NextDateToIntervention", $_SERVER['PHP_SELF'], "f.date_when", "", "", 'width="100px"', $sortfield, $sortorder, 'center ');
 			print '<th width="100px"></th>';
@@ -908,7 +906,7 @@ if ($action == 'create') {
 					}
 				}
 			} else {
-				print '<tr class="oddeven"><td colspan="10">'.$langs->trans("NoneF").'</td></tr>';
+				print '<tr class="oddeven"><td colspan="10"><span class="opacitymedium">'.$langs->trans("None").'</span></td></tr>';
 			}
 
 			print "</table>";
diff --git a/htdocs/fichinter/class/fichinter.class.php b/htdocs/fichinter/class/fichinter.class.php
index f5602bc5abb..1fef1ed7c03 100644
--- a/htdocs/fichinter/class/fichinter.class.php
+++ b/htdocs/fichinter/class/fichinter.class.php
@@ -1438,7 +1438,7 @@ class FichinterLigne extends CommonObjectLine
 		$sql = 'SELECT ft.rowid, ft.fk_fichinter, ft.description, ft.duree, ft.rang,';
 		$sql .= ' ft.date as datei';
 		$sql .= ' FROM '.MAIN_DB_PREFIX.'fichinterdet as ft';
-		$sql .= ' WHERE ft.rowid = '.$rowid;
+		$sql .= ' WHERE ft.rowid = '.((int) $rowid);
 
 		dol_syslog("FichinterLigne::fetch", LOG_DEBUG);
 		$result = $this->db->query($sql);
@@ -1622,7 +1622,7 @@ class FichinterLigne extends CommonObjectLine
 
 		$sql = "SELECT SUM(duree) as total_duration, min(date) as dateo, max(date) as datee ";
 		$sql .= " FROM ".MAIN_DB_PREFIX."fichinterdet";
-		$sql .= " WHERE fk_fichinter=".$this->fk_fichinter;
+		$sql .= " WHERE fk_fichinter=".((int) $this->fk_fichinter);
 
 		dol_syslog("FichinterLigne::update_total", LOG_DEBUG);
 		$resql = $this->db->query($sql);
@@ -1634,10 +1634,10 @@ class FichinterLigne extends CommonObjectLine
 			}
 
 			$sql = "UPDATE ".MAIN_DB_PREFIX."fichinter";
-			$sql .= " SET duree = ".$total_duration;
+			$sql .= " SET duree = ".((int) $total_duration);
 			$sql .= " , dateo = ".(!empty($obj->dateo) ? "'".$this->db->idate($obj->dateo)."'" : "null");
 			$sql .= " , datee = ".(!empty($obj->datee) ? "'".$this->db->idate($obj->datee)."'" : "null");
-			$sql .= " WHERE rowid = ".$this->fk_fichinter;
+			$sql .= " WHERE rowid = ".((int) $this->fk_fichinter);
 
 			dol_syslog("FichinterLigne::update_total", LOG_DEBUG);
 			$resql = $this->db->query($sql);
diff --git a/htdocs/fourn/class/fournisseur.commande.class.php b/htdocs/fourn/class/fournisseur.commande.class.php
index 1c9ed333fae..0dfb4047b4f 100644
--- a/htdocs/fourn/class/fournisseur.commande.class.php
+++ b/htdocs/fourn/class/fournisseur.commande.class.php
@@ -1157,7 +1157,7 @@ class CommandeFournisseur extends CommonOrder
 
 			$this->db->begin();
 
-			$sql = "UPDATE ".MAIN_DB_PREFIX."commande_fournisseur SET fk_statut = ".$statut;
+			$sql = "UPDATE ".MAIN_DB_PREFIX."commande_fournisseur SET fk_statut = ".((int) $statut);
 			$sql .= " WHERE rowid = ".$this->id;
 			dol_syslog(get_class($this)."::cancel", LOG_DEBUG);
 			if ($this->db->query($sql)) {
@@ -2306,7 +2306,7 @@ class CommandeFournisseur extends CommonOrder
 				$this->db->begin();
 
 				$sql = "UPDATE ".MAIN_DB_PREFIX."commande_fournisseur";
-				$sql .= " SET fk_statut = ".$statut;
+				$sql .= " SET fk_statut = ".((int) $statut);
 				$sql .= " WHERE rowid = ".$this->id;
 				$sql .= " AND fk_statut IN (".self::STATUS_ORDERSENT.",".self::STATUS_RECEIVED_PARTIALLY.")"; // Process running or Partially received
 
@@ -3495,7 +3495,7 @@ class CommandeFournisseurLigne extends CommonOrderLine
 		if (!empty($conf->global->PRODUCT_USE_SUPPLIER_PACKAGING)) {
 			$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product_fournisseur_price as pfp ON cd.fk_product = pfp.fk_product and cd.ref = pfp.ref_fourn";
 		}
-		$sql .= ' WHERE cd.rowid = '.$rowid;
+		$sql .= ' WHERE cd.rowid = '.((int) $rowid);
 		$result = $this->db->query($sql);
 		if ($result) {
 			$objp = $this->db->fetch_object($result);
diff --git a/htdocs/fourn/class/fournisseur.facture.class.php b/htdocs/fourn/class/fournisseur.facture.class.php
index e7a7766e3be..73e8be88c37 100644
--- a/htdocs/fourn/class/fournisseur.facture.class.php
+++ b/htdocs/fourn/class/fournisseur.facture.class.php
@@ -1208,13 +1208,13 @@ class FactureFournisseur extends CommonInvoice
 		if (!$error) {
 			$main = MAIN_DB_PREFIX.'facture_fourn_det';
 			$ef = $main."_extrafields";
-			$sqlef = "DELETE FROM $ef WHERE fk_object IN (SELECT rowid FROM $main WHERE fk_facture_fourn = $rowid)";
+			$sqlef = "DELETE FROM $ef WHERE fk_object IN (SELECT rowid FROM ".$main." WHERE fk_facture_fourn = ".((int) $rowid).")";
 			$resqlef = $this->db->query($sqlef);
-			$sql = 'DELETE FROM '.MAIN_DB_PREFIX.'facture_fourn_det WHERE fk_facture_fourn = '.$rowid.';';
+			$sql = 'DELETE FROM '.MAIN_DB_PREFIX.'facture_fourn_det WHERE fk_facture_fourn = '.((int) $rowid);
 			dol_syslog(get_class($this)."::delete", LOG_DEBUG);
 			$resql = $this->db->query($sql);
 			if ($resqlef && $resql) {
-				$sql = 'DELETE FROM '.MAIN_DB_PREFIX.'facture_fourn WHERE rowid = '.$rowid;
+				$sql = 'DELETE FROM '.MAIN_DB_PREFIX.'facture_fourn WHERE rowid = '.((int) $rowid);
 				dol_syslog(get_class($this)."::delete", LOG_DEBUG);
 				$resql2 = $this->db->query($sql);
 				if (!$resql2) {
@@ -1465,7 +1465,7 @@ class FactureFournisseur extends CommonInvoice
 		$this->newref = dol_sanitizeFileName($num);
 
 		$sql = "UPDATE ".MAIN_DB_PREFIX."facture_fourn";
-		$sql .= " SET ref='".$num."', fk_statut = 1, fk_user_valid = ".$user->id.", date_valid = '".$this->db->idate($now)."'";
+		$sql .= " SET ref='".$this->db->escape($num)."', fk_statut = 1, fk_user_valid = ".((int) $user->id).", date_valid = '".$this->db->idate($now)."'";
 		$sql .= " WHERE rowid = ".$this->id;
 
 		dol_syslog(get_class($this)."::validate", LOG_DEBUG);
@@ -3093,7 +3093,7 @@ class SupplierInvoiceLine extends CommonObjectLine
 		$sql .= ', f.multicurrency_subprice, f.multicurrency_total_ht, f.multicurrency_total_tva, multicurrency_total_ttc';
 		$sql .= ' FROM '.MAIN_DB_PREFIX.'facture_fourn_det as f';
 		$sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'product as p ON f.fk_product = p.rowid';
-		$sql .= ' WHERE f.rowid = '.$rowid;
+		$sql .= ' WHERE f.rowid = '.((int) $rowid);
 		$sql .= ' ORDER BY f.rang, f.rowid';
 
 		$query = $this->db->query($sql);
diff --git a/htdocs/fourn/class/fournisseur.product.class.php b/htdocs/fourn/class/fournisseur.product.class.php
index b124817bf9f..0fa34c28d81 100644
--- a/htdocs/fourn/class/fournisseur.product.class.php
+++ b/htdocs/fourn/class/fournisseur.product.class.php
@@ -372,15 +372,15 @@ class ProductFournisseur extends Product
 				}
 			}
 			$sql = "UPDATE ".MAIN_DB_PREFIX."product_fournisseur_price";
-			$sql .= " SET fk_user = ".$user->id." ,";
+			$sql .= " SET fk_user = ".((int) $user->id)." ,";
 			$sql .= " ref_fourn = '".$this->db->escape($ref_fourn)."',";
 			$sql .= " desc_fourn = '".$this->db->escape($desc_fourn)."',";
-			$sql .= " price = ".$buyprice.",";
-			$sql .= " quantity = ".$qty.",";
-			$sql .= " remise_percent = ".$remise_percent.",";
-			$sql .= " remise = ".$remise.",";
-			$sql .= " unitprice = ".$unitBuyPrice.",";
-			$sql .= " fk_availability = ".$availability.",";
+			$sql .= " price = ".((float) $buyprice).",";
+			$sql .= " quantity = ".((float) $qty).",";
+			$sql .= " remise_percent = ".((float) $remise_percent).",";
+			$sql .= " remise = ".((float) $remise).",";
+			$sql .= " unitprice = ".((float) $unitBuyPrice).",";
+			$sql .= " fk_availability = ".((int) $availability).",";
 			$sql .= " multicurrency_price = ".(isset($multicurrency_buyprice) ? "'".$this->db->escape(price2num($multicurrency_buyprice))."'" : 'null').",";
 			$sql .= " multicurrency_unitprice = ".(isset($multicurrency_unitBuyPrice) ? "'".$this->db->escape(price2num($multicurrency_unitBuyPrice))."'" : 'null').",";
 			$sql .= " multicurrency_tx = ".(isset($multicurrency_tx) ? "'".$this->db->escape($multicurrency_tx)."'" : '1').",";
@@ -394,16 +394,16 @@ class ProductFournisseur extends Product
 			//$sql.= " localtax1_type=".($localtaxtype1!=''?"'".$this->db->escape($localtaxtype1)."'":"'0'").",";
 			//$sql.= " localtax2_type=".($localtaxtype2!=''?"'".$this->db->escape($localtaxtype2)."'":"'0'").",";
 			$sql .= " default_vat_code=".($newdefaultvatcode ? "'".$this->db->escape($newdefaultvatcode)."'" : "null").",";
-			$sql .= " info_bits = ".$newnpr.",";
-			$sql .= " charges = ".$charges.","; // deprecated
-			$sql .= " delivery_time_days = ".($delivery_time_days != '' ? $delivery_time_days : 'null').",";
+			$sql .= " info_bits = ".((int) $newnpr).",";
+			$sql .= " charges = ".((float) $charges).","; // deprecated
+			$sql .= " delivery_time_days = ".($delivery_time_days != '' ? ((int) $delivery_time_days) : 'null').",";
 			$sql .= " supplier_reputation = ".(empty($supplier_reputation) ? 'NULL' : "'".$this->db->escape($supplier_reputation)."'").",";
 			$sql .= " barcode = ".(empty($barcode) ? 'NULL' : "'".$this->db->escape($barcode)."'").",";
 			$sql .= " fk_barcode_type = ".(empty($fk_barcode_type) ? 'NULL' : "'".$this->db->escape($fk_barcode_type)."'");
 			if (!empty($conf->global->PRODUCT_USE_SUPPLIER_PACKAGING)) {
 				$sql .= ", packaging = ".(empty($packaging) ? 1 : $packaging);
 			}
-			$sql .= " WHERE rowid = ".$this->product_fourn_price_id;
+			$sql .= " WHERE rowid = ".((int) $this->product_fourn_price_id);
 			// TODO Add price_base_type and price_ttc
 
 			dol_syslog(get_class($this).'::update_buyprice update knowing id of line = product_fourn_price_id = '.$this->product_fourn_price_id, LOG_DEBUG);
@@ -653,7 +653,7 @@ class ProductFournisseur extends Product
 		$sql .= " WHERE pfp.entity IN (".getEntity('productsupplierprice').")";
 		$sql .= " AND pfp.fk_soc = s.rowid AND pfp.fk_product = p.rowid";
 		$sql .= " AND s.status=1"; // only enabled company selected
-		$sql .= " AND pfp.fk_product = ".$prodid;
+		$sql .= " AND pfp.fk_product = ".((int) $prodid);
 		if (empty($sortfield)) {
 			$sql .= " ORDER BY s.nom, pfp.quantity, pfp.price";
 		} else {
@@ -885,8 +885,8 @@ class ProductFournisseur extends Product
 		$expression_id = $expression_id != 0 ? $expression_id : 'NULL';
 
 		$sql = "UPDATE ".MAIN_DB_PREFIX."product_fournisseur_price";
-		$sql .= " SET fk_supplier_price_expression = ".$expression_id;
-		$sql .= " WHERE rowid = ".$this->product_fourn_price_id;
+		$sql .= " SET fk_supplier_price_expression = ".((int) $expression_id);
+		$sql .= " WHERE rowid = ".((int) $this->product_fourn_price_id);
 
 		dol_syslog(get_class($this)."::setSupplierPriceExpression", LOG_DEBUG);
 
diff --git a/htdocs/fourn/commande/card.php b/htdocs/fourn/commande/card.php
index 6def24cf64b..0a03b367717 100644
--- a/htdocs/fourn/commande/card.php
+++ b/htdocs/fourn/commande/card.php
@@ -290,7 +290,7 @@ if (empty($reshook)) {
 	}
 
 	if ($action == 'setremisepercent' && $usercancreate) {
-		$result = $object->set_remise($user, $_POST['remise_percent']);
+		$result = $object->set_remise($user, price2num(GETPOST('remise_percent')));
 		if ($result < 0) {
 			setEventMessages($object->error, $object->errors, 'errors');
 		}
@@ -1436,10 +1436,10 @@ if (empty($reshook)) {
 			}
 		} elseif ($action == 'swapstatut' && $object->id > 0) {
 			// bascule du statut d'un contact
-			$result = $object->swapContactStatus(GETPOST('ligne'));
+			$result = $object->swapContactStatus(GETPOST('ligne', 'int'));
 		} elseif ($action == 'deletecontact' && $object->id > 0) {
 			// Efface un contact
-			$result = $object->delete_contact($_GET["lineid"]);
+			$result = $object->delete_contact(GETPOST("lineid", 'int'));
 
 			if ($result >= 0) {
 				header("Location: ".$_SERVER['PHP_SELF']."?id=".$object->id);
diff --git a/htdocs/fourn/commande/contact.php b/htdocs/fourn/commande/contact.php
index ae2e8bab481..2ff1c97e3e5 100644
--- a/htdocs/fourn/commande/contact.php
+++ b/htdocs/fourn/commande/contact.php
@@ -76,14 +76,14 @@ if ($action == 'addcontact' && $user->rights->fournisseur->commande->creer) {
 } elseif ($action == 'swapstatut' && $user->rights->fournisseur->commande->creer) {
 	// Toggle the status of a contact
 	if ($object->fetch($id)) {
-		$result = $object->swapContactStatus(GETPOST('ligne'));
+		$result = $object->swapContactStatus(GETPOST('ligne', 'int'));
 	} else {
 		dol_print_error($db);
 	}
 } elseif ($action == 'deletecontact' && $user->rights->fournisseur->commande->creer) {
 	// Deleting a contact
 	$object->fetch($id);
-	$result = $object->delete_contact($_GET["lineid"]);
+	$result = $object->delete_contact(GETPOST("lineid", 'int'));
 
 	if ($result >= 0) {
 		header("Location: ".$_SERVER['PHP_SELF']."?id=".$object->id);
diff --git a/htdocs/fourn/commande/list.php b/htdocs/fourn/commande/list.php
index 09834f5c2af..2417563c176 100644
--- a/htdocs/fourn/commande/list.php
+++ b/htdocs/fourn/commande/list.php
@@ -970,24 +970,24 @@ if ($resql) {
 	if ($user->rights->societe->client->voir || $socid) {
 		$langs->load("commercial");
 		$moreforfilter .= '<div class="divsearchfield">';
-		$moreforfilter .= $langs->trans('ThirdPartiesOfSaleRepresentative').': ';
-		$moreforfilter .= $formother->select_salesrepresentatives($search_sale, 'search_sale', $user, 0, 1, 'maxwidth200');
+		$tmptitle = $langs->trans('ThirdPartiesOfSaleRepresentative');
+		$moreforfilter .= img_picto($tmptitle, 'user', 'class="pictofixedwidth"').$formother->select_salesrepresentatives($search_sale, 'search_sale', $user, 0, $tmptitle, 'maxwidth250');
 		$moreforfilter .= '</div>';
 	}
 	// If the user can view other users
 	if ($user->rights->user->user->lire) {
 		$moreforfilter .= '<div class="divsearchfield">';
-		$moreforfilter .= $langs->trans('LinkedToSpecificUsers').': ';
-		$moreforfilter .= $form->select_dolusers($search_user, 'search_user', 1, '', 0, '', '', 0, 0, 0, '', 0, '', 'maxwidth200');
+		$tmptitle = $langs->trans('LinkedToSpecificUsers');
+		$moreforfilter .= img_picto($tmptitle, 'user', 'class="pictofixedwidth"').$form->select_dolusers($search_user, 'search_user', $tmptitle, '', 0, '', '', 0, 0, 0, '', 0, '', 'maxwidth250');
 		$moreforfilter .= '</div>';
 	}
 	// If the user can view prospects other than his'
 	if (!empty($conf->categorie->enabled) && $user->rights->categorie->lire && ($user->rights->produit->lire || $user->rights->service->lire)) {
 		include_once DOL_DOCUMENT_ROOT.'/categories/class/categorie.class.php';
 		$moreforfilter .= '<div class="divsearchfield">';
-		$moreforfilter .= $langs->trans('IncludingProductWithTag').': ';
+		$tmptitle = $langs->trans('IncludingProductWithTag');
 		$cate_arbo = $form->select_all_categories(Categorie::TYPE_PRODUCT, null, 'parent', null, null, 1);
-		$moreforfilter .= $form->selectarray('search_product_category', $cate_arbo, $search_product_category, 1, 0, 0, '', 0, 0, 0, 0, 'maxwidth300', 1);
+		$moreforfilter .= img_picto($tmptitle, 'category', 'class="pictofixedwidth"').$form->selectarray('search_product_category', $cate_arbo, $search_product_category, $tmptitle, 0, 0, '', 0, 0, 0, 0, 'maxwidth300', 1);
 		$moreforfilter .= '</div>';
 	}
 	$parameters = array();
diff --git a/htdocs/fourn/facture/card.php b/htdocs/fourn/facture/card.php
index 0312c851de3..a033be48f08 100644
--- a/htdocs/fourn/facture/card.php
+++ b/htdocs/fourn/facture/card.php
@@ -1588,14 +1588,14 @@ if (empty($reshook)) {
 		} elseif ($action == 'swapstatut') {
 			// bascule du statut d'un contact
 			if ($object->fetch($id)) {
-				$result = $object->swapContactStatus(GETPOST('ligne'));
+				$result = $object->swapContactStatus(GETPOST('ligne', 'int'));
 			} else {
 				dol_print_error($db);
 			}
 		} elseif ($action == 'deletecontact') {
 			// Efface un contact
 			$object->fetch($id);
-			$result = $object->delete_contact($_GET["lineid"]);
+			$result = $object->delete_contact(GETPOST("lineid", 'int'));
 
 			if ($result >= 0) {
 				header("Location: ".$_SERVER['PHP_SELF']."?id=".$object->id);
diff --git a/htdocs/fourn/facture/contact.php b/htdocs/fourn/facture/contact.php
index 4f450bca3c4..1284ee293be 100644
--- a/htdocs/fourn/facture/contact.php
+++ b/htdocs/fourn/facture/contact.php
@@ -76,14 +76,14 @@ if ($action == 'addcontact' && $user->rights->fournisseur->facture->creer) {
 } elseif ($action == 'swapstatut' && $user->rights->fournisseur->facture->creer) {
 	// bascule du statut d'un contact
 	if ($object->fetch($id)) {
-		$result = $object->swapContactStatus(GETPOST('ligne'));
+		$result = $object->swapContactStatus(GETPOST('ligne', 'int'));
 	} else {
 		dol_print_error($db);
 	}
 } elseif ($action == 'deletecontact' && $user->rights->fournisseur->facture->creer) {
 	// Efface un contact
 	$object->fetch($id);
-	$result = $object->delete_contact($_GET["lineid"]);
+	$result = $object->delete_contact(GETPOST("lineid", 'int'));
 
 	if ($result >= 0) {
 		header("Location: ".$_SERVER['PHP_SELF']."?id=".$object->id);
diff --git a/htdocs/fourn/facture/list.php b/htdocs/fourn/facture/list.php
index 50fdfef6e47..3efc19f86cc 100644
--- a/htdocs/fourn/facture/list.php
+++ b/htdocs/fourn/facture/list.php
@@ -934,32 +934,32 @@ if ($resql) {
 	if ($user->rights->societe->client->voir || $socid) {
 		$langs->load("commercial");
 		$moreforfilter .= '<div class="divsearchfield">';
-		$moreforfilter .= $langs->trans('ThirdPartiesOfSaleRepresentative').': ';
-		$moreforfilter .= $formother->select_salesrepresentatives($search_sale, 'search_sale', $user, 0, 1, 'maxwidth200');
+		$tmptitle = $langs->trans('ThirdPartiesOfSaleRepresentative');
+		$moreforfilter .= img_picto($tmptitle, 'company', 'class="pictofixedwidth"').$formother->select_salesrepresentatives($search_sale, 'search_sale', $user, 0, $tmptitle, 'maxwidth200');
 		$moreforfilter .= '</div>';
 	}
 	// If the user can view prospects other than his'
 	if ($user->rights->societe->client->voir || $socid) {
 		$moreforfilter .= '<div class="divsearchfield">';
-		$moreforfilter .= $langs->trans('LinkedToSpecificUsers').': ';
-		$moreforfilter .= $form->select_dolusers($search_user, 'search_user', 1, '', 0, '', '', 0, 0, 0, '', 0, '', 'maxwidth200');
+		$tmptitle = $langs->trans('LinkedToSpecificUsers');
+		$moreforfilter .= img_picto($tmptitle, 'user', 'class="pictofixedwidth"').$form->select_dolusers($search_user, 'search_user', $tmptitle, '', 0, '', '', 0, 0, 0, '', 0, '', 'maxwidth200');
 		$moreforfilter .= '</div>';
 	}
 	// If the user can view prospects other than his'
 	if (!empty($conf->categorie->enabled) && $user->rights->categorie->lire && ($user->rights->produit->lire || $user->rights->service->lire)) {
 		include_once DOL_DOCUMENT_ROOT.'/categories/class/categorie.class.php';
 		$moreforfilter .= '<div class="divsearchfield">';
-		$moreforfilter .= $langs->trans('IncludingProductWithTag').': ';
+		$tmptitle = $langs->trans('IncludingProductWithTag');
 		$cate_arbo = $form->select_all_categories(Categorie::TYPE_PRODUCT, null, 'parent', null, null, 1);
-		$moreforfilter .= $form->selectarray('search_product_category', $cate_arbo, $search_product_category, 1, 0, 0, '', 0, 0, 0, 0, 'maxwidth300', 1);
+		$moreforfilter .= img_picto($tmptitle, 'category', 'class="pictofixedwidth"').$form->selectarray('search_product_category', $cate_arbo, $search_product_category, $tmptitle, 0, 0, '', 0, 0, 0, 0, 'maxwidth300', 1);
 		$moreforfilter .= '</div>';
 	}
 
 	if (!empty($conf->categorie->enabled)) {
 		require_once DOL_DOCUMENT_ROOT.'/categories/class/categorie.class.php';
 		$moreforfilter .= '<div class="divsearchfield">';
-		$moreforfilter .= $langs->trans('SuppliersCategoriesShort').': ';
-		$moreforfilter .= $formother->select_categories('supplier', $search_categ_sup, 'search_categ_sup', 1);
+		$tmptitle = $langs->trans('SuppliersCategoriesShort');
+		$moreforfilter .= img_picto($tmptitle, 'category', 'class="pictofixedwidth"').$formother->select_categories('supplier', $search_categ_sup, 'search_categ_sup', 1, $tmptitle);
 		$moreforfilter .= '</div>';
 	}
 	$parameters = array();
diff --git a/htdocs/install/mysql/data/llx_10_c_regions.sql b/htdocs/install/mysql/data/llx_10_c_regions.sql
index 882bcd09960..96ab85788ff 100644
--- a/htdocs/install/mysql/data/llx_10_c_regions.sql
+++ b/htdocs/install/mysql/data/llx_10_c_regions.sql
@@ -11,10 +11,6 @@
 -- Copyright (C) 2015	   Ferran Marcet        <fmarcet@2byte.es>
 -- Copyright (C) 2019~	   Lao Tian        <281388879@qq.com>
 -- Copyright (C) 2020-2021 Udo Tamm             <dev@dolibit.de>
-
-
-
--- LICENSE ---------------------------------------------------------------------
 --
 -- This program is free software; you can redistribute it and/or modify
 -- it under the terms of the GNU General Public License as published by
@@ -56,8 +52,20 @@
 insert into llx_c_regions (fk_pays, code_region, cheflieu, tncc, nom) values ( 0,   0,   '0',0,'-');
 
 
+-- Algeria Regions (id country=13)
+INSERT INTO llx_c_regions (fk_pays, code_region, cheflieu, tncc, nom) values ( 13, 1301, '', 0, 'Algerie');
+
+
+-- Argentina Regions (id country=23)
+INSERT INTO llx_c_regions (fk_pays, code_region, cheflieu, tncc, nom) values ( 23, 2301, '', 0, 'Norte');
+INSERT INTO llx_c_regions (fk_pays, code_region, cheflieu, tncc, nom) values ( 23, 2302, '', 0, 'Litoral');
+INSERT INTO llx_c_regions (fk_pays, code_region, cheflieu, tncc, nom) values ( 23, 2303, '', 0, 'Cuyana');
+INSERT INTO llx_c_regions (fk_pays, code_region, cheflieu, tncc, nom) values ( 23, 2304, '', 0, 'Central');
+INSERT INTO llx_c_regions (fk_pays, code_region, cheflieu, tncc, nom) values ( 23, 2305, '', 0, 'Patagonia');
+
+
 -- Austria Regions (id country=41)
-INSERT INTO llx_c_regions (fk_pays, code_region, cheflieu, tncc, nom, active) values ( 41, 4101, '', 0, 'Österreich', 1);
+INSERT INTO llx_c_regions (fk_pays, code_region, cheflieu, tncc, nom) values ( 41, 4101, '', 0, 'Österreich');
 
 
 -- Belgium Regions (id country=2)
@@ -188,8 +196,7 @@ insert into llx_c_regions (fk_pays,code_region,cheflieu,tncc,nom) values (10,102
 -- Region USA (id country=11)
 INSERT INTO llx_c_regions (fk_pays, code_region, cheflieu, tncc, nom, active) values ( 11, 1101, '', 0, 'United-States', 1);
 
--- Regions Algeria (id country=13)
-INSERT INTO  llx_c_regions (fk_pays, code_region, cheflieu, tncc, nom, active) values ( 13, 1301, '', 0, 'Algerie', 1);
+
 
 -- Region Canada (id country=14)
 INSERT INTO llx_c_regions (fk_pays, code_region, cheflieu, tncc, nom, active) values ( 14, 1401, '', 0, 'Canada', 1);
@@ -197,12 +204,6 @@ INSERT INTO llx_c_regions (fk_pays, code_region, cheflieu, tncc, nom, active) va
 -- Regions The Netherlands (id country=17)
 INSERT INTO llx_c_regions (fk_pays, code_region, cheflieu, tncc, nom, active) values ( 17, 1701, '', 0,'Provincies van Nederland ', 1);
 
--- Regions Argentina (id country=23)
-INSERT INTO llx_c_regions (fk_pays, code_region, cheflieu, tncc, nom, active) values ( 23, 2301, '', 0, 'Norte', 1);
-INSERT INTO llx_c_regions (fk_pays, code_region, cheflieu, tncc, nom, active) values ( 23, 2302, '', 0, 'Litoral', 1);
-INSERT INTO llx_c_regions (fk_pays, code_region, cheflieu, tncc, nom, active) values ( 23, 2303, '', 0, 'Cuyana', 1);
-INSERT INTO llx_c_regions (fk_pays, code_region, cheflieu, tncc, nom, active) values ( 23, 2304, '', 0, 'Central', 1);
-INSERT INTO llx_c_regions (fk_pays, code_region, cheflieu, tncc, nom, active) values ( 23, 2305, '', 0, 'Patagonia', 1);
 
 -- Regions Australia (id country=28)
 INSERT INTO llx_c_regions (fk_pays, code_region, cheflieu, tncc, nom, active) values ( 28, 2801, '', 0, 'Australia', 1);
diff --git a/htdocs/install/mysql/data/llx_20_c_departements.sql b/htdocs/install/mysql/data/llx_20_c_departements.sql
index 82201f8d3a6..9e47a9ec050 100644
--- a/htdocs/install/mysql/data/llx_20_c_departements.sql
+++ b/htdocs/install/mysql/data/llx_20_c_departements.sql
@@ -10,8 +10,6 @@
 -- Copyright (C) 2012	   Ricardo Schluter     <info@ripasch.nl>
 -- Copyright (C) 2015	   Ferran Marcet	    <fmarcet@2byte.es>
 --
-
--- LICENSE -------------------------------------------------------------------
 -- This program is free software; you can redistribute it and/or modify
 -- it under the terms of the GNU General Public License as published by
 -- the Free Software Foundation; either version 3 of the License, or
@@ -36,6 +34,14 @@
 -- NOTES ----------------------------------
 -- Departements/Cantons/Provinces/States
 --
+-- Algeria
+-- Andorra
+-- Argentina
+-- Australia
+-- Austria
+-- Belgium 
+-- Canada
+--
 
 
 -- TEMPLATE -------------------------------------------------------------------------------------------------------------
@@ -103,6 +109,35 @@ INSERT INTO llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc
 INSERT INTO llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) VALUES  (34000, 'AD-008', 'AD700', NULL, NULL, 'Escaldes-Engordany');
 
 
+-- Argentina Provinces / provincias (id country=23)
+INSERT INTO llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) VALUES (2301, '2301', '', 0, 'CATAMARCA', 'Catamarca');
+INSERT INTO llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) VALUES (2301, '2302', '', 0, 'JUJUY', 'Jujuy');
+INSERT INTO llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) VALUES (2301, '2303', '', 0, 'TUCAMAN', 'Tucamán');
+INSERT INTO llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) VALUES (2301, '2304', '', 0, 'SANTIAGO DEL ESTERO', 'Santiago del Estero');
+INSERT INTO llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) VALUES (2301, '2305', '', 0, 'SALTA', 'Salta');
+INSERT INTO llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) VALUES (2302, '2306', '', 0, 'CHACO', 'Chaco');
+INSERT INTO llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) VALUES (2302, '2307', '', 0, 'CORRIENTES', 'Corrientes');
+INSERT INTO llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) VALUES (2302, '2308', '', 0, 'ENTRE RIOS', 'Entre Ríos');
+INSERT INTO llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) VALUES (2302, '2309', '', 0, 'FORMOSA', 'Formosa');
+INSERT INTO llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) VALUES (2302, '2310', '', 0, 'SANTA FE', 'Santa Fe');
+INSERT INTO llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) VALUES (2303, '2311', '', 0, 'LA RIOJA', 'La Rioja');
+INSERT INTO llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) VALUES (2303, '2312', '', 0, 'MENDOZA', 'Mendoza');
+INSERT INTO llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) VALUES (2303, '2313', '', 0, 'SAN JUAN', 'San Juan');
+INSERT INTO llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) VALUES (2303, '2314', '', 0, 'SAN LUIS', 'San Luis');
+INSERT INTO llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) VALUES (2304, '2315', '', 0, 'CORDOBA', 'Córdoba');
+INSERT INTO llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) VALUES (2304, '2316', '', 0, 'BUENOS AIRES', 'Buenos Aires');
+INSERT INTO llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) VALUES (2304, '2317', '', 0, 'CABA', 'Caba');
+INSERT INTO llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) VALUES (2305, '2318', '', 0, 'LA PAMPA', 'La Pampa');
+INSERT INTO llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) VALUES (2305, '2319', '', 0, 'NEUQUEN', 'Neuquén');
+INSERT INTO llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) VALUES (2305, '2320', '', 0, 'RIO NEGRO', 'Río Negro');
+INSERT INTO llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) VALUES (2305, '2321', '', 0, 'CHUBUT', 'Chubut');
+INSERT INTO llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) VALUES (2305, '2322', '', 0, 'SANTA CRUZ', 'Santa Cruz');
+INSERT INTO llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) VALUES (2305, '2323', '', 0, 'TIERRA DEL FUEGO', 'Tierra del Fuego');
+INSERT INTO llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) VALUES (2305, '2324', '', 0, 'ISLAS MALVINAS', 'Islas Malvinas');
+INSERT INTO llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) VALUES (2305, '2325', '', 0, 'ANTARTIDA', 'Antártida');
+INSERT INTO llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) VALUES (2305, '2326', '', 0, 'MISIONES', 'Misiones');
+
+
 -- Australia States & Territories (id country=28)
 insert into llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) values (2801,'NSW','',1,'','New South Wales');
 insert into llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) values (2801,'VIC','',1,'','Victoria');
@@ -140,6 +175,19 @@ insert into llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc
 insert into llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) values (201,'11','',2,'NAMUR','Namur');
 
 
+-- Canada Provinces & Territories (id country=14)
+insert into llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) values (1401,'ON','',1,'','Ontario');
+insert into llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) values (1401,'QC','',1,'','Quebec');
+insert into llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) values (1401,'NS','',1,'','Nova Scotia');
+insert into llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) values (1401,'NB','',1,'','New Brunswick');
+insert into llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) values (1401,'MB','',1,'','Manitoba');
+insert into llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) values (1401,'BC','',1,'','British Columbia');
+insert into llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) values (1401,'PE','',1,'','Prince Edward Island');
+insert into llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) values (1401,'SK','',1,'','Saskatchewan');
+insert into llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) values (1401,'AB','',1,'','Alberta');
+insert into llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) values (1401,'NL','',1,'','Newfoundland and Labrador');
+
+
 -- Departements France (id country=1)
 insert into llx_c_departements (fk_region, code_departement,cheflieu,tncc,ncc,nom) values ( 1,'971','97105',3,'GUADELOUPE','Guadeloupe');
 insert into llx_c_departements (fk_region, code_departement,cheflieu,tncc,ncc,nom) values ( 2,'972','97209',3,'MARTINIQUE','Martinique');
@@ -583,18 +631,6 @@ INSERT INTO llx_c_departements ( code_departement, fk_region, cheflieu, tncc, nc
 INSERT INTO llx_c_departements ( code_departement, fk_region, cheflieu, tncc, ncc, nom, active) VALUES ('112', 5209, '', 0, '', 'General Federico Román', 1);
 
 
--- Provinces Canada (id country=14)
-insert into llx_c_departements (fk_region, code_departement,cheflieu,tncc,ncc,nom) values (1401,'ON','',1,'','Ontario');
-insert into llx_c_departements (fk_region, code_departement,cheflieu,tncc,ncc,nom) values (1401,'QC','',1,'','Quebec');
-insert into llx_c_departements (fk_region, code_departement,cheflieu,tncc,ncc,nom) values (1401,'NS','',1,'','Nova Scotia');
-insert into llx_c_departements (fk_region, code_departement,cheflieu,tncc,ncc,nom) values (1401,'NB','',1,'','New Brunswick');
-insert into llx_c_departements (fk_region, code_departement,cheflieu,tncc,ncc,nom) values (1401,'MB','',1,'','Manitoba');
-insert into llx_c_departements (fk_region, code_departement,cheflieu,tncc,ncc,nom) values (1401,'BC','',1,'','British Columbia');
-insert into llx_c_departements (fk_region, code_departement,cheflieu,tncc,ncc,nom) values (1401,'PE','',1,'','Prince Edward Island');
-insert into llx_c_departements (fk_region, code_departement,cheflieu,tncc,ncc,nom) values (1401,'SK','',1,'','Saskatchewan');
-insert into llx_c_departements (fk_region, code_departement,cheflieu,tncc,ncc,nom) values (1401,'AB','',1,'','Alberta');
-insert into llx_c_departements (fk_region, code_departement,cheflieu,tncc,ncc,nom) values (1401,'NL','',1,'','Newfoundland and Labrador');
-
 -- Provinces Spain (id country=4) in order of province (for logical pick list)
 INSERT INTO llx_c_departements (code_departement, fk_region, cheflieu, tncc, ncc, nom) VALUES ('VI', '419', '01', 19, 'ALAVA', 'Álava');
 INSERT INTO llx_c_departements (code_departement, fk_region, cheflieu, tncc, ncc, nom) VALUES ('AB', '404', '02', 4,  'ALBACETE', 'Albacete');
@@ -968,33 +1004,6 @@ INSERT INTO llx_c_departements ( code_departement, fk_region, cheflieu, tncc, nc
 INSERT INTO llx_c_departements ( code_departement, fk_region, cheflieu, tncc, ncc, nom, active) VALUES ('SV', 8601, '', 0, '', 'San Vicente', 1);
 INSERT INTO llx_c_departements ( code_departement, fk_region, cheflieu, tncc, ncc, nom, active) VALUES ('CU', 8601, '', 0, '', 'Cuscatlan', 1);
 
--- Provinces Argentina (id country=23)
-INSERT INTO llx_c_departements ( code_departement, fk_region, cheflieu, tncc, ncc, nom, active) VALUES ('2301', 2301, '', 0, 'CATAMARCA', 'Catamarca', 1);
-INSERT INTO llx_c_departements ( code_departement, fk_region, cheflieu, tncc, ncc, nom, active) VALUES ('2302', 2301, '', 0, 'JUJUY', 'Jujuy', 1);
-INSERT INTO llx_c_departements ( code_departement, fk_region, cheflieu, tncc, ncc, nom, active) VALUES ('2303', 2301, '', 0, 'TUCAMAN', 'Tucamán', 1);
-INSERT INTO llx_c_departements ( code_departement, fk_region, cheflieu, tncc, ncc, nom, active) VALUES ('2304', 2301, '', 0, 'SANTIAGO DEL ESTERO', 'Santiago del Estero', 1);
-INSERT INTO llx_c_departements ( code_departement, fk_region, cheflieu, tncc, ncc, nom, active) VALUES ('2305', 2301, '', 0, 'SALTA', 'Salta', 1);
-INSERT INTO llx_c_departements ( code_departement, fk_region, cheflieu, tncc, ncc, nom, active) VALUES ('2306', 2302, '', 0, 'CHACO', 'Chaco', 1);
-INSERT INTO llx_c_departements ( code_departement, fk_region, cheflieu, tncc, ncc, nom, active) VALUES ('2307', 2302, '', 0, 'CORRIENTES', 'Corrientes', 1);
-INSERT INTO llx_c_departements ( code_departement, fk_region, cheflieu, tncc, ncc, nom, active) VALUES ('2308', 2302, '', 0, 'ENTRE RIOS', 'Entre Ríos', 1);
-INSERT INTO llx_c_departements ( code_departement, fk_region, cheflieu, tncc, ncc, nom, active) VALUES ('2309', 2302, '', 0, 'FORMOSA', 'Formosa', 1);
-INSERT INTO llx_c_departements ( code_departement, fk_region, cheflieu, tncc, ncc, nom, active) VALUES ('2310', 2302, '', 0, 'SANTA FE', 'Santa Fe', 1);
-INSERT INTO llx_c_departements ( code_departement, fk_region, cheflieu, tncc, ncc, nom, active) VALUES ('2311', 2303, '', 0, 'LA RIOJA', 'La Rioja', 1);
-INSERT INTO llx_c_departements ( code_departement, fk_region, cheflieu, tncc, ncc, nom, active) VALUES ('2312', 2303, '', 0, 'MENDOZA', 'Mendoza', 1);
-INSERT INTO llx_c_departements ( code_departement, fk_region, cheflieu, tncc, ncc, nom, active) VALUES ('2313', 2303, '', 0, 'SAN JUAN', 'San Juan', 1);
-INSERT INTO llx_c_departements ( code_departement, fk_region, cheflieu, tncc, ncc, nom, active) VALUES ('2314', 2303, '', 0, 'SAN LUIS', 'San Luis', 1);
-INSERT INTO llx_c_departements ( code_departement, fk_region, cheflieu, tncc, ncc, nom, active) VALUES ('2315', 2304, '', 0, 'CORDOBA', 'Córdoba', 1);
-INSERT INTO llx_c_departements ( code_departement, fk_region, cheflieu, tncc, ncc, nom, active) VALUES ('2316', 2304, '', 0, 'BUENOS AIRES', 'Buenos Aires', 1);
-INSERT INTO llx_c_departements ( code_departement, fk_region, cheflieu, tncc, ncc, nom, active) VALUES ('2317', 2304, '', 0, 'CABA', 'Caba', 1);
-INSERT INTO llx_c_departements ( code_departement, fk_region, cheflieu, tncc, ncc, nom, active) VALUES ('2318', 2305, '', 0, 'LA PAMPA', 'La Pampa', 1);
-INSERT INTO llx_c_departements ( code_departement, fk_region, cheflieu, tncc, ncc, nom, active) VALUES ('2319', 2305, '', 0, 'NEUQUEN', 'Neuquén', 1);
-INSERT INTO llx_c_departements ( code_departement, fk_region, cheflieu, tncc, ncc, nom, active) VALUES ('2320', 2305, '', 0, 'RIO NEGRO', 'Río Negro', 1);
-INSERT INTO llx_c_departements ( code_departement, fk_region, cheflieu, tncc, ncc, nom, active) VALUES ('2321', 2305, '', 0, 'CHUBUT', 'Chubut', 1);
-INSERT INTO llx_c_departements ( code_departement, fk_region, cheflieu, tncc, ncc, nom, active) VALUES ('2322', 2305, '', 0, 'SANTA CRUZ', 'Santa Cruz', 1);
-INSERT INTO llx_c_departements ( code_departement, fk_region, cheflieu, tncc, ncc, nom, active) VALUES ('2323', 2305, '', 0, 'TIERRA DEL FUEGO', 'Tierra del Fuego', 1);
-INSERT INTO llx_c_departements ( code_departement, fk_region, cheflieu, tncc, ncc, nom, active) VALUES ('2324', 2305, '', 0, 'ISLAS MALVINAS', 'Islas Malvinas', 1);
-INSERT INTO llx_c_departements ( code_departement, fk_region, cheflieu, tncc, ncc, nom, active) VALUES ('2325', 2305, '', 0, 'ANTARTIDA', 'Antártida', 1);
-INSERT INTO llx_c_departements ( code_departement, fk_region, cheflieu, tncc, ncc, nom, active) VALUES ('2326', 2305, '', 0, 'MISIONES', 'Misiones', 1);
 
 -- Parish Barbados (id country=46)
 INSERT INTO llx_c_departements ( code_departement, fk_region, cheflieu, tncc, ncc, nom, active) VALUES ('CC', 4601, 'Oistins', 0, 'CC', 'Christ Church', 1);
diff --git a/htdocs/install/mysql/data/llx_c_forme_juridique.sql b/htdocs/install/mysql/data/llx_c_forme_juridique.sql
index b3182846723..07a09724ed2 100644
--- a/htdocs/install/mysql/data/llx_c_forme_juridique.sql
+++ b/htdocs/install/mysql/data/llx_c_forme_juridique.sql
@@ -8,14 +8,10 @@
 -- Copyright (C) 2010-2016 Juanjo Menent        <jmenent@2byte.es>
 -- Copyright (C) 2012 	   Sebastian Neuwert    <sebastian.neuwert@modula71.de>
 -- Copyright (C) 2012 	   Tommaso Basilici     <t.basilici@19.coop>
--- Copyright (C) 2012	     Ricardo Schluter     <info@ripasch.nl>
--- Copyright (C) 2013	     Cedric GROSS		      <c.gross@kreiz-it.fr>
+-- Copyright (C) 2012	   Ricardo Schluter     <info@ripasch.nl>
+-- Copyright (C) 2013	   Cedric GROSS		    <c.gross@kreiz-it.fr>
 -- Copyright (C) 2020-2021 Udo Tamm       	    <dev@dolibit.de>
 --
-
-
--- LICENSE ---------------------------------------------------------------
---
 -- This program is free software; you can redistribute it and/or modify
 -- it under the terms of the GNU General Public License as published by
 -- the Free Software Foundation; either version 3 of the License, or
diff --git a/htdocs/install/mysql/migration/13.0.0-14.0.0.sql b/htdocs/install/mysql/migration/13.0.0-14.0.0.sql
index 0c71b94f4f1..51670ffd209 100644
--- a/htdocs/install/mysql/migration/13.0.0-14.0.0.sql
+++ b/htdocs/install/mysql/migration/13.0.0-14.0.0.sql
@@ -279,6 +279,35 @@ DELETE FROM llx_boxes_def WHERE file IN ('box_graph_ticket_by_severity', 'box_ti
 -- VMYSQL4.1 INSERT INTO llx_boxes_def (file, entity) SELECT  'box_graph_nb_tickets_type.php', 1 FROM DUAL WHERE NOT EXISTS (SELECT * FROM llx_boxes_def WHERE file = 'box_graph_nb_tickets_type.php' AND entity = 1);
 -- VMYSQL4.1 INSERT INTO llx_boxes_def (file, entity) SELECT  'box_graph_new_vs_close_ticket.php', 1 FROM DUAL WHERE NOT EXISTS (SELECT * FROM llx_boxes_def WHERE file = 'box_graph_new_vs_close_ticket.php' AND entity = 1);
 
+create table llx_product_perentity
+(
+    rowid         				integer AUTO_INCREMENT PRIMARY KEY,
+    fk_product	   				integer,
+    entity             			integer DEFAULT 1 NOT NULL,      	-- multi company id
+    accountancy_code_sell         varchar(32),                        -- Selling accountancy code
+    accountancy_code_sell_intra   varchar(32),                        -- Selling accountancy code for vat intracommunity
+    accountancy_code_sell_export  varchar(32),                        -- Selling accountancy code for vat export
+    accountancy_code_buy          varchar(32),                        -- Buying accountancy code
+    accountancy_code_buy_intra    varchar(32),                        -- Buying accountancy code for vat intracommunity
+    accountancy_code_buy_export   varchar(32)                  		-- Buying accountancy code for vat import
+)ENGINE=innodb;
+
+ALTER TABLE llx_product_perentity ADD INDEX idx_product_perentity_fk_product (fk_product);
+ALTER TABLE llx_product_perentity ADD UNIQUE INDEX uk_product_perentity (fk_product, entity);
+
+create table llx_societe_perentity
+(
+    rowid         			integer AUTO_INCREMENT PRIMARY KEY,
+    fk_soc        			integer,
+    entity             		integer DEFAULT 1 NOT NULL,             -- multi company id
+--  code_compta            	varchar(24),                         	-- code compta client
+--  code_compta_fournisseur varchar(24),                         	-- code compta founisseur
+    accountancy_code_sell		varchar(32),                            -- Selling accountancy code
+    accountancy_code_buy		varchar(32)                             -- Buying accountancy code
+)ENGINE=innodb;
+
+ALTER TABLE llx_societe_perentity ADD INDEX idx_societe_perentity_fk_soc (fk_soc);
+ALTER TABLE llx_societe_perentity ADD UNIQUE INDEX uk_societe_perentity (fk_soc, entity);
 
 ALTER TABLE llx_c_ticket_category ADD COLUMN public integer DEFAULT 0;
 
@@ -287,6 +316,3 @@ ALTER TABLE llx_propal ADD COLUMN fk_user_signature integer AFTER fk_user_valid;
 ALTER TABLE llx_propal ADD CONSTRAINT fk_propal_fk_user_signature FOREIGN KEY (fk_user_signature) REFERENCES llx_user (rowid);
 UPDATE llx_propal SET fk_user_signature = fk_user_cloture WHERE fk_user_signature IS NULL AND fk_user_cloture IS NOT NULL;
 UPDATE llx_propal SET date_signature = date_cloture WHERE date_signature IS NULL AND date_cloture IS NOT NULL;
-
-
-
diff --git a/htdocs/install/mysql/tables/llx_holiday_extrafields.sql b/htdocs/install/mysql/tables/llx_holiday_extrafields.sql
index 8b6e3ef8dc9..6baf1789dc2 100644
--- a/htdocs/install/mysql/tables/llx_holiday_extrafields.sql
+++ b/htdocs/install/mysql/tables/llx_holiday_extrafields.sql
@@ -1,6 +1,9 @@
 -- ========================================================================
 -- Copyright (C) 2016 Laurent Destailleur <eldy@users.sourceforge.net>
 --
+--
+-- LICENSE ================================================================
+--
 -- This program is free software; you can redistribute it and/or modify
 -- it under the terms of the GNU General Public License as published by
 -- the Free Software Foundation; either version 3 of the License, or
@@ -12,7 +15,7 @@
 -- GNU General Public License for more details.
 --
 -- You should have received a copy of the GNU General Public License
--- along with this program. If not, see <http://www.gnu.org/licenses/>.
+-- along with this program. If not, see <https://www.gnu.org/licenses/>.
 --
 -- ========================================================================
 
diff --git a/htdocs/install/mysql/tables/llx_product_perentity.key.sql b/htdocs/install/mysql/tables/llx_product_perentity.key.sql
new file mode 100644
index 00000000000..8e8ad48044c
--- /dev/null
+++ b/htdocs/install/mysql/tables/llx_product_perentity.key.sql
@@ -0,0 +1,21 @@
+-- ===================================================================
+-- Copyright (C) 2021		Open-Dsi	<support@open-dsi.fr>
+--
+-- This program is free software; you can redistribute it and/or modify
+-- it under the terms of the GNU General Public License as published by
+-- the Free Software Foundation; either version 3 of the License, or
+-- (at your option) any later version.
+--
+-- This program is distributed in the hope that it will be useful,
+-- but WITHOUT ANY WARRANTY; without even the implied warranty of
+-- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+-- GNU General Public License for more details.
+--
+-- You should have received a copy of the GNU General Public License
+-- along with this program. If not, see <http://www.gnu.org/licenses/>.
+--
+-- ===================================================================
+
+ALTER TABLE llx_product_perentity ADD INDEX idx_product_perentity_fk_product (fk_product);
+
+ALTER TABLE llx_product_perentity ADD UNIQUE INDEX uk_product_perentity (fk_product, entity);
diff --git a/htdocs/install/mysql/tables/llx_product_perentity.sql b/htdocs/install/mysql/tables/llx_product_perentity.sql
new file mode 100644
index 00000000000..6e32e506ddf
--- /dev/null
+++ b/htdocs/install/mysql/tables/llx_product_perentity.sql
@@ -0,0 +1,30 @@
+-- ========================================================================
+-- Copyright (C) 2021		Open-Dsi	<support@open-dsi.fr>
+--
+-- This program is free software; you can redistribute it and/or modify
+-- it under the terms of the GNU General Public License as published by
+-- the Free Software Foundation; either version 3 of the License, or
+-- (at your option) any later version.
+--
+-- This program is distributed in the hope that it will be useful,
+-- but WITHOUT ANY WARRANTY; without even the implied warranty of
+-- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+-- GNU General Public License for more details.
+--
+-- You should have received a copy of the GNU General Public License
+-- along with this program. If not, see <http://www.gnu.org/licenses/>.
+--
+-- ========================================================================
+
+create table llx_product_perentity
+(
+  rowid         				integer AUTO_INCREMENT PRIMARY KEY,
+  fk_product	   				integer,
+  entity             			integer DEFAULT 1 NOT NULL,      	-- multi company id
+  accountancy_code_sell         varchar(32),                        -- Selling accountancy code
+  accountancy_code_sell_intra   varchar(32),                        -- Selling accountancy code for vat intracommunity
+  accountancy_code_sell_export  varchar(32),                        -- Selling accountancy code for vat export
+  accountancy_code_buy          varchar(32),                        -- Buying accountancy code
+  accountancy_code_buy_intra    varchar(32),                        -- Buying accountancy code for vat intracommunity
+  accountancy_code_buy_export   varchar(32)                  		-- Buying accountancy code for vat import
+)ENGINE=innodb;
diff --git a/htdocs/install/mysql/tables/llx_societe_perentity.key.sql b/htdocs/install/mysql/tables/llx_societe_perentity.key.sql
new file mode 100644
index 00000000000..dd2970e16d2
--- /dev/null
+++ b/htdocs/install/mysql/tables/llx_societe_perentity.key.sql
@@ -0,0 +1,21 @@
+-- ===================================================================
+-- Copyright (C) 2021		Open-Dsi	<support@open-dsi.fr>
+--
+-- This program is free software; you can redistribute it and/or modify
+-- it under the terms of the GNU General Public License as published by
+-- the Free Software Foundation; either version 3 of the License, or
+-- (at your option) any later version.
+--
+-- This program is distributed in the hope that it will be useful,
+-- but WITHOUT ANY WARRANTY; without even the implied warranty of
+-- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+-- GNU General Public License for more details.
+--
+-- You should have received a copy of the GNU General Public License
+-- along with this program. If not, see <http://www.gnu.org/licenses/>.
+--
+-- ===================================================================
+
+ALTER TABLE llx_societe_perentity ADD INDEX idx_societe_perentity_fk_soc (fk_soc);
+
+ALTER TABLE llx_societe_perentity ADD UNIQUE INDEX uk_societe_perentity (fk_soc, entity);
diff --git a/htdocs/install/mysql/tables/llx_societe_perentity.sql b/htdocs/install/mysql/tables/llx_societe_perentity.sql
new file mode 100644
index 00000000000..408169476d9
--- /dev/null
+++ b/htdocs/install/mysql/tables/llx_societe_perentity.sql
@@ -0,0 +1,28 @@
+-- ========================================================================
+-- Copyright (C) 2021		Open-Dsi	<support@open-dsi.fr>
+--
+-- This program is free software; you can redistribute it and/or modify
+-- it under the terms of the GNU General Public License as published by
+-- the Free Software Foundation; either version 3 of the License, or
+-- (at your option) any later version.
+--
+-- This program is distributed in the hope that it will be useful,
+-- but WITHOUT ANY WARRANTY; without even the implied warranty of
+-- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+-- GNU General Public License for more details.
+--
+-- You should have received a copy of the GNU General Public License
+-- along with this program. If not, see <http://www.gnu.org/licenses/>.
+--
+-- ========================================================================
+
+create table llx_societe_perentity
+(
+  rowid         			integer AUTO_INCREMENT PRIMARY KEY,
+  fk_soc        			integer,
+  entity             		integer DEFAULT 1 NOT NULL,             -- multi company id
+--  code_compta            	varchar(24),                         	-- code compta client
+--  code_compta_fournisseur varchar(24),                         	-- code compta founisseur
+  accountancy_code_sell		varchar(32),                            -- Selling accountancy code
+  accountancy_code_buy		varchar(32)                             -- Buying accountancy code
+)ENGINE=innodb;
diff --git a/htdocs/install/repair.php b/htdocs/install/repair.php
index 1d695f40249..9357128d050 100644
--- a/htdocs/install/repair.php
+++ b/htdocs/install/repair.php
@@ -933,14 +933,14 @@ if ($ok && GETPOST('clean_product_stock_batch', 'alpha')) {
 					}
 					if ($methodtofix == 'updatestock') {
 						// Method 2
-						print ' -> Update qty of product_stock with qty = '.($obj->reelbatch ? $obj->reelbatch : '0').' for ps.rowid = '.$obj->psrowid;
+						print ' -> Update qty of product_stock with qty = '.($obj->reelbatch ? ((float) $obj->reelbatch) : '0').' for ps.rowid = '.((int) $obj->psrowid);
 						if (GETPOST('clean_product_stock_batch') == 'confirmed') {
 							$error = 0;
 
 							$db->begin();
 
 							$sql2 = "UPDATE ".MAIN_DB_PREFIX."product_stock";
-							$sql2 .= " SET reel = ".($obj->reelbatch ? $obj->reelbatch : '0')." WHERE rowid = ".$obj->psrowid;
+							$sql2 .= " SET reel = ".($obj->reelbatch ? ((float) $obj->reelbatch) : '0')." WHERE rowid = ".((int) $obj->psrowid);
 							$resql2 = $db->query($sql2);
 							if ($resql2) {
 								// We update product_stock, so we must fill p.stock into product too.
@@ -1027,7 +1027,7 @@ if ($ok && GETPOST('set_empty_time_spent_amount', 'alpha')) {
 
 				if (GETPOST('set_empty_time_spent_amount') == 'confirmed') {
 					$sql2 = "UPDATE ".MAIN_DB_PREFIX."projet_task_time";
-					$sql2 .= " SET thm = ".$obj->user_thm." WHERE thm IS NULL AND fk_user = ".$obj->user_id;
+					$sql2 .= " SET thm = ".$obj->user_thm." WHERE thm IS NULL AND fk_user = ".((int) $obj->user_id);
 					$resql2 = $db->query($sql2);
 					if (!$resql2) {
 						$error++;
diff --git a/htdocs/install/upgrade2.php b/htdocs/install/upgrade2.php
index d613e4a18b0..ec322733c7d 100644
--- a/htdocs/install/upgrade2.php
+++ b/htdocs/install/upgrade2.php
@@ -678,7 +678,7 @@ function migrate_paiements($db, $langs, $conf)
 
 					$res += $db->query($sql);
 
-					$sql = "UPDATE ".MAIN_DB_PREFIX."paiement SET fk_facture = 0 WHERE rowid = ".$row[$i][0];
+					$sql = "UPDATE ".MAIN_DB_PREFIX."paiement SET fk_facture = 0 WHERE rowid = ".((int) $row[$i][0]);
 
 					$res += $db->query($sql);
 
diff --git a/htdocs/langs/en_US/bills.lang b/htdocs/langs/en_US/bills.lang
index 11b6f5bf1fe..ad1d7f138e5 100644
--- a/htdocs/langs/en_US/bills.lang
+++ b/htdocs/langs/en_US/bills.lang
@@ -82,6 +82,8 @@ PaymentsAlreadyDone=Payments already done
 PaymentsBackAlreadyDone=Refunds already done
 PaymentRule=Payment rule
 PaymentMode=Payment Type
+DefaultPaymentMode=Default Payment Type
+DefaultBankAccount=Default Bank Account
 PaymentTypeDC=Debit/Credit Card
 PaymentTypePP=PayPal
 IdPaymentMode=Payment Type (id)
@@ -374,6 +376,7 @@ DateLastGeneration=Date of latest generation
 DateLastGenerationShort=Date latest gen.
 MaxPeriodNumber=Max. number of invoice generation
 NbOfGenerationDone=Number of invoice generation already done
+NbOfGenerationOfRecordDone=Number of record generation already done
 NbOfGenerationDoneShort=Number of generation done
 MaxGenerationReached=Maximum number of generations reached
 InvoiceAutoValidate=Validate invoices automatically
diff --git a/htdocs/langs/en_US/companies.lang b/htdocs/langs/en_US/companies.lang
index 93e1f560f5e..89463a535b3 100644
--- a/htdocs/langs/en_US/companies.lang
+++ b/htdocs/langs/en_US/companies.lang
@@ -181,6 +181,12 @@ ProfId3FR=Prof Id 3 (NAF, old APE)
 ProfId4FR=Prof Id 4 (RCS/RM)
 ProfId5FR=Prof Id 5 (numéro EORI)
 ProfId6FR=-
+ProfId1ShortFR=SIREN
+ProfId2ShortFR=SIRET
+ProfId3ShortFR=NAF
+ProfId4ShortFR=RCS
+ProfId5ShortFR=EORI
+ProfId6ShortFR=-
 ProfId1GB=Registration Number
 ProfId2GB=-
 ProfId3GB=SIC
diff --git a/htdocs/langs/en_US/main.lang b/htdocs/langs/en_US/main.lang
index e27ec6d9c43..b13e15b4a9f 100644
--- a/htdocs/langs/en_US/main.lang
+++ b/htdocs/langs/en_US/main.lang
@@ -1060,6 +1060,7 @@ YouAreCurrentlyInSandboxMode=You are currently in the %s "sandbox" mode
 Inventory=Inventory
 AnalyticCode=Analytic code
 TMenuMRP=MRP
+ShowCompanyInfos=Show company infos
 ShowMoreInfos=Show More Infos
 NoFilesUploadedYet=Please upload a document first
 SeePrivateNote=See private note
diff --git a/htdocs/loan/calcmens.php b/htdocs/loan/calcmens.php
index 5c6260dec84..19763c0a924 100644
--- a/htdocs/loan/calcmens.php
+++ b/htdocs/loan/calcmens.php
@@ -37,11 +37,11 @@ if (!defined('NOREQUIREAJAX')) {
 require '../main.inc.php';
 require DOL_DOCUMENT_ROOT.'/core/lib/loan.lib.php';
 
-$mens = GETPOST('mens');
-$capital = GETPOST('capital');
-$rate = GETPOST('rate');
-$echance = GETPOST('echeance');
-$nbterm = GETPOST('nbterm');
+$mens = price2num(GETPOST('mens'));
+$capital = price2num(GETPOST('capital'));
+$rate = price2num(GETPOST('rate'));
+$echance = GETPOST('echeance', 'int');
+$nbterm = GETPOST('nbterm', 'int');
 
 top_httphead();
 
diff --git a/htdocs/loan/class/paymentloan.class.php b/htdocs/loan/class/paymentloan.class.php
index c7f1940943b..cf0a8e87f63 100644
--- a/htdocs/loan/class/paymentloan.class.php
+++ b/htdocs/loan/class/paymentloan.class.php
@@ -594,12 +594,12 @@ class PaymentLoan extends CommonObject
 	public function update_fk_bank($id_bank)
 	{
 		// phpcs:enable
-		$sql = "UPDATE ".MAIN_DB_PREFIX."payment_loan SET fk_bank = ".$id_bank." WHERE rowid = ".$this->id;
+		$sql = "UPDATE ".MAIN_DB_PREFIX."payment_loan SET fk_bank = ".((int) $id_bank)." WHERE rowid = ".((int) $this->id);
 
 		dol_syslog(get_class($this)."::update_fk_bank", LOG_DEBUG);
 		$result = $this->db->query($sql);
 		if ($result) {
-			$this->fk_bank = $id_bank;
+			$this->fk_bank = ((int) $id_bank);
 			return 1;
 		} else {
 			$this->error = $this->db->error();
diff --git a/htdocs/loan/list.php b/htdocs/loan/list.php
index 9040d140149..fa1de74b0cc 100644
--- a/htdocs/loan/list.php
+++ b/htdocs/loan/list.php
@@ -252,7 +252,7 @@ if ($resql) {
 		print '<td>'.dol_trunc($obj->label, 42).'</td>';
 
 		// Capital
-		print '<td class="right maxwidth100">'.price($obj->capital).'</td>';
+		print '<td class="right maxwidth100"><span class="amount">'.price($obj->capital).'</span></td>';
 
 		// Date start
 		print '<td class="center width100">'.dol_print_date($db->jdate($obj->datestart), 'day').'</td>';
diff --git a/htdocs/loan/payment/card.php b/htdocs/loan/payment/card.php
index cf4466bb0da..675401e34f9 100644
--- a/htdocs/loan/payment/card.php
+++ b/htdocs/loan/payment/card.php
@@ -58,7 +58,7 @@ if ($id > 0) {
 if ($action == 'confirm_delete' && $confirm == 'yes' && $user->rights->loan->delete) {
 	$db->begin();
 
-	$sql = "UPDATE ".MAIN_DB_PREFIX."loan_schedule SET fk_bank = 0 WHERE fk_bank = ".$payment->fk_bank;
+	$sql = "UPDATE ".MAIN_DB_PREFIX."loan_schedule SET fk_bank = 0 WHERE fk_bank = ".((int) $payment->fk_bank);
 	$db->query($sql);
 
 	$fk_loan = $payment->fk_loan;
@@ -66,7 +66,7 @@ if ($action == 'confirm_delete' && $confirm == 'yes' && $user->rights->loan->del
 	$result = $payment->delete($user);
 	if ($result > 0) {
 		$db->commit();
-		header("Location: ".DOL_URL_ROOT."/loan/card.php?id=".$fk_loan);
+		header("Location: ".DOL_URL_ROOT."/loan/card.php?id=".urlencode($fk_loan));
 		exit;
 	} else {
 		setEventMessages($payment->error, $payment->errors, 'errors');
diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php
index 436870a20c3..a5d485d1b14 100644
--- a/htdocs/main.inc.php
+++ b/htdocs/main.inc.php
@@ -12,8 +12,9 @@
  * Copyright (C) 2014-2015  Marcos García           <marcosgdf@gmail.com>
  * Copyright (C) 2015       Raphaël Doursenaud      <rdoursenaud@gpcsolutions.fr>
  * Copyright (C) 2020       Demarest Maxime         <maxime@indelog.fr>
- * Copyright (C) 2020       Charlene Benke         <charlie@patas-monkey.com>
+ * Copyright (C) 2020       Charlene Benke          <charlie@patas-monkey.com>
  * Copyright (C) 2021       Frédéric France         <frederic.france@netlogic.fr>
+ * Copyright (C) 2021       Alexandre Spangaro      <aspangaro@open-dsi.fr>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -55,7 +56,7 @@ if (!empty($_SERVER['MAIN_SHOW_TUNING_INFO'])) {
  * only be guaranted by escaping data during output.
  *
  * @param		string		$val		Value brut found int $_GET, $_POST or PHP_SELF
- * @param		string		$type		1=GET, 0=POST, 2=PHP_SELF, 3=GET without sql reserved keywords (the less tolerant test)
+ * @param		string		$type		0=POST, 1=GET, 2=PHP_SELF, 3=GET without sql reserved keywords (the less tolerant test)
  * @return		int						>0 if there is an injection, 0 if none
  */
 function testSqlAndScriptInject($val, $type)
@@ -149,7 +150,7 @@ function testSqlAndScriptInject($val, $type)
 		$inj += preg_match('/"/i', $val); // We refused " in GET parameters value.
 	}
 	if ($type == 2) {
-		$inj += preg_match('/[;"]/', $val); // PHP_SELF is a file system path. It can contains spaces.
+		$inj += preg_match('/[:;"\'<>\?\(\){}\$%]/', $val); // PHP_SELF is a file system (or url path without parameters). It can contains spaces.
 	}
 
 	return $inj;
@@ -437,13 +438,13 @@ if ((!defined('NOCSRFCHECK') && empty($dolibarr_nocsrfcheck) && !empty($conf->gl
 		'confirm_create_user', 'confirm_create_thirdparty', 'confirm_purge', 'confirm_reject_check',
 		'delete', 'deletefilter', 'deleteoperation', 'deleteprof', 'deletepayment', 'disable',
 		'doprev', 'donext', 'dvprev', 'dvnext',
-		'enable'
+		'enable', 'setpricelevel'
 	);
 	$sensitiveget = false;
 	if (in_array(GETPOST('action', 'aZ09'), $arrayofactiontoforcetokencheck)) {
 		$sensitiveget = true;
 	}
-	if (preg_match('/^(disable_|enable_)/', GETPOST('action', 'aZ09'))) {
+	if (preg_match('/^(disable_|enable_|setremise)/', GETPOST('action', 'aZ09'))) {
 		$sensitiveget = true;
 	}
 
@@ -1981,6 +1982,20 @@ function top_menu_user($hideloginname = 0, $urllogout = '')
 	}
 
 	$dropdownBody = '';
+	$dropdownBody .= '<span id="topmenulogincompanyinfo-btn"><i class="fa fa-caret-right"></i> '.$langs->trans("ShowCompanyInfos").'</span>';
+	$dropdownBody .= '<div id="topmenulogincompanyinfo" >';
+
+	if (!empty($conf->global->MAIN_INFO_SIREN))      $dropdownBody .= '<br><b>'.$langs->transcountry("ProfId1Short", $mysoc->country_code).'</b>: <span>'.showValueWithClipboardCPButton($conf->global->MAIN_INFO_SIREN).'</span>';
+	if (!empty($conf->global->MAIN_INFO_SIRET))      $dropdownBody .= '<br><b>'.$langs->transcountry("ProfId2Short", $mysoc->country_code).'</b>: <span>'.showValueWithClipboardCPButton($conf->global->MAIN_INFO_SIRET).'</span>';
+	if (!empty($conf->global->MAIN_INFO_APE))        $dropdownBody .= '<br><b>'.$langs->transcountry("ProfId3Short", $mysoc->country_code).'</b>: <span>'.showValueWithClipboardCPButton($conf->global->MAIN_INFO_APE).'</span>';
+	if (!empty($conf->global->MAIN_INFO_RCS))        $dropdownBody .= '<br><b>'.$langs->transcountry("ProfId4Short", $mysoc->country_code).'</b>: <span>'.showValueWithClipboardCPButton($conf->global->MAIN_INFO_RCS).'</span>';
+	if (!empty($conf->global->MAIN_INFO_PROFID5))    $dropdownBody .= '<br><b>'.$langs->transcountry("ProfId5Short", $mysoc->country_code).'</b>: <span>'.showValueWithClipboardCPButton($conf->global->MAIN_INFO_PROFID5).'</span>';
+	if (!empty($conf->global->MAIN_INFO_PROFID6))    $dropdownBody .= '<br><b>'.$langs->transcountry("ProfId6Short", $mysoc->country_code).'</b>: <span>'.showValueWithClipboardCPButton($conf->global->MAIN_INFO_PROFID6).'</span>';
+	if (!empty($conf->global->MAIN_INFO_TVAINTRA))   $dropdownBody .= '<br><b>'.$langs->trans("VATIntraShort").'</b>: <span>'.showValueWithClipboardCPButton($conf->global->MAIN_INFO_TVAINTRA).'</span>';
+
+	$dropdownBody .= '</div>';
+
+	$dropdownBody .= '<br>';
 	$dropdownBody .= '<span id="topmenuloginmoreinfo-btn"><i class="fa fa-caret-right"></i> '.$langs->trans("ShowMoreInfos").'</span>';
 	$dropdownBody .= '<div id="topmenuloginmoreinfo" >';
 
@@ -2137,6 +2152,10 @@ function top_menu_user($hideloginname = 0, $urllogout = '')
 	                $("#topmenu-login-dropdown").toggleClass("open");
 	            });
 
+	            $("#topmenulogincompanyinfo-btn").on("click", function() {
+	                $("#topmenulogincompanyinfo").slideToggle();
+	            });
+
 	            $("#topmenuloginmoreinfo-btn").on("click", function() {
 	                $("#topmenuloginmoreinfo").slideToggle();
 	            });';
diff --git a/htdocs/margin/agentMargins.php b/htdocs/margin/agentMargins.php
index 9042ed16dac..a27393c8bb2 100644
--- a/htdocs/margin/agentMargins.php
+++ b/htdocs/margin/agentMargins.php
@@ -197,7 +197,7 @@ $sql .= $db->order($sortfield, $sortorder);
 
 
 print '<br>';
-print img_info('').' '.$langs->trans("MarginPerSaleRepresentativeWarning").'<br>';
+print '<span class="opacitymedium">'.$langs->trans("MarginPerSaleRepresentativeWarning").'</span><br>';
 
 $param = '';
 if (!empty($agentid)) {
@@ -326,9 +326,9 @@ if ($result) {
 
 			print '<tr class="oddeven">';
 			print "<td>".$group_array['htmlname']."</td>\n";
-			print '<td class="nowrap right">'.price(price2num($pv, 'MT')).'</td>';
-			print '<td class="nowrap right">'.price(price2num($pa, 'MT')).'</td>';
-			print '<td class="nowrap right">'.price(price2num($marge, 'MT')).'</td>';
+			print '<td class="nowrap right"><span class="amount">'.price(price2num($pv, 'MT')).'</span></td>';
+			print '<td class="nowrap right"><span class="amount">'.price(price2num($pa, 'MT')).'</span></td>';
+			print '<td class="nowrap right"><span class="amount">'.price(price2num($marge, 'MT')).'</span></td>';
 			if (!empty($conf->global->DISPLAY_MARGIN_RATES)) {
 				print '<td class="nowrap right">'.(($marginRate === '') ? 'n/a' : price(price2num($marginRate, 'MT'))."%").'</td>';
 			}
diff --git a/htdocs/margin/checkMargins.php b/htdocs/margin/checkMargins.php
index 43ff6ef6b9f..d12c827cc3e 100644
--- a/htdocs/margin/checkMargins.php
+++ b/htdocs/margin/checkMargins.php
@@ -209,10 +209,10 @@ $massactionbutton = '';
 $invoice_status_except_list = array(Facture::STATUS_DRAFT, Facture::STATUS_ABANDONED);
 
 $sql = "SELECT";
-$sql .= " f.ref, f.rowid as invoiceid, d.rowid as invoicedetid, d.buy_price_ht, d.total_ht, d.subprice, d.label, d.description , d.qty";
-$sql .= " ,d.fk_product";
+$sql .= " f.ref, f.rowid as invoiceid,";
+$sql .= " d.rowid as invoicedetid, d.product_type, d.buy_price_ht, d.total_ht, d.subprice, d.label, d.description, d.qty, d.fk_product";
 $sql .= " FROM ".MAIN_DB_PREFIX."facture as f ";
-$sql .= " INNER JOIN ".MAIN_DB_PREFIX."facturedet as d  ON d.fk_facture = f.rowid";
+$sql .= " INNER JOIN ".MAIN_DB_PREFIX."facturedet as d ON d.fk_facture = f.rowid";
 $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product as p ON d.fk_product = p.rowid";
 $sql .= " WHERE f.fk_statut NOT IN (".$db->sanitize(implode(', ', $invoice_status_except_list)).")";
 $sql .= " AND f.entity IN (".getEntity('invoice').") ";
@@ -279,12 +279,12 @@ if ($result) {
 
 	print '<tr class="liste_titre">';
 	print_liste_field_titre("Ref", $_SERVER["PHP_SELF"], "f.ref", "", $param, '', $sortfield, $sortorder);
-	print_liste_field_titre("Description", $_SERVER["PHP_SELF"], "", "", $param, 'width=20%', $sortfield, $sortorder);
-	print_liste_field_titre("UnitPriceHT", $_SERVER["PHP_SELF"], "d.subprice", "", $param, 'align="right"', $sortfield, $sortorder);
-	print_liste_field_titre($labelcostprice, $_SERVER["PHP_SELF"], "d.buy_price_ht", "", $param, 'align="right"', $sortfield, $sortorder);
-	print_liste_field_titre("Qty", $_SERVER["PHP_SELF"], "d.qty", "", $param, 'align="right"', $sortfield, $sortorder);
-	print_liste_field_titre("AmountTTC", $_SERVER["PHP_SELF"], "d.total_ht", "", $param, 'align="right"', $sortfield, $sortorder);
-	print_liste_field_titre($selectedfields, $_SERVER["PHP_SELF"], "", '', $param, 'align="center"', $sortfield, $sortorder, 'maxwidthsearch ');
+	print_liste_field_titre("Description", $_SERVER["PHP_SELF"], "", "", $param, '', $sortfield, $sortorder);
+	print_liste_field_titre("UnitPriceHT", $_SERVER["PHP_SELF"], "d.subprice", "", $param, '', $sortfield, $sortorder, 'right ');
+	print_liste_field_titre($labelcostprice, $_SERVER["PHP_SELF"], "d.buy_price_ht", "", $param, '', $sortfield, $sortorder, 'right ');
+	print_liste_field_titre("Qty", $_SERVER["PHP_SELF"], "d.qty", "", $param, '', $sortfield, $sortorder, 'right ');
+	print_liste_field_titre("AmountTTC", $_SERVER["PHP_SELF"], "d.total_ht", "", $param, '', $sortfield, $sortorder, 'right ');
+	print_liste_field_titre($selectedfields, $_SERVER["PHP_SELF"], "", '', $param, '', $sortfield, $sortorder, 'maxwidthsearch center ');
 	print "</tr>\n";
 
 	$i = 0;
@@ -309,6 +309,12 @@ if ($result) {
 				print $productstatic->getNomUrl(1);
 			}
 		} else {
+			if ($objp->product_type == $productstatic::TYPE_PRODUCT) {
+				print img_picto('', 'product');
+			}
+			if ($objp->product_type == $productstatic::TYPE_SERVICE) {
+				print img_picto('', 'service');
+			}
 			print $objp->label;
 			print '&nbsp;';
 			print $objp->description;
@@ -324,7 +330,7 @@ if ($result) {
 		print $objp->qty;
 		print '</td>';
 		print '<td class="right">';
-		print price($objp->total_ht);
+		print '<span class="amount">'.price($objp->total_ht).'</span>';
 		print '</td>';
 		print '<td></td>';
 
diff --git a/htdocs/margin/customerMargins.php b/htdocs/margin/customerMargins.php
index e24d318bafc..66e5dc5ffbf 100644
--- a/htdocs/margin/customerMargins.php
+++ b/htdocs/margin/customerMargins.php
@@ -344,9 +344,9 @@ if ($result) {
 				print '<td>'.$companystatic->getNomUrl(1, 'margin').'</td>';
 			}
 
-			print '<td class="nowrap right">'.price(price2num($pv, 'MT')).'</td>';
-			print '<td class="nowrap right">'.price(price2num($pa, 'MT')).'</td>';
-			print '<td class="nowrap right">'.price(price2num($marge, 'MT')).'</td>';
+			print '<td class="nowrap right"><span class="amount">'.price(price2num($pv, 'MT')).'</span></td>';
+			print '<td class="nowrap right"><span class="amount">'.price(price2num($pa, 'MT')).'</span></td>';
+			print '<td class="nowrap right"><span class="amount">'.price(price2num($marge, 'MT')).'</span></td>';
 			if (!empty($conf->global->DISPLAY_MARGIN_RATES)) {
 				print '<td class="nowrap right">'.(($marginRate === '') ? 'n/a' : price(price2num($marginRate, 'MT'))."%").'</td>';
 			}
diff --git a/htdocs/margin/productMargins.php b/htdocs/margin/productMargins.php
index a101848bfa1..2914d554fad 100644
--- a/htdocs/margin/productMargins.php
+++ b/htdocs/margin/productMargins.php
@@ -310,9 +310,9 @@ if ($result) {
 				//print "<td>".$product_static->getNomUrl(1)."</td>\n";
 			}
 			print '<td class="center">'.$qty.'</td>';
-			print '<td class="nowrap right">'.price(price2num($pv, 'MT')).'</td>';
-			print '<td class="nowrap right">'.price(price2num($pa, 'MT')).'</td>';
-			print '<td class="nowrap right">'.price(price2num($marge, 'MT')).'</td>';
+			print '<td class="nowrap right"><span class="amount">'.price(price2num($pv, 'MT')).'</span></td>';
+			print '<td class="nowrap right"><span class="amount">'.price(price2num($pa, 'MT')).'</span></td>';
+			print '<td class="nowrap right"><span class="amount">'.price(price2num($marge, 'MT')).'</span></td>';
 			if (!empty($conf->global->DISPLAY_MARGIN_RATES)) {
 				print '<td class="nowrap right">'.(($marginRate === '') ? 'n/a' : price(price2num($marginRate, 'MT'))."%").'</td>';
 			}
diff --git a/htdocs/modulebuilder/template/myobject_contact.php b/htdocs/modulebuilder/template/myobject_contact.php
index 6d6345d9b99..4817efe5e9b 100644
--- a/htdocs/modulebuilder/template/myobject_contact.php
+++ b/htdocs/modulebuilder/template/myobject_contact.php
@@ -107,7 +107,7 @@ if ($action == 'addcontact' && $permission) {
 	}
 } elseif ($action == 'swapstatut' && $permission) {
 	// Toggle the status of a contact
-	$result = $object->swapContactStatus(GETPOST('ligne'));
+	$result = $object->swapContactStatus(GETPOST('ligne', 'int'));
 } elseif ($action == 'deletecontact' && $permission) {
 	// Deletes a contact
 	$result = $object->delete_contact($lineid);
diff --git a/htdocs/opensurvey/results.php b/htdocs/opensurvey/results.php
index 25bd65a77fe..0cf9cff7932 100644
--- a/htdocs/opensurvey/results.php
+++ b/htdocs/opensurvey/results.php
@@ -53,7 +53,7 @@ $nblines = $object->fetch_lines();
 
 // Return to the results
 if (GETPOST('retoursondage')) {
-	header('Location: results.php?id='.$_GET['id']);
+	header('Location: results.php?id='.GETPOST('id', 'int'));
 	exit;
 }
 
diff --git a/htdocs/product/admin/price_rules.php b/htdocs/product/admin/price_rules.php
index fada766f065..2166ada6138 100644
--- a/htdocs/product/admin/price_rules.php
+++ b/htdocs/product/admin/price_rules.php
@@ -86,7 +86,7 @@ if ($action == 'update') {
 		if (!$db->query($sql)) {
 			//If we could not create, then we try updating
 			$sql = "UPDATE ".MAIN_DB_PREFIX."product_pricerules";
-			$sql .= " SET fk_level = ".$db->escape($i_fk_level).", var_percent = ".$i_var_percent.", var_min_percent = ".$i_var_min_percent." WHERE level = ".$i;
+			$sql .= " SET fk_level = ".$db->escape($i_fk_level).", var_percent = ".$i_var_percent.", var_min_percent = ".$i_var_min_percent." WHERE level = ".((int) $i);
 
 			if (!$db->query($sql)) {
 				setEventMessages($langs->trans('ErrorSavingChanges'), null, 'errors');
diff --git a/htdocs/product/card.php b/htdocs/product/card.php
index 2c0531acaea..094ce8670a9 100644
--- a/htdocs/product/card.php
+++ b/htdocs/product/card.php
@@ -940,20 +940,6 @@ if (empty($reshook)) {
  * View
  */
 
-$title = $langs->trans('ProductServiceCard');
-$helpurl = '';
-$shortlabel = dol_trunc($object->label, 16);
-if (GETPOST("type") == '0' || ($object->type == Product::TYPE_PRODUCT)) {
-	$title = $langs->trans('Product')." ".$shortlabel." - ".$langs->trans('Card');
-	$helpurl = 'EN:Module_Products|FR:Module_Produits|ES:M&oacute;dulo_Productos|DE:Modul_Produkte';
-}
-if (GETPOST("type") == '1' || ($object->type == Product::TYPE_SERVICE)) {
-	$title = $langs->trans('Service')." ".$shortlabel." - ".$langs->trans('Card');
-	$helpurl = 'EN:Module_Services_En|FR:Module_Services|ES:M&oacute;dulo_Servicios|DE:Modul_Leistungen';
-}
-
-llxHeader('', $title, $helpurl);
-
 $form = new Form($db);
 $formfile = new FormFile($db);
 $formproduct = new FormProduct($db);
@@ -962,6 +948,21 @@ if (!empty($conf->accounting->enabled)) {
 	$formaccounting = new FormAccounting($db);
 }
 
+
+$title = $langs->trans('ProductServiceCard');
+$help_url = '';
+$shortlabel = dol_trunc($object->label, 16);
+if (GETPOST("type") == '0' || ($object->type == Product::TYPE_PRODUCT)) {
+	$title = $langs->trans('Product')." ".$shortlabel." - ".$langs->trans('Card');
+	$help_url = 'EN:Module_Products|FR:Module_Produits|ES:M&oacute;dulo_Productos|DE:Modul_Produkte';
+}
+if (GETPOST("type") == '1' || ($object->type == Product::TYPE_SERVICE)) {
+	$title = $langs->trans('Service')." ".$shortlabel." - ".$langs->trans('Card');
+	$help_url = 'EN:Module_Services_En|FR:Module_Services|ES:M&oacute;dulo_Servicios|DE:Modul_Leistungen';
+}
+
+llxHeader('', $title, $help_url);
+
 // Load object modBarCodeProduct
 $res = 0;
 if (!empty($conf->barcode->enabled) && !empty($conf->global->BARCODE_PRODUCT_ADDON_NUM)) {
@@ -984,7 +985,6 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) {
 	// When used with CANVAS
 	// -----------------------------------------
 	if (empty($object->error) && $id) {
-		$object = new Product($db);
 		$result = $object->fetch($id);
 		if ($result <= 0) {
 			dol_print_error('', $object->error);
@@ -1465,6 +1465,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) {
 		/*
 		 * Product card
 		 */
+
 		// Fiche en mode edition
 		if ($action == 'edit' && $usercancreate) {
 			//WYSIWYG Editor
diff --git a/htdocs/product/class/product.class.php b/htdocs/product/class/product.class.php
index 76adb4a3485..4ae3d682c07 100644
--- a/htdocs/product/class/product.class.php
+++ b/htdocs/product/class/product.class.php
@@ -8,7 +8,7 @@
  * Copyright (C) 2012       Cedric Salvador         <csalvador@gpcsolutions.fr>
  * Copyright (C) 2013-2014	Cedric GROSS			<c.gross@kreiz-it.fr>
  * Copyright (C) 2013-2016	Marcos García			<marcosgdf@gmail.com>
- * Copyright (C) 2011-2020	Alexandre Spangaro		<aspangaro@open-dsi.fr>
+ * Copyright (C) 2011-2021	Open-DSI				<support@open-dsi.fr>
  * Copyright (C) 2014		Henry Florian			<florian.henry@open-concept.pro>
  * Copyright (C) 2014-2016	Philippe Grand			<philippe.grand@atoo-net.com>
  * Copyright (C) 2014		Ion agorria			    <ion@agorria.com>
@@ -660,12 +660,14 @@ class Product extends CommonObject
 					$sql .= ", price_base_type";
 					$sql .= ", tobuy";
 					$sql .= ", tosell";
-					$sql .= ", accountancy_code_buy";
-					$sql .= ", accountancy_code_buy_intra";
-					$sql .= ", accountancy_code_buy_export";
-					$sql .= ", accountancy_code_sell";
-					$sql .= ", accountancy_code_sell_intra";
-					$sql .= ", accountancy_code_sell_export";
+					if (empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED)) {
+						$sql .= ", accountancy_code_buy";
+						$sql .= ", accountancy_code_buy_intra";
+						$sql .= ", accountancy_code_buy_export";
+						$sql .= ", accountancy_code_sell";
+						$sql .= ", accountancy_code_sell_intra";
+						$sql .= ", accountancy_code_sell_export";
+					}
 					$sql .= ", canvas";
 					$sql .= ", finished";
 					$sql .= ", tobatch";
@@ -685,12 +687,14 @@ class Product extends CommonObject
 					$sql .= ", '".$this->db->escape($this->price_base_type)."'";
 					$sql .= ", ".$this->status;
 					$sql .= ", ".$this->status_buy;
-					$sql .= ", '".$this->db->escape($this->accountancy_code_buy)."'";
-					$sql .= ", '".$this->db->escape($this->accountancy_code_buy_intra)."'";
-					$sql .= ", '".$this->db->escape($this->accountancy_code_buy_export)."'";
-					$sql .= ", '".$this->db->escape($this->accountancy_code_sell)."'";
-					$sql .= ", '".$this->db->escape($this->accountancy_code_sell_intra)."'";
-					$sql .= ", '".$this->db->escape($this->accountancy_code_sell_export)."'";
+					if (empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED)) {
+						$sql .= ", '".$this->db->escape($this->accountancy_code_buy)."'";
+						$sql .= ", '".$this->db->escape($this->accountancy_code_buy_intra)."'";
+						$sql .= ", '".$this->db->escape($this->accountancy_code_buy_export)."'";
+						$sql .= ", '".$this->db->escape($this->accountancy_code_sell)."'";
+						$sql .= ", '".$this->db->escape($this->accountancy_code_sell_intra)."'";
+						$sql .= ", '".$this->db->escape($this->accountancy_code_sell_export)."'";
+					}
 					$sql .= ", '".$this->db->escape($this->canvas)."'";
 					$sql .= ", ".((!isset($this->finished) || $this->finished < 0 || $this->finished == '') ? 'null' : (int) $this->finished);
 					$sql .= ", ".((empty($this->status_batch) || $this->status_batch < 0) ? '0' : $this->status_batch);
@@ -718,6 +722,34 @@ class Product extends CommonObject
 								$error++;
 								$this->error = $this->db->lasterror();
 							}
+
+							// update accountancy for this entity
+							if (!$error && !empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED)) {
+								$sql = "INSERT INTO " . MAIN_DB_PREFIX . "product_accounting (";
+								$sql .= " fk_product";
+								$sql .= ", entity";
+								$sql .= ", accountancy_code_buy";
+								$sql .= ", accountancy_code_buy_intra";
+								$sql .= ", accountancy_code_buy_export";
+								$sql .= ", accountancy_code_sell";
+								$sql .= ", accountancy_code_sell_intra";
+								$sql .= ", accountancy_code_sell_export";
+								$sql .= ") VALUES (";
+								$sql .= $this->id;
+								$sql .= ", " . $conf->entity;
+								$sql .= ", '" . $this->db->escape($this->accountancy_code_buy) . "'";
+								$sql .= ", '" . $this->db->escape($this->accountancy_code_buy_intra) . "'";
+								$sql .= ", '" . $this->db->escape($this->accountancy_code_buy_export) . "'";
+								$sql .= ", '" . $this->db->escape($this->accountancy_code_sell) . "'";
+								$sql .= ", '" . $this->db->escape($this->accountancy_code_sell_intra) . "'";
+								$sql .= ", '" . $this->db->escape($this->accountancy_code_sell_export) . "'";
+								$sql .= ")";
+								$result = $this->db->query($sql);
+								if (!$result) {
+									$error++;
+									$this->error = 'ErrorFailedToInsertAccountancyForEntity';
+								}
+							}
 						} else {
 							$error++;
 							$this->error = 'ErrorFailedToGetInsertedId';
@@ -1051,12 +1083,14 @@ class Product extends CommonObject
 			$sql .= ", fk_state = ".($this->state_id > 0 ? (int) $this->state_id : 'null');
 			$sql .= ", note = ".(isset($this->note) ? "'".$this->db->escape($this->note)."'" : 'null');
 			$sql .= ", duration = '".$this->db->escape($this->duration_value.$this->duration_unit)."'";
-			$sql .= ", accountancy_code_buy = '".$this->db->escape($this->accountancy_code_buy)."'";
-			$sql .= ", accountancy_code_buy_intra = '".$this->db->escape($this->accountancy_code_buy_intra)."'";
-			$sql .= ", accountancy_code_buy_export = '".$this->db->escape($this->accountancy_code_buy_export)."'";
-			$sql .= ", accountancy_code_sell= '".$this->db->escape($this->accountancy_code_sell)."'";
-			$sql .= ", accountancy_code_sell_intra= '".$this->db->escape($this->accountancy_code_sell_intra)."'";
-			$sql .= ", accountancy_code_sell_export= '".$this->db->escape($this->accountancy_code_sell_export)."'";
+			if (empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED)) {
+				$sql .= ", accountancy_code_buy = '" . $this->db->escape($this->accountancy_code_buy) . "'";
+				$sql .= ", accountancy_code_buy_intra = '" . $this->db->escape($this->accountancy_code_buy_intra) . "'";
+				$sql .= ", accountancy_code_buy_export = '" . $this->db->escape($this->accountancy_code_buy_export) . "'";
+				$sql .= ", accountancy_code_sell= '" . $this->db->escape($this->accountancy_code_sell) . "'";
+				$sql .= ", accountancy_code_sell_intra= '" . $this->db->escape($this->accountancy_code_sell_intra) . "'";
+				$sql .= ", accountancy_code_sell_export= '" . $this->db->escape($this->accountancy_code_sell_export) . "'";
+			}
 			$sql .= ", desiredstock = ".((isset($this->desiredstock) && is_numeric($this->desiredstock)) ? (float) $this->desiredstock : "null");
 			$sql .= ", cost_price = ".($this->cost_price != '' ? $this->db->escape($this->cost_price) : 'null');
 			$sql .= ", fk_unit= ".(!$this->fk_unit ? 'NULL' : (int) $this->fk_unit);
@@ -1083,6 +1117,36 @@ class Product extends CommonObject
 
 				$action = 'update';
 
+				// update accountancy for this entity
+				if (!$error && !empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED)) {
+					$this->db->query("DELETE FROM " . MAIN_DB_PREFIX . "product_accounting WHERE fk_product = " . $this->id . " AND entity = " . $conf->entity);
+
+					$sql = "INSERT INTO " . MAIN_DB_PREFIX . "product_accounting (";
+					$sql .= " fk_product";
+					$sql .= ", entity";
+					$sql .= ", accountancy_code_buy";
+					$sql .= ", accountancy_code_buy_intra";
+					$sql .= ", accountancy_code_buy_export";
+					$sql .= ", accountancy_code_sell";
+					$sql .= ", accountancy_code_sell_intra";
+					$sql .= ", accountancy_code_sell_export";
+					$sql .= ") VALUES (";
+					$sql .= $this->id;
+					$sql .= ", " . $conf->entity;
+					$sql .= ", '" . $this->db->escape($this->accountancy_code_buy) . "'";
+					$sql .= ", '" . $this->db->escape($this->accountancy_code_buy_intra) . "'";
+					$sql .= ", '" . $this->db->escape($this->accountancy_code_buy_export) . "'";
+					$sql .= ", '" . $this->db->escape($this->accountancy_code_sell) . "'";
+					$sql .= ", '" . $this->db->escape($this->accountancy_code_sell_intra) . "'";
+					$sql .= ", '" . $this->db->escape($this->accountancy_code_sell_export) . "'";
+					$sql .= ")";
+					$result = $this->db->query($sql);
+					if (!$result) {
+						$error++;
+						$this->error = 'ErrorFailedToUpdateAccountancyForEntity';
+					}
+				}
+
 				// Actions on extra fields
 				if (!$error) {
 					$result = $this->insertExtraFields();
@@ -2096,26 +2160,32 @@ class Product extends CommonObject
 			return -1;
 		}
 
-		$sql = "SELECT rowid, ref, ref_ext, label, description, url, note_public, note as note_private, customcode, fk_country, fk_state, price, price_ttc,";
-		$sql .= " price_min, price_min_ttc, price_base_type, cost_price, default_vat_code, tva_tx, recuperableonly as tva_npr, localtax1_tx, localtax2_tx, localtax1_type, localtax2_type, tosell,";
-		$sql .= " tobuy, fk_product_type, duration, fk_default_warehouse, seuil_stock_alerte, canvas, net_measure, net_measure_units, weight, weight_units,";
-		$sql .= " length, length_units, width, width_units, height, height_units,";
-		$sql .= " surface, surface_units, volume, volume_units, barcode, fk_barcode_type, finished,";
-		$sql .= " accountancy_code_buy, accountancy_code_buy_intra, accountancy_code_buy_export,";
-		$sql .= " accountancy_code_sell, accountancy_code_sell_intra, accountancy_code_sell_export, stock, pmp,";
-		$sql .= " datec, tms, import_key, entity, desiredstock, tobatch, fk_unit,";
-		$sql .= " fk_price_expression, price_autogen, model_pdf";
-		$sql .= " FROM ".MAIN_DB_PREFIX."product";
-		if ($id) {
-			$sql .= " WHERE rowid = ".(int) $id;
+		$sql = "SELECT p.rowid, p.ref, p.ref_ext, p.label, p.description, p.url, p.note_public, p.note as note_private, p.customcode, p.fk_country, p.fk_state, p.price, p.price_ttc,";
+		$sql .= " p.price_min, p.price_min_ttc, p.price_base_type, p.cost_price, p.default_vat_code, p.tva_tx, p.recuperableonly as tva_npr, p.localtax1_tx, p.localtax2_tx, p.localtax1_type, p.localtax2_type, p.tosell,";
+		$sql .= " p.tobuy, p.fk_product_type, p.duration, p.fk_default_warehouse, p.seuil_stock_alerte, p.canvas, p.net_measure, p.net_measure_units, p.weight, p.weight_units,";
+		$sql .= " p.length, p.length_units, p.width, p.width_units, p.height, p.height_units,";
+		$sql .= " p.surface, p.surface_units, p.volume, p.volume_units, p.barcode, p.fk_barcode_type, p.finished,";
+		if (empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED)) {
+			$sql .= " p.accountancy_code_buy, p.accountancy_code_buy_intra, p.accountancy_code_buy_export, p.accountancy_code_sell, p.accountancy_code_sell_intra, p.accountancy_code_sell_export,";
 		} else {
-			$sql .= " WHERE entity IN (".getEntity($this->element).")";
+			$sql .= " pa.accountancy_code_buy, pa.accountancy_code_buy_intra, pa.accountancy_code_buy_export, pa.accountancy_code_sell, pa.accountancy_code_sell_intra, pa.accountancy_code_sell_export,";
+		}
+		$sql .= " p.stock,p.pmp, p.datec, p.tms, p.import_key, p.entity, p.desiredstock, p.tobatch, p.fk_unit,";
+		$sql .= " p.fk_price_expression, p.price_autogen, p.model_pdf";
+		$sql .= " FROM ".MAIN_DB_PREFIX."product as p";
+		if (!empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED)) {
+			$sql .= " LEFT JOIN " . MAIN_DB_PREFIX . "product_accounting as pa ON pa.fk_product = p.rowid AND pa.entity = " . ((int) $conf->entity);
+		}
+		if ($id) {
+			$sql .= " WHERE p.rowid = ".((int) $id);
+		} else {
+			$sql .= " WHERE p.entity IN (".getEntity($this->element).")";
 			if ($ref) {
-				$sql .= " AND ref = '".$this->db->escape($ref)."'";
+				$sql .= " AND p.ref = '".$this->db->escape($ref)."'";
 			} elseif ($ref_ext) {
-				$sql .= " AND ref_ext = '".$this->db->escape($ref_ext)."'";
+				$sql .= " AND p.ref_ext = '".$this->db->escape($ref_ext)."'";
 			} elseif ($barcode) {
-				$sql .= " AND barcode = '".$this->db->escape($barcode)."'";
+				$sql .= " AND p.barcode = '".$this->db->escape($barcode)."'";
 			}
 		}
 
diff --git a/htdocs/product/class/productfournisseurprice.class.php b/htdocs/product/class/productfournisseurprice.class.php
new file mode 100644
index 00000000000..71e25b0c4e1
--- /dev/null
+++ b/htdocs/product/class/productfournisseurprice.class.php
@@ -0,0 +1,880 @@
+<?php
+/* Copyright (C) 2017  Laurent Destailleur <eldy@users.sourceforge.net>
+ * Copyright (C) 2021 Alexis LAURIER <contact@alexislaurier.fr>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <https://www.gnu.org/licenses/>.
+ */
+
+/**
+ * \file        class/productfournisseurprice.class.php
+ * \ingroup     product
+ * \brief       This file is a CRUD class file for ProductFournisseurPrice (Create/Read/Update/Delete)
+ */
+
+// Put here all includes required by your class file
+require_once DOL_DOCUMENT_ROOT.'/core/class/commonobject.class.php';
+
+/**
+ * Class for ProductFournisseurPrice
+ */
+class ProductFournisseurPrice extends CommonObject
+{
+	/**
+	 * @var string ID to identify managed object.
+	 */
+	public $element = 'productfournisseurprice';
+
+	/**
+	 * @var string Name of table without prefix where object is stored. This is also the key used for extrafields management.
+	 */
+	public $table_element = 'product_fournisseur_price';
+
+	/**
+	 * @var int  Does this object support multicompany module ?
+	 * 0=No test on entity, 1=Test with field entity, 'field@table'=Test with link by field@table
+	 */
+	public $ismultientitymanaged = 1;
+
+	/**
+	 * @var int  Does object support extrafields ? 0=No, 1=Yes
+	 */
+	public $isextrafieldmanaged = 1;
+
+	/**
+	 * @var string String with name of icon for productfournisseurprice. Must be the part after the 'object_' into object_productfournisseurprice.png
+	 */
+	public $picto = 'productfournisseurprice@buypricehistory';
+
+
+	const STATUS_DRAFT = 0;
+	const STATUS_VALIDATED = 1;
+	const STATUS_CANCELED = 9;
+
+
+	/**
+	 *  'type' field format ('integer', 'integer:ObjectClass:PathToClass[:AddCreateButtonOrNot[:Filter]]', 'sellist:TableName:LabelFieldName[:KeyFieldName[:KeyFieldParent[:Filter]]]', 'varchar(x)', 'double(24,8)', 'real', 'price', 'text', 'text:none', 'html', 'date', 'datetime', 'timestamp', 'duration', 'mail', 'phone', 'url', 'password')
+	 *         Note: Filter can be a string like "(t.ref:like:'SO-%') or (t.date_creation:<:'20160101') or (t.nature:is:NULL)"
+	 *  'label' the translation key.
+	 *  'picto' is code of a picto to show before value in forms
+	 *  'enabled' is a condition when the field must be managed (Example: 1 or '$conf->global->MY_SETUP_PARAM)
+	 *  'position' is the sort order of field.
+	 *  'notnull' is set to 1 if not null in database. Set to -1 if we must set data to null if empty ('' or 0).
+	 *  'visible' says if field is visible in list (Examples: 0=Not visible, 1=Visible on list and create/update/view forms, 2=Visible on list only, 3=Visible on create/update/view form only (not list), 4=Visible on list and update/view form only (not create). 5=Visible on list and view only (not create/not update). Using a negative value means field is not shown by default on list but can be selected for viewing)
+	 *  'noteditable' says if field is not editable (1 or 0)
+	 *  'default' is a default value for creation (can still be overwrote by the Setup of Default Values if field is editable in creation form). Note: If default is set to '(PROV)' and field is 'ref', the default value will be set to '(PROVid)' where id is rowid when a new record is created.
+	 *  'index' if we want an index in database.
+	 *  'foreignkey'=>'tablename.field' if the field is a foreign key (it is recommanded to name the field fk_...).
+	 *  'searchall' is 1 if we want to search in this field when making a search from the quick search button.
+	 *  'isameasure' must be set to 1 if you want to have a total on list for this field. Field type must be summable like integer or double(24,8).
+	 *  'css' and 'cssview' and 'csslist' is the CSS style to use on field. 'css' is used in creation and update. 'cssview' is used in view mode. 'csslist' is used for columns in lists. For example: 'maxwidth200', 'wordbreak', 'tdoverflowmax200'
+	 *  'help' is a 'TranslationString' to use to show a tooltip on field. You can also use 'TranslationString:keyfortooltiponlick' for a tooltip on click.
+	 *  'showoncombobox' if value of the field must be visible into the label of the combobox that list record
+	 *  'disabled' is 1 if we want to have the field locked by a 'disabled' attribute. In most cases, this is never set into the definition of $fields into class, but is set dynamically by some part of code.
+	 *  'arraykeyval' to set list of value if type is a list of predefined values. For example: array("0"=>"Draft","1"=>"Active","-1"=>"Cancel")
+	 *  'autofocusoncreate' to have field having the focus on a create form. Only 1 field should have this property set to 1.
+	 *  'comment' is not used. You can store here any text of your choice. It is not used by application.
+	 *
+	 *  Note: To have value dynamic, you can set value to 0 in definition and edit the value on the fly into the constructor.
+	 */
+
+	// BEGIN MODULEBUILDER PROPERTIES
+	/**
+	 * @var array  Array with all fields and their property. Do not use it as a static var. It may be modified by constructor.
+	 */
+	public $fields=array(
+		'rowid' => array('type'=>'integer', 'label'=>'TechnicalID', 'enabled'=>'1', 'position'=>10, 'notnull'=>1, 'visible'=>0,),
+		'entity' => array('type'=>'integer', 'label'=>'Entity', 'enabled'=>'1', 'position'=>15, 'notnull'=>1, 'visible'=>-2, 'default'=>'1', 'index'=>1,),
+		'datec' => array('type'=>'datetime', 'label'=>'DateCreation', 'enabled'=>'1', 'position'=>20, 'notnull'=>0, 'visible'=>-1,),
+		'tms' => array('type'=>'timestamp', 'label'=>'DateModification', 'enabled'=>'1', 'position'=>25, 'notnull'=>1, 'visible'=>-1,),
+		'fk_product' => array('type'=>'integer:Product:product/class/product.class.php:1', 'label'=>'Fkproduct', 'enabled'=>'1', 'position'=>30, 'notnull'=>0, 'visible'=>-1,),
+		'fk_soc' => array('type'=>'integer:Societe:societe/class/societe.class.php', 'label'=>'ThirdParty', 'enabled'=>'1', 'position'=>35, 'notnull'=>0, 'visible'=>-1,),
+		'ref_fourn' => array('type'=>'varchar(255)', 'label'=>'Reffourn', 'enabled'=>'1', 'position'=>40, 'notnull'=>0, 'visible'=>-1,),
+		'desc_fourn' => array('type'=>'text', 'label'=>'Descfourn', 'enabled'=>'1', 'position'=>45, 'notnull'=>0, 'visible'=>-1,),
+		'fk_availability' => array('type'=>'integer', 'label'=>'Fkavailability', 'enabled'=>'1', 'position'=>50, 'notnull'=>0, 'visible'=>-1,),
+		'price' => array('type'=>'double(24,8)', 'label'=>'Price', 'enabled'=>'1', 'position'=>55, 'notnull'=>0, 'visible'=>-1,),
+		'quantity' => array('type'=>'double', 'label'=>'Quantity', 'enabled'=>'1', 'position'=>60, 'notnull'=>0, 'visible'=>-1,),
+		'remise_percent' => array('type'=>'double', 'label'=>'Remisepercent', 'enabled'=>'1', 'position'=>65, 'notnull'=>1, 'visible'=>-1,),
+		'remise' => array('type'=>'double', 'label'=>'Remise', 'enabled'=>'1', 'position'=>70, 'notnull'=>1, 'visible'=>-1,),
+		'unitprice' => array('type'=>'double(24,8)', 'label'=>'Unitprice', 'enabled'=>'1', 'position'=>75, 'notnull'=>0, 'visible'=>-1,),
+		'charges' => array('type'=>'double(24,8)', 'label'=>'Charges', 'enabled'=>'1', 'position'=>80, 'notnull'=>0, 'visible'=>-1,),
+		'default_vat_code' => array('type'=>'varchar(10)', 'label'=>'Defaultvatcode', 'enabled'=>'1', 'position'=>85, 'notnull'=>0, 'visible'=>-1,),
+		'tva_tx' => array('type'=>'double(6,3)', 'label'=>'Tvatx', 'enabled'=>'1', 'position'=>90, 'notnull'=>1, 'visible'=>-1,),
+		'info_bits' => array('type'=>'integer', 'label'=>'Infobits', 'enabled'=>'1', 'position'=>95, 'notnull'=>1, 'visible'=>-1,),
+		'fk_user' => array('type'=>'integer:User:user/class/user.class.php', 'label'=>'Fkuser', 'enabled'=>'1', 'position'=>100, 'notnull'=>0, 'visible'=>-1,),
+		'fk_supplier_price_expression' => array('type'=>'integer', 'label'=>'Fksupplierpriceexpression', 'enabled'=>'1', 'position'=>105, 'notnull'=>0, 'visible'=>-1,),
+		'import_key' => array('type'=>'varchar(14)', 'label'=>'ImportId', 'enabled'=>'1', 'position'=>900, 'notnull'=>0, 'visible'=>-2,),
+		'delivery_time_days' => array('type'=>'integer', 'label'=>'Deliverytimedays', 'enabled'=>'1', 'position'=>115, 'notnull'=>0, 'visible'=>-1,),
+		'supplier_reputation' => array('type'=>'varchar(10)', 'label'=>'Supplierreputation', 'enabled'=>'1', 'position'=>120, 'notnull'=>0, 'visible'=>-1,),
+		'fk_multicurrency' => array('type'=>'integer', 'label'=>'Fkmulticurrency', 'enabled'=>'1', 'position'=>125, 'notnull'=>0, 'visible'=>-1,),
+		'multicurrency_code' => array('type'=>'varchar(255)', 'label'=>'Multicurrencycode', 'enabled'=>'1', 'position'=>130, 'notnull'=>0, 'visible'=>-1,),
+		'multicurrency_tx' => array('type'=>'double(24,8)', 'label'=>'Multicurrencytx', 'enabled'=>'1', 'position'=>135, 'notnull'=>0, 'visible'=>-1,),
+		'multicurrency_price' => array('type'=>'double(24,8)', 'label'=>'Multicurrencyprice', 'enabled'=>'1', 'position'=>140, 'notnull'=>0, 'visible'=>-1,),
+		'multicurrency_unitprice' => array('type'=>'double(24,8)', 'label'=>'Multicurrencyunitprice', 'enabled'=>'1', 'position'=>145, 'notnull'=>0, 'visible'=>-1,),
+		'localtax1_tx' => array('type'=>'double(6,3)', 'label'=>'Localtax1tx', 'enabled'=>'1', 'position'=>150, 'notnull'=>0, 'visible'=>-1,),
+		'localtax1_type' => array('type'=>'varchar(10)', 'label'=>'Localtax1type', 'enabled'=>'1', 'position'=>155, 'notnull'=>1, 'visible'=>-1,),
+		'localtax2_tx' => array('type'=>'double(6,3)', 'label'=>'Localtax2tx', 'enabled'=>'1', 'position'=>160, 'notnull'=>0, 'visible'=>-1,),
+		'localtax2_type' => array('type'=>'varchar(10)', 'label'=>'Localtax2type', 'enabled'=>'1', 'position'=>165, 'notnull'=>1, 'visible'=>-1,),
+		'barcode' => array('type'=>'varchar(180)', 'label'=>'Barcode', 'enabled'=>'1', 'position'=>170, 'notnull'=>0, 'visible'=>-1,),
+		'fk_barcode_type' => array('type'=>'integer', 'label'=>'Fkbarcodetype', 'enabled'=>'1', 'position'=>175, 'notnull'=>0, 'visible'=>-1,),
+		'packaging' => array('type'=>'varchar(64)', 'label'=>'Packaging', 'enabled'=>'1', 'position'=>180, 'notnull'=>0, 'visible'=>-1,),
+	);
+	public $rowid;
+	public $entity;
+	public $datec;
+	public $tms;
+	public $fk_product;
+	public $fk_soc;
+	public $ref_fourn;
+	public $desc_fourn;
+	public $fk_availability;
+	public $price;
+	public $quantity;
+	public $remise_percent;
+	public $remise;
+	public $unitprice;
+	public $charges;
+	public $default_vat_code;
+	public $tva_tx;
+	public $info_bits;
+	public $fk_user;
+	public $fk_supplier_price_expression;
+	public $import_key;
+	public $delivery_time_days;
+	public $supplier_reputation;
+	public $fk_multicurrency;
+	public $multicurrency_code;
+	public $multicurrency_tx;
+	public $multicurrency_price;
+	public $multicurrency_unitprice;
+	public $localtax1_tx;
+	public $localtax1_type;
+	public $localtax2_tx;
+	public $localtax2_type;
+	public $barcode;
+	public $fk_barcode_type;
+	public $packaging;
+	// END MODULEBUILDER PROPERTIES
+
+	/**
+	 * Constructor
+	 *
+	 * @param DoliDb $db Database handler
+	 */
+	public function __construct(DoliDB $db)
+	{
+		global $conf, $langs;
+
+		$this->db = $db;
+
+		if (empty($conf->global->MAIN_SHOW_TECHNICAL_ID) && isset($this->fields['rowid'])) $this->fields['rowid']['visible'] = 0;
+		if (empty($conf->multicompany->enabled) && isset($this->fields['entity'])) $this->fields['entity']['enabled'] = 0;
+
+		// Unset fields that are disabled
+		foreach ($this->fields as $key => $val)
+		{
+			if (isset($val['enabled']) && empty($val['enabled']))
+			{
+				unset($this->fields[$key]);
+			}
+		}
+	}
+
+	/**
+	 * Create object into database
+	 *
+	 * @param  User $user      User that creates
+	 * @param  bool $notrigger false=launch triggers after, true=disable triggers
+	 * @return int             <0 if KO, Id of created object if OK
+	 */
+	public function create(User $user, $notrigger = false)
+	{
+		return $this->createCommon($user, $notrigger);
+	}
+
+	/**
+	 * Clone an object into another one
+	 *
+	 * @param  	User 	$user      	User that creates
+	 * @param  	int 	$fromid     Id of object to clone
+	 * @return 	mixed 				New object created, <0 if KO
+	 */
+	public function createFromClone(User $user, $fromid)
+	{
+		global $langs, $extrafields;
+		$error = 0;
+
+		dol_syslog(__METHOD__, LOG_DEBUG);
+
+		$object = new self($this->db);
+
+		$this->db->begin();
+
+		// Load source object
+		$result = $object->fetchCommon($fromid);
+		if ($result > 0 && !empty($object->table_element_line)) $object->fetchLines();
+
+		// get lines so they will be clone
+		//foreach($this->lines as $line)
+		//	$line->fetch_optionals();
+
+		// Reset some properties
+		unset($object->id);
+		unset($object->fk_user_creat);
+		unset($object->import_key);
+
+		// Clear fields
+		if (property_exists($object, 'ref')) $object->ref = empty($this->fields['ref']['default']) ? "Copy_Of_".$object->ref : $this->fields['ref']['default'];
+		if (property_exists($object, 'label')) $object->label = empty($this->fields['label']['default']) ? $langs->trans("CopyOf")." ".$object->label : $this->fields['label']['default'];
+		if (property_exists($object, 'status')) { $object->status = self::STATUS_DRAFT; }
+		if (property_exists($object, 'date_creation')) { $object->date_creation = dol_now(); }
+		if (property_exists($object, 'date_modification')) { $object->date_modification = null; }
+		// ...
+		// Clear extrafields that are unique
+		if (is_array($object->array_options) && count($object->array_options) > 0)
+		{
+			$extrafields->fetch_name_optionals_label($this->table_element);
+			foreach ($object->array_options as $key => $option)
+			{
+				$shortkey = preg_replace('/options_/', '', $key);
+				if (!empty($extrafields->attributes[$this->table_element]['unique'][$shortkey]))
+				{
+					//var_dump($key); var_dump($clonedObj->array_options[$key]); exit;
+					unset($object->array_options[$key]);
+				}
+			}
+		}
+
+		// Create clone
+		$object->context['createfromclone'] = 'createfromclone';
+		$result = $object->createCommon($user);
+		if ($result < 0) {
+			$error++;
+			$this->error = $object->error;
+			$this->errors = $object->errors;
+		}
+
+		if (!$error)
+		{
+			// copy internal contacts
+			if ($this->copy_linked_contact($object, 'internal') < 0)
+			{
+				$error++;
+			}
+		}
+
+		if (!$error)
+		{
+			// copy external contacts if same company
+			if (property_exists($this, 'socid') && $this->socid == $object->socid)
+			{
+				if ($this->copy_linked_contact($object, 'external') < 0)
+					$error++;
+			}
+		}
+
+		unset($object->context['createfromclone']);
+
+		// End
+		if (!$error) {
+			$this->db->commit();
+			return $object;
+		} else {
+			$this->db->rollback();
+			return -1;
+		}
+	}
+
+	/**
+	 * Load object in memory from the database
+	 *
+	 * @param int    $id   Id object
+	 * @return int         <0 if KO, 0 if not found, >0 if OK
+	 */
+	public function fetch($id)
+	{
+		return $this->fetchCommon($id);
+	}
+
+	/**
+	 * Load list of objects in memory from the database.
+	 *
+	 * @param  string      $sortorder    Sort Order
+	 * @param  string      $sortfield    Sort field
+	 * @param  int         $limit        limit
+	 * @param  int         $offset       Offset
+	 * @param  array       $filter       Filter array. Example array('field'=>'valueforlike', 'customurl'=>...)
+	 * @param  string      $filtermode   Filter mode (AND or OR)
+	 * @return array|int                 int <0 if KO, array of pages if OK
+	 */
+	public function fetchAll($sortorder = '', $sortfield = '', $limit = 0, $offset = 0, array $filter = array(), $filtermode = 'AND')
+	{
+		global $conf;
+
+		dol_syslog(__METHOD__, LOG_DEBUG);
+
+		$records = array();
+
+		$sql = 'SELECT ';
+		$sql .= $this->getFieldList();
+		$sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element.' as t';
+		if (isset($this->ismultientitymanaged) && $this->ismultientitymanaged == 1) $sql .= ' WHERE t.entity IN ('.getEntity($this->element).')';
+		else $sql .= ' WHERE 1 = 1';
+		// Manage filter
+		$sqlwhere = array();
+		if (count($filter) > 0) {
+			foreach ($filter as $key => $value) {
+				if ($key == 't.rowid') {
+					$sqlwhere[] = $key.'='.$value;
+				} elseif (in_array($this->fields[$key]['type'], array('date', 'datetime', 'timestamp'))) {
+					$sqlwhere[] = $key.' = \''.$this->db->idate($value).'\'';
+				} elseif ($key == 'customsql') {
+					$sqlwhere[] = $value;
+				} elseif (strpos($value, '%') === false) {
+					$sqlwhere[] = $key.' IN ('.$this->db->sanitize($this->db->escape($value)).')';
+				} else {
+					$sqlwhere[] = $key.' LIKE \'%'.$this->db->escape($value).'%\'';
+				}
+			}
+		}
+		if (count($sqlwhere) > 0) {
+			$sql .= ' AND ('.implode(' '.$filtermode.' ', $sqlwhere).')';
+		}
+
+		if (!empty($sortfield)) {
+			$sql .= $this->db->order($sortfield, $sortorder);
+		}
+		if (!empty($limit)) {
+			$sql .= ' '.$this->db->plimit($limit, $offset);
+		}
+
+		$resql = $this->db->query($sql);
+		if ($resql) {
+			$num = $this->db->num_rows($resql);
+			$i = 0;
+			while ($i < ($limit ? min($limit, $num) : $num))
+			{
+				$obj = $this->db->fetch_object($resql);
+
+				$record = new self($this->db);
+				$record->setVarsFromFetchObj($obj);
+
+				$records[$record->id] = $record;
+
+				$i++;
+			}
+			$this->db->free($resql);
+
+			return $records;
+		} else {
+			$this->errors[] = 'Error '.$this->db->lasterror();
+			dol_syslog(__METHOD__.' '.join(',', $this->errors), LOG_ERR);
+
+			return -1;
+		}
+	}
+
+	/**
+	 * Update object into database
+	 *
+	 * @param  User $user      User that modifies
+	 * @param  bool $notrigger false=launch triggers after, true=disable triggers
+	 * @return int             <0 if KO, >0 if OK
+	 */
+	public function update(User $user, $notrigger = false)
+	{
+		return $this->updateCommon($user, $notrigger);
+	}
+
+	/**
+	 * Delete object in database
+	 *
+	 * @param User $user       User that deletes
+	 * @param bool $notrigger  false=launch triggers after, true=disable triggers
+	 * @return int             <0 if KO, >0 if OK
+	 */
+	public function delete(User $user, $notrigger = false)
+	{
+		return $this->deleteCommon($user, $notrigger);
+	}
+
+	/**
+	 *	Validate object
+	 *
+	 *	@param		User	$user     		User making status change
+	 *  @param		int		$notrigger		1=Does not execute triggers, 0= execute triggers
+	 *	@return  	int						<=0 if OK, 0=Nothing done, >0 if KO
+	 */
+	public function validate($user, $notrigger = 0)
+	{
+		global $conf, $langs;
+
+		require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
+
+		$error = 0;
+
+		// Protection
+		if ($this->status == self::STATUS_VALIDATED)
+		{
+			dol_syslog(get_class($this)."::validate action abandonned: already validated", LOG_WARNING);
+			return 0;
+		}
+
+		$now = dol_now();
+
+		$this->db->begin();
+
+		// Define new ref
+		if (!$error && (preg_match('/^[\(]?PROV/i', $this->ref) || empty($this->ref))) // empty should not happened, but when it occurs, the test save life
+		{
+			$num = $this->getNextNumRef();
+		} else {
+			$num = $this->ref;
+		}
+		$this->newref = $num;
+
+		if (!empty($num)) {
+			// Validate
+			$sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element;
+			$sql .= " SET ref = '".$this->db->escape($num)."',";
+			$sql .= " status = ".self::STATUS_VALIDATED;
+			if (!empty($this->fields['date_validation'])) $sql .= ", date_validation = '".$this->db->idate($now)."'";
+			if (!empty($this->fields['fk_user_valid'])) $sql .= ", fk_user_valid = ".$user->id;
+			$sql .= " WHERE rowid = ".$this->id;
+
+			dol_syslog(get_class($this)."::validate()", LOG_DEBUG);
+			$resql = $this->db->query($sql);
+			if (!$resql)
+			{
+				dol_print_error($this->db);
+				$this->error = $this->db->lasterror();
+				$error++;
+			}
+
+			if (!$error && !$notrigger)
+			{
+				// Call trigger
+				$result = $this->call_trigger('PRODUCTFOURNISSEURPRICE_VALIDATE', $user);
+				if ($result < 0) $error++;
+				// End call triggers
+			}
+		}
+
+		if (!$error)
+		{
+			$this->oldref = $this->ref;
+
+			// Rename directory if dir was a temporary ref
+			if (preg_match('/^[\(]?PROV/i', $this->ref))
+			{
+				// Now we rename also files into index
+				$sql = 'UPDATE '.MAIN_DB_PREFIX."ecm_files set filename = CONCAT('".$this->db->escape($this->newref)."', SUBSTR(filename, ".(strlen($this->ref) + 1).")), filepath = 'productfournisseurprice/".$this->db->escape($this->newref)."'";
+				$sql .= " WHERE filename LIKE '".$this->db->escape($this->ref)."%' AND filepath = 'productfournisseurprice/".$this->db->escape($this->ref)."' and entity = ".$conf->entity;
+				$resql = $this->db->query($sql);
+				if (!$resql) { $error++; $this->error = $this->db->lasterror(); }
+
+				// We rename directory ($this->ref = old ref, $num = new ref) in order not to lose the attachments
+				$oldref = dol_sanitizeFileName($this->ref);
+				$newref = dol_sanitizeFileName($num);
+				$dirsource = $conf->buypricehistory->dir_output.'/productfournisseurprice/'.$oldref;
+				$dirdest = $conf->buypricehistory->dir_output.'/productfournisseurprice/'.$newref;
+				if (!$error && file_exists($dirsource))
+				{
+					dol_syslog(get_class($this)."::validate() rename dir ".$dirsource." into ".$dirdest);
+
+					if (@rename($dirsource, $dirdest))
+					{
+						dol_syslog("Rename ok");
+						// Rename docs starting with $oldref with $newref
+						$listoffiles = dol_dir_list($conf->buypricehistory->dir_output.'/productfournisseurprice/'.$newref, 'files', 1, '^'.preg_quote($oldref, '/'));
+						foreach ($listoffiles as $fileentry)
+						{
+							$dirsource = $fileentry['name'];
+							$dirdest = preg_replace('/^'.preg_quote($oldref, '/').'/', $newref, $dirsource);
+							$dirsource = $fileentry['path'].'/'.$dirsource;
+							$dirdest = $fileentry['path'].'/'.$dirdest;
+							@rename($dirsource, $dirdest);
+						}
+					}
+				}
+			}
+		}
+
+		// Set new ref and current status
+		if (!$error)
+		{
+			$this->ref = $num;
+			$this->status = self::STATUS_VALIDATED;
+		}
+
+		if (!$error)
+		{
+			$this->db->commit();
+			return 1;
+		} else {
+			$this->db->rollback();
+			return -1;
+		}
+	}
+
+
+	/**
+	 *	Set draft status
+	 *
+	 *	@param	User	$user			Object user that modify
+	 *  @param	int		$notrigger		1=Does not execute triggers, 0=Execute triggers
+	 *	@return	int						<0 if KO, >0 if OK
+	 */
+	public function setDraft($user, $notrigger = 0)
+	{
+		// Protection
+		if ($this->status <= self::STATUS_DRAFT)
+		{
+			return 0;
+		}
+
+		return $this->setStatusCommon($user, self::STATUS_DRAFT, $notrigger, 'PRODUCTFOURNISSEURPRICE_UNVALIDATE');
+	}
+
+	/**
+	 *	Set cancel status
+	 *
+	 *	@param	User	$user			Object user that modify
+	 *  @param	int		$notrigger		1=Does not execute triggers, 0=Execute triggers
+	 *	@return	int						<0 if KO, 0=Nothing done, >0 if OK
+	 */
+	public function cancel($user, $notrigger = 0)
+	{
+		// Protection
+		if ($this->status != self::STATUS_VALIDATED)
+		{
+			return 0;
+		}
+
+		return $this->setStatusCommon($user, self::STATUS_CANCELED, $notrigger, 'PRODUCTFOURNISSEURPRICE_CANCEL');
+	}
+
+	/**
+	 *	Set back to validated status
+	 *
+	 *	@param	User	$user			Object user that modify
+	 *  @param	int		$notrigger		1=Does not execute triggers, 0=Execute triggers
+	 *	@return	int						<0 if KO, 0=Nothing done, >0 if OK
+	 */
+	public function reopen($user, $notrigger = 0)
+	{
+		// Protection
+		if ($this->status != self::STATUS_CANCELED)
+		{
+			return 0;
+		}
+
+		return $this->setStatusCommon($user, self::STATUS_VALIDATED, $notrigger, 'PRODUCTFOURNISSEURPRICE_REOPEN');
+	}
+
+	/**
+	 *  Return a link to the object card (with optionaly the picto)
+	 *
+	 *  @param  int     $withpicto                  Include picto in link (0=No picto, 1=Include picto into link, 2=Only picto)
+	 *  @param  string  $option                     On what the link point to ('nolink', ...)
+	 *  @param  int     $notooltip                  1=Disable tooltip
+	 *  @param  string  $morecss                    Add more css on link
+	 *  @param  int     $save_lastsearch_value      -1=Auto, 0=No save of lastsearch_values when clicking, 1=Save lastsearch_values whenclicking
+	 *  @return	string                              String with URL
+	 */
+	public function getNomUrl($withpicto = 0, $option = '', $notooltip = 0, $morecss = '', $save_lastsearch_value = -1)
+	{
+		global $conf, $langs, $hookmanager;
+
+		if (!empty($conf->dol_no_mouse_hover)) $notooltip = 1; // Force disable tooltips
+
+		$result = '';
+
+		$label = img_picto('', $this->picto).' <u>'.$langs->trans("ProductFournisseurPrice").'</u>';
+		if (isset($this->status)) {
+			$label .= ' '.$this->getLibStatut(5);
+		}
+		$label .= '<br>';
+		$label .= '<b>'.$langs->trans('Ref').':</b> '.$this->ref;
+
+		$url = dol_buildpath('/buypricehistory/productfournisseurprice_card.php', 1).'?id='.$this->id;
+
+		if ($option != 'nolink')
+		{
+			// Add param to save lastsearch_values or not
+			$add_save_lastsearch_values = ($save_lastsearch_value == 1 ? 1 : 0);
+			if ($save_lastsearch_value == -1 && preg_match('/list\.php/', $_SERVER["PHP_SELF"])) $add_save_lastsearch_values = 1;
+			if ($add_save_lastsearch_values) $url .= '&save_lastsearch_values=1';
+		}
+
+		$linkclose = '';
+		if (empty($notooltip))
+		{
+			if (!empty($conf->global->MAIN_OPTIMIZEFORTEXTBROWSER))
+			{
+				$label = $langs->trans("ShowProductFournisseurPrice");
+				$linkclose .= ' alt="'.dol_escape_htmltag($label, 1).'"';
+			}
+			$linkclose .= ' title="'.dol_escape_htmltag($label, 1).'"';
+			$linkclose .= ' class="classfortooltip'.($morecss ? ' '.$morecss : '').'"';
+		} else $linkclose = ($morecss ? ' class="'.$morecss.'"' : '');
+
+		$linkstart = '<a href="'.$url.'"';
+		$linkstart .= $linkclose.'>';
+		$linkend = '</a>';
+
+		$result .= $linkstart;
+
+		if (empty($this->showphoto_on_popup)) {
+			if ($withpicto) $result .= img_object(($notooltip ? '' : $label), ($this->picto ? $this->picto : 'generic'), ($notooltip ? (($withpicto != 2) ? 'class="paddingright"' : '') : 'class="'.(($withpicto != 2) ? 'paddingright ' : '').'classfortooltip"'), 0, 0, $notooltip ? 0 : 1);
+		} else {
+			if ($withpicto) {
+				require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
+
+				list($class, $module) = explode('@', $this->picto);
+				$upload_dir = $conf->$module->multidir_output[$conf->entity]."/$class/".dol_sanitizeFileName($this->ref);
+				$filearray = dol_dir_list($upload_dir, "files");
+				$filename = $filearray[0]['name'];
+				if (!empty($filename)) {
+					$pospoint = strpos($filearray[0]['name'], '.');
+
+					$pathtophoto = $class.'/'.$this->ref.'/thumbs/'.substr($filename, 0, $pospoint).'_mini'.substr($filename, $pospoint);
+					if (empty($conf->global->{strtoupper($module.'_'.$class).'_FORMATLISTPHOTOSASUSERS'})) {
+						$result .= '<div class="floatleft inline-block valignmiddle divphotoref"><div class="photoref"><img class="photo'.$module.'" alt="No photo" border="0" src="'.DOL_URL_ROOT.'/viewimage.php?modulepart='.$module.'&entity='.$conf->entity.'&file='.urlencode($pathtophoto).'"></div></div>';
+					} else {
+						$result .= '<div class="floatleft inline-block valignmiddle divphotoref"><img class="photouserphoto userphoto" alt="No photo" border="0" src="'.DOL_URL_ROOT.'/viewimage.php?modulepart='.$module.'&entity='.$conf->entity.'&file='.urlencode($pathtophoto).'"></div>';
+					}
+
+					$result .= '</div>';
+				} else {
+					$result .= img_object(($notooltip ? '' : $label), ($this->picto ? $this->picto : 'generic'), ($notooltip ? (($withpicto != 2) ? 'class="paddingright"' : '') : 'class="'.(($withpicto != 2) ? 'paddingright ' : '').'classfortooltip"'), 0, 0, $notooltip ? 0 : 1);
+				}
+			}
+		}
+
+		if ($withpicto != 2) $result .= $this->ref;
+
+		$result .= $linkend;
+		//if ($withpicto != 2) $result.=(($addlabel && $this->label) ? $sep . dol_trunc($this->label, ($addlabel > 1 ? $addlabel : 0)) : '');
+
+		global $action, $hookmanager;
+		$hookmanager->initHooks(array('productfournisseurpricedao'));
+		$parameters = array('id'=>$this->id, 'getnomurl'=>$result);
+		$reshook = $hookmanager->executeHooks('getNomUrl', $parameters, $this, $action); // Note that $action and $object may have been modified by some hooks
+		if ($reshook > 0) $result = $hookmanager->resPrint;
+		else $result .= $hookmanager->resPrint;
+
+		return $result;
+	}
+
+	/**
+	 *  Return the label of the status
+	 *
+	 *  @param  int		$mode          0=long label, 1=short label, 2=Picto + short label, 3=Picto, 4=Picto + long label, 5=Short label + Picto, 6=Long label + Picto
+	 *  @return	string 			       Label of status
+	 */
+	public function getLibStatut($mode = 0)
+	{
+		return $this->LibStatut($this->status, $mode);
+	}
+
+	// phpcs:disable PEAR.NamingConventions.ValidFunctionName.ScopeNotCamelCaps
+	/**
+	 *  Return the status
+	 *
+	 *  @param	int		$status        Id status
+	 *  @param  int		$mode          0=long label, 1=short label, 2=Picto + short label, 3=Picto, 4=Picto + long label, 5=Short label + Picto, 6=Long label + Picto
+	 *  @return string 			       Label of status
+	 */
+	public function LibStatut($status, $mode = 0)
+	{
+		// phpcs:enable
+		if (empty($this->labelStatus) || empty($this->labelStatusShort))
+		{
+			global $langs;
+			//$langs->load("buypricehistory@buypricehistory");
+			$this->labelStatus[self::STATUS_DRAFT] = $langs->trans('Draft');
+			$this->labelStatus[self::STATUS_VALIDATED] = $langs->trans('Enabled');
+			$this->labelStatus[self::STATUS_CANCELED] = $langs->trans('Disabled');
+			$this->labelStatusShort[self::STATUS_DRAFT] = $langs->trans('Draft');
+			$this->labelStatusShort[self::STATUS_VALIDATED] = $langs->trans('Enabled');
+			$this->labelStatusShort[self::STATUS_CANCELED] = $langs->trans('Disabled');
+		}
+
+		$statusType = 'status'.$status;
+		//if ($status == self::STATUS_VALIDATED) $statusType = 'status1';
+		if ($status == self::STATUS_CANCELED) $statusType = 'status6';
+
+		return dolGetStatus($this->labelStatus[$status], $this->labelStatusShort[$status], '', $statusType, $mode);
+	}
+
+	/**
+	 *	Load the info information in the object
+	 *
+	 *	@param  int		$id       Id of object
+	 *	@return	void
+	 */
+	public function info($id)
+	{
+		$sql = 'SELECT rowid, date_creation as datec, tms as datem,';
+		$sql .= ' fk_user_creat, fk_user_modif';
+		$sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element.' as t';
+		$sql .= ' WHERE t.rowid = '.$id;
+		$result = $this->db->query($sql);
+		if ($result)
+		{
+			if ($this->db->num_rows($result))
+			{
+				$obj = $this->db->fetch_object($result);
+				$this->id = $obj->rowid;
+				if ($obj->fk_user_author)
+				{
+					$cuser = new User($this->db);
+					$cuser->fetch($obj->fk_user_author);
+					$this->user_creation = $cuser;
+				}
+
+				if ($obj->fk_user_valid)
+				{
+					$vuser = new User($this->db);
+					$vuser->fetch($obj->fk_user_valid);
+					$this->user_validation = $vuser;
+				}
+
+				if ($obj->fk_user_cloture)
+				{
+					$cluser = new User($this->db);
+					$cluser->fetch($obj->fk_user_cloture);
+					$this->user_cloture = $cluser;
+				}
+
+				$this->date_creation     = $this->db->jdate($obj->datec);
+				$this->date_modification = $this->db->jdate($obj->datem);
+				$this->date_validation   = $this->db->jdate($obj->datev);
+			}
+
+			$this->db->free($result);
+		} else {
+			dol_print_error($this->db);
+		}
+	}
+
+	/**
+	 * Initialise object with example values
+	 * Id must be 0 if object instance is a specimen
+	 *
+	 * @return void
+	 */
+	public function initAsSpecimen()
+	{
+		$this->initAsSpecimenCommon();
+	}
+
+	/**
+	 *  Returns the reference to the following non used object depending on the active numbering module.
+	 *
+	 *  @return string      		Object free reference
+	 */
+	public function getNextNumRef()
+	{
+		global $langs, $conf;
+		$langs->load("buypricehistory@buypricehistory");
+
+		if (empty($conf->global->BUYPRICEHISTORY_PRODUCTFOURNISSEURPRICE_ADDON)) {
+			$conf->global->BUYPRICEHISTORY_PRODUCTFOURNISSEURPRICE_ADDON = 'mod_productfournisseurprice_standard';
+		}
+
+		if (!empty($conf->global->BUYPRICEHISTORY_PRODUCTFOURNISSEURPRICE_ADDON))
+		{
+			$mybool = false;
+
+			$file = $conf->global->BUYPRICEHISTORY_PRODUCTFOURNISSEURPRICE_ADDON.".php";
+			$classname = $conf->global->BUYPRICEHISTORY_PRODUCTFOURNISSEURPRICE_ADDON;
+
+			// Include file with class
+			$dirmodels = array_merge(array('/'), (array) $conf->modules_parts['models']);
+			foreach ($dirmodels as $reldir)
+			{
+				$dir = dol_buildpath($reldir."core/modules/buypricehistory/");
+
+				// Load file with numbering class (if found)
+				$mybool |= @include_once $dir.$file;
+			}
+
+			if ($mybool === false)
+			{
+				dol_print_error('', "Failed to include file ".$file);
+				return '';
+			}
+
+			if (class_exists($classname)) {
+				$obj = new $classname();
+				$numref = $obj->getNextValue($this);
+
+				if ($numref != '' && $numref != '-1')
+				{
+					return $numref;
+				} else {
+					$this->error = $obj->error;
+					//dol_print_error($this->db,get_class($this)."::getNextNumRef ".$obj->error);
+					return "";
+				}
+			} else {
+				print $langs->trans("Error")." ".$langs->trans("ClassNotFound").' '.$classname;
+				return "";
+			}
+		} else {
+			print $langs->trans("ErrorNumberingModuleNotSetup", $this->element);
+			return "";
+		}
+	}
+
+	/**
+	 *  Create a document onto disk according to template module.
+	 *
+	 *  @param	    string		$modele			Force template to use ('' to not force)
+	 *  @param		Translate	$outputlangs	objet lang a utiliser pour traduction
+	 *  @param      int			$hidedetails    Hide details of lines
+	 *  @param      int			$hidedesc       Hide description
+	 *  @param      int			$hideref        Hide ref
+	 *  @param      null|array  $moreparams     Array to provide more information
+	 *  @return     int         				0 if KO, 1 if OK
+	 */
+	public function generateDocument($modele, $outputlangs, $hidedetails = 0, $hidedesc = 0, $hideref = 0, $moreparams = null)
+	{
+		global $conf, $langs;
+
+		$result = 0;
+		$includedocgeneration = 0;
+
+		$langs->load("buypricehistory@buypricehistory");
+
+		if (!dol_strlen($modele)) {
+			$modele = 'standard_productfournisseurprice';
+
+			if (!empty($this->model_pdf)) {
+				$modele = $this->model_pdf;
+			} elseif (!empty($conf->global->PRODUCTFOURNISSEURPRICE_ADDON_PDF)) {
+				$modele = $conf->global->PRODUCTFOURNISSEURPRICE_ADDON_PDF;
+			}
+		}
+
+		$modelpath = "core/modules/buypricehistory/doc/";
+
+		if ($includedocgeneration && !empty($modele)) {
+			$result = $this->commonGenerateDocument($modelpath, $modele, $outputlangs, $hidedetails, $hidedesc, $hideref, $moreparams);
+		}
+
+		return $result;
+	}
+}
diff --git a/htdocs/product/fournisseurs.php b/htdocs/product/fournisseurs.php
index 77659142744..ff18c361ff9 100644
--- a/htdocs/product/fournisseurs.php
+++ b/htdocs/product/fournisseurs.php
@@ -62,9 +62,9 @@ $extrafields = new ExtraFields($db);
 
 // If socid provided by ajax company selector
 if (!empty($_REQUEST['search_fourn_id'])) {
-	$_GET['id_fourn'] = $_GET['search_fourn_id'];
-	$_POST['id_fourn'] = $_POST['search_fourn_id'];
-	$_REQUEST['id_fourn'] = $_REQUEST['search_fourn_id'];
+	$_GET['id_fourn'] = GETPOST('search_fourn_id', 'int');
+	$_POST['id_fourn'] = GETPOST('search_fourn_id', 'int');
+	$_REQUEST['id_fourn'] = GETPOST('search_fourn_id', 'int');
 }
 
 // Security check
diff --git a/htdocs/product/list.php b/htdocs/product/list.php
index a7cbc76b103..7df96cbd97c 100644
--- a/htdocs/product/list.php
+++ b/htdocs/product/list.php
@@ -11,7 +11,7 @@
  * Copyright (C) 2013       Adolfo segura           <adolfo.segura@gmail.com>
  * Copyright (C) 2015       Jean-François Ferry     <jfefe@aternatik.fr>
  * Copyright (C) 2016       Ferran Marcet		    <fmarcet@2byte.es>
- * Copyright (C) 2020	    Alexandre Spangaro		<aspangaro@open-dsi.fr>
+ * Copyright (C) 2020-2021	Open-DSI				<support@open-dsi.fr>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -191,6 +191,8 @@ if (empty($conf->global->PRODUIT_MULTIPRICES)) {
 
 $isInEEC = isInEEC($mysoc);
 
+$alias_product_accounting = empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED) ? "p" : "pa";
+
 // Definition of fields for lists
 $arrayfields = array(
 	'p.ref'=>array('label'=>"Ref", 'checked'=>1),
@@ -226,12 +228,12 @@ $arrayfields = array(
 	'p.tobatch'=>array('label'=>"ManageLotSerial", 'checked'=>0, 'enabled'=>(!empty($conf->productbatch->enabled)), 'position'=>60),
 	'p.fk_country'=>array('label'=>"Country", 'checked'=>0, 'position'=>100),
 	'p.fk_state'=>array('label'=>"State", 'checked'=>0, 'position'=>101),
-	'p.accountancy_code_sell'=>array('label'=>"ProductAccountancySellCode", 'checked'=>0, 'position'=>400),
-	'p.accountancy_code_sell_intra'=>array('label'=>"ProductAccountancySellIntraCode", 'checked'=>0, 'enabled'=>$isInEEC, 'position'=>401),
-	'p.accountancy_code_sell_export'=>array('label'=>"ProductAccountancySellExportCode", 'checked'=>0, 'position'=>402),
-	'p.accountancy_code_buy'=>array('label'=>"ProductAccountancyBuyCode", 'checked'=>0, 'position'=>403),
-	'p.accountancy_code_buy_intra'=>array('label'=>"ProductAccountancyBuyIntraCode", 'checked'=>0, 'enabled'=>$isInEEC, 'position'=>404),
-	'p.accountancy_code_buy_export'=>array('label'=>"ProductAccountancyBuyExportCode", 'checked'=>0, 'position'=>405),
+	$alias_product_accounting . '.accountancy_code_sell'=>array('label'=>"ProductAccountancySellCode", 'checked'=>0, 'position'=>400),
+	$alias_product_accounting . '.accountancy_code_sell_intra'=>array('label'=>"ProductAccountancySellIntraCode", 'checked'=>0, 'enabled'=>$isInEEC, 'position'=>401),
+	$alias_product_accounting . '.accountancy_code_sell_export'=>array('label'=>"ProductAccountancySellExportCode", 'checked'=>0, 'position'=>402),
+	$alias_product_accounting . '.accountancy_code_buy'=>array('label'=>"ProductAccountancyBuyCode", 'checked'=>0, 'position'=>403),
+	$alias_product_accounting . '.accountancy_code_buy_intra'=>array('label'=>"ProductAccountancyBuyIntraCode", 'checked'=>0, 'enabled'=>$isInEEC, 'position'=>404),
+	$alias_product_accounting . '.accountancy_code_buy_export'=>array('label'=>"ProductAccountancyBuyExportCode", 'checked'=>0, 'position'=>405),
 	'p.datec'=>array('label'=>"DateCreation", 'checked'=>0, 'position'=>500),
 	'p.tms'=>array('label'=>"DateModificationShort", 'checked'=>0, 'position'=>500),
 	'p.tosell'=>array('label'=>$langs->transnoentitiesnoconv("Status").' ('.$langs->transnoentitiesnoconv("Sell").')', 'checked'=>1, 'position'=>1000),
@@ -358,8 +360,12 @@ if ($search_type != '' && $search_type != '-1') {
 
 $sql = 'SELECT DISTINCT p.rowid, p.ref, p.label, p.fk_product_type, p.barcode, p.price, p.tva_tx, p.price_ttc, p.price_base_type, p.entity,';
 $sql .= ' p.fk_product_type, p.duration, p.finished, p.tosell, p.tobuy, p.seuil_stock_alerte, p.desiredstock,';
-$sql .= ' p.tobatch, p.accountancy_code_sell, p.accountancy_code_sell_intra, p.accountancy_code_sell_export,';
-$sql .= ' p.accountancy_code_buy, p.accountancy_code_buy_intra, p.accountancy_code_buy_export,';
+$sql .= ' p.tobatch,';
+if (empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED)) {
+	$sql .= " p.accountancy_code_sell, p.accountancy_code_sell_intra, p.accountancy_code_sell_export, p.accountancy_code_buy, p.accountancy_code_buy_intra, p.accountancy_code_buy_export,";
+} else {
+	$sql .= " pa.accountancy_code_sell, pa.accountancy_code_sell_intra, pa.accountancy_code_sell_export, pa.accountancy_code_buy, pa.accountancy_code_buy_intra, pa.accountancy_code_buy_export,";
+}
 $sql .= ' p.datec as date_creation, p.tms as date_update, p.pmp, p.stock, p.cost_price,';
 $sql .= ' p.weight, p.weight_units, p.length, p.length_units, p.width, p.width_units, p.height, p.height_units, p.surface, p.surface_units, p.volume, p.volume_units, fk_country, fk_state,';
 if (!empty($conf->global->PRODUCT_USE_UNITS)) {
@@ -380,6 +386,9 @@ $parameters = array();
 $reshook = $hookmanager->executeHooks('printFieldListSelect', $parameters); // Note that $action and $object may have been modified by hook
 $sql .= $hookmanager->resPrint;
 $sql .= ' FROM '.MAIN_DB_PREFIX.'product as p';
+if (!empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED)) {
+	$sql .= " LEFT JOIN " . MAIN_DB_PREFIX . "product_accounting as pa ON pa.fk_product = p.rowid AND pa.entity = " . ((int) $conf->entity);
+}
 if (is_array($extrafields->attributes[$object->table_element]['label']) && count($extrafields->attributes[$object->table_element]['label'])) {
 	$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product_extrafields as ef on (p.rowid = ef.fk_object)";
 }
@@ -484,22 +493,22 @@ if ($search_finished >= 0 && $search_finished !== '') {
 	$sql .= " AND p.finished = ".((int) $search_finished);
 }
 if ($search_accountancy_code_sell) {
-	$sql .= natural_search('p.accountancy_code_sell', $search_accountancy_code_sell);
+	$sql .= natural_search($alias_product_accounting . '.accountancy_code_sell', $search_accountancy_code_sell);
 }
 if ($search_accountancy_code_sell_intra) {
-	$sql .= natural_search('p.accountancy_code_sell_intra', $search_accountancy_code_sell_intra);
+	$sql .= natural_search($alias_product_accounting . '.accountancy_code_sell_intra', $search_accountancy_code_sell_intra);
 }
 if ($search_accountancy_code_sell_export) {
-	$sql .= natural_search('p.accountancy_code_sell_export', $search_accountancy_code_sell_export);
+	$sql .= natural_search($alias_product_accounting . '.accountancy_code_sell_export', $search_accountancy_code_sell_export);
 }
 if ($search_accountancy_code_buy) {
-	$sql .= natural_search('p.accountancy_code_buy', $search_accountancy_code_buy);
+	$sql .= natural_search($alias_product_accounting . '.accountancy_code_buy', $search_accountancy_code_buy);
 }
 if ($search_accountancy_code_buy_intra) {
-	$sql .= natural_search('p.accountancy_code_buy_intra', $search_accountancy_code_buy_intra);
+	$sql .= natural_search($alias_product_accounting . '.accountancy_code_buy_intra', $search_accountancy_code_buy_intra);
 }
 if ($search_accountancy_code_buy_export) {
-	$sql .= natural_search('p.accountancy_code_buy_export', $search_accountancy_code_buy_export);
+	$sql .= natural_search($alias_product_accounting . '.accountancy_code_buy_export', $search_accountancy_code_buy_export);
 }
 
 // Add where from extra fields
@@ -510,8 +519,12 @@ $reshook = $hookmanager->executeHooks('printFieldListWhere', $parameters); // No
 $sql .= $hookmanager->resPrint;
 $sql .= " GROUP BY p.rowid, p.ref, p.label, p.barcode, p.price, p.tva_tx, p.price_ttc, p.price_base_type,";
 $sql .= " p.fk_product_type, p.duration, p.finished, p.tosell, p.tobuy, p.seuil_stock_alerte, p.desiredstock,";
-$sql .= ' p.datec, p.tms, p.entity, p.tobatch, p.accountancy_code_sell, p.accountancy_code_sell_intra, p.accountancy_code_sell_export,';
-$sql .= ' p.accountancy_code_buy, p.accountancy_code_buy_intra, p.accountancy_code_buy_export, p.pmp, p.cost_price, p.stock,';
+$sql .= ' p.datec, p.tms, p.entity, p.tobatch, p.pmp, p.cost_price, p.stock,';
+if (empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED)) {
+	$sql .= " p.accountancy_code_sell, p.accountancy_code_sell_intra, p.accountancy_code_sell_export, p.accountancy_code_buy, p.accountancy_code_buy_intra, p.accountancy_code_buy_export,";
+} else {
+	$sql .= " pa.accountancy_code_sell, pa.accountancy_code_sell_intra, pa.accountancy_code_sell_export, pa.accountancy_code_buy, pa.accountancy_code_buy_intra, pa.accountancy_code_buy_export,";
+}
 $sql .= ' p.weight, p.weight_units, p.length, p.length_units, p.width, p.width_units, p.height, p.height_units, p.surface, p.surface_units, p.volume, p.volume_units, p.fk_country, p.fk_state';
 if (!empty($conf->global->PRODUCT_USE_UNITS)) {
 	$sql .= ', p.fk_unit, cu.label';
@@ -991,23 +1004,23 @@ if ($resql) {
 		print '<td class="liste_titre center">'.$formcompany->select_state($search_state, $search_country).'</td>';
 	}
 	// Accountancy code sell
-	if (!empty($arrayfields['p.accountancy_code_sell']['checked'])) {
+	if (!empty($arrayfields[$alias_product_accounting . '.accountancy_code_sell']['checked'])) {
 		print '<td class="liste_titre"><input class="flat maxwidth75" type="text" name="search_accountancy_code_sell" value="'.dol_escape_htmltag($search_accountancy_code_sell).'"></td>';
 	}
-	if (!empty($arrayfields['p.accountancy_code_sell_intra']['checked'])) {
+	if (!empty($arrayfields[$alias_product_accounting . '.accountancy_code_sell_intra']['checked'])) {
 		print '<td class="liste_titre"><input class="flat maxwidth75" type="text" name="search_accountancy_code_sell_intra" value="'.dol_escape_htmltag($search_accountancy_code_sell_intra).'"></td>';
 	}
-	if (!empty($arrayfields['p.accountancy_code_sell_export']['checked'])) {
+	if (!empty($arrayfields[$alias_product_accounting . '.accountancy_code_sell_export']['checked'])) {
 		print '<td class="liste_titre"><input class="flat maxwidth75" type="text" name="search_accountancy_code_sell_export" value="'.dol_escape_htmltag($search_accountancy_code_sell_export).'"></td>';
 	}
 	// Accountancy code buy
-	if (!empty($arrayfields['p.accountancy_code_buy']['checked'])) {
+	if (!empty($arrayfields[$alias_product_accounting . '.accountancy_code_buy']['checked'])) {
 		print '<td class="liste_titre"><input class="flat maxwidth75" type="text" name="search_accountancy_code_buy" value="'.dol_escape_htmltag($search_accountancy_code_buy).'"></td>';
 	}
-	if (!empty($arrayfields['p.accountancy_code_buy_intra']['checked'])) {
+	if (!empty($arrayfields[$alias_product_accounting . '.accountancy_code_buy_intra']['checked'])) {
 		print '<td class="liste_titre"><input class="flat maxwidth75" type="text" name="search_accountancy_code_buy_intra" value="'.dol_escape_htmltag($search_accountancy_code_buy_intra).'"></td>';
 	}
-	if (!empty($arrayfields['p.accountancy_code_buy_export']['checked'])) {
+	if (!empty($arrayfields[$alias_product_accounting . '.accountancy_code_buy_export']['checked'])) {
 		print '<td class="liste_titre"><input class="flat maxwidth75" type="text" name="search_accountancy_code_buy_export" value="'.dol_escape_htmltag($search_accountancy_code_buy_export).'"></td>';
 	}
 	// Extra fields
@@ -1154,23 +1167,23 @@ if ($resql) {
 	if (!empty($arrayfields['p.fk_state']['checked'])) {
 		print_liste_field_titre($arrayfields['p.fk_state']['label'], $_SERVER["PHP_SELF"], "p.fk_state", "", $param, '', $sortfield, $sortorder);
 	}
-	if (!empty($arrayfields['p.accountancy_code_sell']['checked'])) {
-		print_liste_field_titre($arrayfields['p.accountancy_code_sell']['label'], $_SERVER["PHP_SELF"], "p.accountancy_code_sell", "", $param, '', $sortfield, $sortorder);
+	if (!empty($arrayfields[$alias_product_accounting . '.accountancy_code_sell']['checked'])) {
+		print_liste_field_titre($arrayfields[$alias_product_accounting . '.accountancy_code_sell']['label'], $_SERVER["PHP_SELF"], $alias_product_accounting . ".accountancy_code_sell", "", $param, '', $sortfield, $sortorder);
 	}
-	if (!empty($arrayfields['p.accountancy_code_sell_intra']['checked'])) {
-		print_liste_field_titre($arrayfields['p.accountancy_code_sell_intra']['label'], $_SERVER["PHP_SELF"], "p.accountancy_code_sell_intra", "", $param, '', $sortfield, $sortorder);
+	if (!empty($arrayfields[$alias_product_accounting . '.accountancy_code_sell_intra']['checked'])) {
+		print_liste_field_titre($arrayfields[$alias_product_accounting . '.accountancy_code_sell_intra']['label'], $_SERVER["PHP_SELF"], $alias_product_accounting . ".accountancy_code_sell_intra", "", $param, '', $sortfield, $sortorder);
 	}
-	if (!empty($arrayfields['p.accountancy_code_sell_export']['checked'])) {
-		print_liste_field_titre($arrayfields['p.accountancy_code_sell_export']['label'], $_SERVER["PHP_SELF"], "p.accountancy_code_sell_export", "", $param, '', $sortfield, $sortorder);
+	if (!empty($arrayfields[$alias_product_accounting . '.accountancy_code_sell_export']['checked'])) {
+		print_liste_field_titre($arrayfields[$alias_product_accounting . '.accountancy_code_sell_export']['label'], $_SERVER["PHP_SELF"], $alias_product_accounting . ".accountancy_code_sell_export", "", $param, '', $sortfield, $sortorder);
 	}
-	if (!empty($arrayfields['p.accountancy_code_buy']['checked'])) {
-		print_liste_field_titre($arrayfields['p.accountancy_code_buy']['label'], $_SERVER["PHP_SELF"], "p.accountancy_code_buy", "", $param, '', $sortfield, $sortorder);
+	if (!empty($arrayfields[$alias_product_accounting . '.accountancy_code_buy']['checked'])) {
+		print_liste_field_titre($arrayfields[$alias_product_accounting . '.accountancy_code_buy']['label'], $_SERVER["PHP_SELF"], $alias_product_accounting . ".accountancy_code_buy", "", $param, '', $sortfield, $sortorder);
 	}
-	if (!empty($arrayfields['p.accountancy_code_buy_intra']['checked'])) {
-		print_liste_field_titre($arrayfields['p.accountancy_code_buy_intra']['label'], $_SERVER["PHP_SELF"], "p.accountancy_code_buy_intra", "", $param, '', $sortfield, $sortorder);
+	if (!empty($arrayfields[$alias_product_accounting . '.accountancy_code_buy_intra']['checked'])) {
+		print_liste_field_titre($arrayfields[$alias_product_accounting . '.accountancy_code_buy_intra']['label'], $_SERVER["PHP_SELF"], $alias_product_accounting . ".accountancy_code_buy_intra", "", $param, '', $sortfield, $sortorder);
 	}
-	if (!empty($arrayfields['p.accountancy_code_buy_export']['checked'])) {
-		print_liste_field_titre($arrayfields['p.accountancy_code_buy_export']['label'], $_SERVER["PHP_SELF"], "p.accountancy_code_buy_export", "", $param, '', $sortfield, $sortorder);
+	if (!empty($arrayfields[$alias_product_accounting . '.accountancy_code_buy_export']['checked'])) {
+		print_liste_field_titre($arrayfields[$alias_product_accounting . '.accountancy_code_buy_export']['label'], $_SERVER["PHP_SELF"], $alias_product_accounting . ".accountancy_code_buy_export", "", $param, '', $sortfield, $sortorder);
 	}
 	// Extra fields
 	include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_list_search_title.tpl.php';
@@ -1695,38 +1708,38 @@ if ($resql) {
 			}
 		}
 		// Accountancy code sell
-		if (!empty($arrayfields['p.accountancy_code_sell']['checked'])) {
+		if (!empty($arrayfields[$alias_product_accounting . '.accountancy_code_sell']['checked'])) {
 			print '<td>'.$obj->accountancy_code_sell.'</td>';
 			if (!$i) {
 				$totalarray['nbfield']++;
 			}
 		}
-		if (!empty($arrayfields['p.accountancy_code_sell_intra']['checked'])) {
+		if (!empty($arrayfields[$alias_product_accounting . '.accountancy_code_sell_intra']['checked'])) {
 			print '<td>'.$obj->accountancy_code_sell_intra.'</td>';
 			if (!$i) {
 				$totalarray['nbfield']++;
 			}
 		}
-		if (!empty($arrayfields['p.accountancy_code_sell_export']['checked'])) {
+		if (!empty($arrayfields[$alias_product_accounting . '.accountancy_code_sell_export']['checked'])) {
 			print '<td>'.$obj->accountancy_code_sell_export.'</td>';
 			if (!$i) {
 				$totalarray['nbfield']++;
 			}
 		}
 		// Accountancy code buy
-		if (!empty($arrayfields['p.accountancy_code_buy']['checked'])) {
+		if (!empty($arrayfields[$alias_product_accounting . '.accountancy_code_buy']['checked'])) {
 			print '<td>'.$obj->accountancy_code_buy.'</td>';
 			if (!$i) {
 				$totalarray['nbfield']++;
 			}
 		}
-		if (!empty($arrayfields['p.accountancy_code_buy_intra']['checked'])) {
+		if (!empty($arrayfields[$alias_product_accounting . '.accountancy_code_buy_intra']['checked'])) {
 			print '<td>'.$obj->accountancy_code_buy_intra.'</td>';
 			if (!$i) {
 				$totalarray['nbfield']++;
 			}
 		}
-		if (!empty($arrayfields['p.accountancy_code_buy_export']['checked'])) {
+		if (!empty($arrayfields[$alias_product_accounting . '.accountancy_code_buy_export']['checked'])) {
 			print '<td>'.$obj->accountancy_code_buy_export.'</td>';
 			if (!$i) {
 				$totalarray['nbfield']++;
diff --git a/htdocs/product/stock/class/entrepot.class.php b/htdocs/product/stock/class/entrepot.class.php
index 30dba05e417..327c428e9c9 100644
--- a/htdocs/product/stock/class/entrepot.class.php
+++ b/htdocs/product/stock/class/entrepot.class.php
@@ -436,7 +436,7 @@ class Entrepot extends CommonObject
 		$sql .= " model_pdf, import_key";
 		$sql .= " FROM ".MAIN_DB_PREFIX."entrepot";
 		if ($id) {
-			$sql .= " WHERE rowid = '".$id."'";
+			$sql .= " WHERE rowid = ".((int) $id);
 		} else {
 			$sql .= " WHERE entity = ".$conf->entity;
 			if ($ref) {
diff --git a/htdocs/product/stock/class/mouvementstock.class.php b/htdocs/product/stock/class/mouvementstock.class.php
index 8b2d729c29c..102e3ba1700 100644
--- a/htdocs/product/stock/class/mouvementstock.class.php
+++ b/htdocs/product/stock/class/mouvementstock.class.php
@@ -604,9 +604,9 @@ class MouvementStock extends CommonObject
 				// $sql = "UPDATE ".MAIN_DB_PREFIX."product SET pmp = ".$newpmp.", stock = ".$this->db->ifsql("stock IS NULL", 0, "stock") . " + ".$qty;
 				// $sql.= " WHERE rowid = ".$fk_product;
 				// Update pmp + denormalized fields because we change content of produt_stock. Warning: Do not use "SET p.stock", does not works with pgsql
-				$sql = "UPDATE ".MAIN_DB_PREFIX."product as p SET pmp = ".$newpmp.",";
+				$sql = "UPDATE ".MAIN_DB_PREFIX."product as p SET pmp = ".((float) $newpmp).",";
 				$sql .= " stock=(SELECT SUM(ps.reel) FROM ".MAIN_DB_PREFIX."product_stock as ps WHERE ps.fk_product = p.rowid)";
-				$sql .= " WHERE rowid = ".$fk_product;
+				$sql .= " WHERE rowid = ".((int) $fk_product);
 
 				dol_syslog(get_class($this)."::_create update AWP", LOG_DEBUG);
 				$resql = $this->db->query($sql);
diff --git a/htdocs/product/stock/fiche-valo.php b/htdocs/product/stock/fiche-valo.php
index 34380efbe7a..a2a15a34e53 100644
--- a/htdocs/product/stock/fiche-valo.php
+++ b/htdocs/product/stock/fiche-valo.php
@@ -28,7 +28,8 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/stock.lib.php';
 
 // Load translation files required by the page
 $langs->loadLangs(array('products', 'stocks', 'companies'));
-$mesg = '';
+
+$id = GETPOST('id', 'int');
 
 // Security check
 $result = restrictedArea($user, 'stock');
@@ -43,18 +44,13 @@ $form = new Form($db);
 $help_url = 'EN:Module_Stocks_En|FR:Module_Stock|ES:M&oacute;dulo_Stocks';
 llxHeader("", $langs->trans("WarehouseCard"), $help_url);
 
-if ($_GET["id"]) {
-	if ($mesg) {
-		print $mesg;
-	}
-
+if ($id > 0) {
 	$entrepot = new Entrepot($db);
-	$result = $entrepot->fetch($_GET["id"]);
+	$result = $entrepot->fetch($id);
 	if ($result < 0) {
 		dol_print_error($db);
 	}
 
-
 	$head = stock_prepare_head($entrepot);
 
 	print dol_get_fiche_head($head, 'value', $langs->trans("Warehouse"), 0, 'stock');
diff --git a/htdocs/projet/activity/perday.php b/htdocs/projet/activity/perday.php
index 5b30d77ca21..fc5ea53e98a 100644
--- a/htdocs/projet/activity/perday.php
+++ b/htdocs/projet/activity/perday.php
@@ -50,7 +50,7 @@ if ($mode == 'mine') {
 	$mine = 1;
 }
 
-$projectid = isset($_GET["id"]) ? GETPOST("id", "int", 1) : GETPOST("projectid", "int");
+$projectid = GETPOSTISSET("id") ? GETPOST("id", "int", 1) : GETPOST("projectid", "int");
 
 $hookmanager->initHooks(array('timesheetperdaycard'));
 
diff --git a/htdocs/projet/activity/permonth.php b/htdocs/projet/activity/permonth.php
index 7f40ab1c9a1..5fd76694c34 100644
--- a/htdocs/projet/activity/permonth.php
+++ b/htdocs/projet/activity/permonth.php
@@ -48,7 +48,7 @@ if ($mode == 'mine') {
 	$mine = 1;
 }
 
-$projectid = isset($_GET["id"]) ? GETPOST("id", "int", 1) : GETPOST("projectid", "int");
+$projectid = GETPOSTISSET("id") ? GETPOST("id", "int", 1) : GETPOST("projectid", "int");
 
 // Security check
 $socid = 0;
diff --git a/htdocs/projet/activity/perweek.php b/htdocs/projet/activity/perweek.php
index b6cd2c04f10..4201fca41b6 100644
--- a/htdocs/projet/activity/perweek.php
+++ b/htdocs/projet/activity/perweek.php
@@ -50,7 +50,7 @@ if ($mode == 'mine') {
 	$mine = 1;
 }
 
-$projectid = isset($_GET["id"]) ? GETPOST("id", "int", 1) : GETPOST("projectid", "int");
+$projectid = GETPOSTISSET("id") ? GETPOST("id", "int", 1) : GETPOST("projectid", "int");
 
 $hookmanager->initHooks(array('timesheetperweekcard'));
 
diff --git a/htdocs/projet/ajax/projects.php b/htdocs/projet/ajax/projects.php
index 74d9236d26d..22f58f62c90 100644
--- a/htdocs/projet/ajax/projects.php
+++ b/htdocs/projet/ajax/projects.php
@@ -49,8 +49,12 @@ require '../../main.inc.php';
 
 $htmlname = GETPOST('htmlname', 'aZ09');
 $socid = GETPOST('socid', 'int');
+$mode = GETPOST('mode', 'aZ09');
 $discard_closed = GETPOST('discardclosed', 'int');
 
+// Security check
+restrictedArea($user, 'projet', 0, 'projet&project');
+
 
 /*
  * View
@@ -68,7 +72,7 @@ if (empty($htmlname) && !GETPOST('mode', 'aZ09')) {
 }
 
 // Mode to get list of projects
-if (!GETPOST('mode', 'aZ09') || GETPOST('mode', 'aZ09') != 'gettasks') {
+if (empty($mode) || $mode != 'gettasks') {
 	// When used from jQuery, the search term is added as GET param "term".
 	$searchkey = (GETPOSTISSET($htmlname) ? GETPOST($htmlname, 'aZ09') : '');
 
@@ -77,7 +81,7 @@ if (!GETPOST('mode', 'aZ09') || GETPOST('mode', 'aZ09') != 'gettasks') {
 }
 
 // Mode to get list of tasks
-if (GETPOST('mode', 'aZ09') == 'gettasks') {
+if ($mode == 'gettasks') {
 	$formproject = new FormProjets($db);
 	$formproject->selectTasks((!empty($$socid) ? $socid : -1), 0, 'taskid', 24, 1, '1', 1, 0, 0, 'maxwidth500', GETPOST('projectid', 'int'), '');
 	return;
diff --git a/htdocs/projet/card.php b/htdocs/projet/card.php
index 916f23eb056..95fd6388911 100644
--- a/htdocs/projet/card.php
+++ b/htdocs/projet/card.php
@@ -78,17 +78,17 @@ if ($id > 0 || !empty($ref)) {
 	}
 }
 
-// Security check
-$socid = GETPOST('socid', 'int');
-//if ($user->socid > 0) $socid = $user->socid;    // For external user, no check is done on company because readability is managed by public status of project and assignement.
-$result = restrictedArea($user, 'projet', $object->id, 'projet&project');
-
 // fetch optionals attributes and labels
 $extrafields->fetch_name_optionals_label($object->table_element);
 
 $date_start = dol_mktime(0, 0, 0, GETPOST('projectstartmonth', 'int'), GETPOST('projectstartday', 'int'), GETPOST('projectstartyear', 'int'));
 $date_end = dol_mktime(0, 0, 0, GETPOST('projectendmonth', 'int'), GETPOST('projectendday', 'int'), GETPOST('projectendyear', 'int'));
 
+// Security check
+$socid = GETPOST('socid', 'int');
+//if ($user->socid > 0) $socid = $user->socid;    // For external user, no check is done on company because readability is managed by public status of project and assignement.
+restrictedArea($user, 'projet', $object->id, 'projet&project');
+
 
 /*
  * Actions
diff --git a/htdocs/projet/class/project.class.php b/htdocs/projet/class/project.class.php
index 8bf9c727f4e..792d2fd00de 100644
--- a/htdocs/projet/class/project.class.php
+++ b/htdocs/projet/class/project.class.php
@@ -771,7 +771,7 @@ class Project extends CommonObject
 			'actioncomm'=>'fk_project', 'mrp_mo'=>'fk_project'
 		);
 		foreach ($listoftables as $key => $value) {
-			$sql = "UPDATE ".MAIN_DB_PREFIX.$key." SET ".$value." = NULL where ".$value." = ".$this->id;
+			$sql = "UPDATE ".MAIN_DB_PREFIX.$key." SET ".$value." = NULL where ".$value." = ".((int) $this->id);
 			$resql = $this->db->query($sql);
 			if (!$resql) {
 				$this->errors[] = $this->db->lasterror();
@@ -1033,7 +1033,7 @@ class Project extends CommonObject
 			$this->db->begin();
 
 			$sql = "UPDATE ".MAIN_DB_PREFIX."projet";
-			$sql .= " SET fk_statut = ".self::STATUS_CLOSED.", fk_user_close = ".$user->id.", date_close = '".$this->db->idate($now)."'";
+			$sql .= " SET fk_statut = ".self::STATUS_CLOSED.", fk_user_close = ".((int) $user->id).", date_close = '".$this->db->idate($now)."'";
 			$sql .= " WHERE rowid = ".$this->id;
 			$sql .= " AND fk_statut = ".self::STATUS_VALIDATED;
 
diff --git a/htdocs/projet/class/task.class.php b/htdocs/projet/class/task.class.php
index 091409539a8..7916f79fdeb 100644
--- a/htdocs/projet/class/task.class.php
+++ b/htdocs/projet/class/task.class.php
@@ -1197,11 +1197,11 @@ class Task extends CommonObject
 		if ($ret > 0) {
 			// Recalculate amount of time spent for task and update denormalized field
 			$sql = "UPDATE ".MAIN_DB_PREFIX."projet_task";
-			$sql .= " SET duration_effective = (SELECT SUM(task_duration) FROM ".MAIN_DB_PREFIX."projet_task_time as ptt where ptt.fk_task = ".$this->id.")";
+			$sql .= " SET duration_effective = (SELECT SUM(task_duration) FROM ".MAIN_DB_PREFIX."projet_task_time as ptt where ptt.fk_task = ".((int) $this->id).")";
 			if (isset($this->progress)) {
-				$sql .= ", progress = ".$this->progress; // Do not overwrite value if not provided
+				$sql .= ", progress = ".((float) $this->progress); // Do not overwrite value if not provided
 			}
-			$sql .= " WHERE rowid = ".$this->id;
+			$sql .= " WHERE rowid = ".((int) $this->id);
 
 			dol_syslog(get_class($this)."::addTimeSpent", LOG_DEBUG);
 			if (!$this->db->query($sql)) {
@@ -1210,8 +1210,8 @@ class Task extends CommonObject
 			}
 
 			$sql = "UPDATE ".MAIN_DB_PREFIX."projet_task_time";
-			$sql .= " SET thm = (SELECT thm FROM ".MAIN_DB_PREFIX."user WHERE rowid = ".$this->timespent_fk_user.")"; // set average hour rate of user
-			$sql .= " WHERE rowid = ".$tasktime_id;
+			$sql .= " SET thm = (SELECT thm FROM ".MAIN_DB_PREFIX."user WHERE rowid = ".((int) $this->timespent_fk_user).")"; // set average hour rate of user
+			$sql .= " WHERE rowid = ".((int) $tasktime_id);
 
 			dol_syslog(get_class($this)."::addTimeSpent", LOG_DEBUG);
 			if (!$this->db->query($sql)) {
@@ -1552,7 +1552,7 @@ class Task extends CommonObject
 			$newDuration = $this->timespent_duration - $this->timespent_old_duration;
 
 			$sql = "UPDATE ".MAIN_DB_PREFIX."projet_task";
-			$sql .= " SET duration_effective = (SELECT SUM(task_duration) FROM ".MAIN_DB_PREFIX."projet_task_time as ptt where ptt.fk_task = ".$this->db->escape($this->id).")";
+			$sql .= " SET duration_effective = (SELECT SUM(task_duration) FROM ".MAIN_DB_PREFIX."projet_task_time as ptt where ptt.fk_task = ".((int) $this->id).")";
 			$sql .= " WHERE rowid = ".$this->id;
 
 			dol_syslog(get_class($this)."::updateTimeSpent", LOG_DEBUG);
diff --git a/htdocs/projet/list.php b/htdocs/projet/list.php
index 976e29b55bf..6ab17b6feee 100644
--- a/htdocs/projet/list.php
+++ b/htdocs/projet/list.php
@@ -678,32 +678,32 @@ if ($search_all) {
 
 $moreforfilter = '';
 
-// Filter on categories
-if (!empty($conf->categorie->enabled) && $user->rights->categorie->lire) {
-	$formcategory = new FormCategory($db);
-	$moreforfilter .= $formcategory->getFilterBox(Categorie::TYPE_PROJECT, $search_category_array);
-}
-
 // If the user can view user other than himself
 $moreforfilter .= '<div class="divsearchfield">';
-$moreforfilter .= $langs->trans('ProjectsWithThisUserAsContact').': ';
+$tmptitle = $langs->trans('ProjectsWithThisUserAsContact');
 //$includeonly = 'hierarchyme';
 $includeonly = '';
 if (empty($user->rights->user->user->lire)) {
 	$includeonly = array($user->id);
 }
-$moreforfilter .= $form->select_dolusers($search_project_user ? $search_project_user : '', 'search_project_user', 1, '', 0, $includeonly, '', 0, 0, 0, '', 0, '', 'maxwidth200');
+$moreforfilter .= img_picto($tmptitle, 'user', 'class="pictofixedwidth"').$form->select_dolusers($search_project_user ? $search_project_user : '', 'search_project_user', $tmptitle, '', 0, $includeonly, '', 0, 0, 0, '', 0, '', 'maxwidth250');
 $moreforfilter .= '</div>';
 
 // If the user can view thirdparties other than his'
 if ($user->rights->societe->client->voir || $socid) {
 	$langs->load("commercial");
 	$moreforfilter .= '<div class="divsearchfield">';
-	$moreforfilter .= $langs->trans('ThirdPartiesOfSaleRepresentative').': ';
-	$moreforfilter .= $formother->select_salesrepresentatives($search_sale, 'search_sale', $user, 0, 1, 'maxwidth200');
+	$tmptitle = $langs->trans('ThirdPartiesOfSaleRepresentative');
+	$moreforfilter .= img_picto($tmptitle, 'user', 'class="pictofixedwidth"').$formother->select_salesrepresentatives($search_sale, 'search_sale', $user, 0, $tmptitle, 'maxwidth250');
 	$moreforfilter .= '</div>';
 }
 
+// Filter on categories
+if (!empty($conf->categorie->enabled) && $user->rights->categorie->lire) {
+	$formcategory = new FormCategory($db);
+	$moreforfilter .= $formcategory->getFilterBox(Categorie::TYPE_PROJECT, $search_category_array);
+}
+
 if (!empty($moreforfilter)) {
 	print '<div class="liste_titre liste_titre_bydiv centpercent">';
 	print $moreforfilter;
@@ -1243,7 +1243,7 @@ while ($i < min($num, $limit)) {
 				$totalarray['pos'][$totalarray['nbfield']] = 'p.price_registration';
 			}
 		}
-		// PriceOfBooth
+		// Price of booth
 		if (!empty($arrayfields['p.price_booth']['checked'])) {
 			print '<td class="right">';
 			if ($obj->price_booth != '') {
@@ -1266,7 +1266,7 @@ while ($i < min($num, $limit)) {
 		print $hookmanager->resPrint;
 		// Date creation
 		if (!empty($arrayfields['p.datec']['checked'])) {
-			print '<td class="center">';
+			print '<td class="center nowraponall">';
 			print dol_print_date($db->jdate($obj->date_creation), 'dayhour', 'tzuser');
 			print '</td>';
 			if (!$i) {
@@ -1275,7 +1275,7 @@ while ($i < min($num, $limit)) {
 		}
 		// Date modification
 		if (!empty($arrayfields['p.tms']['checked'])) {
-			print '<td class="center">';
+			print '<td class="center nowraponall">';
 			print dol_print_date($db->jdate($obj->date_update), 'dayhour', 'tzuser');
 			print '</td>';
 			if (!$i) {
diff --git a/htdocs/projet/tasks/comment.php b/htdocs/projet/tasks/comment.php
index c0ebc6850cc..aaa8bd0cd89 100644
--- a/htdocs/projet/tasks/comment.php
+++ b/htdocs/projet/tasks/comment.php
@@ -284,14 +284,14 @@ if ($id > 0 || !empty($ref)) {
 		print dol_get_fiche_head($head, 'task_comment', $langs->trans("Task"), -1, 'projecttask');
 
 		if ($action == 'delete') {
-			print $form->formconfirm($_SERVER["PHP_SELF"]."?id=".$_GET["id"].'&withproject='.$withproject, $langs->trans("DeleteATask"), $langs->trans("ConfirmDeleteATask"), "confirm_delete");
+			print $form->formconfirm($_SERVER["PHP_SELF"]."?id=".GETPOST("id", "int").'&withproject='.$withproject, $langs->trans("DeleteATask"), $langs->trans("ConfirmDeleteATask"), "confirm_delete");
 		}
 
 		if (!GETPOST('withproject') || empty($projectstatic->id)) {
 			$projectsListId = $projectstatic->getProjectsAuthorizedForUser($user, 0, 1);
 			$object->next_prev_filter = " fk_projet IN (".$db->sanitize($projectsListId).")";
 		} else {
-			$object->next_prev_filter = " fk_projet = ".$projectstatic->id;
+			$object->next_prev_filter = " fk_projet = ".((int) $projectstatic->id);
 		}
 
 		$morehtmlref = '';
diff --git a/htdocs/projet/tasks/contact.php b/htdocs/projet/tasks/contact.php
index c6a7fcb3b45..3aa5c3b8830 100644
--- a/htdocs/projet/tasks/contact.php
+++ b/htdocs/projet/tasks/contact.php
@@ -104,7 +104,7 @@ if ($action == 'addcontact' && $user->rights->projet->creer) {
 // bascule du statut d'un contact
 if ($action == 'swapstatut' && $user->rights->projet->creer) {
 	if ($object->fetch($id, $ref)) {
-		$result = $object->swapContactStatus(GETPOST('ligne'));
+		$result = $object->swapContactStatus(GETPOST('ligne', 'int'));
 	} else {
 		dol_print_error($db);
 	}
@@ -113,7 +113,7 @@ if ($action == 'swapstatut' && $user->rights->projet->creer) {
 // Efface un contact
 if ($action == 'deleteline' && $user->rights->projet->creer) {
 	$object->fetch($id, $ref);
-	$result = $object->delete_contact($_GET["lineid"]);
+	$result = $object->delete_contact(GETPOST("lineid", 'int'));
 
 	if ($result >= 0) {
 		header("Location: ".$_SERVER["PHP_SELF"]."?id=".$object->id.($withproject ? '&withproject=1' : ''));
diff --git a/htdocs/projet/tasks/list.php b/htdocs/projet/tasks/list.php
index cb89a210e1e..7156d94ef21 100644
--- a/htdocs/projet/tasks/list.php
+++ b/htdocs/projet/tasks/list.php
@@ -588,29 +588,29 @@ $morehtmlfilter = '';
 if (!empty($conf->categorie->enabled) && $user->rights->categorie->lire) {
 	require_once DOL_DOCUMENT_ROOT.'/categories/class/categorie.class.php';
 	$moreforfilter .= '<div class="divsearchfield">';
-	$moreforfilter .= $langs->trans('ProjectCategories').': ';
-	$moreforfilter .= $formother->select_categories('project', $search_categ, 'search_categ', 1, 'maxwidth300');
+	$tmptitle = $langs->trans('ProjectCategories');
+	$moreforfilter .= img_picto($tmptitle, 'category', 'class="pictofixedwidth"').$formother->select_categories('project', $search_categ, 'search_categ', 0, $tmptitle, 'maxwidth300');
 	$moreforfilter .= '</div>';
 }
 
 // If the user can view users
 $moreforfilter .= '<div class="divsearchfield">';
-$moreforfilter .= $langs->trans('ProjectsWithThisUserAsContact').' ';
+$tmptitle = $langs->trans('ProjectsWithThisUserAsContact');
 $includeonly = '';
 if (empty($user->rights->user->user->lire)) {
 	$includeonly = array($user->id);
 }
-$moreforfilter .= $form->select_dolusers($search_project_user ? $search_project_user : '', 'search_project_user', 1, '', 0, $includeonly, '', 0, 0, 0, '', 0, '', 'maxwidth200');
+$moreforfilter .= img_picto($tmptitle, 'user', 'class="pictofixedwidth"').$form->select_dolusers($search_project_user ? $search_project_user : '', 'search_project_user', $tmptitle, '', 0, $includeonly, '', 0, 0, 0, '', 0, '', 'maxwidth250');
 $moreforfilter .= '</div>';
 
 // If the user can view users
 $moreforfilter .= '<div class="divsearchfield">';
-$moreforfilter .= $langs->trans('TasksWithThisUserAsContact').': ';
+$tmptitle = $langs->trans('TasksWithThisUserAsContact');
 $includeonly = '';
 if (empty($user->rights->user->user->lire)) {
 	$includeonly = array($user->id);
 }
-$moreforfilter .= $form->select_dolusers($search_task_user, 'search_task_user', 1, '', 0, $includeonly, '', 0, 0, 0, '', 0, '', 'maxwidth200');
+$moreforfilter .= img_picto($tmptitle, 'user', 'class="pictofixedwidth"').$form->select_dolusers($search_task_user, 'search_task_user', $tmptitle, '', 0, $includeonly, '', 0, 0, 0, '', 0, '', 'maxwidth250');
 $moreforfilter .= '</div>';
 
 if (!empty($moreforfilter)) {
@@ -658,7 +658,7 @@ if (!empty($arrayfields['t.dateo']['checked'])) {
 		print '<input class="flat" type="text" size="1" maxlength="2" name="search_sday" value="'.$search_sday.'">';
 	}
 	print '<input class="flat" type="text" size="1" maxlength="2" name="search_smonth" value="'.$search_smonth.'">';
-	$formother->select_year($search_syear ? $search_syear : -1, 'search_syear', 1, 20, 5);
+	print $formother->selectyear($search_syear ? $search_syear : -1, 'search_syear', 1, 20, 5, 0, 0, '', 'valignmiddle width75', 1);
 	print '</td>';
 }
 // End date
@@ -668,7 +668,7 @@ if (!empty($arrayfields['t.datee']['checked'])) {
 		print '<input class="flat" type="text" size="1" maxlength="2" name="search_eday" value="'.$search_eday.'">';
 	}
 	print '<input class="flat" type="text" size="1" maxlength="2" name="search_emonth" value="'.$search_emonth.'">';
-	$formother->select_year($search_eyear ? $search_eyear : -1, 'search_eyear', 1, 20, 5);
+	print $formother->selectyear($search_eyear ? $search_eyear : -1, 'search_eyear', 1, 20, 5, 0, 0, '', 'valignmiddle width75', 1);
 	print '</td>';
 }
 if (!empty($arrayfields['p.ref']['checked'])) {
diff --git a/htdocs/projet/tasks/task.php b/htdocs/projet/tasks/task.php
index 0f6b67a0482..780d387512e 100644
--- a/htdocs/projet/tasks/task.php
+++ b/htdocs/projet/tasks/task.php
@@ -474,14 +474,14 @@ if ($id > 0 || !empty($ref)) {
 			print dol_get_fiche_head($head, 'task_task', $langs->trans("Task"), -1, 'projecttask', 0, '', 'reposition');
 
 			if ($action == 'delete') {
-				print $form->formconfirm($_SERVER["PHP_SELF"]."?id=".$_GET["id"].'&withproject='.$withproject, $langs->trans("DeleteATask"), $langs->trans("ConfirmDeleteATask"), "confirm_delete");
+				print $form->formconfirm($_SERVER["PHP_SELF"]."?id=".GETPOST("id", 'int').'&withproject='.$withproject, $langs->trans("DeleteATask"), $langs->trans("ConfirmDeleteATask"), "confirm_delete");
 			}
 
 			if (!GETPOST('withproject') || empty($projectstatic->id)) {
 				$projectsListId = $projectstatic->getProjectsAuthorizedForUser($user, 0, 1);
 				$object->next_prev_filter = " fk_projet IN (".$db->sanitize($projectsListId).")";
 			} else {
-				$object->next_prev_filter = " fk_projet = ".$projectstatic->id;
+				$object->next_prev_filter = " fk_projet = ".((int) $projectstatic->id);
 			}
 
 			$morehtmlref = '';
diff --git a/htdocs/projet/tasks/time.php b/htdocs/projet/tasks/time.php
index 2fb226b5eb2..54f622b95a1 100644
--- a/htdocs/projet/tasks/time.php
+++ b/htdocs/projet/tasks/time.php
@@ -185,12 +185,12 @@ if ($action == 'addtimespent' && $user->rights->projet->lire) {
 				$action = 'createtime';
 				$error++;
 			} else {
-				$object->timespent_note = GETPOST("timespent_note");
+				$object->timespent_note = GETPOST("timespent_note", 'alpha');
 				if (GETPOST('progress', 'int') > 0) {
 					$object->progress = GETPOST('progress', 'int'); // If progress is -1 (not defined), we do not change value
 				}
-				$object->timespent_duration = GETPOST("timespent_durationhour") * 60 * 60; // We store duration in seconds
-				$object->timespent_duration += (GETPOST("timespent_durationmin") ? GETPOST("timespent_durationmin") : 0) * 60; // We store duration in seconds
+				$object->timespent_duration = GETPOSTINT("timespent_durationhour") * 60 * 60; // We store duration in seconds
+				$object->timespent_duration += (GETPOSTINT('timespent_durationmin') ? GETPOSTINT('timespent_durationmin') : 0) * 60; // We store duration in seconds
 				if (GETPOST("timehour") != '' && GETPOST("timehour") >= 0) {	// If hour was entered
 					$object->timespent_date = dol_mktime(GETPOST("timehour"), GETPOST("timemin"), 0, GETPOST("timemonth"), GETPOST("timeday"), GETPOST("timeyear"));
 					$object->timespent_withhour = 1;
@@ -233,10 +233,10 @@ if (($action == 'updateline' || $action == 'updatesplitline') && !$cancel && $us
 			$result = $object->delTimeSpent($user);
 
 			$object->fetch($id, $ref);
-			$object->timespent_note = GETPOST("timespent_note_line");
+			$object->timespent_note = GETPOST("timespent_note_line", 'alpha');
 			$object->timespent_old_duration = GETPOST("old_duration");
-			$object->timespent_duration = GETPOST("new_durationhour") * 60 * 60; // We store duration in seconds
-			$object->timespent_duration += (GETPOST("new_durationmin") ? GETPOST("new_durationmin") : 0) * 60; // We store duration in seconds
+			$object->timespent_duration = GETPOSTINT("new_durationhour") * 60 * 60; // We store duration in seconds
+			$object->timespent_duration += (GETPOSTINT("new_durationmin") ? GETPOSTINT('new_durationmin') : 0) * 60; // We store duration in seconds
 			if (GETPOST("timelinehour") != '' && GETPOST("timelinehour") >= 0) {	// If hour was entered
 				$object->timespent_date = dol_mktime(GETPOST("timelinehour"), GETPOST("timelinemin"), 0, GETPOST("timelinemonth"), GETPOST("timelineday"), GETPOST("timelineyear"));
 				$object->timespent_withhour = 1;
@@ -258,8 +258,8 @@ if (($action == 'updateline' || $action == 'updatesplitline') && !$cancel && $us
 			$object->timespent_id = GETPOST("lineid", 'int');
 			$object->timespent_note = GETPOST("timespent_note_line");
 			$object->timespent_old_duration = GETPOST("old_duration");
-			$object->timespent_duration = GETPOST("new_durationhour") * 60 * 60; // We store duration in seconds
-			$object->timespent_duration += (GETPOST("new_durationmin") ? GETPOST("new_durationmin") : 0) * 60; // We store duration in seconds
+			$object->timespent_duration = GETPOSTINT("new_durationhour") * 60 * 60; // We store duration in seconds
+			$object->timespent_duration += (GETPOSTINT("new_durationmin") ? GETPOSTINT('new_durationmin') : 0) * 60; // We store duration in seconds
 			if (GETPOST("timelinehour") != '' && GETPOST("timelinehour") >= 0) {	// If hour was entered
 				$object->timespent_date = dol_mktime(GETPOST("timelinehour"), GETPOST("timelinemin"), 0, GETPOST("timelinemonth"), GETPOST("timelineday"), GETPOST("timelineyear"));
 				$object->timespent_withhour = 1;
diff --git a/htdocs/reception/contact.php b/htdocs/reception/contact.php
index f925388f0b6..58e046ec0bb 100644
--- a/htdocs/reception/contact.php
+++ b/htdocs/reception/contact.php
@@ -107,7 +107,7 @@ if ($action == 'addcontact' && $user->rights->reception->creer) {
 	}
 } elseif ($action == 'swapstatut' && $user->rights->reception->creer) {
 	// bascule du statut d'un contact
-	$result = $objectsrc->swapContactStatus(GETPOST('ligne'));
+	$result = $objectsrc->swapContactStatus(GETPOST('ligne', 'int'));
 } elseif ($action == 'deletecontact' && $user->rights->reception->creer) {
 	// Efface un contact
 	$result = $objectsrc->delete_contact(GETPOST("lineid"));
diff --git a/htdocs/recruitment/class/recruitmentjobposition.class.php b/htdocs/recruitment/class/recruitmentjobposition.class.php
index d82e2265e7e..68fb7a1fea6 100644
--- a/htdocs/recruitment/class/recruitmentjobposition.class.php
+++ b/htdocs/recruitment/class/recruitmentjobposition.class.php
@@ -670,7 +670,7 @@ class RecruitmentJobPosition extends CommonObject
 		$newprivatenote = dol_concatdesc($this->note_private, $note);
 
 		$sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element;
-		$sql .= " SET status = ".$status.", note_private = '".$this->db->escape($newprivatenote)."'";
+		$sql .= " SET status = ".((int) $status).", note_private = '".$this->db->escape($newprivatenote)."'";
 		//$sql .= ", date_cloture='".$this->db->idate($now)."', fk_user_cloture=".$user->id;
 		$sql .= " WHERE rowid = ".$this->id;
 
diff --git a/htdocs/salaries/class/paymentsalary.class.php b/htdocs/salaries/class/paymentsalary.class.php
index dc7e310d560..dcb50dac49a 100644
--- a/htdocs/salaries/class/paymentsalary.class.php
+++ b/htdocs/salaries/class/paymentsalary.class.php
@@ -570,7 +570,7 @@ class PaymentSalary extends CommonObject
 	public function update_fk_bank($id_bank)
 	{
         // phpcs:enable
-		$sql = "UPDATE ".MAIN_DB_PREFIX."payment_salary SET fk_bank = ".$id_bank." WHERE rowid = ".$this->id;
+		$sql = "UPDATE ".MAIN_DB_PREFIX."payment_salary SET fk_bank = ".((int) $id_bank)." WHERE rowid = ".((int) $this->id);
 
 		dol_syslog(get_class($this)."::update_fk_bank", LOG_DEBUG);
 		$result = $this->db->query($sql);
diff --git a/htdocs/salaries/list.php b/htdocs/salaries/list.php
index b192fa14011..d60a583c3f8 100644
--- a/htdocs/salaries/list.php
+++ b/htdocs/salaries/list.php
@@ -235,7 +235,7 @@ $title = $langs->trans('Salaries');
 
 $sql = "SELECT u.rowid as uid, u.lastname, u.firstname, u.login, u.email, u.admin, u.salary as current_salary, u.fk_soc as fk_soc, u.statut as status,";
 $sql .= " s.rowid, s.fk_account, s.paye, s.fk_user, s.amount, s.salary, s.label, s.datesp, s.dateep, s.fk_typepayment as paymenttype, ";
-$sql .= " ba.rowid as bid, ba.ref as bref, ba.number as bnumber, ba.account_number, ba.fk_accountancy_journal, ba.label as blabel,";
+$sql .= " ba.rowid as bid, ba.ref as bref, ba.number as bnumber, ba.account_number, ba.fk_accountancy_journal, ba.label as blabel, ba.iban_prefix as iban, ba.bic, ba.currency_code, ba.clos,";
 $sql .= " pst.code as payment_code,";
 $sql .= " SUM(ps.amount) as alreadypayed";
 $sql .= " FROM ".MAIN_DB_PREFIX."salary as s";
@@ -270,7 +270,7 @@ if ($search_amount) {
 	$sql .= natural_search("s.amount", $search_amount, 1);
 }
 if ($search_account > 0) {
-	$sql .= " AND b.fk_account=".((int) $search_account);
+	$sql .= " AND s.fk_account=".((int) $search_account);
 }
 if ($search_status != '' && $search_status >= 0) {
 	$sql .= " AND s.paye = ".$db->escape($search_status);
@@ -280,7 +280,7 @@ if ($search_type_id) {
 }
 $sql .= " GROUP BY u.rowid, u.lastname, u.firstname, u.login, u.email, u.admin, u.salary, u.fk_soc, u.statut,";
 $sql .= " s.rowid, s.fk_account, s.paye, s.fk_user, s.amount, s.salary, s.label, s.datesp, s.dateep, s.fk_typepayment, s.fk_bank,";
-$sql .= " ba.rowid, ba.ref, ba.number, ba.account_number, ba.fk_accountancy_journal, ba.label,";
+$sql .= " ba.rowid, ba.ref, ba.number, ba.account_number, ba.fk_accountancy_journal, ba.label, ba.iban_prefix, ba.bic, ba.currency_code, ba.clos,";
 $sql .= " pst.code";
 $sql .= $db->order($sortfield, $sortorder);
 
@@ -409,10 +409,6 @@ print '<tr class="liste_titre_filter">';
 print '<td class="liste_titre left">';
 print '<input class="flat" type="text" size="3" name="search_ref" value="'.$db->escape($search_ref).'">';
 print '</td>';
-// Employee
-print '<td class="liste_titre">';
-print '<input class="flat" type="text" size="6" name="search_user" value="'.$db->escape($search_user).'">';
-print '</td>';
 // Label
 print '<td class="liste_titre"><input type="text" class="flat width150" name="search_label" value="'.$db->escape($search_label).'"></td>';
 
@@ -436,6 +432,11 @@ print $form->selectDate($search_date_end_to ? $search_date_end_to : -1, 'search_
 print '</div>';
 print '</td>';
 
+// Employee
+print '<td class="liste_titre">';
+print '<input class="flat" type="text" size="6" name="search_user" value="'.$db->escape($search_user).'">';
+print '</td>';
+
 // Type
 print '<td class="liste_titre left">';
 $form->select_types_paiements($search_type_id, 'search_type_id', '', 0, 1, 1, 16);
@@ -475,10 +476,10 @@ print '</tr>'."\n";
 // --------------------------------------------------------------------
 print '<tr class="liste_titre">';
 print_liste_field_titre("Ref", $_SERVER["PHP_SELF"], "s.rowid", "", $param, "", $sortfield, $sortorder);
-print_liste_field_titre("Employee", $_SERVER["PHP_SELF"], "u.lastname", "", $param, "", $sortfield, $sortorder);
 print_liste_field_titre("Label", $_SERVER["PHP_SELF"], "s.label", "", $param, 'class="left"', $sortfield, $sortorder);
 print_liste_field_titre("DateStart", $_SERVER["PHP_SELF"], "s.datesp,s.rowid", "", $param, 'align="center"', $sortfield, $sortorder);
 print_liste_field_titre("DateEnd", $_SERVER["PHP_SELF"], "s.dateep,s.rowid", "", $param, 'align="center"', $sortfield, $sortorder);
+print_liste_field_titre("Employee", $_SERVER["PHP_SELF"], "u.lastname", "", $param, "", $sortfield, $sortorder);
 print_liste_field_titre("DefaultPaymentMode", $_SERVER["PHP_SELF"], "type", "", $param, 'class="left"', $sortfield, $sortorder);
 if (!empty($conf->banque->enabled)) {
 	print_liste_field_titre("DefaultBankAccount", $_SERVER["PHP_SELF"], "ba.label", "", $param, "", $sortfield, $sortorder);
@@ -541,12 +542,6 @@ while ($i < ($limit ? min($num, $limit) : $num)) {
 		$totalarray['nbfield']++;
 	}
 
-	// Employee
-	print "<td>".$userstatic->getNomUrl(1)."</td>\n";
-	if (!$i) {
-		$totalarray['nbfield']++;
-	}
-
 	// Label payment
 	print "<td>".dol_trunc($obj->label, 40)."</td>\n";
 	if (!$i) {
@@ -565,8 +560,16 @@ while ($i < ($limit ? min($num, $limit) : $num)) {
 		$totalarray['nbfield']++;
 	}
 
+	// Employee
+	print "<td>".$userstatic->getNomUrl(1)."</td>\n";
+	if (!$i) {
+		$totalarray['nbfield']++;
+	}
+
 	// Type
-	print '<td>'.$langs->trans("PaymentTypeShort".$obj->payment_code).'</td>';
+	print '<td>';
+	if (!empty($obj->payment_code)) print $langs->trans("PaymentTypeShort".$obj->payment_code);
+	print '</td>';
 	if (!$i) {
 		$totalarray['nbfield']++;
 	}
@@ -578,7 +581,13 @@ while ($i < ($limit ? min($num, $limit) : $num)) {
 			//$accountstatic->fetch($obj->fk_bank);
 			$accountstatic->id = $obj->bid;
 			$accountstatic->ref = $obj->bref;
+			$accountstatic->label = $obj->blabel;
 			$accountstatic->number = $obj->bnumber;
+			$accountstatic->iban = $obj->iban;
+			$accountstatic->bic = $obj->bic;
+			$accountstatic->currency_code = $langs->trans("Currency".$obj->currency_code);
+			$accountstatic->account_number = $obj->account_number;
+			$accountstatic->clos = $obj->clos;
 
 			if (!empty($conf->accounting->enabled)) {
 				$accountstatic->account_number = $obj->account_number;
@@ -602,7 +611,7 @@ while ($i < ($limit ? min($num, $limit) : $num)) {
 	//  if (!$i) $totalarray['pos'][$totalarray['nbfield']] = 'totalttcfield';
 
 	// Amount
-	print '<td class="nowrap right">'.price($obj->amount).'</td>';
+	print '<td class="nowrap right"><span class="amount">'.price($obj->amount).'</span></td>';
 	if (!$i) {
 		$totalarray['nbfield']++;
 	}
diff --git a/htdocs/salaries/payment_salary/card.php b/htdocs/salaries/payment_salary/card.php
index c6d1fd7d07f..51f80b23efd 100644
--- a/htdocs/salaries/payment_salary/card.php
+++ b/htdocs/salaries/payment_salary/card.php
@@ -255,7 +255,7 @@ print '<div class="tabsAction">';
 if ($action == '') {
 	if ($user->rights->salaries->delete) {
 		if (!$disable_delete) {
-			print '<a class="butActionDelete" href="card.php?id='.$_GET['id'].'&amp;action=delete">'.$langs->trans('Delete').'</a>';
+			print '<a class="butActionDelete" href="card.php?id='.GETPOST('id', 'int').'&amp;action=delete&amp;token='.newToken().'">'.$langs->trans('Delete').'</a>';
 		} else {
 			print '<a class="butActionRefused classfortooltip" href="#" title="'.dol_escape_htmltag($langs->trans("CantRemovePaymentSalaryPaid")).'">'.$langs->trans('Delete').'</a>';
 		}
diff --git a/htdocs/salaries/payments.php b/htdocs/salaries/payments.php
index 3e6630dbaf1..c91613f2327 100644
--- a/htdocs/salaries/payments.php
+++ b/htdocs/salaries/payments.php
@@ -77,6 +77,8 @@ $search_date_start = dol_mktime(0, 0, 0, GETPOST('search_date_startmonth', 'int'
 $search_date_end = dol_mktime(23, 59, 59, GETPOST('search_date_endmonth', 'int'), GETPOST('search_date_endday', 'int'), GETPOST('search_date_endyear', 'int'));
 $search_amount = GETPOST('search_amount', 'alpha');
 $search_account = GETPOST('search_account', 'int');
+$search_fk_bank = GETPOST('search_fk_bank', 'int');
+$search_chq_number = GETPOST('search_chq_number', 'int');
 
 $filtre = GETPOST("filtre", 'restricthtml');
 
@@ -141,6 +143,8 @@ if (empty($reshook)) {
 		$search_date_end = '';
 		$search_amount = "";
 		$search_account = '';
+		$search_fk_bank = '';
+		$search_chq_number = '';
 		$search_type_id = "";
 	}
 	if (GETPOST('button_removefilter_x', 'alpha') || GETPOST('button_removefilter.x', 'alpha') || GETPOST('button_removefilter', 'alpha')
@@ -171,6 +175,7 @@ $salstatic = new Salary($db);
 $paymentsalstatic = new PaymentSalary($db);
 $userstatic = new User($db);
 $accountstatic = new Account($db);
+$accountlinestatic = new AccountLine($db);
 
 $now = dol_now();
 
@@ -180,7 +185,7 @@ $title = $langs->trans('SalariesPayments');
 
 $sql = "SELECT u.rowid as uid, u.lastname, u.firstname, u.login, u.email, u.admin, u.salary as current_salary, u.fk_soc as fk_soc, u.statut as status,";
 $sql .= " s.rowid, s.fk_user, s.amount, s.salary, sal.rowid as id_salary, sal.label, s.datep as datep, b.datev as datev, s.fk_typepayment as type, s.num_payment, s.fk_bank,";
-$sql .= " ba.rowid as bid, ba.ref as bref, ba.number as bnumber, ba.account_number, ba.fk_accountancy_journal, ba.label as blabel,";
+$sql .= " ba.rowid as bid, ba.ref as bref, ba.number as bnumber, ba.account_number, ba.fk_accountancy_journal, ba.label as blabel, ba.iban_prefix as iban, ba.bic, ba.currency_code, ba.clos,";
 $sql .= " pst.code as payment_code";
 $sql .= " FROM ".MAIN_DB_PREFIX."payment_salary as s";
 $sql .= " INNER JOIN ".MAIN_DB_PREFIX."salary as sal ON (sal.rowid = s.fk_salary)";
@@ -201,6 +206,9 @@ if ($search_date_start)     $sql .= " AND s.datep >= '".$db->idate($search_date_
 if ($search_date_end)		$sql .= " AND s.datep <= '".$db->idate($search_date_end)."'";
 if ($search_amount)			$sql .= natural_search("s.amount", $search_amount, 1);
 if ($search_account > 0)	$sql .= " AND b.fk_account=".((int) $search_account);
+if ($search_fk_bank)			$sql .= " AND s.fk_bank=".((int) $search_fk_bank);
+if ($search_chq_number)		$sql .= natural_search(array('s.num_payment'), $search_chq_number);
+
 if ($search_type_id > 0) {
 	$sql .= " AND s.fk_typepayment=".$search_type_id;
 }
@@ -245,8 +253,10 @@ if ($search_type_id) $param .= '&search_type_id='.urlencode($search_type_id);
 if ($optioncss != '') $param .= '&optioncss='.urlencode($optioncss);
 if ($search_ref) $param .= '&search_ref='.urlencode($search_ref);
 if ($search_ref_salary) $param .= '&search_ref_salary='.urlencode($search_ref_salary);
-if ($search_user > 0) $param .= '&search_user='.urlencode($search_user);
+if ($search_user) $param .= '&search_user='.urlencode($search_user);
 if ($search_label) $param .= '&search_label='.urlencode($search_label);
+if ($search_fk_bank) $param .= '&search_fk_bank='.urlencode($search_fk_bank);
+if ($search_chq_number) $param .= '&search_chq_number='.urlencode($search_chq_number);
 if ($search_account) $param .= '&search_account='.urlencode($search_account);
 if ($search_date_start) $param .= '&search_date_startday='.urlencode(GETPOST('search_date_startday', 'int')).'&search_date_startmonth='.urlencode(GETPOST('search_date_startmonth', 'int')).'&search_date_startyear='.urlencode(GETPOST('search_date_startyear', 'int'));
 if ($search_date_end) $param .= '&search_date_endday='.urlencode(GETPOST('search_date_endday', 'int')).'&search_date_endmonth='.urlencode(GETPOST('search_date_endmonth', 'int')).'&search_date_endyear='.urlencode(GETPOST('search_date_endyear', 'int'));
@@ -292,10 +302,6 @@ print '<tr class="liste_titre_filter">';
 print '<td class="liste_titre left">';
 print '<input class="flat" type="text" size="3" name="search_ref" value="'.$db->escape($search_ref).'">';
 print '</td>';
-// Employee
-print '<td class="liste_titre">';
-print '<input class="flat" type="text" size="6" name="search_user" value="'.$db->escape($search_user).'">';
-print '</td>';
 // Salary
 print '<td class="liste_titre center">';
 print '<input class="flat" type="text" size="3" name="search_ref_salary" value="'.$db->escape($search_ref_salary).'">';
@@ -314,12 +320,24 @@ print '</td>';
 // Date value
 print '<td class="liste_titre center">';
 print '</td>';
+// Employee
+print '<td class="liste_titre">';
+print '<input class="flat" type="text" size="6" name="search_user" value="'.$db->escape($search_user).'">';
+print '</td>';
 // Type
 print '<td class="liste_titre left">';
 $form->select_types_paiements($search_type_id, 'search_type_id', '', 0, 1, 1, 16);
 print '</td>';
-// Account
+// Chq number
+print '<td class="liste_titre right"><input name="search_chq_number" class="flat" type="text" size="8" value="'.$db->escape($search_chq_number).'"></td>';
+
 if (!empty($conf->banque->enabled)) {
+	// Bank transaction
+	print '<td class="liste_titre center">';
+	print '<input class="flat" type="text" size="3" name="search_fk_bank" value="'.$db->escape($search_fk_bank).'">';
+	print '</td>';
+
+	// Account
 	print '<td class="liste_titre">';
 	$form->select_comptes($search_account, 'search_account', 0, '', 1);
 	print '</td>';
@@ -345,14 +363,18 @@ print '</tr>'."\n";
 // Fields title label
 // --------------------------------------------------------------------
 print '<tr class="liste_titre">';
-print_liste_field_titre("Ref", $_SERVER["PHP_SELF"], "s.rowid", "", $param, "", $sortfield, $sortorder);
-print_liste_field_titre("Employee", $_SERVER["PHP_SELF"], "u.rowid", "", $param, "", $sortfield, $sortorder);
+print_liste_field_titre("RefPayment", $_SERVER["PHP_SELF"], "s.rowid", "", $param, "", $sortfield, $sortorder);
 print_liste_field_titre("Salary", $_SERVER["PHP_SELF"], "sal.rowid", "", $param, '', $sortfield, $sortorder);
 print_liste_field_titre("Label", $_SERVER["PHP_SELF"], "s.label", "", $param, 'class="left"', $sortfield, $sortorder);
 print_liste_field_titre("DatePayment", $_SERVER["PHP_SELF"], "s.datep,s.rowid", "", $param, '', $sortfield, $sortorder, 'center ');
 print_liste_field_titre("DateValue", $_SERVER["PHP_SELF"], "b.datev,s.rowid", "", $param, '', $sortfield, $sortorder, 'center ');
+print_liste_field_titre("Employee", $_SERVER["PHP_SELF"], "u.rowid", "", $param, "", $sortfield, $sortorder);
 print_liste_field_titre("PaymentMode", $_SERVER["PHP_SELF"], "pst.code", "", $param, 'class="left"', $sortfield, $sortorder);
-if (!empty($conf->banque->enabled)) print_liste_field_titre("BankAccount", $_SERVER["PHP_SELF"], "ba.label", "", $param, "", $sortfield, $sortorder);
+print_liste_field_titre("Numero", $_SERVER["PHP_SELF"], "s.num_payment", "", $param, '', $sortfield, $sortorder, '', 'ChequeOrTransferNumber');
+if (!empty($conf->banque->enabled)) {
+	print_liste_field_titre("BankTransactionLine", $_SERVER["PHP_SELF"], "s.fk_bank", "", $param, '', $sortfield, $sortorder);
+	print_liste_field_titre("BankAccount", $_SERVER["PHP_SELF"], "ba.label", "", $param, "", $sortfield, $sortorder);
+}
 print_liste_field_titre("PayedByThisPayment", $_SERVER["PHP_SELF"], "s.amount", "", $param, 'class="right"', $sortfield, $sortorder);
 // Extra fields
 include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_list_search_title.tpl.php';
@@ -407,10 +429,6 @@ while ($i < ($limit ? min($num, $limit) : $num)) {
 	print "<td>".$paymentsalstatic->getNomUrl(1)."</td>\n";
 	if (!$i) $totalarray['nbfield']++;
 
-	// Employee
-	print "<td>".$userstatic->getNomUrl(1)."</td>\n";
-	if (!$i) $totalarray['nbfield']++;
-
 	print "<td>".$salstatic->getNomUrl(1)."</td>\n";
 	if (!$i) $totalarray['nbfield']++;
 
@@ -426,18 +444,37 @@ while ($i < ($limit ? min($num, $limit) : $num)) {
 	print '<td class="center">'.dol_print_date($db->jdate($obj->datev), 'day')."</td>\n";
 	if (!$i) $totalarray['nbfield']++;
 
+	// Employee
+	print "<td>".$userstatic->getNomUrl(1)."</td>\n";
+	if (!$i) $totalarray['nbfield']++;
+
 	// Type
-	print '<td>'.$langs->trans("PaymentTypeShort".$obj->payment_code).' '.$obj->num_payment.'</td>';
+	print '<td>'.$langs->trans("PaymentTypeShort".$obj->payment_code).'</td>';
+	if (!$i) $totalarray['nbfield']++;
+
+	// Chq number
+	print '<td>'.$obj->num_payment.'</td>';
 	if (!$i) $totalarray['nbfield']++;
 
 	// Account
 	if (!empty($conf->banque->enabled)) {
+		// Bank transaction
+		print '<td>';
+		$accountlinestatic->id = $obj->fk_bank;
+		print $accountlinestatic->getNomUrl(1);
+		print '</td>';
+		if (!$i) $totalarray['nbfield']++;
+
 		print '<td>';
 		if ($obj->fk_bank > 0) {
 			//$accountstatic->fetch($obj->fk_bank);
 			$accountstatic->id = $obj->bid;
 			$accountstatic->ref = $obj->bref;
 			$accountstatic->number = $obj->bnumber;
+			$accountstatic->iban = $obj->iban;
+			$accountstatic->bic = $obj->bic;
+			$accountstatic->currency_code = $langs->trans("Currency".$obj->currency_code);
+			$accountstatic->clos = $obj->clos;
 
 			if (!empty($conf->accounting->enabled)) {
 				$accountstatic->account_number = $obj->account_number;
diff --git a/htdocs/societe/ajaxcompanies.php b/htdocs/societe/ajaxcompanies.php
index 3221aafff55..28b105df9a0 100644
--- a/htdocs/societe/ajaxcompanies.php
+++ b/htdocs/societe/ajaxcompanies.php
@@ -66,12 +66,12 @@ if (GETPOST('newcompany') || GETPOST('socid', 'int') || GETPOST('id_fourn')) {
 	$return_arr = array();
 
 	// Define filter on text typed
-	$socid = $_GET['newcompany'] ? $_GET['newcompany'] : '';
+	$socid = GETPOST('newcompany');
 	if (!$socid) {
-		$socid = $_GET['socid'] ? $_GET['socid'] : '';
+		$socid = GETPOST('socid', 'int');
 	}
 	if (!$socid) {
-		$socid = $_GET['id_fourn'] ? $_GET['id_fourn'] : '';
+		$socid = GETPOST('id_fourn', 'int');
 	}
 
 	$sql = "SELECT rowid, nom";
@@ -90,7 +90,7 @@ if (GETPOST('newcompany') || GETPOST('socid', 'int') || GETPOST('id_fourn')) {
 			$sql .= " OR code_fournisseur LIKE '%".$db->escape($socid)."%'";
 		}
 		if (!empty($conf->global->SOCIETE_ALLOW_SEARCH_ON_ROWID)) {
-			$sql .= " OR rowid = '".$db->escape($socid)."'";
+			$sql .= " OR rowid = ".((int) $socid);
 		}
 		$sql .= ")";
 	}
diff --git a/htdocs/societe/card.php b/htdocs/societe/card.php
index fd4fde95243..2a5f2b84a53 100644
--- a/htdocs/societe/card.php
+++ b/htdocs/societe/card.php
@@ -792,7 +792,7 @@ if (empty($reshook)) {
 				// Update linked member
 				if (!$error && $object->fk_soc > 0) {
 					$sql = "UPDATE ".MAIN_DB_PREFIX."adherent";
-					$sql .= " SET fk_soc = NULL WHERE fk_soc = ".$id;
+					$sql .= " SET fk_soc = NULL WHERE fk_soc = ".((int) $socid);
 					if (!$object->db->query($sql)) {
 						$error++;
 						$object->error .= $object->db->lasterror();
diff --git a/htdocs/societe/class/societe.class.php b/htdocs/societe/class/societe.class.php
index c141290d9e9..7746001dea7 100644
--- a/htdocs/societe/class/societe.class.php
+++ b/htdocs/societe/class/societe.class.php
@@ -868,6 +868,7 @@ class Societe extends CommonObject
 			$sql .= ", name_alias";
 			$sql .= ", entity";
 			$sql .= ", datec";
+			$sql .= ", fk_typent";
 			$sql .= ", fk_user_creat";
 			$sql .= ", canvas";
 			$sql .= ", status";
@@ -882,6 +883,7 @@ class Societe extends CommonObject
 			$sql .= ", accountancy_code_sell";
 			$sql .= ") VALUES ('".$this->db->escape($this->name)."', '".$this->db->escape($this->name_alias)."', ".$this->db->escape($this->entity).", '".$this->db->idate($now)."'";
 			$sql .= ", ".(!empty($user->id) ? ((int) $user->id) : "null");
+			$sql .= ", ".(!empty($this->typent_id) ? ((int) $this->typent_id) : "null");
 			$sql .= ", ".(!empty($this->canvas) ? "'".$this->db->escape($this->canvas)."'" : "null");
 			$sql .= ", ".$this->status;
 			$sql .= ", ".(!empty($this->ref_ext) ? "'".$this->db->escape($this->ref_ext)."'" : "null");
@@ -958,7 +960,7 @@ class Societe extends CommonObject
 	 * @param 	array	$tags		Array of tag to affect to contact
 	 * @return 	int					<0 if KO, >0 if OK
 	 */
-	public function create_individual(User $user, $no_email, $tags = array())
+	public function create_individual(User $user, $no_email = 0, $tags = array())
 	{
 		global $conf;
 
@@ -1619,7 +1621,7 @@ class Societe extends CommonObject
 
 		$sql .= ' WHERE s.entity IN ('.getEntity($this->element).')';
 		if ($rowid) {
-			$sql .= ' AND s.rowid = '.$rowid;
+			$sql .= ' AND s.rowid = '.((int) $rowid);
 		}
 		if ($ref) {
 			$sql .= " AND s.nom = '".$this->db->escape($ref)."'";
@@ -1983,7 +1985,7 @@ class Societe extends CommonObject
 				$newclient = 3; //If prospect, we keep prospect tag
 			}
 			$sql = "UPDATE ".MAIN_DB_PREFIX."societe";
-			$sql .= " SET client = ".$newclient;
+			$sql .= " SET client = ".((int) $newclient);
 			$sql .= " WHERE rowid = ".$this->id;
 
 			$resql = $this->db->query($sql);
@@ -2285,8 +2287,8 @@ class Societe extends CommonObject
 			$now = dol_now();
 
 			$sql  = "UPDATE ".MAIN_DB_PREFIX."societe";
-			$sql .= " SET price_level = '".$this->db->escape($price_level)."'";
-			$sql .= " WHERE rowid = ".$this->id;
+			$sql .= " SET price_level = ".((int) $price_level);
+			$sql .= " WHERE rowid = ".((int) $this->id);
 
 			if (!$this->db->query($sql)) {
 				dol_print_error($this->db);
@@ -2295,7 +2297,7 @@ class Societe extends CommonObject
 
 			$sql  = "INSERT INTO ".MAIN_DB_PREFIX."societe_prices";
 			$sql .= " (datec, fk_soc, price_level, fk_user_author)";
-			$sql .= " VALUES ('".$this->db->idate($now)."', ".$this->id.", '".$this->db->escape($price_level)."', ".$user->id.")";
+			$sql .= " VALUES ('".$this->db->idate($now)."', ".$this->id.", ".((int) $price_level).", ".$user->id.")";
 
 			if (!$this->db->query($sql)) {
 				dol_print_error($this->db);
@@ -3793,11 +3795,14 @@ class Societe extends CommonObject
 		$this->client = 1; // A member is a customer by default
 		$this->code_client = ($customercode ? $customercode : -1);
 		$this->code_fournisseur = -1;
+		$this->typent_code = ($member->morphy == 'phy' ? 'TE_PRIVATE' : 0);
+		$this->typent_id = $this->typent_code ? dol_getIdFromCode($this->db, $this->typent_code, 'c_typent', 'id', 'code') : 0;
 
 		$this->db->begin();
 
 		// Cree et positionne $this->id
 		$result = $this->create($user);
+
 		if ($result >= 0) {
 			// Auto-create contact on thirdparty creation
 			if (!empty($conf->global->THIRDPARTY_DEFAULT_CREATE_CONTACT)) {
@@ -3808,6 +3813,7 @@ class Societe extends CommonObject
 
 				dol_syslog("We ask to create a contact/address too", LOG_DEBUG);
 				$result = $this->create_individual($user);
+
 				if ($result < 0) {
 					setEventMessages($this->error, $this->errors, 'errors');
 					$this->db->rollback();
diff --git a/htdocs/societe/societecontact.php b/htdocs/societe/societecontact.php
index 449fd9d7811..c37f61e4fe2 100644
--- a/htdocs/societe/societecontact.php
+++ b/htdocs/societe/societecontact.php
@@ -95,14 +95,14 @@ if ($action == 'addcontact' && $user->rights->societe->creer) {
 } elseif ($action == 'swapstatut' && $user->rights->societe->creer) {
 	// bascule du statut d'un contact
 	if ($object->fetch($id)) {
-		$result = $object->swapContactStatus(GETPOST('ligne'));
+		$result = $object->swapContactStatus(GETPOST('ligne', 'int'));
 	} else {
 		dol_print_error($db);
 	}
 } elseif ($action == 'deletecontact' && $user->rights->societe->creer) {
 	// Efface un contact
 	$object->fetch($id);
-	$result = $object->delete_contact($_GET["lineid"]);
+	$result = $object->delete_contact(GETPOST("lineid", 'int'));
 
 	if ($result >= 0) {
 		header("Location: ".$_SERVER['PHP_SELF']."?id=".$object->id);
diff --git a/htdocs/supplier_proposal/class/supplier_proposal.class.php b/htdocs/supplier_proposal/class/supplier_proposal.class.php
index 158829ea425..bbb06f2a2da 100644
--- a/htdocs/supplier_proposal/class/supplier_proposal.class.php
+++ b/htdocs/supplier_proposal/class/supplier_proposal.class.php
@@ -1541,13 +1541,13 @@ class SupplierProposal extends CommonObject
 		$remise = trim($remise) ?trim($remise) : 0;
 
 		if (!empty($user->rights->supplier_proposal->creer)) {
-			$remise = price2num($remise);
+			$remise = price2num($remise, 2);
 
-			$sql = "UPDATE ".MAIN_DB_PREFIX."supplier_proposal SET remise_percent = ".$remise;
+			$sql = "UPDATE ".MAIN_DB_PREFIX."supplier_proposal SET remise_percent = ".((float) $remise);
 			$sql .= " WHERE rowid = ".$this->id." AND fk_statut = 0";
 
 			if ($this->db->query($sql)) {
-				$this->remise_percent = $remise;
+				$this->remise_percent = ((float) $remise);
 				$this->update_price(1);
 				return 1;
 			} else {
@@ -1569,13 +1569,15 @@ class SupplierProposal extends CommonObject
 	public function set_remise_absolue($user, $remise)
 	{
 		// phpcs:enable
-		$remise = trim($remise) ?trim($remise) : 0;
+		if (empty($remise)) {
+			$remise = 0;
+		}
+
+		$remise = price2num($remise);
 
 		if (!empty($user->rights->supplier_proposal->creer)) {
-			$remise = price2num($remise);
-
 			$sql = "UPDATE ".MAIN_DB_PREFIX."supplier_proposal ";
-			$sql .= " SET remise_absolue = ".$remise;
+			$sql .= " SET remise_absolue = ".((float) $remise);
 			$sql .= " WHERE rowid = ".$this->id." AND fk_statut = 0";
 
 			if ($this->db->query($sql)) {
@@ -1608,7 +1610,7 @@ class SupplierProposal extends CommonObject
 		$error = 0;
 
 		$sql = "UPDATE ".MAIN_DB_PREFIX."supplier_proposal";
-		$sql .= " SET fk_statut = ".$this->statut.",";
+		$sql .= " SET fk_statut = ".((int) $this->statut).",";
 		if (!empty($note)) {
 			$sql .= " note_private = '".$this->db->escape($note)."',";
 		}
@@ -1669,7 +1671,7 @@ class SupplierProposal extends CommonObject
 		$this->db->begin();
 
 		$sql = "UPDATE ".MAIN_DB_PREFIX."supplier_proposal";
-		$sql .= " SET fk_statut = ".$status.", note_private = '".$this->db->escape($note)."', date_cloture='".$this->db->idate($now)."', fk_user_cloture=".$user->id;
+		$sql .= " SET fk_statut = ".((int) $status).", note_private = '".$this->db->escape($note)."', date_cloture='".$this->db->idate($now)."', fk_user_cloture=".$user->id;
 		$sql .= " WHERE rowid = ".$this->id;
 
 		$resql = $this->db->query($sql);
@@ -2852,7 +2854,7 @@ class SupplierProposalLine extends CommonObjectLine
 		$sql .= ' pd.fk_multicurrency, pd.multicurrency_code, pd.multicurrency_subprice, pd.multicurrency_total_ht, pd.multicurrency_total_tva, pd.multicurrency_total_ttc, pd.fk_unit';
 		$sql .= ' FROM '.MAIN_DB_PREFIX.'supplier_proposaldet as pd';
 		$sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'product as p ON pd.fk_product = p.rowid';
-		$sql .= ' WHERE pd.rowid = '.$rowid;
+		$sql .= ' WHERE pd.rowid = '.((int) $rowid);
 
 		$result = $this->db->query($sql);
 		if ($result) {
diff --git a/htdocs/supplier_proposal/contact.php b/htdocs/supplier_proposal/contact.php
index d106ce0506f..3125f81bc01 100644
--- a/htdocs/supplier_proposal/contact.php
+++ b/htdocs/supplier_proposal/contact.php
@@ -58,7 +58,8 @@ if ($action == 'addcontact' && $permissiontoedit) {
 
 	if ($result > 0 && $id > 0) {
 		$contactid = (GETPOST('userid') ? GETPOST('userid') : GETPOST('contactid'));
-		$result = $object->add_contact($contactid, GETPOST("type"), GETPOST("source"));
+		$typeid = (GETPOST('typecontact') ? GETPOST('typecontact') : GETPOST('type'));
+		$result = $object->add_contact($contactid, $typeid, GETPOST("source"));
 	}
 
 	if ($result >= 0) {
@@ -75,7 +76,7 @@ if ($action == 'addcontact' && $permissiontoedit) {
 } elseif ($action == 'swapstatut' && $permissiontoedit) {
 	// Toggle the status of a contact
 	if ($object->fetch($id)) {
-		$result = $object->swapContactStatus(GETPOST('ligne'));
+		$result = $object->swapContactStatus(GETPOST('ligne', 'int'));
 	} else {
 		dol_print_error($db);
 	}
diff --git a/htdocs/supplier_proposal/list.php b/htdocs/supplier_proposal/list.php
index f60f20f7f7a..71540aa2f11 100644
--- a/htdocs/supplier_proposal/list.php
+++ b/htdocs/supplier_proposal/list.php
@@ -560,24 +560,24 @@ if ($resql) {
 	if ($user->rights->societe->client->voir || $socid) {
 		$langs->load("commercial");
 		$moreforfilter .= '<div class="divsearchfield">';
-		$moreforfilter .= $langs->trans('ThirdPartiesOfSaleRepresentative').': ';
-		$moreforfilter .= $formother->select_salesrepresentatives($search_sale, 'search_sale', $user, 0, 1, 'maxwidth300');
+		$tmptitle = $langs->trans('ThirdPartiesOfSaleRepresentative');
+		$moreforfilter .= img_picto($tmptitle, 'user', 'class="pictofixedwidth"').$formother->select_salesrepresentatives($search_sale, 'search_sale', $user, 0, $tmptitle, 'maxwidth250');
 		$moreforfilter .= '</div>';
 	}
 	// If the user can view prospects other than his'
 	if ($user->rights->societe->client->voir || $socid) {
 		$moreforfilter .= '<div class="divsearchfield">';
-		$moreforfilter .= $langs->trans('LinkedToSpecificUsers').': ';
-		$moreforfilter .= $form->select_dolusers($search_user, 'search_user', 1, '', 0, '', '', 0, 0, 0, '', 0, '', 'maxwidth300');
+		$tmptitle = $langs->trans('LinkedToSpecificUsers');
+		$moreforfilter .= img_picto($tmptitle, 'user', 'class="pictofixedwidth"').$form->select_dolusers($search_user, 'search_user', $tmptitle, '', 0, '', '', 0, 0, 0, '', 0, '', 'maxwidth250');
 		$moreforfilter .= '</div>';
 	}
 	// If the user can view products
 	if (!empty($conf->categorie->enabled) && $user->rights->categorie->lire && ($user->rights->produit->lire || $user->rights->service->lire)) {
 		include_once DOL_DOCUMENT_ROOT.'/categories/class/categorie.class.php';
 		$moreforfilter .= '<div class="divsearchfield">';
-		$moreforfilter .= $langs->trans('IncludingProductWithTag').': ';
+		$tmptitle = $langs->trans('IncludingProductWithTag');
 		$cate_arbo = $form->select_all_categories(Categorie::TYPE_PRODUCT, null, 'parent', null, null, 1);
-		$moreforfilter .= $form->selectarray('search_product_category', $cate_arbo, $search_product_category, 1, 0, 0, '', 0, 0, 0, 0, 'maxwidth300', 1);
+		$moreforfilter .= img_picto($tmptitle, 'category', 'class="pictofixedwidth"').$form->selectarray('search_product_category', $cate_arbo, $search_product_category, $tmptitle, 0, 0, '', 0, 0, 0, 0, 'maxwidth300', 1);
 		$moreforfilter .= '</div>';
 	}
 	$parameters = array();
diff --git a/htdocs/takepos/invoice.php b/htdocs/takepos/invoice.php
index 669b37bf806..d73f6499c93 100644
--- a/htdocs/takepos/invoice.php
+++ b/htdocs/takepos/invoice.php
@@ -1063,7 +1063,7 @@ $( document ).ready(function() {
 			if ($placeid == $obj->rowid) {
 				echo "<b>";
 			}
-			echo dol_print_date($db->jdate($obj->datec), '%H:%M', 'tzuser');
+			echo '<span class="fa fa-shopping-cart paddingright"></span>'.dol_print_date($db->jdate($obj->datec), '%H:%M', 'tzuser');
 			if ($placeid == $obj->rowid) {
 				echo "</b>";
 			}
@@ -1071,7 +1071,7 @@ $( document ).ready(function() {
 		}
 		echo '$("#customerandsales").append(\'<a onclick="place=\\\'0-';
 		echo $max_sale + 1;
-		echo '\\\'; invoiceid=0; Refresh();"><span class="fa fa-plus-square" title="'.dol_escape_htmltag($langs->trans("StartAParallelSale")).'"></a>\');';
+		echo '\\\'; invoiceid=0; Refresh();"><div><span class="fa fa-plus" title="'.dol_escape_htmltag($langs->trans("StartAParallelSale")).'"><span class="fa fa-shopping-cart"></span></div></a>\');';
 	} else {
 		dol_print_error($db);
 	}
diff --git a/htdocs/theme/eldy/btn.inc.php b/htdocs/theme/eldy/btn.inc.php
index d5d21a0d439..3e3ab1d3b01 100644
--- a/htdocs/theme/eldy/btn.inc.php
+++ b/htdocs/theme/eldy/btn.inc.php
@@ -72,7 +72,7 @@ span.butAction, span.butActionDelete {
 	border-radius: 3px;
 }
 .butActionRefused:last-child, .butAction:last-child, .butActionDelete:last-child {
-	margin-right: 0px !important;
+	margin-<?php echo $right; ?>: 0px !important;
 }
 .butActionRefused, .butAction, .butAction:link, .butAction:visited, .butAction:hover, .butAction:active, .butActionDelete, .butActionDelete:link, .butActionDelete:visited, .butActionDelete:hover, .butActionDelete:active {
 	text-decoration: none;
diff --git a/htdocs/theme/eldy/dropdown.inc.php b/htdocs/theme/eldy/dropdown.inc.php
index 871ee5aa68c..e0976e0e1db 100644
--- a/htdocs/theme/eldy/dropdown.inc.php
+++ b/htdocs/theme/eldy/dropdown.inc.php
@@ -277,14 +277,14 @@ a.top-menu-dropdown-link {
 	text-decoration: none;
 }
 
-#topmenuloginmoreinfo-btn{
+#topmenuloginmoreinfo-btn, #topmenulogincompanyinfo-btn {
 	display: block;
 	text-aling: right;
 	color:#666;
 	cursor: pointer;
 }
 
-#topmenuloginmoreinfo{
+#topmenuloginmoreinfo, #topmenulogincompanyinfo {
 	display: none;
 	clear: both;
 	font-size: 0.95em;
diff --git a/htdocs/theme/eldy/global.inc.php b/htdocs/theme/eldy/global.inc.php
index 213c9652991..5500de16650 100644
--- a/htdocs/theme/eldy/global.inc.php
+++ b/htdocs/theme/eldy/global.inc.php
@@ -21,6 +21,7 @@
 	--colorbacklinepairchecked: rgb(<?php print $colorbacklinepairchecked; ?>);
 	--colorbacklinebreak: rgb(<?php print $colorbacklinebreak; ?>);
 	--colorbackbody: rgb(<?php print $colorbackbody; ?>);
+	--colorbackmobilemenu: #f8f8f8;
 	--colortexttitlenotab: rgb(<?php print $colortexttitlenotab; ?>);
 	--colortexttitlenotab2: rgb(<?php print $colortexttitlenotab2; ?>);
 	--colortexttitle: rgba(<?php print $colortexttitle; ?>, 0.9);
@@ -45,6 +46,8 @@
 	--amountremaintopaycolor:#880000;
 	--amountpaymentcomplete:#008800;
 	--amountremaintopaybackcolor:none;
+	--productlinestockod: #002200;
+	--productlinestocktoolow: #884400;
 }
 
 <?php
@@ -57,7 +60,7 @@ if (!empty($conf->global->THEME_DARKMODEENABLED)) {
 	            --colorbackhmenu1: #1d1e20;
 	            --colorbackvmenu1: #2b2c2e;
 	            --colorbacktitle1: #2b2d2f;
-	            --colorbacktabcard1: #38393d;
+	            --colorbacktabcard1: #1d1e20;				/* Must be same than colorbackbody */
 	            --colorbacktabactive: rgb(220,220,220);
 	            --colorbacklineimpair1: #38393d;
 	            --colorbacklineimpair2: #2b2d2f;
@@ -66,6 +69,7 @@ if (!empty($conf->global->THEME_DARKMODEENABLED)) {
 	            --colorbacklinepairhover: #2b2d2f;
 	            --colorbacklinepairchecked: #0e5ccd;
 	            --colorbackbody: #1d1e20;
+				--colorbackmobilemenu: #080808;
 	            --tooltipbgcolor: #2b2d2f;
 	            --colortexttitlenotab: rgb(220,220,220);
 	            --colortexttitlenotab2: rgb(220,220,220);
@@ -89,7 +93,11 @@ if (!empty($conf->global->THEME_DARKMODEENABLED)) {
 	            --amountremaintopaycolor:rgb(252,84,91);
 	            --amountpaymentcomplete:rgb(101,184,77);
 	            --amountremaintopaybackcolor:rbg(245,130,46);
-	      }\n";
+	      }
+
+		body, button {
+			color: #bbb;
+		}\n";
 	if ($conf->global->THEME_DARKMODEENABLED != 2) {
 		print "}\n";
 	}
@@ -719,6 +727,9 @@ textarea.centpercent {
 .paddingright2 {
 	padding-<?php print $right; ?>: 2px;
 }
+.paddingright2imp {
+	padding-<?php print $right; ?>: 2px !important;
+}
 .paddingtop {
 	padding-top: 4px;
 }
@@ -1827,7 +1838,7 @@ div.vmenu, td.vmenu {
 
 
 div.fiche {
-	margin-<?php print $left; ?>: <?php print (GETPOST('optioncss', 'aZ09') == 'print' ? 6 : (empty($conf->dol_optimize_smallscreen) ? '32' : '6')); ?>px;
+	margin-<?php print $left; ?>: <?php print (GETPOST('optioncss', 'aZ09') == 'print' ? 6 : (empty($conf->dol_optimize_smallscreen) ? '34' : '6')); ?>px;
 	margin-<?php print $right; ?>: <?php print (GETPOST('optioncss', 'aZ09') == 'print' ? 6 : (empty($conf->dol_optimize_smallscreen) ? '30' : '6')); ?>px;
 	<?php if (!empty($dol_hide_leftmenu)) {
 		print 'margin-bottom: 12px;'."\n";
@@ -3489,9 +3500,11 @@ div.pagination li.pagination a,
 div.pagination li.pagination span {
   padding: 6px 12px;
   line-height: 1.42857143;
-  color: #000;
   text-decoration: none;
   background-repeat: repeat-x;
+  <?php if (empty($conf->global->THEME_DARKMODEENABLED)) { ?>
+  color: #000;
+  <?php } ?>
 }
 div.pagination li.pagination span.inactive {
   cursor: default;
@@ -4271,8 +4284,8 @@ div.boximport {
 	min-height: unset;
 }
 
-.product_line_stock_ok { color: #002200; }
-.product_line_stock_too_low { color: #884400; }
+.product_line_stock_ok { color: var(--productlinestockok); }
+.product_line_stock_too_low { color: var(--productlinestocktoolow); }
 
 .fieldrequired { font-weight: bold; color: var(--fieldrequiredcolor) !important; }
 
@@ -4784,7 +4797,7 @@ table.cal_month td { padding-left: 1px !important; padding-right: 1px !important
 div.event { margin-left: 8px; margin-right: 8px; margin-bottom: 8px; margin-top: 4px; border-radius: 4px; box-shadow: 2px 2px 5px rgba(100, 100, 100, 0.2); }
 table.cal_event    { border: none; border-collapse: collapse; margin-bottom: 1px; min-height: 20px; filter: saturate(0.8); border-radius: 3px; }
 table.cal_event td { border: none; padding-<?php print $left; ?>: 2px; padding-<?php print $right; ?>: 2px; padding-top: 0px; padding-bottom: 0px; }
-table.cal_event td.cal_event { padding: 4px 4px !important; }
+table.cal_event td.cal_event { padding: 4px 4px !important; padding-bottom: 2px !important; padding-top: 2px !important; }
 table.cal_event td.cal_event_right { padding: 4px 4px !important; }
 .cal_event              { font-size: 1em; }
 .cal_event a:link       { color: #111111; font-weight: normal !important; }
@@ -6073,7 +6086,7 @@ li.ui-li-divider .ui-link {
 	color: #FFF !important;
 }
 .ui-btn {
-	margin: 0.1em 2px
+	margin: 0 2px;
 }
 a.ui-link, a.ui-link:hover, .ui-btn:hover, span.ui-btn-text:hover, span.ui-btn-inner:hover {
 	text-decoration: none !important;
@@ -6227,7 +6240,7 @@ ul.ulmenu {
 }
 .alilevel0 {
 	color: var(--colortexttitle) !important;
-	background: #f8f8f8
+	background: var(--colorbackmobilemenu);
 }
 .ulmenu {
 	box-shadow: none !important;
diff --git a/htdocs/theme/md/dropdown.inc.php b/htdocs/theme/md/dropdown.inc.php
index 9b96c9b061b..2627a727a23 100644
--- a/htdocs/theme/md/dropdown.inc.php
+++ b/htdocs/theme/md/dropdown.inc.php
@@ -283,14 +283,14 @@ a.top-menu-dropdown-link {
 	text-decoration: none;
 }
 
-#topmenuloginmoreinfo-btn{
+#topmenuloginmoreinfo-btn, #topmenulogincompanyinfo-btn {
 	display: block;
 	text-aling: right;
 	color:#666;
 	cursor: pointer;
 }
 
-#topmenuloginmoreinfo{
+#topmenuloginmoreinfo, #topmenulogincompanyinfo {
 	display: none;
 	clear: both;
 	font-size: 0.95em;
diff --git a/htdocs/theme/md/style.css.php b/htdocs/theme/md/style.css.php
index 74a349108a3..d90bde8597a 100644
--- a/htdocs/theme/md/style.css.php
+++ b/htdocs/theme/md/style.css.php
@@ -4702,7 +4702,7 @@ table.cal_month td:last-child   { border-right: 0px; }
 div.event { margin: 8px; border-radius: 4px; box-shadow: 2px 2px 5px rgba(100, 100, 100, 0.2); }
 table.cal_event    { border: none; border-collapse: collapse; margin-bottom: 1px; -webkit-border-radius: 3px; border-radius: 3px; min-height: 20px;	}
 table.cal_event td { border: none; padding-<?php print $left; ?>: 2px; padding-<?php print $right; ?>: 2px; padding-top: 0px; padding-bottom: 0px; }
-table.cal_event td.cal_event { padding: 4px 4px !important; }
+table.cal_event td.cal_event { padding: 4px 4px !important; padding-bottom: 2px !important; padding-top: 2px !important; }
 table.cal_event td.cal_event_right { padding: 4px 4px !important; }
 .cal_event              { font-size: 1em; }
 .cal_event a:link       { color: #111111; font-weight: normal !important; }
diff --git a/htdocs/ticket/card.php b/htdocs/ticket/card.php
index 98bcccd4ca1..e6f3f21050c 100644
--- a/htdocs/ticket/card.php
+++ b/htdocs/ticket/card.php
@@ -186,7 +186,7 @@ if (empty($reshook)) {
 			$notifyTiers = GETPOST("notify_tiers_at_create", 'alpha');
 			$object->notify_tiers_at_create = empty($notifyTiers) ? 0 : 1;
 
-			$object->fk_project = GETPOST('projectid', 'int');
+			$object->fk_project = $projectid;
 
 			$id = $object->create($user);
 			if ($id <= 0) {
@@ -205,9 +205,9 @@ if (empty($reshook)) {
 					$result = $object->add_contact($contactid, $typeid, 'external');
 				}
 
-				// altairis: link ticket to project
-				if (GETPOST('projectid') > 0) {
-					$object->setProject(GETPOST('projectid'));
+				// Link ticket to project
+				if ($projectid > 0) {
+					$object->setProject($projectid);
 				}
 
 				// Auto assign user
@@ -236,7 +236,7 @@ if (empty($reshook)) {
 				if ($conf->global->TICKET_AUTO_CREATE_FICHINTER_CREATE) {
 					$fichinter = new Fichinter($db);
 					$fichinter->socid = $object->fk_soc;
-					$fichinter->fk_project = GETPOST('projectid', 'int');
+					$fichinter->fk_project = $projectid;
 					$fichinter->fk_contrat = $contractid;
 					$fichinter->author = $user->id;
 					$fichinter->model_pdf = 'soleil';
@@ -534,7 +534,7 @@ if (empty($reshook)) {
 	} elseif ($action == 'classin' && $user->rights->ticket->write) {
 		// Categorisation dans projet
 		if ($object->fetch(GETPOST('id', 'int'), '', GETPOST('track_id', 'alpha')) >= 0) {
-			$object->setProject(GETPOST('projectid', 'int'));
+			$object->setProject($projectid);
 			$url = 'card.php?action=view&track_id='.$object->track_id;
 			header("Location: ".$url);
 			exit();
@@ -778,7 +778,7 @@ if ($action == 'create' || $action == 'presend') {
 		}
 
 		// project info
-		if ($projectid) {
+		if ($projectid > 0) {
 			$projectstat = new Project($db);
 			if ($projectstat->fetch($projectid) > 0) {
 				$projectstat->fetch_thirdparty();
diff --git a/htdocs/ticket/class/ticket.class.php b/htdocs/ticket/class/ticket.class.php
index 93806bb86aa..57d0066323d 100644
--- a/htdocs/ticket/class/ticket.class.php
+++ b/htdocs/ticket/class/ticket.class.php
@@ -1982,8 +1982,8 @@ class Ticket extends CommonObject
 	 *     Link element with a project
 	 * 	   Override core function because of key name 'fk_project' used for this module
 	 *
-	 *     @param  int $projectid Project id to link element to
-	 *     @return int                        <0 if KO, >0 if OK
+	 *     @param  int 		$projectid 			Project id to link element to
+	 *     @return int                   	   <0 if KO, >0 if OK
 	 */
 	public function setProject($projectid)
 	{
@@ -1994,16 +1994,15 @@ class Ticket extends CommonObject
 
 		$sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element;
 		if ($projectid) {
-			$sql .= ' SET fk_project = '.$projectid;
+			$sql .= ' SET fk_project = '.((int) $projectid);
 		} else {
 			$sql .= ' SET fk_project = NULL';
 		}
-
-		$sql .= ' WHERE rowid = '.$this->id;
+		$sql .= ' WHERE rowid = '.((int) $this->id);
 
 		dol_syslog(get_class($this)."::setProject sql=".$sql);
 		if ($this->db->query($sql)) {
-			$this->fk_project = $projectid;
+			$this->fk_project = ((int) $projectid);
 			return 1;
 		} else {
 			dol_print_error($this->db);
diff --git a/htdocs/user/class/user.class.php b/htdocs/user/class/user.class.php
index c1224285c7c..f01198f1ca8 100644
--- a/htdocs/user/class/user.class.php
+++ b/htdocs/user/class/user.class.php
@@ -1110,16 +1110,14 @@ class User extends CommonObject
 		// Check parameters
 		if ($this->statut == $status) {
 			return 0;
-		} else {
-			$this->statut = $status;
 		}
 
 		$this->db->begin();
 
 		// Save in database
 		$sql = "UPDATE ".MAIN_DB_PREFIX."user";
-		$sql .= " SET statut = ".$this->statut;
-		$sql .= " WHERE rowid = ".$this->id;
+		$sql .= " SET statut = ".((int) $status);
+		$sql .= " WHERE rowid = ".((int) $this->id);
 		$result = $this->db->query($sql);
 
 		dol_syslog(get_class($this)."::setstatus", LOG_DEBUG);
@@ -1136,6 +1134,8 @@ class User extends CommonObject
 			$this->db->rollback();
 			return -$error;
 		} else {
+			$this->status = $status;
+			$this->statut = $status;
 			$this->db->commit();
 			return 1;
 		}
@@ -1199,7 +1199,7 @@ class User extends CommonObject
 
 		// If contact, remove link
 		if ($this->contact_id > 0) {
-			$sql = "UPDATE ".MAIN_DB_PREFIX."socpeople SET fk_user_creat = null WHERE rowid = ".$this->contact_id;
+			$sql = "UPDATE ".MAIN_DB_PREFIX."socpeople SET fk_user_creat = null WHERE rowid = ".((int) $this->contact_id);
 			if (!$error && !$this->db->query($sql)) {
 				$error++;
 				$this->error = $this->db->lasterror();
@@ -1737,7 +1737,7 @@ class User extends CommonObject
 			// If user is linked to a member, remove old link to this member
 			if ($this->fk_member > 0) {
 				dol_syslog(get_class($this)."::update remove link with member. We will recreate it later", LOG_DEBUG);
-				$sql = "UPDATE ".MAIN_DB_PREFIX."user SET fk_member = NULL where fk_member = ".$this->fk_member;
+				$sql = "UPDATE ".MAIN_DB_PREFIX."user SET fk_member = NULL where fk_member = ".((int) $this->fk_member);
 				$resql = $this->db->query($sql);
 				if (!$resql) {
 					$this->error = $this->db->error(); $this->db->rollback(); return -5;
@@ -1745,7 +1745,7 @@ class User extends CommonObject
 			}
 			// Set link to user
 			dol_syslog(get_class($this)."::update set link with member", LOG_DEBUG);
-			$sql = "UPDATE ".MAIN_DB_PREFIX."user SET fk_member =".($this->fk_member > 0 ? $this->fk_member : 'null')." where rowid = ".$this->id;
+			$sql = "UPDATE ".MAIN_DB_PREFIX."user SET fk_member =".($this->fk_member > 0 ? ((int) $this->fk_member) : 'null')." where rowid = ".((int) $this->id);
 			$resql = $this->db->query($sql);
 			if (!$resql) {
 				$this->error = $this->db->error(); $this->db->rollback(); return -5;
diff --git a/htdocs/user/note.php b/htdocs/user/note.php
index 1a375343e05..1ce397626e6 100644
--- a/htdocs/user/note.php
+++ b/htdocs/user/note.php
@@ -105,7 +105,7 @@ if ($id) {
 
 	print '<div class="underbanner clearboth"></div>';
 
-	print "<form method=\"post\" action=\"".$_SERVER['PHP_SELF']."\">";
+	print '<form method="POST" action="'.$_SERVER['PHP_SELF'].'">';
 	print '<input type="hidden" name="token" value="'.newToken().'">';
 
 	print '<div class="fichecenter">';
diff --git a/htdocs/webservices/server_supplier_invoice.php b/htdocs/webservices/server_supplier_invoice.php
index 122d4b10694..2a17ea15265 100644
--- a/htdocs/webservices/server_supplier_invoice.php
+++ b/htdocs/webservices/server_supplier_invoice.php
@@ -324,7 +324,6 @@ function getSupplierInvoice($authentication, $id = '', $ref = '', $ref_ext = '')
  * @param	array		$authentication		Array of authentication information
  * @param	int			$idthirdparty		Id thirdparty
  * @return	array							Array result
- *
  */
 function getSupplierInvoicesForThirdParty($authentication, $idthirdparty)
 {
diff --git a/htdocs/webservices/server_thirdparty.php b/htdocs/webservices/server_thirdparty.php
index 60b28ad06d0..19ff0100d6d 100644
--- a/htdocs/webservices/server_thirdparty.php
+++ b/htdocs/webservices/server_thirdparty.php
@@ -304,13 +304,15 @@ function getThirdParty($authentication, $id = '', $ref = '', $ref_ext = '')
 
 	// Init and check authentication
 	$objectresp = array();
-	$errorcode = ''; $errorlabel = '';
+	$errorcode = '';
+	$errorlabel = '';
 	$error = 0;
 	$fuser = check_authentication($authentication, $error, $errorcode, $errorlabel);
 	// Check parameters
 	if (!$error && (($id && $ref) || ($id && $ref_ext) || ($ref && $ref_ext))) {
 		$error++;
-		$errorcode = 'BAD_PARAMETERS'; $errorlabel = "Parameter id, ref and ref_ext can't be both provided. You must choose one or other but not both.";
+		$errorcode = 'BAD_PARAMETERS';
+		$errorlabel = "Parameter id, ref and ref_ext can't be both provided. You must choose one or other but not both.";
 	}
 
 	if (!$error) {
@@ -380,6 +382,9 @@ function getThirdParty($authentication, $id = '', $ref = '', $ref_ext = '')
 				$objectresp = array(
 					'result'=>array('result_code'=>'OK', 'result_label'=>''),
 					'thirdparty'=>$thirdparty_result_fields);
+			} elseif ($result == -2) {
+				$error++;
+				$errorcode = 'DUPLICATE_FOUND'; $errorlabel = 'Object found several times for id='.$id.' or ref='.$ref.' or ref_ext='.$ref_ext;
 			} else {
 				$error++;
 				$errorcode = 'NOT_FOUND'; $errorlabel = 'Object not found for id='.$id.' nor ref='.$ref.' nor ref_ext='.$ref_ext;
diff --git a/htdocs/zapier/admin/about.php b/htdocs/zapier/admin/about.php
index 27f281d549c..b7e2936fc41 100644
--- a/htdocs/zapier/admin/about.php
+++ b/htdocs/zapier/admin/about.php
@@ -2,6 +2,9 @@
 /* Copyright (C) 2004-2017 Laurent Destailleur  <eldy@users.sourceforge.net>
  * Copyright (C) 2019 Frédéric FRANCE <frederic.france@free.fr>
  *
+ *
+ * LICENSE =================================================================
+ *
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
  * the Free Software Foundation, either version 3 of the License, or
@@ -13,7 +16,8 @@
  * GNU General Public License for more details.
  *
  * You should have received a copy of the GNU General Public License
- * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ *
  */
 
 /**
diff --git a/test/phpunit/SecurityTest.php b/test/phpunit/SecurityTest.php
index 1d3b76cd4f2..01cd3343877 100644
--- a/test/phpunit/SecurityTest.php
+++ b/test/phpunit/SecurityTest.php
@@ -190,7 +190,7 @@ class SecurityTest extends PHPUnit\Framework\TestCase
 		$this->assertGreaterThanOrEqual(0, $result, 'Error on testSqlAndScriptInject kkk');
 		*/
 
-		$_SERVER["PHP_SELF"]='/DIR WITH SPACE/htdocs/admin/index.php?mainmenu=home&leftmenu=setup&username=weservices';
+		$_SERVER["PHP_SELF"]='/DIR WITH SPACE/htdocs/admin/index.php';
 		$result=testSqlAndScriptInject($_SERVER["PHP_SELF"], 2);
 		$this->assertEquals($expectedresult, $result, 'Error on testSqlAndScriptInject for PHP_SELF that should be ok');
 
@@ -201,7 +201,7 @@ class SecurityTest extends PHPUnit\Framework\TestCase
 		// Should detect XSS
 		$expectedresult=1;
 
-		$_SERVER["PHP_SELF"]='/DIR WITH SPACE/htdocs/admin/index.php?mainmenu=home&leftmenu=setup&username=weservices;badaction';
+		$_SERVER["PHP_SELF"]='/DIR WITH SPACE/htdocs/admin/index.php/<svg>';
 		$result=testSqlAndScriptInject($_SERVER["PHP_SELF"], 2);
 		$this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on testSqlAndScriptInject for PHP_SELF that should detect XSS');
 
@@ -316,6 +316,7 @@ class SecurityTest extends PHPUnit\Framework\TestCase
 		$_GET["param4"]='../dir';
 		$_GET["param5"]="a_1-b";
 		$_POST["param6"]="&quot;&gt;<svg o&#110;load='console.log(&quot;123&quot;)'&gt;";
+		$_POST["param6b"]='<<<../>../>../svg><<<../>../>../animate =alert(1)>abc';
 		$_GET["param7"]='"c:\this is a path~1\aaa&#110;" abc<bad>def</bad>';
 		$_POST["param8a"]="Hacker<svg o&#110;load='console.log(&quot;123&quot;)'";	// html tag is not closed so it is not detected as html tag but is still harmfull
 		$_POST['param8b']='<img src=x onerror=alert(document.location) t=';		// this is html obfuscated by non closing tag
@@ -386,6 +387,10 @@ class SecurityTest extends PHPUnit\Framework\TestCase
 		print __METHOD__." result=".$result."\n";
 		$this->assertEquals('">', $result);
 
+		$result=GETPOST("param6b");
+		print __METHOD__." result=".$result."\n";
+		$this->assertEquals('abc', $result);
+
 		// With restricthtml we must remove html open/close tag and content but not htmlentities like &#110;
 
 		$result=GETPOST("param7", 'restricthtml');