diff --git a/htdocs/core/lib/date.lib.php b/htdocs/core/lib/date.lib.php
index 237adc9447a..558ba2aa322 100644
--- a/htdocs/core/lib/date.lib.php
+++ b/htdocs/core/lib/date.lib.php
@@ -322,20 +322,28 @@ function convertSecondToTime($iSecond, $format = 'all', $lengthOfDay = 86400, $l
  * Generate a SQL string to make a filter into a range (for second of date until last second of date).
  * This method allows to maje SQL request that will deal correctly the timezone of server.
  *
- * @param      string	$datefield			Name of SQL field where apply sql date filter
- * @param      int		$day_date			Day date
- * @param      int		$month_date			Month date
- * @param      int		$year_date			Year date
- * @param	   int      $excludefirstand	Exclude first and
- * @param	   mixed	$gm					False or 0 or 'tzserver' = Input date fields are date info in the server TZ. True or 1 or 'gmt' = Input are date info in GMT TZ.
- * 											Note: In database, dates are always fot the server TZ.
- * @return     string	$sqldate			String with SQL filter
+ * @param      string		$datefield			Name of SQL field where apply sql date filter
+ * @param      int|string	$day_date			Day date (Can be 0 or '' for filter on a month)
+ * @param      int|string	$month_date			Month date (Can be 0 or '' for filter on a year)
+ * @param      int|string	$year_date			Year date
+ * @param	   int      	$excludefirstand	Exclude first and
+ * @param	   mixed		$gm					False or 0 or 'tzserver' = Input date fields are date info in the server TZ. True or 1 or 'gmt' = Input are date info in GMT TZ.
+ * 												Note: In database, dates are always fot the server TZ.
+ * @return     string		$sqldate			String with SQL filter
  */
 function dolSqlDateFilter($datefield, $day_date, $month_date, $year_date, $excludefirstand = 0, $gm = false)
 {
 	global $db;
-	$sqldate = "";
+	$sqldate = '';
+
+	$day_date = intval($day_date);
+	$month_date = intval($month_date);
+	$year_date = intval($year_date);
+
 	if ($month_date > 0) {
+		if ($month_date > 12) {	// protection for bad value of month
+			return " AND 1 = 2";
+		}
 		if ($year_date > 0 && empty($day_date)) {
 			$sqldate .= ($excludefirstand ? "" : " AND ").$datefield." BETWEEN '".$db->idate(dol_get_first_day($year_date, $month_date, $gm));
 			$sqldate .= "' AND '".$db->idate(dol_get_last_day($year_date, $month_date, $gm))."'";
diff --git a/htdocs/projet/tasks/time.php b/htdocs/projet/tasks/time.php
index f47eb2a49d3..f2b4476ed61 100644
--- a/htdocs/projet/tasks/time.php
+++ b/htdocs/projet/tasks/time.php
@@ -1347,7 +1347,9 @@ if (($id > 0 || !empty($ref)) || $projectidforalltimes > 0 || $allprojectforuser
 		if ($search_valuebilled == '0') {
 			$sql .= ' AND (t.invoice_id = 0 OR t.invoice_id IS NULL)';
 		}
+
 		$sql .= dolSqlDateFilter('t.task_datehour', $search_day, $search_month, $search_year);
+
 		// Add where from hooks
 		$parameters = array();
 		$reshook = $hookmanager->executeHooks('printFieldListWhere', $parameters); // Note that $action and $object may have been modified by hook
@@ -1869,26 +1871,24 @@ if (($id > 0 || !empty($ref)) || $projectidforalltimes > 0 || $allprojectforuser
 
 			// Action column
 			print '<td class="center nowraponall">';
-			if (($action == 'editline' || $action == 'splitline') && $_GET['lineid'] == $task_time->rowid) {
-				print '<input type="hidden" name="lineid" value="'.$_GET['lineid'].'">';
+			if (($action == 'editline' || $action == 'splitline') && GETPOST('lineid', 'int') == $task_time->rowid) {
+				print '<input type="hidden" name="lineid" value="'.GETPOST('lineid', 'int').'">';
 				print '<input type="submit" class="button buttongen margintoponlyshort marginbottomonlyshort button-save" name="save" value="'.$langs->trans("Save").'">';
-				print '<br>';
+				print ' ';
 				print '<input type="submit" class="button buttongen margintoponlyshort marginbottomonlyshort button-cancel" name="cancel" value="'.$langs->trans("Cancel").'">';
-			} elseif ($user->rights->projet->time || $user->rights->projet->all->creer) {	 // Read project and enter time consumed on assigned tasks
-				if ($task_time->fk_user == $user->id || in_array($task_time->fk_user, $childids) || $user->rights->projet->all->creer) {
-					if ($conf->MAIN_FEATURES_LEVEL >= 2) {
+			} elseif ($user->hasRight('projet', 'time') || $user->hasRight('projet', 'all', 'creer')) {	 // Read project and enter time consumed on assigned tasks
+				if ($task_time->fk_user == $user->id || in_array($task_time->fk_user, $childids) || $user->hasRight('projet', 'all', 'creer')) {
+					if (getDolGlobalString('MAIN_FEATURES_LEVEL') >= 2) {
 						print '&nbsp;';
 						print '<a class="reposition" href="'.$_SERVER["PHP_SELF"].'?id='.$task_time->fk_task.'&action=splitline&token='.newToken().'&lineid='.$task_time->rowid.$param.((empty($id) || $tab == 'timespent') ? '&tab=timespent' : '').'">';
-						print img_split();
+						print img_split('', 'class="pictofixedwidth"');
 						print '</a>';
 					}
 
-					print '&nbsp;';
 					print '<a class="reposition editfielda" href="'.$_SERVER["PHP_SELF"].'?id='.$task_time->fk_task.'&action=editline&token='.newToken().'&lineid='.$task_time->rowid.$param.((empty($id) || $tab == 'timespent') ? '&tab=timespent' : '').'">';
-					print img_edit();
+					print img_edit('default', 0, 'class="pictofixedwidth paddingleft"');
 					print '</a>';
 
-					print '&nbsp;';
 					print '<a class="reposition paddingleft" href="'.$_SERVER["PHP_SELF"].'?id='.$task_time->fk_task.'&action=deleteline&token='.newToken().'&lineid='.$task_time->rowid.$param.((empty($id) || $tab == 'timespent') ? '&tab=timespent' : '').'">';
 					print img_delete('default', 'class="pictodelete paddingleft"');
 					print '</a>';