diff --git a/htdocs/adherents/admin/adherent.php b/htdocs/adherents/admin/adherent.php
index fc99e2fe659..ab568991486 100644
--- a/htdocs/adherents/admin/adherent.php
+++ b/htdocs/adherents/admin/adherent.php
@@ -4,8 +4,8 @@
  * Copyright (C) 2004-2012 Laurent Destailleur  <eldy@users.sourceforge.net>
  * Copyright (C) 2004      Sebastien Di Cintio  <sdicintio@ressource-toi.org>
  * Copyright (C) 2004      Benoit Mortier       <benoit.mortier@opensides.be>
- * Copyright (C) 2005-2011 Regis Houssin        <regis@dolibarr.fr>
- * Copyright (C) 2011 	   Juanjo Menent		<jmenent@2byte.es>
+ * Copyright (C) 2005-2012 Regis Houssin        <regis@dolibarr.fr>
+ * Copyright (C) 2011-2012 Juanjo Menent		<jmenent@2byte.es>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -39,7 +39,7 @@ if (! $user->admin) accessforbidden();
 
 $type=array('yesno','texte','chaine');
 
-$action = GETPOST("action");
+$action = POST('action','alpha');
 
 
 /*
@@ -78,7 +78,7 @@ if ($action == 'update' || $action == 'add')
 // Action activation d'un sous module du module adherent
 if ($action == 'set')
 {
-    $result=dolibarr_set_const($db, $_GET["name"],$_GET["value"],'',0,'',$conf->entity);
+    $result=dolibarr_set_const($db, GETPOST('name','alpha'),GETPOST('value','alpha'),'',0,'',$conf->entity);
     if ($result < 0)
     {
         print $db->error();
@@ -88,7 +88,7 @@ if ($action == 'set')
 // Action desactivation d'un sous module du module adherent
 if ($action == 'unset')
 {
-    $result=dolibarr_del_const($db,$_GET["name"],$conf->entity);
+    $result=dolibarr_del_const($db,GETPOST('name','alpha'),$conf->entity);
     if ($result < 0)
     {
         print $db->error();
diff --git a/htdocs/admin/fournisseur.php b/htdocs/admin/fournisseur.php
index 7ab06bcbc6c..b433731f1f6 100644
--- a/htdocs/admin/fournisseur.php
+++ b/htdocs/admin/fournisseur.php
@@ -4,7 +4,7 @@
  * Copyright (C) 2005-2011 Regis Houssin           <regis@dolibarr.fr>
  * Copyright (C) 2004      Sebastien Di Cintio     <sdicintio@ressource-toi.org>
  * Copyright (C) 2004      Benoit Mortier          <benoit.mortier@opensides.be>
- * Copyright (C) 2010-2011 Juanjo Menent           <jmenent@2byte.es>
+ * Copyright (C) 2010-2012 Juanjo Menent           <jmenent@2byte.es>
  * Copyright (C) 2011      Philippe Grand          <philippe.grand@atoo-net.com>
  *
  * This program is free software; you can redistribute it and/or modify
@@ -38,9 +38,9 @@ $langs->load("admin");
 if (!$user->admin)
 accessforbidden();
 
-$type=GETPOST('type');
-$value=GETPOST('value');
-$action=GETPOST('action');
+$type=GETPOST('type', 'alpha');
+$value=GETPOST('value', 'alpha');
+$action=GETPOST('action', 'alpha');
 
 $specimenthirdparty=new Societe($db);
 $specimenthirdparty->initAsSpecimen();
@@ -52,8 +52,9 @@ $specimenthirdparty->initAsSpecimen();
 
 if ($action == 'updateMask')
 {
-    $maskconstorder=$_POST['maskconstorder'];
-    $maskorder=$_POST['maskorder'];
+    $maskconstorder=GETPOST('maskconstorder','alpha');
+    $maskorder=GETPOST('maskorder','alpha');
+    
     if ($maskconstorder)  $res = dolibarr_set_const($db,$maskconstorder,$maskorder,'chaine',0,'',$conf->entity);
 
     if (! $res > 0) $error++;
@@ -70,7 +71,7 @@ if ($action == 'updateMask')
 
 if ($action == 'specimen')  // For orders
 {
-    $modele=GETPOST("module");
+    $modele=GETPOST('module','alpha');
 
     $commande = new CommandeFournisseur($db);
     $commande->initAsSpecimen();
@@ -116,7 +117,7 @@ if ($action == 'specimen')  // For orders
 
 if ($action == 'specimenfacture')   // For invoices
 {
-    $modele=GETPOST("module");
+    $modele=GETPOST('module','alpha');
 
     $facture = new FactureFournisseur($db);
     $facture->initAsSpecimen();
@@ -162,10 +163,13 @@ if ($action == 'specimenfacture')   // For invoices
 
 if ($action == 'set')
 {
+	$label = GETPOST('label','alpha');
+	$scandir = GETPOST('scandir','alpha');
+	
     $sql = "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity, libelle, description)";
     $sql.= " VALUES ('".$db->escape($value)."','".$type."',".$conf->entity.", ";
-    $sql.= ($_GET["label"]?"'".$db->escape($_GET["label"])."'":'null').", ";
-    $sql.= (! empty($_GET["scandir"])?"'".$db->escape($_GET["scandir"])."'":"null");
+    $sql.= ($label?"'".$db->escape($label)."'":'null').", ";
+    $sql.= (! empty($scandir)?"'".$db->escape($scandir)."'":"null");
     $sql.= ")";
     $res=$db->query($sql);
     if ($res)
@@ -191,14 +195,17 @@ if ($action == 'del')
 
 if ($action == 'setdoc')
 {
+	$label = GETPOST('label','alpha');
+	$scandir = GETPOST('scandir','alpha');
+	
     $db->begin();
 
-    if ($_GET["type"] == 'order_supplier' && dolibarr_set_const($db, "COMMANDE_SUPPLIER_ADDON_PDF",$value,'chaine',0,'',$conf->entity))
+    if ($type == 'order_supplier' && dolibarr_set_const($db, "COMMANDE_SUPPLIER_ADDON_PDF",$value,'chaine',0,'',$conf->entity))
     {
         $conf->global->COMMANDE_SUPPLIER_ADDON_PDF = $value;
     }
 
-    if ($_GET["type"] == 'invoice_supplier' && dolibarr_set_const($db, "INVOICE_SUPPLIER_ADDON_PDF",$value,'chaine',0,'',$conf->entity))
+    if ($type == 'invoice_supplier' && dolibarr_set_const($db, "INVOICE_SUPPLIER_ADDON_PDF",$value,'chaine',0,'',$conf->entity))
     {
         $conf->global->INVOICE_SUPPLIER_ADDON_PDF = $value;
     }
@@ -212,8 +219,8 @@ if ($action == 'setdoc')
 
     $sql = "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity, libelle, description)";
     $sql.= " VALUES ('".$db->escape($value)."', '".$type."', ".$conf->entity.", ";
-    $sql.= ($_GET["label"]?"'".$db->escape($_GET["label"])."'":'null').", ";
-    $sql.= (! empty($_GET["scandir"])?"'".$db->escape($_GET["scandir"])."'":"null");
+    $sql.= ($label?"'".$db->escape($label)."'":'null').", ";
+    $sql.= (! empty($scandir)?"'".$db->escape($scandir)."'":"null");
     $sql.= ")";
     $result2=$db->query($sql);
     if ($result1 && $result2)
@@ -242,7 +249,7 @@ if ($action == 'addcat')
 
 if ($action == 'set_SUPPLIER_INVOICE_FREE_TEXT')
 {
-    $free = GETPOST("SUPPLIER_INVOICE_FREE_TEXT");
+    $free = GETPOST('SUPPLIER_INVOICE_FREE_TEXT','alpha');
     $res = dolibarr_set_const($db, "SUPPLIER_INVOICE_FREE_TEXT",$free,'chaine',0,'',$conf->entity);
 
     if (! $res > 0) $error++;
diff --git a/htdocs/cashdesk/admin/cashdesk.php b/htdocs/cashdesk/admin/cashdesk.php
index 8b3bb8a9fcf..e92dd6e0f4d 100644
--- a/htdocs/cashdesk/admin/cashdesk.php
+++ b/htdocs/cashdesk/admin/cashdesk.php
@@ -1,6 +1,6 @@
 <?php
 /* Copyright (C) 2008-2011 Laurent Destailleur  <eldy@users.sourceforge.net>
- * Copyright (C) 2011 	   Juanjo Menent		<jmenent@2byte.es>
+ * Copyright (C) 2011-2012 Juanjo Menent		<jmenent@2byte.es>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -29,9 +29,9 @@ require_once(DOL_DOCUMENT_ROOT."/product/class/html.formproduct.class.php");
 // If socid provided by ajax company selector
 if (! empty($_REQUEST['CASHDESK_ID_THIRDPARTY_id']))
 {
-	$_GET['CASHDESK_ID_THIRDPARTY'] = $_GET['CASHDESK_ID_THIRDPARTY_id'];
-	$_POST['CASHDESK_ID_THIRDPARTY'] = $_POST['CASHDESK_ID_THIRDPARTY_id'];
-	$_REQUEST['CASHDESK_ID_THIRDPARTY'] = $_REQUEST['CASHDESK_ID_THIRDPARTY_id'];
+	$_GET['CASHDESK_ID_THIRDPARTY'] = GETPOST('CASHDESK_ID_THIRDPARTY_id','alpha');
+	$_POST['CASHDESK_ID_THIRDPARTY'] = GETPOST('CASHDESK_ID_THIRDPARTY_id','alpha');
+	$_REQUEST['CASHDESK_ID_THIRDPARTY'] = GETPOST('CASHDESK_ID_THIRDPARTY_id','alpha');
 }
 
 // Security check
@@ -45,7 +45,7 @@ $langs->load("cashdesk");
 /*
  * Actions
  */
-if (GETPOST("action") == 'set')
+if (GETPOST('action','alpha') == 'set')
 {
 	$db->begin();
 
@@ -54,13 +54,13 @@ if (GETPOST("action") == 'set')
 	if (GETPOST("CASHDESK_ID_WAREHOUSE") < 0)  $_POST["CASHDESK_ID_WAREHOUSE"]='';*/
 
 	$res = dolibarr_set_const($db,"CASHDESK_ID_THIRDPARTY",GETPOST('socid','int'),'chaine',0,'',$conf->entity);
-	$res = dolibarr_set_const($db,"CASHDESK_ID_BANKACCOUNT_CASH",GETPOST("CASHDESK_ID_BANKACCOUNT_CASH"),'chaine',0,'',$conf->entity);
-	$res = dolibarr_set_const($db,"CASHDESK_ID_BANKACCOUNT_CHEQUE",GETPOST("CASHDESK_ID_BANKACCOUNT_CHEQUE"),'chaine',0,'',$conf->entity);
-	$res = dolibarr_set_const($db,"CASHDESK_ID_BANKACCOUNT_CB",GETPOST("CASHDESK_ID_BANKACCOUNT_CB"),'chaine',0,'',$conf->entity);
-	$res = dolibarr_set_const($db,"CASHDESK_ID_WAREHOUSE",GETPOST("CASHDESK_ID_WAREHOUSE"),'chaine',0,'',$conf->entity);
-	$res = dolibarr_set_const($db,"CASHDESK_SERVICES", GETPOST("CASHDESK_SERVICES"),'chaine',0,'',$conf->entity);
+	$res = dolibarr_set_const($db,"CASHDESK_ID_BANKACCOUNT_CASH",GETPOST('CASHDESK_ID_BANKACCOUNT_CASH','alpha'),'chaine',0,'',$conf->entity);
+	$res = dolibarr_set_const($db,"CASHDESK_ID_BANKACCOUNT_CHEQUE",GETPOST('CASHDESK_ID_BANKACCOUNT_CHEQUE','alpha'),'chaine',0,'',$conf->entity);
+	$res = dolibarr_set_const($db,"CASHDESK_ID_BANKACCOUNT_CB",GETPOST('CASHDESK_ID_BANKACCOUNT_CB','alpha'),'chaine',0,'',$conf->entity);
+	$res = dolibarr_set_const($db,"CASHDESK_ID_WAREHOUSE",GETPOST('CASHDESK_ID_WAREHOUSE','alpha'),'chaine',0,'',$conf->entity);
+	$res = dolibarr_set_const($db,"CASHDESK_SERVICES", GETPOST('CASHDESK_SERVICES','alpha'),'chaine',0,'',$conf->entity);
 
-	dol_syslog("admin/cashdesk: level ".GETPOST("level"));
+	dol_syslog("admin/cashdesk: level ".GETPOST('level','alpha'));
 
 	if (! $res > 0) $error++;
 
diff --git a/htdocs/product/admin/product.php b/htdocs/product/admin/product.php
index 1de35cbee03..3df46970edc 100644
--- a/htdocs/product/admin/product.php
+++ b/htdocs/product/admin/product.php
@@ -4,7 +4,7 @@
  * Copyright (C) 2006-2007 Rodolphe Quiedeville <rodolphe@quiedeville.org>
  * Copyright (C) 2007      Auguria SARL         <info@auguria.org>
  * Copyright (C) 2005-2012 Regis Houssin        <regis@dolibarr.fr>
- * Copyright (C) 2011 	   Juanjo Menent        <jmenent@2byte.es>
+ * Copyright (C) 2011-2012 Juanjo Menent        <jmenent@2byte.es>
  * Copyright (C) 2012      Christophe Battarel   <christophe.battarel@altairis.fr>
 **
  * This program is free software; you can redistribute it and/or modify
@@ -38,8 +38,8 @@ $langs->load("products");
 // Security check
 if (! $user->admin) accessforbidden();
 
-$action = GETPOST("action");
-$value = GETPOST("value");
+$action = GETPOST('action','alpha');
+$value = GETPOST('value','alpha');
 
 
 /*
@@ -56,35 +56,35 @@ else if ($action == 'multiprix_num')
 }
 if ($action == 'multiprix')
 {
-	$multiprix = GETPOST("activate_multiprix");
+	$multiprix = GETPOST('activate_multiprix','alpha');
 
 	$res = dolibarr_set_const($db, "PRODUIT_MULTIPRICES", $multiprix,'chaine',0,'',$conf->entity);
 	$res =dolibarr_set_const($db, "PRODUIT_MULTIPRICES_LIMIT", "5",'chaine',0,'',$conf->entity);
 }
 else if ($action == 'sousproduits')
 {
-	$sousproduits = GETPOST("activate_sousproduits");
+	$sousproduits = GETPOST('activate_sousproduits','alpha');
 	$res = dolibarr_set_const($db, "PRODUIT_SOUSPRODUITS", $sousproduits,'chaine',0,'',$conf->entity);
 }
 else if ($action == 'viewProdDescInForm')
 {
-	$view = GETPOST("activate_viewProdDescInForm");
+	$view = GETPOST('activate_viewProdDescInForm','alpha');
 	$res = dolibarr_set_const($db, "PRODUIT_DESC_IN_FORM", $view,'chaine',0,'',$conf->entity);
 }
 else if ($action == 'viewProdTextsInThirdpartyLanguage')
 {
-	$view = GETPOST("activate_viewProdTextsInThirdpartyLanguage");
+	$view = GETPOST('activate_viewProdTextsInThirdpartyLanguage','alpha');
 	$res = dolibarr_set_const($db, "PRODUIT_TEXTS_IN_THIRDPARTY_LANGUAGE", $view,'chaine',0,'',$conf->entity);
 }
 else if ($action == 'usesearchtoselectproduct')
 {
-	$usesearch = GETPOST("activate_usesearchtoselectproduct");
+	$usesearch = GETPOST('activate_usesearchtoselectproduct','alpha');
 	$res = dolibarr_set_const($db, "PRODUIT_USE_SEARCH_TO_SELECT", $usesearch,'chaine',0,'',$conf->entity);
 }
 else if ($action == 'set')
 {
-	$const = "PRODUCT_SPECIAL_".strtoupper($_GET["spe"]);
-	if ($_GET["value"]) $res = dolibarr_set_const($db, $const, $value,'chaine',0,'',$conf->entity);
+	$const = "PRODUCT_SPECIAL_".strtoupper(GETPOST('spe','alpha'));
+	if (GETPOST('value','alpha')) $res = dolibarr_set_const($db, $const, $value,'chaine',0,'',$conf->entity);
 	else $res = dolibarr_del_const($db, $const,$conf->entity);
 }
 /*else if ($action == 'useecotaxe')