diff --git a/htdocs/compta/bank/card.php b/htdocs/compta/bank/card.php
index 1524c1d1727..ccc834835a4 100644
--- a/htdocs/compta/bank/card.php
+++ b/htdocs/compta/bank/card.php
@@ -54,12 +54,6 @@ $langs->loadLangs(array("banks", "bills", "categories", "companies", "compta"));
 $action = GETPOST('action', 'aZ09');
 $cancel = GETPOST('cancel', 'alpha');
 
-// Security check
-$id = GETPOST("id", 'int') ? GETPOST("id", 'int') : GETPOST('ref', 'alpha');
-$fieldid = GETPOSTISSET("ref") ? 'ref' : 'rowid';
-
-$result = restrictedArea($user, 'banque', $id, 'bank_account&bank_account', '', '', $fieldid);
-
 $object = new Account($db);
 $extrafields = new ExtraFields($db);
 
@@ -69,6 +63,12 @@ $extrafields->fetch_name_optionals_label($object->table_element);
 // Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context
 $hookmanager->initHooks(array('bankcard', 'globalcard'));
 
+// Security check
+$id = GETPOST("id", 'int') ? GETPOST("id", 'int') : GETPOST('ref', 'alpha');
+$fieldid = GETPOSTISSET("ref") ? 'ref' : 'rowid';
+$result = restrictedArea($user, 'banque', $id, 'bank_account&bank_account', '', '', $fieldid);
+
+
 /*
  * Actions
  */
diff --git a/htdocs/compta/bank/document.php b/htdocs/compta/bank/document.php
index 0add6bf77fd..35102281ae9 100644
--- a/htdocs/compta/bank/document.php
+++ b/htdocs/compta/bank/document.php
@@ -71,6 +71,7 @@ if ($id > 0 || !empty($ref)) {
 	$object->fetch($id, $ref);
 }
 
+
 $result = restrictedArea($user, 'banque', $object->id, 'bank_account', '', '');
 
 
diff --git a/htdocs/compta/bank/info.php b/htdocs/compta/bank/info.php
index a2a3260775a..c61f6e50bff 100644
--- a/htdocs/compta/bank/info.php
+++ b/htdocs/compta/bank/info.php
@@ -30,6 +30,18 @@ require_once DOL_DOCUMENT_ROOT.'/compta/bank/class/account.class.php';
 $langs->loadLangs(array('banks', 'categories', 'companies'));
 
 $id = GETPOST("rowid", 'int');
+$ref = GETPOST('ref', 'alpha');
+
+// Security check
+$fieldvalue = (!empty($id) ? $id : (!empty($ref) ? $ref : ''));
+$fieldtype = (!empty($ref) ? 'ref' : 'rowid');
+if ($user->socid) {
+	$socid = $user->socid;
+}
+$result = restrictedArea($user, 'banque', $fieldvalue, 'bank_account', '', '', $fieldtype);
+if (!$user->rights->banque->lire && !$user->rights->banque->consolidate) {
+	accessforbidden();
+}
 
 
 /*
diff --git a/htdocs/compta/bank/treso.php b/htdocs/compta/bank/treso.php
index b1dac2858b0..6ccd953a68b 100644
--- a/htdocs/compta/bank/treso.php
+++ b/htdocs/compta/bank/treso.php
@@ -37,22 +37,23 @@ require_once DOL_DOCUMENT_ROOT.'/compta/bank/class/account.class.php';
 $langs->loadLangs(array('banks', 'categories', 'bills', 'companies'));
 
 // Security check
-if (isset($_GET["account"]) || isset($_GET["ref"])) {
-	$id = isset($_GET["account"]) ? $_GET["account"] : (isset($_GET["ref"]) ? $_GET["ref"] : '');
+if (GETPOSTISSET("account") || GETPOSTISSET("ref")) {
+	$id = GETPOSTISSET("account") ? GETPOST("account") : (GETPOSTISSET("ref") ? GETPOST("ref") : '');
 }
-$fieldid = isset($_GET["ref"]) ? 'ref' : 'rowid';
+$fieldid = GETPOSTISSET("ref") ? 'ref' : 'rowid';
 if ($user->socid) {
 	$socid = $user->socid;
 }
 $result = restrictedArea($user, 'banque', $id, 'bank_account&bank_account', '', '', $fieldid);
 
 
-$vline = isset($_GET["vline"]) ? $_GET["vline"] : $_POST["vline"];
-$page = isset($_GET["page"]) ? $_GET["page"] : 0;
+$vline = GETPOST('vline');
+$page = GETPOSTISSET("page") ? GETPOST("page") : 0;
 
 // Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context
 $hookmanager->initHooks(array('banktreso', 'globalcard'));
 
+
 /*
  * View
  */
@@ -68,7 +69,7 @@ $socialcontribstatic = new ChargeSociales($db);
 
 $form = new Form($db);
 
-if ($_REQUEST["account"] || $_REQUEST["ref"]) {
+if (GETPOST("account") || GETPOST("ref")) {
 	if ($vline) {
 		$viewline = $vline;
 	} else {
@@ -76,11 +77,11 @@ if ($_REQUEST["account"] || $_REQUEST["ref"]) {
 	}
 
 	$object = new Account($db);
-	if ($_GET["account"]) {
-		$result = $object->fetch($_GET["account"]);
+	if (GETPOST("account", 'int')) {
+		$result = $object->fetch(GETPOST("account", 'int'));
 	}
-	if ($_GET["ref"]) {
-		$result = $object->fetch(0, $_GET["ref"]);
+	if (GETPOST("ref")) {
+		$result = $object->fetch(0, GETPOST("ref"));
 		$_GET["account"] = $object->id;
 	}
 
@@ -91,6 +92,8 @@ if ($_REQUEST["account"] || $_REQUEST["ref"]) {
 
 	$linkback = '<a href="'.DOL_URL_ROOT.'/compta/bank/list.php?restore_lastsearch_values=1">'.$langs->trans("BackToList").'</a>';
 
+	$morehtmlref = '';
+
 	dol_banner_tab($object, 'ref', $linkback, 1, 'ref', 'ref', $morehtmlref, '', 0, '', '', 1);
 
 	print dol_get_fiche_end();