diff --git a/htdocs/core/class/html.form.class.php b/htdocs/core/class/html.form.class.php
index 4d8aa1e2b6e..499e9779b1f 100644
--- a/htdocs/core/class/html.form.class.php
+++ b/htdocs/core/class/html.form.class.php
@@ -201,7 +201,7 @@ class Form
 	 * @param	string	$formatfunc		Call a specific function to output field in view mode (For example: 'dol_print_email')
 	 * @param	string	$paramid		Key of parameter for id ('id', 'socid')
 	 * @param	string	$gm				'auto' or 'tzuser' or 'tzuserrel' or 'tzserver' (when $typeofdata is a date)
-	 * @param	array	$moreoptions	Array with more options. For example array('addnowlink'=>1)
+	 * @param	array	$moreoptions	Array with more options. For example array('addnowlink'=>1), array('valuealreadyhtmlescaped'=>1)
 	 * @return  string					HTML edit field
 	 */
 	public function editfieldval($text, $htmlname, $value, $object, $perm, $typeofdata = 'string', $editvalue = '', $extObject = null, $custommsg = null, $moreparam = '', $notabletag = 0, $formatfunc = '', $paramid = 'id', $gm = 'auto', $moreoptions = array())
@@ -367,7 +367,11 @@ class Form
 					// clean data from some dangerous html
 					$ret .= dol_string_onlythesehtmltags(dol_htmlentitiesbr($tmpcontent));
 				} else {
-					$ret .= dol_escape_htmltag($value);
+					if (empty($moreoptions['valuealreadyhtmlescaped'])) {
+						$ret .= dol_escape_htmltag($value);
+					} else {
+						$ret .= $value;		// $value must be already html escaped.
+					}
 				}
 
 				if ($formatfunc && method_exists($object, $formatfunc)) {
diff --git a/htdocs/fourn/card.php b/htdocs/fourn/card.php
index 90a760e14a1..297d8dfb4e5 100644
--- a/htdocs/fourn/card.php
+++ b/htdocs/fourn/card.php
@@ -98,7 +98,8 @@ if (empty($reshook)) {
 		$action = "";
 	}
 
-	if ($action == 'setsupplieraccountancycode') {
+	// Set supplier accounting account
+	if ($action == 'setsupplieraccountancycode' && $user->hasRight('societe', 'creer')) {
 		$result = $object->fetch($id);
 		$object->code_compta_fournisseur = GETPOST("supplieraccountancycode");
 		$result = $object->update($object->id, $user, 1, 0, 1);
@@ -106,8 +107,17 @@ if (empty($reshook)) {
 			setEventMessages($object->error, $object->errors, 'errors');
 		}
 	}
+	// Set vat number accounting account
+	if ($action == 'settva_intra' && $user->hasRight('societe', 'creer')) {
+		$result = $object->fetch($id);
+		$object->tva_intra = GETPOST("tva_intra");
+		$result = $object->update($object->id, $user, 1, 0, 0);
+		if ($result < 0) {
+			setEventMessages($object->error, $object->errors, 'errors');
+		}
+	}
 	// Set payment terms of the settlement
-	if ($action == 'setconditions' && $user->rights->societe->creer) {
+	if ($action == 'setconditions' && $user->hasRight('societe', 'creer')) {
 		$object->fetch($id);
 		$result = $object->setPaymentTerms(GETPOST('cond_reglement_supplier_id', 'int'));
 		if ($result < 0) {
@@ -115,7 +125,7 @@ if (empty($reshook)) {
 		}
 	}
 	// Payment mode
-	if ($action == 'setmode' && $user->rights->societe->creer) {
+	if ($action == 'setmode' && $user->hasRight('societe', 'creer')) {
 		$object->fetch($id);
 		$result = $object->setPaymentMethods(GETPOST('mode_reglement_supplier_id', 'int'));
 		if ($result < 0) {
@@ -124,7 +134,7 @@ if (empty($reshook)) {
 	}
 
 	// Bank account
-	if ($action == 'setbankaccount' && $user->rights->societe->creer) {
+	if ($action == 'setbankaccount' && $user->hasRight('societe', 'creer')) {
 		$object->fetch($id);
 		$result = $object->setBankAccount(GETPOST('fk_account', 'int'));
 		if ($result < 0) {
@@ -133,7 +143,7 @@ if (empty($reshook)) {
 	}
 
 	// update supplier order min amount
-	if ($action == 'setsupplier_order_min_amount') {
+	if ($action == 'setsupplier_order_min_amount' && $user->hasRight('societe', 'creer')) {
 		$object->fetch($id);
 		$object->supplier_order_min_amount = price2num(GETPOST('supplier_order_min_amount', 'alpha'));
 		$result = $object->update($object->id, $user);
@@ -142,7 +152,7 @@ if (empty($reshook)) {
 		}
 	}
 
-	if ($action == 'update_extras') {
+	if ($action == 'update_extras' && $user->hasRight('societe', 'creer')) {
 		$object->fetch($id);
 
 		$object->oldcopy = dol_clone($object);
@@ -261,8 +271,12 @@ if ($object->id > 0) {
 	}
 
 	// TVA Intra
-	print '<tr><td class="nowrap">'.$langs->trans('VATIntra').'</td><td>';
-	print showValueWithClipboardCPButton(dol_escape_htmltag($object->tva_intra));
+	print '<tr><td class="nowrap">';
+	//print $langs->trans('VATIntra').'</td><td>';
+	$vattoshow = ($object->tva_intra ? showValueWithClipboardCPButton(dol_escape_htmltag($object->tva_intra)) : '');
+	print $form->editfieldkey("VATIntra", 'tva_intra', $object->tva_intra, $object, $user->hasRight('societe', 'creer'));
+	print '</td><td>';
+	print $form->editfieldval("VATIntra", 'tva_intra', $vattoshow, $object, $user->hasRight('societe', 'creer'), 'string', $object->tva_intra, null, null, '', 0, '', 'id', 'auto', array('valuealreadyhtmlescaped'=>1));
 	print '</td></tr>';
 
 	// Default terms of the settlement