diff --git a/ChangeLog b/ChangeLog
index 1f4afc83e82..46779a760c5 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -2,6 +2,7 @@
 English Dolibarr ChangeLog
 --------------------------------------------------------------
 
+
 ***** ChangeLog for 13.0.0 compared to 12.0.0 *****
 For users:
 NEW: Add module Credit transfer SEPA to manage payment of supplier using bank credit transfer SEPA files
@@ -22,6 +23,52 @@ Following changes may create regressions for some external modules, but were nec
   you must now also include declaration of the Trait CommonIncoterm in your class. All incoterm functions were moved into this Trait. 
 * The GETPOST(..., 'alpha') has now the same behaviour than GETPOST(..., 'alpahnohtml');
 
+
+***** ChangeLog for 12.0.3 compared to 12.0.2 *****
+FIX: 10.0 - when the mime file name is different from the filesystem name, the attachment name should be the mime filename
+FIX: 11.0 - expenses lines overlapping the total amounts frame
+FIX: 12.0 - round value of virtual stock on product stock reassort list
+FIX: #14469
+FIX: #14474 Error when deleting
+FIX: #14530
+FIX: #14703
+FIX: - Accountancy balance Error SQL on entity
+FIX: Bad number of subscription (forgotten when member was resiliated)
+FIX: bad route url to delete subproduct with API
+FIX: Category for suplements not saved
+FIX: Compatibility with modules without document generation
+FIX: Cron load lang
+FIX: CSS
+FIX: Error management. Do no try to approve PO if validation fails.
+FIX: expenses lines overlapping the frame for total amounts.
+FIX: Filter in "billed" of orders was not saved
+FIX: infinite fetch object linked loop
+FIX: Intervention lose html tags when updating
+FIX: JS CRASH - bad usage of moreparam
+FIX: lang fr retained warranty
+FIX: Look and feel v12: First tab must be name of object
+FIX: missing entity check
+FIX: missing param for hook
+FIX: Missing transaction on PO actions
+FIX: MySql Strict mode
+FIX: param entity in html form file
+FIX: Problems on FEC format
+FIX: round stock value on product list
+FIX: - Send mail from contact : select mail model
+FIX: set sales representatives on create company card
+FIX: Setup of stock increase/decrease
+FIX: sign of amount with credit note and multicurrencies
+FIX: Static property called as non static
+FIX: task leftmenu
+FIX: title button attribute id empty
+FIX: unit price divided by quantity when accepting supplier price proposal
+FIX: Update extrafields on line only if it is supported
+FIX: Update line of BOM
+FIX: using decimal on stock correction
+FIX: Visualization rights correction on last modified contacts box
+FIX: Wrong redirection
+FIX: Yogosha report 4425 (backport)
+
 ***** ChangeLog for 12.0.2 compared to 12.0.1 *****
 FIX: computation of the bottom margin of <body> returns NaN because body is not loaded yet
 FIX: DebugBar hides content at page bottom
diff --git a/SECURITY.md b/SECURITY.md
index 06d1407229a..56e1da679ed 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -97,19 +97,19 @@ Scope is the web application (back office) and the APIs.
 
 ## Non-qualifying vulnerabilities for Bug bounty programs, but qualified for reporting
 * "Self" XSS
-* Missing cookie flags
 * SSL/TLS best practices
 * Denial of Service attacks
 * Clickjacking/UI redressing
-* Physical or social engineering attempts
+* Physical or social engineering attempts or issues that require physical access to a victim’s computer/device
 * Presence of autocomplete attribute on web forms
 * Vulnerabilities affecting outdated browsers or platforms
-* Issues that require physical access to a victim’s computer/device
 * Logout and other instances of low-severity Cross-Site Request Forgery
+* Missing cookie flags
 * Missing security-related HTTP headers which do not lead directly to a vulnerability
 * Reports from automated web vulnerability scanners (Acunetix, Vega, etc.) that have not been validated
 * Invalid or missing SPF (Sender Policy Framework) records (Incomplete or missing SPF/DKIM/DMARC)
 * Reports on features flagged as "experimental" or "development"
-* Software version disclosure when logged user is admin
+* Software version or private IP disclosure when logged user is admin
 * Stack traces or path disclosure when logged user is admin
+* Any vulnerabilities due to a configuration different than the one defined into chapter "Scope for qualified vulnerabilities".
 
diff --git a/htdocs/accountancy/bookkeeping/list.php b/htdocs/accountancy/bookkeeping/list.php
index cba4756fdd0..5ae9c3d4742 100644
--- a/htdocs/accountancy/bookkeeping/list.php
+++ b/htdocs/accountancy/bookkeeping/list.php
@@ -640,7 +640,9 @@ $newcardbutton .= dolGetButtonTitle($buttonLabel, $langs->trans("ExportFilteredL
 
 $newcardbutton .= dolGetButtonTitle($langs->trans('GroupByAccountAccounting'), '', 'fa fa-stream paddingleft', DOL_URL_ROOT.'/accountancy/bookkeeping/listbyaccount.php?'.$param);
 
-$newcardbutton .= dolGetButtonTitle($langs->trans('NewAccountingMvt'), '', 'fa fa-plus-circle paddingleft', './card.php?action=create', '', $user->rights->accounting->mouvements->creer);
+$url = './card.php?action=create';
+if (!empty($socid)) $url .= '&socid='.$socid;
+$newcardbutton .= dolGetButtonTitle($langs->trans('NewAccountingMvt'), '', 'fa fa-plus-circle paddingleft', $url, '', $user->rights->accounting->mouvements->creer);
 
 print_barre_liste($title_page, $page, $_SERVER["PHP_SELF"], $param, $sortfield, $sortorder, '', $num, $nbtotalofrecords, 'title_accountancy', 0, $newcardbutton, '', $limit);
 
diff --git a/htdocs/accountancy/index.php b/htdocs/accountancy/index.php
index 4f6c66ff7d5..80ed833b828 100644
--- a/htdocs/accountancy/index.php
+++ b/htdocs/accountancy/index.php
@@ -38,6 +38,7 @@ if ($user->socid > 0)
 // Initialize technical object to manage hooks. Note that conf->hooks_modules contains array of hooks
 $hookmanager->initHooks(array('accountancyindex'));
 
+
 /*
  * Actions
  */
@@ -54,6 +55,7 @@ if (GETPOST('addbox'))	// Add box (when submit is done from a form when ajax dis
     if ($result > 0) setEventMessages($langs->trans("BoxAdded"), null);
 }
 
+
 /*
  * View
  */
diff --git a/htdocs/admin/stock.php b/htdocs/admin/stock.php
index 61ab031376b..6983c228007 100644
--- a/htdocs/admin/stock.php
+++ b/htdocs/admin/stock.php
@@ -23,7 +23,7 @@
 /**
  *	\file       htdocs/admin/stock.php
  *	\ingroup    stock
- *	\brief      Page d'administration/configuration du module gestion de stock
+ *	\brief      Page to setup module stock
  */
 require '../main.inc.php';
 require_once DOL_DOCUMENT_ROOT.'/core/lib/admin.lib.php';
@@ -760,76 +760,6 @@ print '</table>';
 
 print '</form>';
 
-/*
-print '<br>';
-if ($conf->global->MAIN_FEATURES_LEVEL >= 2)
-{
-	print '<table class="noborder centpercent">';
-	print '<tr class="liste_titre">';
-	print '<td>'.$langs->trans("Inventory").'</td>'."\n";
-	print '<td class="right">'.$langs->trans("Status").'</td>'."\n";
-	print '</tr>'."\n";
-
-	// Example with a yes / no select
-	print '<tr class="oddeven">';
-	print '<td>'.$langs->trans("INVENTORY_DISABLE_VIRTUAL").'</td>';
-	print '<td class="center">';
-	if ($conf->use_javascript_ajax) {
-		print ajax_constantonoff('INVENTORY_DISABLE_VIRTUAL');
-	} else {
-		$arrval = array('0' => $langs->trans("No"), '1' => $langs->trans("Yes"));
-		print $form->selectarray("INVENTORY_DISABLE_VIRTUAL", $arrval, $conf->global->INVENTORY_DISABLE_VIRTUAL);
-	}
-	print '</td></tr>';
-
-
-	// Example with a yes / no select
-    print '<tr class="oddeven">';
-	print '<td>'.$langs->trans("INVENTORY_USE_MIN_PA_IF_NO_LAST_PA").'</td>';
-	print '<td class="center">';
-  	if ($conf->use_javascript_ajax) {
-  		print ajax_constantonoff('INVENTORY_USE_MIN_PA_IF_NO_LAST_PA');
-  	} else {
-  		$arrval = array('0' => $langs->trans("No"), '1' => $langs->trans("Yes"));
-  		print $form->selectarray("INVENTORY_USE_MIN_PA_IF_NO_LAST_PA", $arrval, $conf->global->INVENTORY_USE_MIN_PA_IF_NO_LAST_PA);
-  	}
-  	print '</td></tr>';
-
-
-  	// Example with a yes / no select
-	print '<tr class="oddeven">';
-	print '<td>'.$langs->trans("INVENTORY_USE_INVENTORY_DATE_FOR_DATE_OF_MVT").'</td>';
-	print '<td class="right">';
-	if ($conf->use_javascript_ajax) {
-    	print ajax_constantonoff('INVENTORY_USE_INVENTORY_DATE_FOR_DATE_OF_MVT');
-	} else {
-    	$arrval = array('0' => $langs->trans("No"), '1' => $langs->trans("Yes"));
-    	print $form->selectarray("INVENTORY_USE_INVENTORY_DATE_FOR_DATE_OF_MVT", $arrval, $conf->global->INVENTORY_USE_INVENTORY_DATE_FOR_DATE_OF_MVT);
-	}
-	print '</td></tr>';
-
-	print '</table>';
-}
-*/
-
-/* I keep the option/feature, but hidden to end users for the moment. If feature is used by module, no need to have users see it.
-If not used by a module, I still need to understand in which case user may need this now we can set rule on product page.
-if ($conf->global->PRODUIT_SOUSPRODUITS)
-{
-	print '<tr class="oddeven">';
-	print '<td>'.$langs->trans("IndependantSubProductStock").'</td>';
-	print '<td class="right">';
-	print "<form method=\"post\" action=\"stock.php\">";
-	print '<input type="hidden" name="token" value="'.newToken().'">';
-	print "<input type=\"hidden\" name=\"action\" value=\"INDEPENDANT_SUBPRODUCT_STOCK\">";
-	print $form->selectyesno("INDEPENDANT_SUBPRODUCT_STOCK",$conf->global->INDEPENDANT_SUBPRODUCT_STOCK,1);
-	print '<input type="submit" class="button" value="'.$langs->trans("Modify").'">';
-	print '</form>';
-	print "</td>\n";
-	print "</tr>\n";
-}
-*/
-
 // End of page
 llxFooter();
 $db->close();
diff --git a/htdocs/admin/syslog.php b/htdocs/admin/syslog.php
index 079fb3a6052..60de87d2d2e 100644
--- a/htdocs/admin/syslog.php
+++ b/htdocs/admin/syslog.php
@@ -212,6 +212,12 @@ foreach ($syslogModules as $moduleName)
 	print '<td width="140">';
 	print '<input class="oddeven" type="checkbox" name="SYSLOG_HANDLERS[]" value="'.$moduleName.'" '.(in_array($moduleName, $activeModules) ? 'checked' : '').($moduleactive <= 0 ? 'disabled' : '').'> ';
 	print $module->getName();
+	if ($moduleName == 'mod_syslog_syslog') {
+		if (! $module->isActive()) {
+			$langs->load("errors");
+			print $form->textwithpicto('', $langs->trans("ErrorPHPNeedModule", 'SysLog'));
+		}
+	}
 	print '</td>';
 
 	print '<td class="nowrap">';
diff --git a/htdocs/admin/system/filecheck.php b/htdocs/admin/system/filecheck.php
index 88cf39b90a1..a3d54104a02 100644
--- a/htdocs/admin/system/filecheck.php
+++ b/htdocs/admin/system/filecheck.php
@@ -91,6 +91,7 @@ if (preg_match('/beta|alpha|rc/i', DOL_VERSION) || !empty($conf->global->MAIN_AL
 $enableremotecheck = true;
 
 print '<form name="check" action="'.$_SERVER["PHP_SELF"].'">';
+print '<input type="hidden" name="token" value="'.newToken().'">';
 print $langs->trans("MakeIntegrityAnalysisFrom").':<br>';
 print '<!-- for a local check target=local&xmlshortfile=... -->'."\n";
 if (dol_is_file($xmlfile))
diff --git a/htdocs/admin/tools/listevents.php b/htdocs/admin/tools/listevents.php
index 84fe534f473..32567f14074 100644
--- a/htdocs/admin/tools/listevents.php
+++ b/htdocs/admin/tools/listevents.php
@@ -226,6 +226,7 @@ if ($result)
     }
 
 	print '<form method="POST" action="'.$_SERVER["PHP_SELF"].'">';
+	print '<input type="hidden" name="token" value="'.newToken().'">';
 
     print_barre_liste($langs->trans("ListOfSecurityEvents"), $page, $_SERVER["PHP_SELF"], $param, $sortfield, $sortorder, $center, $num, $nbtotalofrecords, 'setup', 0, '', '', $limit);
 
diff --git a/htdocs/admin/website.php b/htdocs/admin/website.php
index 595848fe232..83aeed6bd13 100644
--- a/htdocs/admin/website.php
+++ b/htdocs/admin/website.php
@@ -411,7 +411,7 @@ print "<br>\n";
 // Confirmation de la suppression de la ligne
 if ($action == 'delete')
 {
-    print $form->formconfirm($_SERVER["PHP_SELF"].'?'.($page ? 'page='.$page.'&' : '').'sortfield='.$sortfield.'&sortorder='.$sortorder.'&rowid='.$rowid, $langs->trans('DeleteWebsite'), $langs->trans('ConfirmDeleteWebsite'), 'confirm_delete', '', 0, 1);
+    print $form->formconfirm($_SERVER["PHP_SELF"].'?'.($page ? 'page='.$page.'&' : '').'sortfield='.$sortfield.'&sortorder='.$sortorder.'&rowid='.$rowid, $langs->trans('DeleteWebsite'), $langs->trans('ConfirmDeleteWebsite'), 'confirm_delete', '', 0, 1, 220);
 }
 //var_dump($elementList);
 
diff --git a/htdocs/asset/card.php b/htdocs/asset/card.php
index 8a6cb9b5e94..6c017d6e765 100644
--- a/htdocs/asset/card.php
+++ b/htdocs/asset/card.php
@@ -65,6 +65,9 @@ if (empty($action) && empty($id) && empty($ref)) $action = 'view';
 // Load object
 include DOL_DOCUMENT_ROOT.'/core/actions_fetchobject.inc.php'; // Must be include, not include_once.
 
+// Security check
+if (!empty($user->socid)) $socid = $user->socid;
+$result = restrictedArea($user, 'asset', $id);
 
 $permissiontoread = $user->rights->asset->read;
 $permissiontoadd = $user->rights->asset->write; // Used by the include of actions_addupdatedelete.inc.php and actions_lineupdown.inc.php
diff --git a/htdocs/asset/class/asset.class.php b/htdocs/asset/class/asset.class.php
index 945d893dab7..2cc48489f7f 100644
--- a/htdocs/asset/class/asset.class.php
+++ b/htdocs/asset/class/asset.class.php
@@ -55,6 +55,10 @@ class Asset extends CommonObject
 	public $picto = 'asset';
 
 
+	const STATUS_DRAFT = 0;
+	const STATUS_VALIDATED = 1;
+
+
 	/**
 	 *  'type' if the field format.
 	 *  'label' the translation key.
@@ -390,31 +394,16 @@ class Asset extends CommonObject
         // phpcs:enable
 		global $langs;
 
-		if ($mode == 0 || $mode == 1)
-		{
-			if ($status == 1) return $langs->trans('Enabled');
-			elseif ($status == 0) return $langs->trans('Disabled');
-		} elseif ($mode == 2)
-		{
-			if ($status == 1) return img_picto($langs->trans('Enabled'), 'statut4').' '.$langs->trans('Enabled');
-			elseif ($status == 0) return img_picto($langs->trans('Disabled'), 'statut5').' '.$langs->trans('Disabled');
-		} elseif ($mode == 3)
-		{
-			if ($status == 1) return img_picto($langs->trans('Enabled'), 'statut4');
-			elseif ($status == 0) return img_picto($langs->trans('Disabled'), 'statut5');
-		} elseif ($mode == 4)
-		{
-			if ($status == 1) return img_picto($langs->trans('Enabled'), 'statut4').' '.$langs->trans('Enabled');
-			elseif ($status == 0) return img_picto($langs->trans('Disabled'), 'statut5').' '.$langs->trans('Disabled');
-		} elseif ($mode == 5)
-		{
-			if ($status == 1) return $langs->trans('Enabled').' '.img_picto($langs->trans('Enabled'), 'statut4');
-			elseif ($status == 0) return $langs->trans('Disabled').' '.img_picto($langs->trans('Disabled'), 'statut5');
-		} elseif ($mode == 6)
-		{
-			if ($status == 1) return $langs->trans('Enabled').' '.img_picto($langs->trans('Enabled'), 'statut4');
-			elseif ($status == 0) return $langs->trans('Disabled').' '.img_picto($langs->trans('Disabled'), 'statut5');
-		}
+		$langs->load("contracts");
+		$labelStatus[self::STATUS_DRAFT] = $langs->trans('Disabled');
+		$labelStatus[self::STATUS_VALIDATED] = $langs->trans('Enabled');
+		$labelStatusShort[self::STATUS_DRAFT] = $langs->trans('Disabled');
+		$labelStatusShort[self::STATUS_VALIDATED] = $langs->trans('Enabled');
+
+		$statusType = 'status0';
+		if ($status == self::STATUS_VALIDATED) $statusType = 'status4';
+
+		return dolGetStatus($labelStatus[$status], $labelStatusShort[$status], '', $statusType, $mode);
 	}
 
 	/**
diff --git a/htdocs/asset/document.php b/htdocs/asset/document.php
index d2890ea5b19..b43ec8d40cf 100644
--- a/htdocs/asset/document.php
+++ b/htdocs/asset/document.php
@@ -68,6 +68,10 @@ $extrafields->fetch_name_optionals_label($object->table_element);
 // Load object
 include DOL_DOCUMENT_ROOT.'/core/actions_fetchobject.inc.php'; // Must be include, not include_once  // Must be include, not include_once. Include fetch and fetch_thirdparty but not fetch_optionals
 
+// Security check
+if (!empty($user->socid)) $socid = $user->socid;
+$result = restrictedArea($user, 'asset', $id);
+
 //if ($id > 0 || ! empty($ref)) $upload_dir = $conf->sellyoursaas->multidir_output[$object->entity] . "/packages/" . dol_sanitizeFileName($object->id);
 if ($id > 0 || !empty($ref)) $upload_dir = $conf->sellyoursaas->multidir_output[$object->entity]."/packages/".dol_sanitizeFileName($object->ref);
 
diff --git a/htdocs/asset/info.php b/htdocs/asset/info.php
index 2654ebc2d81..801a7c85b36 100644
--- a/htdocs/asset/info.php
+++ b/htdocs/asset/info.php
@@ -35,15 +35,17 @@ $action = GETPOST('action', 'aZ09');
 
 // Security check
 if ($user->socid) $socid = $user->socid;
-$result = restrictedArea($user, 'asset', $id, '');
+$result = restrictedArea($user, 'asset', $id);
 
 $object = new Asset($db);
 $object->fetch($id);
 
+
 /*
  * Actions
  */
 
+// None
 
 
 /*
diff --git a/htdocs/asset/list.php b/htdocs/asset/list.php
index 975551968b4..936b070ec5a 100644
--- a/htdocs/asset/list.php
+++ b/htdocs/asset/list.php
@@ -73,12 +73,15 @@ if (!$sortorder) $sortorder = "ASC";
 
 // Security check
 $socid = 0;
+if ($user->socid) $socid = $user->socid;
 if ($user->socid > 0)	// Protection if external user
 {
 	//$socid = $user->socid;
 	accessforbidden();
 }
-//$result = restrictedArea($user, 'asset', $id,'');
+// Security check
+$result = restrictedArea($user, 'asset', $id);
+
 
 // Initialize array of search criterias
 $search_all = GETPOST("search_all", 'alpha');
diff --git a/htdocs/asset/note.php b/htdocs/asset/note.php
index 8df2a7a5452..f19249ce1d2 100644
--- a/htdocs/asset/note.php
+++ b/htdocs/asset/note.php
@@ -54,6 +54,10 @@ $extrafields->fetch_name_optionals_label($object->table_element);
 include DOL_DOCUMENT_ROOT.'/core/actions_fetchobject.inc.php'; // Must be include, not include_once  // Must be include, not include_once. Include fetch and fetch_thirdparty but not fetch_optionals
 if ($id > 0 || !empty($ref)) $upload_dir = $conf->asset->multidir_output[$object->entity]."/".$object->id;
 
+// Security check
+if (!empty($user->socid)) $socid = $user->socid;
+$result = restrictedArea($user, 'asset', $id);
+
 $permissionnote = 1;
 //$permissionnote=$user->rights->asset->creer;	// Used by the include of actions_setnotes.inc.php
 
diff --git a/htdocs/blockedlog/admin/blockedlog_list.php b/htdocs/blockedlog/admin/blockedlog_list.php
index f70e402b667..d0bee7c613c 100644
--- a/htdocs/blockedlog/admin/blockedlog_list.php
+++ b/htdocs/blockedlog/admin/blockedlog_list.php
@@ -311,6 +311,7 @@ if (GETPOST('withtab', 'alpha')) $param .= '&withtab='.urlencode(GETPOST('withta
 //include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_list_search_param.tpl.php';
 
 print '<form method="POST" id="searchFormList" action="'.$_SERVER["PHP_SELF"].'">';
+print '<input type="hidden" name="token" value="'.newToken().'">';
 
 print '<div class="right">';
 print $langs->trans("RestrictYearToExport").': ';
diff --git a/htdocs/categories/card.php b/htdocs/categories/card.php
index 8eb6c3d8eda..096a5497efd 100644
--- a/htdocs/categories/card.php
+++ b/htdocs/categories/card.php
@@ -88,6 +88,10 @@ if ($action == 'add' && $user->rights->categorie->creer)
 		{
 			header("Location: ".$urlfrom);
 			exit;
+		} elseif ($backtopage)
+		{
+			header("Location: ".$backtopage);
+			exit;
 		} elseif ($idProdOrigin)
 		{
 			header("Location: ".DOL_URL_ROOT.'/categories/viewcat.php?id='.$idProdOrigin.'&type='.$type);
@@ -235,13 +239,13 @@ if ($user->rights->categorie->creer)
 
 		// Ref
 		print '<tr>';
-		print '<td class="titlefieldcreate fieldrequired">'.$langs->trans("Ref").'</td><td><input id="label" class="minwidth100" name="label" value="'.$label.'">';
+		print '<td class="titlefieldcreate fieldrequired">'.$langs->trans("Ref").'</td><td><input id="label" class="minwidth100" name="label" value="'.dol_escape_htmltag($label).'">';
 		print'</td></tr>';
 
 		// Description
 		print '<tr><td class="tdtop">'.$langs->trans("Description").'</td><td>';
 		require_once DOL_DOCUMENT_ROOT.'/core/class/doleditor.class.php';
-		$doleditor = new DolEditor('description', $description, '', 200, 'dolibarr_notes', '', false, true, $conf->global->FCKEDITOR_ENABLE_PRODUCTDESC, ROWS_6, '90%');
+		$doleditor = new DolEditor('description', $description, '', 160, 'dolibarr_notes', '', false, true, $conf->global->FCKEDITOR_ENABLE_PRODUCTDESC, ROWS_5, '90%');
 		$doleditor->Create();
 		print '</td></tr>';
 
diff --git a/htdocs/categories/class/categorie.class.php b/htdocs/categories/class/categorie.class.php
index f9cf55e9a8c..1bc9f47ded4 100644
--- a/htdocs/categories/class/categorie.class.php
+++ b/htdocs/categories/class/categorie.class.php
@@ -1616,9 +1616,10 @@ class Categorie extends CommonObject
 	 *	@param		int		$withpicto		0=No picto, 1=Include picto into link, 2=Only picto
 	 *	@param		string	$option			Sur quoi pointe le lien ('', 'xyz')
 	 * 	@param		int		$maxlength		Max length of text
+	 *  @param		string	$moreparam		More param on URL link
 	 *	@return		string					Chaine avec URL
 	 */
-	public function getNomUrl($withpicto = 0, $option = '', $maxlength = 0)
+	public function getNomUrl($withpicto = 0, $option = '', $maxlength = 0, $moreparam = '')
 	{
 		global $langs;
 
@@ -1632,7 +1633,7 @@ class Categorie extends CommonObject
 			if (colorIsLight($this->color)) $forced_color = 'categtextblack';
 		}
 
-		$link = '<a href="'.DOL_URL_ROOT.'/categories/viewcat.php?id='.$this->id.'&type='.$this->type.'&backtopage='.urlencode($_SERVER['PHP_SELF']).'" title="'.dol_escape_htmltag($label, 1).'" class="classfortooltip '.$forced_color.'">';
+		$link = '<a href="'.DOL_URL_ROOT.'/categories/viewcat.php?id='.$this->id.'&type='.$this->type.$moreparam.'&backtopage='.urlencode($_SERVER['PHP_SELF'].($moreparam?'?'.$moreparam:'')).'" title="'.dol_escape_htmltag($label, 1).'" class="classfortooltip '.$forced_color.'">';
 		$linkend = '</a>';
 
 		$picto = 'category';
diff --git a/htdocs/categories/index.php b/htdocs/categories/index.php
index ccdd8be58b9..35420759ded 100644
--- a/htdocs/categories/index.php
+++ b/htdocs/categories/index.php
@@ -39,6 +39,7 @@ if (!$user->rights->categorie->lire) accessforbidden();
 $id = GETPOST('id', 'int');
 $type = (GETPOST('type', 'aZ09') ? GETPOST('type', 'aZ09') : Categorie::TYPE_PRODUCT);
 $catname = GETPOST('catname', 'alpha');
+$nosearch = GETPOST('nosearch', 'int');
 
 $categstatic = new Categorie($db);
 if (is_numeric($type)) $type = Categorie::$MAP_ID_TO_CODE[$type]; // For backward compatibility
@@ -50,6 +51,8 @@ if (is_numeric($type)) $type = Categorie::$MAP_ID_TO_CODE[$type]; // For backwar
 
 $form = new Form($db);
 
+$moreparam = ($nosearch ? '&nosearch=1' : '');
+
 $typetext = $type;
 if ($type == Categorie::TYPE_ACCOUNT) 			$title = $langs->trans('AccountsCategoriesArea');
 elseif ($type == Categorie::TYPE_WAREHOUSE) 	$title = $langs->trans('StocksCategoriesArea');
@@ -64,70 +67,69 @@ $arrayofcss = array('/includes/jquery/plugins/jquerytreeview/jquery.treeview.css
 
 llxHeader('', $title, '', '', 0, 0, $arrayofjs, $arrayofcss);
 
-
 $newcardbutton = '';
 if (!empty($user->rights->categorie->creer)) {
-	$newcardbutton .= dolGetButtonTitle($langs->trans('NewCategory'), '', 'fa fa-plus-circle', DOL_URL_ROOT.'/categories/card.php?action=create&type='.$type.'&backtopage='.urlencode($_SERVER["PHP_SELF"].'?type='.$type));
+	$newcardbutton .= dolGetButtonTitle($langs->trans('NewCategory'), '', 'fa fa-plus-circle', DOL_URL_ROOT.'/categories/card.php?action=create&type='.$type.'&backtopage='.urlencode($_SERVER["PHP_SELF"].'?type='.$type.$moreparam).$moreparam);
 }
 
 print load_fiche_titre($title, $newcardbutton, 'object_category');
 
-print '<div class="fichecenter"><div class="fichethirdleft">';
+// Search categories
+if (empty($nosearch)) {
+	print '<div class="fichecenter"><div class="fichehalfleft">';
 
 
-/*
- * Zone recherche produit/service
- */
-print '<form method="post" action="index.php?type='.$type.'">';
-print '<input type="hidden" name="token" value="'.newToken().'">';
-print '<input type="hidden" name="type" value="'.$type.'">';
+	print '<form method="post" action="index.php?type='.$type.'">';
+	print '<input type="hidden" name="token" value="'.newToken().'">';
+	print '<input type="hidden" name="type" value="'.$type.'">';
+	print '<input type="hidden" name="nosearch" value="'.$nosearch.'">';
 
 
-print '<table class="noborder nohover centpercent">';
-print '<tr class="liste_titre">';
-print '<td colspan="3">'.$langs->trans("Search").'</td>';
-print '</tr>';
-print '<tr class="oddeven nohover"><td>';
-print $langs->trans("Name").':</td><td><input class="flat inputsearch" type="text" name="catname" value="'.$catname.'"/></td><td><input type="submit" class="button" value="'.$langs->trans("Search").'"></td></tr>';
-print '</table></form>';
+	print '<table class="noborder nohover centpercent">';
+	print '<tr class="liste_titre">';
+	print '<td colspan="3">'.$langs->trans("Search").'</td>';
+	print '</tr>';
+	print '<tr class="oddeven nohover"><td>';
+	print $langs->trans("Name").':</td><td><input class="flat inputsearch" type="text" name="catname" value="'.$catname.'"/></td><td><input type="submit" class="button" value="'.$langs->trans("Search").'"></td></tr>';
+	print '</table></form>';
 
 
-print '</div><div class="fichetwothirdright"><div class="ficheaddleft">';
+	print '</div><div class="fichehalfright">';
 
 
-/*
- * Categories found
- */
-if ($catname || $id > 0)
-{
-	$cats = $categstatic->rechercher($id, $catname, $typetext);
-
-	print '<table class="noborder centpercent">';
-	print '<tr class="liste_titre"><td colspan="2">'.$langs->trans("FoundCats").'</td></tr>';
-
-	foreach ($cats as $cat)
+	/*
+	 * Categories found
+	 */
+	if ($catname || $id > 0)
 	{
-		print "\t".'<tr class="oddeven">'."\n";
-		print "\t\t<td>";
-		$categstatic->id = $cat->id;
-		$categstatic->ref = $cat->label;
-		$categstatic->label = $cat->label;
-		$categstatic->type = $cat->type;
-		$categstatic->color = $cat->color;
-		print '<span class="noborderoncategories" '.($categstatic->color ? ' style="background: #'.$categstatic->color.';"' : ' style="background: #aaa"').'>';
-		print $categstatic->getNomUrl(1, '');
-		print '</span>';
-		print "</td>\n";
-		print "\t\t<td>";
-		print dolGetFirstLineOfText($cat->description);
-		print "</td>\n";
-		print "\t</tr>\n";
-	}
-	print "</table>";
-} else print '&nbsp;';
+		$cats = $categstatic->rechercher($id, $catname, $typetext);
 
+		print '<table class="noborder centpercent">';
+		print '<tr class="liste_titre"><td colspan="2">'.$langs->trans("FoundCats").'</td></tr>';
 
-print '</div></div></div>';
+		foreach ($cats as $cat)
+		{
+			print "\t".'<tr class="oddeven">'."\n";
+			print "\t\t<td>";
+			$categstatic->id = $cat->id;
+			$categstatic->ref = $cat->label;
+			$categstatic->label = $cat->label;
+			$categstatic->type = $cat->type;
+			$categstatic->color = $cat->color;
+			print '<span class="noborderoncategories" '.($categstatic->color ? ' style="background: #'.$categstatic->color.';"' : ' style="background: #aaa"').'>';
+			print $categstatic->getNomUrl(1, '');
+			print '</span>';
+			print "</td>\n";
+			print "\t\t<td>";
+			print dolGetFirstLineOfText($cat->description);
+			print "</td>\n";
+			print "\t</tr>\n";
+		}
+		print "</table>";
+	} else print '&nbsp;';
+
+	print '</div></div>';
+}
 
 print '<div class="fichecenter"><br>';
 
@@ -156,7 +158,7 @@ foreach ($fulltree as $key => $val)
 	$categstatic->ref = $val['label'];
 	$categstatic->color = $val['color'];
 	$categstatic->type = $type;
-	$li = $categstatic->getNomUrl(1, '', 60);
+	$li = $categstatic->getNomUrl(1, '', 60, $moreparam.'&backtolist='.urlencode($_SERVER["PHP_SELF"].'?type='.$type.$moreparam));
 	$desc = dol_htmlcleanlastbr($val['description']);
 
 	$counter = '';
@@ -172,7 +174,7 @@ foreach ($fulltree as $key => $val)
 	'rowid'=>$val['rowid'],
 	'fk_menu'=>$val['fk_parent'],
 	'entry'=>'<table class="nobordernopadding centpercent"><tr><td><span class="noborderoncategories" '.($categstatic->color ? ' style="background: #'.$categstatic->color.';"' : ' style="background: #aaa"').'>'.$li.'</span></td>'.$counter.
-		'<td class="right" width="20px;"><a href="'.DOL_URL_ROOT.'/categories/viewcat.php?id='.$val['id'].'&type='.$type.'">'.img_view().'</a></td></tr></table>'
+		'<td class="right" width="20px;"><a href="'.DOL_URL_ROOT.'/categories/viewcat.php?id='.$val['id'].'&type='.$type.$moreparam.'&backtolist='.urlencode($_SERVER["PHP_SELF"].'?type='.$type.$moreparam).'">'.img_view().'</a></td></tr></table>'
 	);
 }
 
diff --git a/htdocs/categories/viewcat.php b/htdocs/categories/viewcat.php
index 3a1d13d210e..202a5770f06 100644
--- a/htdocs/categories/viewcat.php
+++ b/htdocs/categories/viewcat.php
@@ -51,6 +51,7 @@ $contextpage = GETPOST('contextpage', 'aZ') ?GETPOST('contextpage', 'aZ') : 'myo
 $backtopage = GETPOST('backtopage', 'alpha'); // Go back to a dedicated page
 $optioncss  = GETPOST('optioncss', 'aZ'); // Option for the css output (always '' except when 'print')
 
+
 // Load variable for pagination
 $limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit;
 $sortfield = GETPOST('sortfield', 'aZ09comma');
diff --git a/htdocs/comm/action/list.php b/htdocs/comm/action/list.php
index a8ce07a2867..92975aafec0 100644
--- a/htdocs/comm/action/list.php
+++ b/htdocs/comm/action/list.php
@@ -519,20 +519,21 @@ if ($resql)
 
 	$viewmode .= '<span class="marginrightonly"></span>';
 
-    $newcardbutton = '';
-    if ($user->rights->agenda->myactions->create || $user->rights->agenda->allactions->create)
-    {
-        $tmpforcreatebutton = dol_getdate(dol_now(), true);
+	$tmpforcreatebutton = dol_getdate(dol_now(), true);
 
-        $newparam .= '&month='.str_pad($month, 2, "0", STR_PAD_LEFT).'&year='.$tmpforcreatebutton['year'];
+	$newparam .= '&month='.str_pad($month, 2, "0", STR_PAD_LEFT).'&year='.$tmpforcreatebutton['year'];
+
+	//$param='month='.$monthshown.'&year='.$year;
+	$hourminsec = '100000';
+
+	$url = DOL_URL_ROOT.'/comm/action/card.php?action=create';
+	$url .= '&datep='.sprintf("%04d%02d%02d", $tmpforcreatebutton['year'], $tmpforcreatebutton['mon'], $tmpforcreatebutton['mday']).$hourminsec;
+	$url .= '&backtopage='.urlencode($_SERVER["PHP_SELF"].($newparam ? '?'.$newparam : ''));
+
+	$newcardbutton = dolGetButtonTitle($langs->trans('AddAction'), '', 'fa fa-plus-circle', $url, '', $user->rights->agenda->myactions->create || $user->rights->agenda->allactions->create);
 
-        //$param='month='.$monthshown.'&year='.$year;
-        $hourminsec = '100000';
-        $newcardbutton .= dolGetButtonTitle($langs->trans('AddAction'), '', 'fa fa-plus-circle', DOL_URL_ROOT.'/comm/action/card.php?action=create&datep='.sprintf("%04d%02d%02d", $tmpforcreatebutton['year'], $tmpforcreatebutton['mon'], $tmpforcreatebutton['mday']).$hourminsec.'&backtopage='.urlencode($_SERVER["PHP_SELF"].($newparam ? '?'.$newparam : '')));
-    }
 	$param .= '&action='.$action;
 
-
 	print_barre_liste($langs->trans("Agenda"), $page, $_SERVER["PHP_SELF"], $param, $sortfield, $sortorder, $massactionbutton, $num, -1 * $nbtotalofrecords, 'object_action', 0, $nav.$newcardbutton, '', $limit, 0, 0, 1, $viewmode);
 
 	print $s;
diff --git a/htdocs/comm/propal/list.php b/htdocs/comm/propal/list.php
index 074d00443bd..dde38d98489 100644
--- a/htdocs/comm/propal/list.php
+++ b/htdocs/comm/propal/list.php
@@ -480,11 +480,9 @@ if ($resql)
 	if (in_array($massaction, array('presend', 'predelete', 'closed'))) $arrayofmassactions = array();
 	$massactionbutton = $form->selectMassAction('', $arrayofmassactions);
 
-	$newcardbutton = '';
-	if ($user->rights->propal->creer)
-	{
-		$newcardbutton .= dolGetButtonTitle($langs->trans('NewPropal'), '', 'fa fa-plus-circle', DOL_URL_ROOT.'/comm/propal/card.php?action=create');
-	}
+	$url = DOL_URL_ROOT.'/comm/propal/card.php?action=create';
+	if (!empty($socid)) $url .= '&socid='.$socid;
+	$newcardbutton = dolGetButtonTitle($langs->trans('NewPropal'), '', 'fa fa-plus-circle', $url, '', $user->rights->propal->creer);
 
 	// Fields title search
 	print '<form method="POST" id="searchFormList" action="'.$_SERVER["PHP_SELF"].'">';
@@ -638,12 +636,10 @@ if ($resql)
 	{
 		print '<td class="liste_titre center">';
 		print '<div class="nowrap">';
-		print $langs->trans('From').' ';
-		print $form->selectDate($search_date_start ? $search_date_start : -1, 'search_date_start', 0, 0, 1);
+		print $form->selectDate($search_date_start ? $search_date_start : -1, 'search_date_start', 0, 0, 1, '', 1, 0, 0, '', '', '', '', 1, '', $langs->trans('From'));
 		print '</div>';
 		print '<div class="nowrap">';
-		print $langs->trans('to').' ';
-		print $form->selectDate($search_date_end ? $search_date_end : -1, 'search_date_end', 0, 0, 1);
+		print $form->selectDate($search_date_end ? $search_date_end : -1, 'search_date_end', 0, 0, 1, '', 1, 0, 0, '', '', '', '', 1, '', $langs->trans('to'));
 		print '</div>';
 		print '</td>';
 	}
@@ -652,12 +648,10 @@ if ($resql)
 	{
 		print '<td class="liste_titre center">';
 		print '<div class="nowrap">';
-		print $langs->trans('From').' ';
-		print $form->selectDate($search_dateend_start ? $search_dateend_start : -1, 'search_dateend_start', 0, 0, 1);
+		print $form->selectDate($search_dateend_start ? $search_dateend_start : -1, 'search_dateend_start', 0, 0, 1, '', 1, 0, 0, '', '', '', '', 1, '', $langs->trans('From'));
 		print '</div>';
 		print '<div class="nowrap">';
-		print $langs->trans('to').' ';
-		print $form->selectDate($search_dateend_end ? $search_dateend_end : -1, 'search_dateend_end', 0, 0, 1);
+		print $form->selectDate($search_dateend_end ? $search_dateend_end : -1, 'search_dateend_end', 0, 0, 1, '', 1, 0, 0, '', '', '', '', 1, '', $langs->trans('to'));
 		print '</div>';
 		print '</td>';
 	}
@@ -666,12 +660,10 @@ if ($resql)
 	{
 		print '<td class="liste_titre center">';
 		print '<div class="nowrap">';
-		print $langs->trans('From').' ';
-		print $form->selectDate($search_datedelivery_start ? $search_datedelivery_start : -1, 'search_datedelivery_start', 0, 0, 1);
+		print $form->selectDate($search_datedelivery_start ? $search_datedelivery_start : -1, 'search_datedelivery_start', 0, 0, 1, '', 1, 0, 0, '', '', '', '', 1, '', $langs->trans('From'));
 		print '</div>';
 		print '<div class="nowrap">';
-		print $langs->trans('to').' ';
-		print $form->selectDate($search_datedelivery_end ? $search_datedelivery_end : -1, 'search_datedelivery_end', 0, 0, 1);
+		print $form->selectDate($search_datedelivery_end ? $search_datedelivery_end : -1, 'search_datedelivery_end', 0, 0, 1, '', 1, 0, 0, '', '', '', '', 1, '', $langs->trans('From'));
 		print '</div>';
 		print '</td>';
 	}
diff --git a/htdocs/commande/list.php b/htdocs/commande/list.php
index 898c581407f..921e1de185b 100644
--- a/htdocs/commande/list.php
+++ b/htdocs/commande/list.php
@@ -483,11 +483,9 @@ if ($resql)
 	if (in_array($massaction, array('presend', 'predelete', 'createbills'))) $arrayofmassactions = array();
 	$massactionbutton = $form->selectMassAction('', $arrayofmassactions);
 
-	$newcardbutton = '';
-	if ($contextpage == 'orderlist' && $user->rights->commande->creer)
-	{
-        $newcardbutton .= dolGetButtonTitle($langs->trans('NewOrder'), '', 'fa fa-plus-circle', DOL_URL_ROOT.'/commande/card.php?action=create');
-    }
+	$url = DOL_URL_ROOT.'/commande/card.php?action=create';
+	if (!empty($socid)) $url .= '&socid='.$socid;
+	$newcardbutton = dolGetButtonTitle($langs->trans('NewOrder'), '', 'fa fa-plus-circle', $url, '', $contextpage == 'orderlist' && $user->rights->commande->creer);
 
 	// Lines of title fields
 	print '<form method="POST" id="searchFormList" action="'.$_SERVER["PHP_SELF"].'">';
@@ -632,31 +630,31 @@ if ($resql)
 	if (!empty($arrayfields['c.ref']['checked']))
 	{
 		print '<td class="liste_titre">';
-		print '<input class="flat" size="6" type="text" name="search_ref" value="'.$search_ref.'">';
+		print '<input class="flat" size="6" type="text" name="search_ref" value="'.dol_escape_htmltag($search_ref).'">';
 		print '</td>';
 	}
 	// Ref customer
 	if (!empty($arrayfields['c.ref_client']['checked']))
 	{
 		print '<td class="liste_titre" align="left">';
-		print '<input class="flat" type="text" size="6" name="search_ref_customer" value="'.$search_ref_customer.'">';
+		print '<input class="flat" type="text" size="6" name="search_ref_customer" value="'.dol_escape_htmltag($search_ref_customer).'">';
 		print '</td>';
 	}
 	// Project ref
 	if (!empty($arrayfields['p.ref']['checked']))
 	{
-		print '<td class="liste_titre"><input type="text" class="flat" size="6" name="search_project_ref" value="'.$search_project_ref.'"></td>';
+		print '<td class="liste_titre"><input type="text" class="flat" size="6" name="search_project_ref" value="'.dol_escape_htmltag($search_project_ref).'"></td>';
 	}
 	// Project title
 	if (!empty($arrayfields['p.title']['checked']))
 	{
-	    print '<td class="liste_titre"><input type="text" class="flat" size="6" name="search_project" value="'.$search_project.'"></td>';
+	    print '<td class="liste_titre"><input type="text" class="flat" size="6" name="search_project" value="'.dol_escape_htmltag($search_project).'"></td>';
 	}
 	// Thirpdarty
 	if (!empty($arrayfields['s.nom']['checked']))
 	{
 		print '<td class="liste_titre" align="left">';
-		print '<input class="flat" type="text" name="search_company" value="'.$search_company.'">';
+		print '<input class="flat" type="text" name="search_company" value="'.dol_escape_htmltag($search_company).'">';
 		print '</td>';
 	}
 	// Town
@@ -689,12 +687,10 @@ if ($resql)
 	{
 		print '<td class="liste_titre center">';
 		print '<div class="nowrap">';
-		print $langs->trans('From').' ';
-		print $form->selectDate($search_dateorder_start ? $search_dateorder_start : -1, 'search_dateorder_start', 0, 0, 1);
+		print $form->selectDate($search_dateorder_start ? $search_dateorder_start : -1, 'search_dateorder_start', 0, 0, 1, '', 1, 0, 0, '', '', '', '', 1, '', $langs->trans('From'));
 		print '</div>';
 		print '<div class="nowrap">';
-		print $langs->trans('to').' ';
-		print $form->selectDate($search_dateorder_end ? $search_dateorder_end : -1, 'search_dateorder_end', 0, 0, 1);
+		print $form->selectDate($search_dateorder_end ? $search_dateorder_end : -1, 'search_dateorder_end', 0, 0, 1, '', 1, 0, 0, '', '', '', '', 1, '', $langs->trans('to'));
 		print '</div>';
 		print '</td>';
 	}
@@ -702,12 +698,10 @@ if ($resql)
 	{
 		print '<td class="liste_titre center">';
 		print '<div class="nowrap">';
-		print $langs->trans('From').' ';
-		print $form->selectDate($search_datedelivery_start ? $search_datedelivery_start : -1, 'search_datedelivery_start', 0, 0, 1);
+		print $form->selectDate($search_datedelivery_start ? $search_datedelivery_start : -1, 'search_datedelivery_start', 0, 0, 1, '', 1, 0, 0, '', '', '', '', 1, '', $langs->trans('From'));
 		print '</div>';
 		print '<div class="nowrap">';
-		print $langs->trans('to').' ';
-		print $form->selectDate($search_datedelivery_end ? $search_datedelivery_end : -1, 'search_datedelivery_end', 0, 0, 1);
+		print $form->selectDate($search_datedelivery_end ? $search_datedelivery_end : -1, 'search_datedelivery_end', 0, 0, 1, '', 1, 0, 0, '', '', '', '', 1, '', $langs->trans('to'));
 		print '</div>';
 		print '</td>';
 	}
@@ -715,14 +709,14 @@ if ($resql)
 	{
 		// Amount
 		print '<td class="liste_titre right">';
-		print '<input class="flat" type="text" size="4" name="search_total_ht" value="'.$search_total_ht.'">';
+		print '<input class="flat" type="text" size="4" name="search_total_ht" value="'.dol_escape_htmltag($search_total_ht).'">';
 		print '</td>';
 	}
 	if (!empty($arrayfields['c.total_vat']['checked']))
 	{
 		// Amount
 		print '<td class="liste_titre right">';
-		print '<input class="flat" type="text" size="4" name="search_total_vat" value="'.$search_total_vat.'">';
+		print '<input class="flat" type="text" size="4" name="search_total_vat" value="'.dol_escape_htmltag($search_total_vat).'">';
 		print '</td>';
 	}
 	if (!empty($arrayfields['c.total_ttc']['checked']))
diff --git a/htdocs/compta/bank/bankentries_list.php b/htdocs/compta/bank/bankentries_list.php
index 1573a226521..950d0c7d3c6 100644
--- a/htdocs/compta/bank/bankentries_list.php
+++ b/htdocs/compta/bank/bankentries_list.php
@@ -811,19 +811,19 @@ if ($resql)
 	$moreforfilter .= '<div class="divsearchfield">';
 	$moreforfilter .= $langs->trans('DateOperationShort').' :';
 	$moreforfilter .= ($conf->browser->layout == 'phone' ? '<br>' : ' ');
-	$moreforfilter .= '<div class="nowrap inline-block">'.$langs->trans('From').' ';
-	$moreforfilter .= $form->selectDate($search_dt_start, 'search_start_dt', 0, 0, 1, "search_form", 1, 0).'</div>';
+	$moreforfilter .= '<div class="nowrap inline-block">';
+	$moreforfilter .= $form->selectDate($search_dt_start, 'search_start_dt', 0, 0, 1, "search_form", 1, 0, 0, '', '', '', '', 1, '', $langs->trans('From')).'</div>';
 	//$moreforfilter .= ' - ';
-	$moreforfilter .= '<div class="nowrap inline-block">'.$langs->trans('to').' '.$form->selectDate($search_dt_end, 'search_end_dt', 0, 0, 1, "search_form", 1, 0).'</div>';
+	$moreforfilter .= '<div class="nowrap inline-block">'.$form->selectDate($search_dt_end, 'search_end_dt', 0, 0, 1, "search_form", 1, 0, 0, '', '', '', '', 1, '', $langs->trans('to')).'</div>';
 	$moreforfilter .= '</div>';
 
 	$moreforfilter .= '<div class="divsearchfield">';
 	$moreforfilter .= $langs->trans('DateValueShort').' : ';
 	$moreforfilter .= ($conf->browser->layout == 'phone' ? '<br>' : ' ');
-	$moreforfilter .= '<div class="nowrap inline-block">'.$langs->trans('From').' ';
-	$moreforfilter .= $form->selectDate($search_dv_start, 'search_start_dv', 0, 0, 1, "search_form", 1, 0).'</div>';
+	$moreforfilter .= '<div class="nowrap inline-block">';
+	$moreforfilter .= $form->selectDate($search_dv_start, 'search_start_dv', 0, 0, 1, "search_form", 1, 0, 0, '', '', '', '', 1, '', $langs->trans('From')).'</div>';
 	//$moreforfilter .= ' - ';
-	$moreforfilter .= '<div class="nowrap inline-block">'.$langs->trans('to').' '.$form->selectDate($search_dv_end, 'search_end_dv', 0, 0, 1, "search_form", 1, 0).'</div>';
+	$moreforfilter .= '<div class="nowrap inline-block">'.$form->selectDate($search_dv_end, 'search_end_dv', 0, 0, 1, "search_form", 1, 0, 0, '', '', '', '', 1, '', $langs->trans('to')).'</div>';
 	$moreforfilter .= '</div>';
 
 	if (!empty($conf->categorie->enabled))
diff --git a/htdocs/compta/bank/list.php b/htdocs/compta/bank/list.php
index ace8a327768..5cdd4711871 100644
--- a/htdocs/compta/bank/list.php
+++ b/htdocs/compta/bank/list.php
@@ -247,12 +247,7 @@ if ($user->rights->banque->supprimer) $arrayofmassactions['predelete'] = '<span
 if (in_array($massaction, array('presend', 'predelete'))) $arrayofmassactions = array();
 $massactionbutton = $form->selectMassAction('', $arrayofmassactions);
 
-$newcardbutton = '';
-if ($user->rights->banque->configurer)
-{
-    $newcardbutton .= dolGetButtonTitle($langs->trans('NewFinancialAccount'), '', 'fa fa-plus-circle', 'card.php?action=create');
-}
-
+$newcardbutton = dolGetButtonTitle($langs->trans('NewFinancialAccount'), '', 'fa fa-plus-circle', 'card.php?action=create', '', $user->rights->banque->configurer);
 
 // Lines of title fields
 print '<form method="POST" id="searchFormList" action="'.$_SERVER["PHP_SELF"].'">';
diff --git a/htdocs/compta/bank/various_payment/list.php b/htdocs/compta/bank/various_payment/list.php
index cfecfecffa5..54216f06358 100644
--- a/htdocs/compta/bank/various_payment/list.php
+++ b/htdocs/compta/bank/various_payment/list.php
@@ -240,8 +240,10 @@ if ($result)
 	if ($limit > 0 && $limit != $conf->liste_limit) $param .= '&limit='.urlencode($limit);
 	if ($search_ref)						$param .= '&search_ref='.urlencode($search_ref);
 	if ($search_label)						$param .= '&search_label='.urlencode($search_label);
-	if ($search_date_start)					$param .= '&search_date_start='.urlencode($search_date_start);
-	if ($search_date_end)					$param .= '&search_date_end='.urlencode($search_date_end);
+	if ($search_datep_start)				$param .= '&search_datep_start='.urlencode($search_datep_start);
+	if ($search_datep_end)					$param .= '&search_datep_end='.urlencode($search_datep_end);
+	if ($search_datev_start)				$param .= '&search_datev_start='.urlencode($search_datev_start);
+	if ($search_datev_end)					$param .= '&search_datev_end='.urlencode($search_datev_end);
 	if ($typeid > 0)						$param .= '&typeid='.urlencode($typeid);
 	if ($search_amount_deb)					$param .= '&search_amount_deb='.urlencode($search_amount_deb);
 	if ($search_amount_cred)				$param .= '&search_amount_cred='.urlencode($search_amount_cred);
@@ -251,11 +253,9 @@ if ($result)
 
 	if ($optioncss != '') $param .= '&amp;optioncss='.urlencode($optioncss);
 
-	$newcardbutton = '';
-	if ($user->rights->banque->modifier)
-	{
-		$newcardbutton .= dolGetButtonTitle($langs->trans('MenuNewVariousPayment'), '', 'fa fa-plus-circle', DOL_URL_ROOT.'/compta/bank/various_payment/card.php?action=create');
-	}
+	$url = DOL_URL_ROOT.'/compta/bank/various_payment/card.php?action=create';
+	if (!empty($socid)) $url .= '&socid='.$socid;
+	$newcardbutton = dolGetButtonTitle($langs->trans('MenuNewVariousPayment'), '', 'fa fa-plus-circle', $url, '', $user->rights->banque->modifier);
 
 	print '<form method="POST" action="'.$_SERVER["PHP_SELF"].'">';
 
@@ -306,12 +306,10 @@ if ($result)
 	if ($arrayfields['datep']['checked']) {
 		print '<td class="liste_titre center">';
 		print '<div class="nowrap">';
-		print $langs->trans('From').' ';
-		print $form->selectDate($search_datep_start ? $search_datep_start : -1, 'search_date_start', 0, 0, 1);
+		print $form->selectDate($search_datep_start ? $search_datep_start : -1, 'search_date_start', 0, 0, 1, '', 1, 0, 0, '', '', '', '', 1, '', $langs->trans('From'));
 		print '</div>';
 		print '<div class="nowrap">';
-		print $langs->trans('to').' ';
-		print $form->selectDate($search_datep_end ? $search_datep_end : -1, 'search_date_end', 0, 0, 1);
+		print $form->selectDate($search_datep_end ? $search_datep_end : -1, 'search_date_end', 0, 0, 1, '', 1, 0, 0, '', '', '', '', 1, '', $langs->trans('to'));
 		print '</div>';
 		print '</td>';
 	}
@@ -320,12 +318,10 @@ if ($result)
 	if ($arrayfields['datev']['checked']) {
 		print '<td class="liste_titre center">';
 		print '<div class="nowrap">';
-		print $langs->trans('From').' ';
-		print $form->selectDate($search_datev_start ? $search_datev_start : -1, 'search_date_value_start', 0, 0, 1);
+		print $form->selectDate($search_datev_start ? $search_datev_start : -1, 'search_date_value_start', 0, 0, 1, '', 1, 0, 0, '', '', '', '', 1, '', $langs->trans('From'));
 		print '</div>';
 		print '<div class="nowrap">';
-		print $langs->trans('to').' ';
-		print $form->selectDate($search_datev_end ? $search_datev_end : -1, 'search_date_value_end', 0, 0, 1);
+		print $form->selectDate($search_datev_end ? $search_datev_end : -1, 'search_date_value_end', 0, 0, 1, '', 1, 0, 0, '', '', '', '', 1, '', $langs->trans('to'));
 		print '</div>';
 		print '</td>';
 	}
@@ -333,7 +329,7 @@ if ($result)
 	// Payment type
 	if ($arrayfields['type']['checked']) {
 		print '<td class="liste_titre left">';
-		$form->select_types_paiements($typeid, 'typeid', '', 0, 1, 1, 16);
+		$form->select_types_paiements($typeid, 'typeid', '', 0, 1, 1, 16, 1, 'maxwidth100');
 		print '</td>';
 	}
 
@@ -347,14 +343,14 @@ if ($result)
 	// Bank account
 	if ($arrayfields['bank']['checked']) {
 		print '<td class="liste_titre">';
-		$form->select_comptes($search_bank_account, 'search_account', 0, '', 1);
+		$form->select_comptes($search_bank_account, 'search_account', 0, '', 1, '', 0, 'maxwidth100');
 		print '</td>';
 	}
 
 	// Bank entry
 	if ($arrayfields['entry']['checked']) {
-		print '<td class="liste_titre right">';
-		print '<input name="search_bank_entry" class="flat" type="text" size="8" value="'.$search_bank_entry.'">';
+		print '<td class="liste_titre left">';
+		print '<input name="search_bank_entry" class="flat maxwidth50" type="text" value="'.dol_escape_htmltag($search_bank_entry).'">';
 		print '</td>';
 	}
 
@@ -379,14 +375,14 @@ if ($result)
 	// Debit
 	if ($arrayfields['debit']['checked']) {
 		print '<td class="liste_titre right">';
-		print '<input name="search_amount_deb" class="flat" type="text" size="8" value="'.$search_amount_deb.'">';
+		print '<input name="search_amount_deb" class="flat maxwidth50" type="text" value="'.dol_escape_htmltag($search_amount_deb).'">';
 		print '</td>';
 	}
 
 	// Credit
 	if ($arrayfields['credit']['checked']) {
 		print '<td class="liste_titre right">';
-		print '<input name="search_amount_cred" class="flat" type="text" size="8" value="'.$search_amount_cred.'">';
+		print '<input name="search_amount_cred" class="flat maxwidth50" type="text" size="8" value="'.dol_escape_htmltag($search_amount_cred).'">';
 		print '</td>';
 	}
 
@@ -471,7 +467,7 @@ if ($result)
 		// Project
 		if ($arrayfields['project']['checked']) {
 			$proj->fetch($obj->fk_project);
-			print '<td>'.$proj->getNomUrl(1).'</td>';
+			print '<td class="nowraponall">'.$proj->getNomUrl(1).'</td>';
 			if (!$i) $totalarray['nbfield']++;
 		}
 
diff --git a/htdocs/compta/facture/card-rec.php b/htdocs/compta/facture/card-rec.php
index 284ec8111d5..a11f0f7c800 100644
--- a/htdocs/compta/facture/card-rec.php
+++ b/htdocs/compta/facture/card-rec.php
@@ -1617,13 +1617,12 @@ if ($action == 'create')
 		// Show object lines
 		if (!empty($object->lines))
 		{
-			//$disableedit=1;
-			//$disablemove=1;
+			$canchangeproduct = 1;
 			$ret = $object->printObjectLines($action, $mysoc, $object->thirdparty, $lineid, 0); // No date selector for template invoice
 		}
 
 		// Form to add new line
-		if ($object->statut == 0 && $user->rights->facture->creer && $action != 'valid' && $action != 'editline')
+		if ($object->statut == $object::STATUS_DRAFT && $user->rights->facture->creer && $action != 'valid' && $action != 'editline')
 		{
 			if ($action != 'editline')
 			{
diff --git a/htdocs/compta/facture/list.php b/htdocs/compta/facture/list.php
index 6df16367015..c144b388093 100644
--- a/htdocs/compta/facture/list.php
+++ b/htdocs/compta/facture/list.php
@@ -674,10 +674,12 @@ if ($resql)
 	if (in_array($massaction, array('presend', 'predelete'))) $arrayofmassactions = array();
 	$massactionbutton = $form->selectMassAction('', $arrayofmassactions);
 
-	$newcardbutton = '';
-	if ($user->rights->facture->creer && $contextpage != 'poslist')
+	// Show the new button only when this page is not opend from the Extended POS
+	if ($contextpage != 'poslist')
 	{
-        $newcardbutton .= dolGetButtonTitle($langs->trans('NewBill'), '', 'fa fa-plus-circle', DOL_URL_ROOT.'/compta/facture/card.php?action=create');
+		$url = DOL_URL_ROOT.'/compta/facture/card.php?action=create';
+		if (!empty($socid)) $url .= '&socid='.$socid;
+		$newcardbutton = dolGetButtonTitle($langs->trans('NewBill'), '', 'fa fa-plus-circle', $url, '', $user->rights->facture->creer);
 	}
 
 	$i = 0;
@@ -756,6 +758,7 @@ if ($resql)
 
 	$varpage = empty($contextpage) ? $_SERVER["PHP_SELF"] : $contextpage;
 	$selectedfields = $form->multiSelectArrayWithCheckbox('selectedfields', $arrayfields, $varpage); // This also change content of $arrayfields
+	// Show the massaction checkboxes only when this page is not opend from the Extended POS
 	if ($massactionbutton && $contextpage != 'poslist') $selectedfields .= $form->showCheckAddButtons('checkforselect', 1);
 
 	print '<div class="div-table-responsive">';
@@ -804,12 +807,10 @@ if ($resql)
 	{
 		print '<td class="liste_titre center">';
 		print '<div class="nowrap">';
-		print $langs->trans('From').' ';
-		print $form->selectDate($search_date_start ? $search_date_start : -1, 'search_date_start', 0, 0, 1);
+		print $form->selectDate($search_date_start ? $search_date_start : -1, 'search_date_start', 0, 0, 1, '', 1, 0, 0, '', '', '', '', 1, '', $langs->trans('From'));
 		print '</div>';
 		print '<div class="nowrap">';
-		print $langs->trans('to').' ';
-		print $form->selectDate($search_date_end ? $search_date_end : -1, 'search_date_end', 0, 0, 1);
+		print $form->selectDate($search_date_end ? $search_date_end : -1, 'search_date_end', 0, 0, 1, '', 1, 0, 0, '', '', '', '', 1, '', $langs->trans('to'));
 		print '</div>';
 		print '</td>';
 	}
@@ -818,12 +819,10 @@ if ($resql)
 	{
 		print '<td class="liste_titre center">';
 		print '<div class="nowrap">';
-		print $langs->trans('From').' ';
-		print $form->selectDate($search_date_valid_start ? $search_date_valid_start : -1, 'search_date_valid_start', 0, 0, 1);
+		print $form->selectDate($search_date_valid_start ? $search_date_valid_start : -1, 'search_date_valid_start', 0, 0, 1, '', 1, 0, 0, '', '', '', '', 1, '', $langs->trans('From'));
 		print '</div>';
 		print '<div class="nowrap">';
-		print $langs->trans('to').' ';
-		print $form->selectDate($search_date_valid_end ? $search_date_valid_end : -1, 'search_date_valid_end', 0, 0, 1);
+		print $form->selectDate($search_date_valid_end ? $search_date_valid_end : -1, 'search_date_valid_end', 0, 0, 1, '', 1, 0, 0, '', '', '', '', 1, '', $langs->trans('to'));
 		print '</div>';
 		print '</td>';
 	}
@@ -1566,7 +1565,7 @@ if ($resql)
 				if (!$i) $totalarray['nbfield']++;
 			}
 
-			// Action column
+			// Action column (Show the massaction button only when this page is not opend from the Extended POS)
 			print '<td class="nowrap" align="center">';
 			if (($massactionbutton || $massaction) && $contextpage != 'poslist')   // If we are in select mode (massactionbutton defined) or if we have already selected and sent an action ($massaction) defined
 			{
@@ -1597,6 +1596,7 @@ if ($resql)
 
 	print "</form>\n";
 
+	// Show the file area only when this page is not opend from the Extended POS
 	if ($contextpage != 'poslist') {
 		$hidegeneratedfilelistifempty = 1;
 		if ($massaction == 'builddoc' || $action == 'remove_file' || $show_files) $hidegeneratedfilelistifempty = 0;
diff --git a/htdocs/compta/localtax/list.php b/htdocs/compta/localtax/list.php
index a8b37c3ef93..2702a962281 100644
--- a/htdocs/compta/localtax/list.php
+++ b/htdocs/compta/localtax/list.php
@@ -31,7 +31,7 @@ $langs->load("compta");
 $socid = GETPOST('socid', 'int');
 if ($user->socid) $socid = $user->socid;
 $result = restrictedArea($user, 'tax', '', '', 'charges');
-$ltt = GETPOST("localTaxType");
+$ltt = GETPOST("localTaxType", 'int');
 
 
 /*
@@ -42,17 +42,15 @@ llxHeader();
 
 $localtax_static = new Localtax($db);
 
-$newcardbutton = '';
-if ($user->rights->tax->charges->creer)
-{
-    $newcardbutton .= dolGetButtonTitle($langs->trans('NewLocalTaxPayment', ($ltt + 1)), '', 'fa fa-plus-circle', DOL_URL_ROOT.'/compta/localtax/card.php?action=create&localTaxType='.$ltt);
-}
+$url = DOL_URL_ROOT.'/compta/localtax/card.php?action=create&localTaxType='.$ltt;
+if (!empty($socid)) $url .= '&socid='.$socid;
+$newcardbutton = dolGetButtonTitle($langs->trans('NewLocalTaxPayment', ($ltt + 1)), '', 'fa fa-plus-circle', $url, '', $user->rights->tax->charges->creer);
 
 print load_fiche_titre($langs->transcountry($ltt == 2 ? "LT2Payments" : "LT1Payments", $mysoc->country_code), $newcardbutton, 'title_accountancy');
 
 $sql = "SELECT rowid, amount, label, f.datev, f.datep";
 $sql .= " FROM ".MAIN_DB_PREFIX."localtax as f ";
-$sql .= " WHERE f.entity = ".$conf->entity." AND localtaxtype=".$db->escape($ltt);
+$sql .= " WHERE f.entity = ".$conf->entity." AND localtaxtype = ".$db->escape($ltt);
 $sql .= " ORDER BY datev DESC";
 
 $result = $db->query($sql);
diff --git a/htdocs/compta/paiement/cheque/list.php b/htdocs/compta/paiement/cheque/list.php
index e76936c71fd..3bb45c4e312 100644
--- a/htdocs/compta/paiement/cheque/list.php
+++ b/htdocs/compta/paiement/cheque/list.php
@@ -124,11 +124,9 @@ if ($resql)
     if (!empty($contextpage) && $contextpage != $_SERVER["PHP_SELF"]) $param .= '&contextpage='.$contextpage;
 	if ($limit > 0 && $limit != $conf->liste_limit) $param .= '&limit='.$limit;
 
-	$newcardbutton = '';
-	if ($user->rights->banque->cheque)
-	{
-        $newcardbutton .= dolGetButtonTitle($langs->trans('NewCheckDeposit'), '', 'fa fa-plus-circle', DOL_URL_ROOT.'/compta/paiement/cheque/card.php?action=new');
-	}
+	$url = DOL_URL_ROOT.'/compta/paiement/cheque/card.php?action=new';
+	if (!empty($socid)) $url .= '&socid='.$socid;
+	$newcardbutton = dolGetButtonTitle($langs->trans('NewCheckDeposit'), '', 'fa fa-plus-circle', $url, '', $user->rights->banque->cheque);
 
 	print '<form method="POST" action="'.$_SERVER["PHP_SELF"].'">';
 	if ($optioncss != '') print '<input type="hidden" name="optioncss" value="'.$optioncss.'">';
diff --git a/htdocs/compta/tva/list.php b/htdocs/compta/tva/list.php
index 5b09da5305c..82829fca12e 100644
--- a/htdocs/compta/tva/list.php
+++ b/htdocs/compta/tva/list.php
@@ -146,11 +146,9 @@ if ($result)
 	if ($limit > 0 && $limit != $conf->liste_limit) $param .= '&limit='.$limit;
 	if ($typeid) $param .= '&amp;typeid='.$typeid;
 
-	$newcardbutton = '';
-	if ($user->rights->tax->charges->creer)
-	{
-        $newcardbutton .= dolGetButtonTitle($langs->trans('NewVATPayment', ($ltt + 1)), '', 'fa fa-plus-circle', DOL_URL_ROOT.'/compta/tva/card.php?action=create');
-    }
+	$url = DOL_URL_ROOT.'/compta/tva/card.php?action=create';
+	if (!empty($socid)) $url .= '&socid='.$socid;
+	$newcardbutton = dolGetButtonTitle($langs->trans('NewVATPayment', ($ltt + 1)), '', 'fa fa-plus-circle', $url, '', $user->rights->tax->charges->creer);
 
 	print '<form method="POST" action="'.$_SERVER["PHP_SELF"].'">';
 	if ($optioncss != '') print '<input type="hidden" name="optioncss" value="'.$optioncss.'">';
@@ -172,22 +170,18 @@ if ($result)
 	// Date end period
 	print '<td class="liste_titre center">';
 	print '<div class="nowrap">';
-	print $langs->trans('From').' ';
-	print $form->selectDate($search_dateend_start ? $search_dateend_start : -1, 'search_dateend_start', 0, 0, 1);
+	print $form->selectDate($search_dateend_start ? $search_dateend_start : -1, 'search_dateend_start', 0, 0, 1, '', 1, 0, 0, '', '', '', '', 1, '', $langs->trans('From'));
 	print '</div>';
 	print '<div class="nowrap">';
-	print $langs->trans('to').' ';
-	print $form->selectDate($search_dateend_end ? $search_dateend_end : -1, 'search_dateend_end', 0, 0, 1);
+	print $form->selectDate($search_dateend_end ? $search_dateend_end : -1, 'search_dateend_end', 0, 0, 1, '', 1, 0, 0, '', '', '', '', 1, '', $langs->trans('to'));
 	print '</div>';
 	// Date payment
 	print '<td class="liste_titre center">';
 	print '<div class="nowrap">';
-	print $langs->trans('From').' ';
-	print $form->selectDate($search_datepayment_start ? $search_datepayment_start : -1, 'search_datepayment_start', 0, 0, 1);
+	print $form->selectDate($search_datepayment_start ? $search_datepayment_start : -1, 'search_datepayment_start', 0, 0, 1, '', 1, 0, 0, '', '', '', '', 1, '', $langs->trans('From'));
 	print '</div>';
 	print '<div class="nowrap">';
-	print $langs->trans('to').' ';
-	print $form->selectDate($search_datepayment_end ? $search_datepayment_end : -1, 'search_datepayment_end', 0, 0, 1);
+	print $form->selectDate($search_datepayment_end ? $search_datepayment_end : -1, 'search_datepayment_end', 0, 0, 1, '', 1, 0, 0, '', '', '', '', 1, '', $langs->trans('to'));
 	print '</div>';
 	// Type
 	print '<td class="liste_titre left">';
diff --git a/htdocs/contact/list.php b/htdocs/contact/list.php
index 1332bc5e100..0f4f01a0916 100644
--- a/htdocs/contact/list.php
+++ b/htdocs/contact/list.php
@@ -538,11 +538,7 @@ if ($user->rights->societe->supprimer) $arrayofmassactions['predelete'] = '<span
 if (in_array($massaction, array('presend', 'predelete'))) $arrayofmassactions = array();
 $massactionbutton = $form->selectMassAction('', $arrayofmassactions);
 
-$newcardbutton = '';
-if ($user->rights->societe->contact->creer)
-{
-	$newcardbutton .= dolGetButtonTitle($langs->trans('NewContactAddress'), '', 'fa fa-plus-circle', DOL_URL_ROOT.'/contact/card.php?action=create');
-}
+$newcardbutton = dolGetButtonTitle($langs->trans('NewContactAddress'), '', 'fa fa-plus-circle', DOL_URL_ROOT.'/contact/card.php?action=create', '', $user->rights->societe->contact->creer);
 
 print '<form method="post" action="'.$_SERVER["PHP_SELF"].'" name="formfilter">';
 if ($optioncss != '') print '<input type="hidden" name="optioncss" value="'.$optioncss.'">';
diff --git a/htdocs/contrat/card.php b/htdocs/contrat/card.php
index fadf0831ada..adb117b7b8f 100644
--- a/htdocs/contrat/card.php
+++ b/htdocs/contrat/card.php
@@ -665,6 +665,7 @@ if (empty($reshook))
 
 			$fk_unit = GETPOST('unit', 'alpha');
 
+			$objectline->fk_product = GETPOST('idprod', 'int');
 			$objectline->description = GETPOST('product_desc', 'restricthtml');
 			$objectline->price_ht = GETPOST('elprice');
 			$objectline->subprice = GETPOST('elprice');
@@ -1436,8 +1437,6 @@ if ($action == 'create')
 		$usemargins = 0;
 		if (!empty($conf->margin->enabled) && !empty($object->element) && in_array($object->element, array('facture', 'propal', 'commande'))) $usemargins = 1;
 
-		$var = false;
-
 		// Title line for service
 		$cursorline = 1;
 		print '<div id="contrat-lines-container" data-contractid="'.$object->id.'"  data-element="'.$object->element.'" >';
@@ -1448,7 +1447,6 @@ if ($action == 'create')
 			print '<input type="hidden" name="token" value="'.newToken().'">';
 			print '<input type="hidden" name="action" value="updateline">';
 			print '<input type="hidden" name="elrowid" value="'.$object->lines[$cursorline - 1]->id.'">';
-			print '<input type="hidden" name="idprod" value="'.(!empty($object->lines[$cursorline - 1]->fk_product) ? $object->lines[$cursorline - 1]->fk_product : 0).'">';
 			print '<input type="hidden" name="fournprice" value="'.(!empty($object->lines[$cursorline - 1]->fk_fournprice) ? $object->lines[$cursorline - 1]->fk_fournprice : 0).'">';
 
 			// Area with common detail of line
@@ -1632,17 +1630,29 @@ if ($action == 'create')
 					// Ligne carac
 					print '<tr class="oddeven">';
 					print '<td>';
-					if ($objp->fk_product)
+					if ($objp->fk_product > 0)
 					{
-						$productstatic->id = $objp->fk_product;
-						$productstatic->type = $objp->ptype;
-						$productstatic->ref = $objp->pref;
-						$productstatic->entity = $objp->pentity;
-						print $productstatic->getNomUrl(1, '', 32);
-						print $objp->label ? ' - '.dol_trunc($objp->label, 32) : '';
+						$canchangeproduct = 1;
+						if (empty($canchangeproduct)) {
+							$productstatic->id = $objp->fk_product;
+							$productstatic->type = $objp->ptype;
+							$productstatic->ref = $objp->pref;
+							$productstatic->entity = $objp->pentity;
+							print $productstatic->getNomUrl(1, '', 32);
+							print $objp->label ? ' - '.dol_trunc($objp->label, 32) : '';
+							print '<input type="hidden" name="idprod" value="'.(!empty($object->lines[$cursorline - 1]->fk_product) ? $object->lines[$cursorline - 1]->fk_product : 0).'">';
+						} else {
+							$senderissupplier = 0;
+							if (empty($senderissupplier)) {
+								print $form->select_produits((!empty($object->lines[$cursorline - 1]->fk_product) ? $object->lines[$cursorline - 1]->fk_product : 0), 'idprod');
+							} else {
+								print $form->select_produits_fournisseurs((!empty($object->lines[$cursorline - 1]->fk_product) ? $object->lines[$cursorline - 1]->fk_product : 0), 'idprod');
+							}
+						}
 						print '<br>';
 					} else {
 						print $objp->label ? $objp->label.'<br>' : '';
+						print '<input type="hidden" name="idprod" value="'.(!empty($object->lines[$cursorline - 1]->fk_product) ? $object->lines[$cursorline - 1]->fk_product : 0).'">';
 					}
 
 					// editeur wysiwyg
diff --git a/htdocs/contrat/class/contrat.class.php b/htdocs/contrat/class/contrat.class.php
index f94b19c30b9..6bed3b96954 100644
--- a/htdocs/contrat/class/contrat.class.php
+++ b/htdocs/contrat/class/contrat.class.php
@@ -1911,7 +1911,6 @@ class Contrat extends CommonObject
 		}
 
 		$statusType = 'status'.$status;
-		if ($status == self::STATUS_VALIDATED) $statusType = 'status4';
 		if ($status == self::STATUS_VALIDATED) $statusType = 'status6';
 
 		if ($mode == 4 || $mode == 6 || $mode == 7)
diff --git a/htdocs/contrat/list.php b/htdocs/contrat/list.php
index 531642f81f7..608fc6c0d81 100644
--- a/htdocs/contrat/list.php
+++ b/htdocs/contrat/list.php
@@ -369,11 +369,9 @@ if ($user->rights->contrat->supprimer) $arrayofmassactions['predelete'] = '<span
 if (in_array($massaction, array('presend', 'predelete'))) $arrayofmassactions = array();
 $massactionbutton = $form->selectMassAction('', $arrayofmassactions);
 
-$newcardbutton = '';
-if ($user->rights->contrat->creer)
-{
-    $newcardbutton .= dolGetButtonTitle($langs->trans('NewContractSubscription'), '', 'fa fa-plus-circle', DOL_URL_ROOT.'/contrat/card.php?action=create');
-}
+$url = DOL_URL_ROOT.'/contrat/card.php?action=create';
+if (!empty($socid)) $url .= '&socid='.$socid;
+$newcardbutton = dolGetButtonTitle($langs->trans('NewContractSubscription'), '', 'fa fa-plus-circle', $url, '', $user->rights->contrat->creer);
 
 print '<form method="POST" action="'.$_SERVER['PHP_SELF'].'">';
 if ($optioncss != '') print '<input type="hidden" name="optioncss" value="'.$optioncss.'">';
diff --git a/htdocs/core/class/commondocgenerator.class.php b/htdocs/core/class/commondocgenerator.class.php
index 2eac2d5d900..54f14c25cab 100644
--- a/htdocs/core/class/commondocgenerator.class.php
+++ b/htdocs/core/class/commondocgenerator.class.php
@@ -397,6 +397,8 @@ abstract class CommonDocGenerator
 		$array_key.'_payment_term_code'=>$object->cond_reglement_code,
 		$array_key.'_payment_term'=>($outputlangs->transnoentitiesnoconv('PaymentCondition'.$object->cond_reglement_code) != 'PaymentCondition'.$object->cond_reglement_code ? $outputlangs->transnoentitiesnoconv('PaymentCondition'.$object->cond_reglement_code) : ($object->cond_reglement_doc ? $object->cond_reglement_doc : $object->cond_reglement)),
 
+        $array_key.'_incoterms'=>(method_exists($object, 'display_incoterms') ? $object->display_incoterms() : ''),
+
 		$array_key.'_bank_iban'=>$bank_account->iban,
 		$array_key.'_bank_bic'=>$bank_account->bic,
 
diff --git a/htdocs/core/class/commonobject.class.php b/htdocs/core/class/commonobject.class.php
index 1d04040d5e3..38596f2a265 100644
--- a/htdocs/core/class/commonobject.class.php
+++ b/htdocs/core/class/commonobject.class.php
@@ -5741,11 +5741,9 @@ abstract class CommonObject
 		}
 
 		// Set value of $morecss. For this, we use in priority showsize from parameters, then $val['css'] then autodefine
-		if (empty($morecss) && !empty($val['css']))
-		{
+		if (empty($morecss) && !empty($val['css'])) {
 			$morecss = $val['css'];
-		} elseif (empty($morecss))
-		{
+		} elseif (empty($morecss)) {
 			if ($type == 'date')
 			{
 				$morecss = 'minwidth100imp';
@@ -5792,16 +5790,16 @@ abstract class CommonObject
 		{
 			$tmp = explode(',', $size);
 			$newsize = $tmp[0];
-			$out = '<input type="text" class="flat '.$morecss.' maxwidthonsmartphone" name="'.$keyprefix.$key.$keysuffix.'" id="'.$keyprefix.$key.$keysuffix.'" maxlength="'.$newsize.'" value="'.dol_escape_htmltag($value).'"'.($moreparam ? $moreparam : '').($autofocusoncreate ? ' autofocus' : '').'>';
+			$out = '<input type="text" class="flat '.$morecss.'" name="'.$keyprefix.$key.$keysuffix.'" id="'.$keyprefix.$key.$keysuffix.'" maxlength="'.$newsize.'" value="'.dol_escape_htmltag($value).'"'.($moreparam ? $moreparam : '').($autofocusoncreate ? ' autofocus' : '').'>';
 		} elseif (in_array($type, array('real')))
 		{
-			$out = '<input type="text" class="flat '.$morecss.' maxwidthonsmartphone" name="'.$keyprefix.$key.$keysuffix.'" id="'.$keyprefix.$key.$keysuffix.'" value="'.dol_escape_htmltag($value).'"'.($moreparam ? $moreparam : '').($autofocusoncreate ? ' autofocus' : '').'>';
+			$out = '<input type="text" class="flat '.$morecss.'" name="'.$keyprefix.$key.$keysuffix.'" id="'.$keyprefix.$key.$keysuffix.'" value="'.dol_escape_htmltag($value).'"'.($moreparam ? $moreparam : '').($autofocusoncreate ? ' autofocus' : '').'>';
 		} elseif (preg_match('/varchar/', $type))
 		{
-			$out = '<input type="text" class="flat '.$morecss.' maxwidthonsmartphone" name="'.$keyprefix.$key.$keysuffix.'" id="'.$keyprefix.$key.$keysuffix.'" maxlength="'.$size.'" value="'.dol_escape_htmltag($value).'"'.($moreparam ? $moreparam : '').($autofocusoncreate ? ' autofocus' : '').'>';
+			$out = '<input type="text" class="flat '.$morecss.'" name="'.$keyprefix.$key.$keysuffix.'" id="'.$keyprefix.$key.$keysuffix.'" maxlength="'.$size.'" value="'.dol_escape_htmltag($value).'"'.($moreparam ? $moreparam : '').($autofocusoncreate ? ' autofocus' : '').'>';
 		} elseif (in_array($type, array('mail', 'phone', 'url')))
 		{
-			$out = '<input type="text" class="flat '.$morecss.' maxwidthonsmartphone" name="'.$keyprefix.$key.$keysuffix.'" id="'.$keyprefix.$key.$keysuffix.'" value="'.dol_escape_htmltag($value).'" '.($moreparam ? $moreparam : '').($autofocusoncreate ? ' autofocus' : '').'>';
+			$out = '<input type="text" class="flat '.$morecss.'" name="'.$keyprefix.$key.$keysuffix.'" id="'.$keyprefix.$key.$keysuffix.'" value="'.dol_escape_htmltag($value).'" '.($moreparam ? $moreparam : '').($autofocusoncreate ? ' autofocus' : '').'>';
 		} elseif ($type == 'text')
 		{
 			if (!preg_match('/search_/', $keyprefix))		// If keyprefix is search_ or search_options_, we must just use a simple text field
diff --git a/htdocs/core/class/html.form.class.php b/htdocs/core/class/html.form.class.php
index 27e7029c254..e00d544ed22 100644
--- a/htdocs/core/class/html.form.class.php
+++ b/htdocs/core/class/html.form.class.php
@@ -4038,7 +4038,7 @@ class Form
 	 *													type can be 'hidden', 'text', 'password', 'checkbox', 'radio', 'date', 'morecss', ...
 	 * 	   @param  	string			$selectedchoice  	'' or 'no', or 'yes' or '1' or '0'
 	 * 	   @param  	int|string		$useajax		   	0=No, 1=Yes, 2=Yes but submit page with &confirm=no if choice is No, 'xxx'=Yes and preoutput confirm box with div id=dialog-confirm-xxx
-	 *     @param  	int				$height          	Force height of box (0 = auto)
+	 *     @param  	int|string		$height          	Force height of box (0 = auto)
 	 *     @param	int				$width				Force width of box ('999' or '90%'). Ignored and forced to 90% on smartphones.
 	 *     @param	int				$disableformtag		1=Disable form tag. Can be used if we are already inside a <form> section.
 	 *     @return 	string      		    			HTML ajax code if a confirm ajax popup is required, Pure HTML code if it's an html form
@@ -4058,7 +4058,7 @@ class Form
 
 		// Set height automatically if not defined
 		if (empty($height)) {
-			$height = 210;
+			$height = 220;
 			if (is_array($formquestion) && count($formquestion) > 2) {
 				$height += ((count($formquestion) - 2) * 24);
 			}
@@ -5280,10 +5280,11 @@ class Form
 	 *  @param  string      $openinghours   Specify hour start and hour end for the select ex 8,20
 	 *  @param  int         $stepminutes    Specify step for minutes between 1 and 30
 	 *  @param	string		$labeladddateof Label to use for the $adddateof parameter.
+	 *  @param	string 		$placeholder    Placeholder
 	 * 	@return string                      Html for selectDate
 	 *  @see    form_date(), select_month(), select_year(), select_dayofweek()
 	 */
-	public function selectDate($set_time = '', $prefix = 're', $h = 0, $m = 0, $empty = 0, $form_name = "", $d = 1, $addnowlink = 0, $disabled = 0, $fullday = '', $addplusone = '', $adddateof = '', $openinghours = '', $stepminutes = 1, $labeladddateof = '')
+	public function selectDate($set_time = '', $prefix = 're', $h = 0, $m = 0, $empty = 0, $form_name = "", $d = 1, $addnowlink = 0, $disabled = 0, $fullday = '', $addplusone = '', $adddateof = '', $openinghours = '', $stepminutes = 1, $labeladddateof = '', $placeholder = '')
 	{
 		global $conf, $langs;
 
@@ -5420,6 +5421,7 @@ class Form
 					$retstring .= '<div class="nowrap inline-block">';
 					$retstring .= '<input id="'.$prefix.'" name="'.$prefix.'" type="text" class="maxwidthdate" maxlength="11" value="'.$formated_date.'"';
 					$retstring .= ($disabled ? ' disabled' : '');
+					$retstring .= ($placeholder ? ' placeholder="'.$placeholder.'"' : '');
 					$retstring .= ' onChange="dpChangeDay(\''.$prefix.'\',\''.$langs->trans("FormatDateShortJavaInput").'\'); "'; // FormatDateShortInput for dol_print_date / FormatDateShortJavaInput that is same for javascript
 					$retstring .= '>';
 
diff --git a/htdocs/core/class/html.formfile.class.php b/htdocs/core/class/html.formfile.class.php
index db9f326dfdc..2e06837563e 100644
--- a/htdocs/core/class/html.formfile.class.php
+++ b/htdocs/core/class/html.formfile.class.php
@@ -1252,7 +1252,7 @@ class FormFile
 							} else {
 								print '<a href="'.$urlforhref['url'].'" class="'.$urlforhref['css'].'" target="'.$urlforhref['target'].'" mime="'.$urlforhref['mime'].'">';
 							}
-							print '<img class="photo maxwidth200" height="'.(($useinecm == 4 || $useinecm == 5 || $useinecm == 6) ? '12' : $maxheightmini).'" src="'.DOL_URL_ROOT.'/viewimage.php?modulepart='.$modulepart.'&entity='.(!empty($object->entity) ? $object->entity : $conf->entity).'&file='.urlencode($relativepath.$smallfile).'" title="">';
+							print '<img class="photo maxwidth200 shadow" height="'.(($useinecm == 4 || $useinecm == 5 || $useinecm == 6) ? '12' : $maxheightmini).'" src="'.DOL_URL_ROOT.'/viewimage.php?modulepart='.$modulepart.'&entity='.(!empty($object->entity) ? $object->entity : $conf->entity).'&file='.urlencode($relativepath.$smallfile).'" title="">';
 							print '</a>';
 						} else print '&nbsp;';
 						print '</td>';
diff --git a/htdocs/core/class/html.formother.class.php b/htdocs/core/class/html.formother.class.php
index 96c73deff7a..dc55d0931f7 100644
--- a/htdocs/core/class/html.formother.class.php
+++ b/htdocs/core/class/html.formother.class.php
@@ -1048,6 +1048,7 @@ class FormOther
         	// Class Form must have been already loaded
         	$selectboxlist .= '<!-- Form with select box list -->'."\n";
 			$selectboxlist .= '<form id="addbox" name="addbox" method="POST" action="'.$_SERVER["PHP_SELF"].'">';
+			$selectboxlist .= '<input type="hidden" name="token" value="'.newToken().'">';
 			$selectboxlist .= '<input type="hidden" name="addbox" value="addbox">';
 			$selectboxlist .= '<input type="hidden" name="userid" value="'.$user->id.'">';
 			$selectboxlist .= '<input type="hidden" name="areacode" value="'.$areacode.'">';
diff --git a/htdocs/core/js/lib_head.js.php b/htdocs/core/js/lib_head.js.php
index b95d3d18f6c..b71dfc3eeb2 100644
--- a/htdocs/core/js/lib_head.js.php
+++ b/htdocs/core/js/lib_head.js.php
@@ -1130,4 +1130,15 @@ $(document).ready(function() {
 });
 <?php } ?>
 
+// Force to hide menus when page is inside an iFrame
+$(document).ready(function() {
+	if (window.location !== window.parent.location ) {
+		console.log("Page is detected to be into an iframe, we hide by CSS the menus");
+		// The page is in an iframe
+		jQuery(".side-nav-vert, .side-nav").hide();
+		jQuery(".id-container").css('width', '100%');
+
+	}
+});
+
 // End of lib_head.js.php
diff --git a/htdocs/core/lib/date.lib.php b/htdocs/core/lib/date.lib.php
index 30fd6d29a1d..48e347afbd1 100644
--- a/htdocs/core/lib/date.lib.php
+++ b/htdocs/core/lib/date.lib.php
@@ -466,8 +466,8 @@ function dol_get_next_week($day, $week, $month, $year)
  *	@param		int			$year		Year
  * 	@param		int			$month		Month
  * 	@param		mixed		$gm			False or 0 or 'server' = Return date to compare with server TZ, True or 1 to compare with GM date.
- *                          			Exemple: dol_get_first_day(1970,1,false) will return -3600 with TZ+1, after a dol_print_date will return 1970-01-01 00:00:00
- *                          			Exemple: dol_get_first_day(1970,1,true) will return 0 whatever is TZ, after a dol_print_date will return 1970-01-01 00:00:00
+ *                          			Exemple: dol_get_first_day(1970,1,false) will return -3600 with TZ+1, a dol_print_date on it will return 1970-01-01 00:00:00
+ *                          			Exemple: dol_get_first_day(1970,1,true) will return 0 whatever is TZ, a dol_print_date on it will return 1970-01-01 00:00:00
  *  @return		int						Date for first day, '' if error
  */
 function dol_get_first_day($year, $month = 1, $gm = false)
@@ -502,6 +502,28 @@ function dol_get_last_day($year, $month = 12, $gm = false)
 	return $datelim;
 }
 
+/**	Return GMT time for last hour of a given GMT date (it removes hours, min and second part)
+ *
+ *	@param		int			$date		Date
+ *  @return		int						Date for last hour of a given date
+ */
+function dol_get_last_hour($date)
+{
+	$tmparray = dol_getdate($date);
+	return dol_mktime(23, 59, 59, $tmparray['mon'], $tmparray['mday'], $tmparray['year'], false);
+}
+
+/**	Return GMT time for first hour of a given GMT date (it removes hours, min and second part)
+ *
+ *	@param		int			$date		Date
+ *  @return		int						Date for last hour of a given date
+ */
+function dol_get_first_hour($date)
+{
+	$tmparray = dol_getdate($date);
+	return dol_mktime(0, 0, 0, $tmparray['mon'], $tmparray['mday'], $tmparray['year'], false);
+}
+
 /**	Return first day of week for a date. First day of week may be monday if option MAIN_START_WEEK is 1.
  *
  *	@param		int		$day		Day
diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php
index 90f919fe2d7..e9375f91e30 100644
--- a/htdocs/core/lib/functions.lib.php
+++ b/htdocs/core/lib/functions.lib.php
@@ -3859,7 +3859,7 @@ function info_admin($text, $infoonimgalt = 0, $nodiv = 0, $admin = '1', $morecss
 		$result = ($nodiv ? '' : '<div class="'.$class.' hideonsmartphone'.($morecss ? ' '.$morecss : '').($textfordropdown ? ' hidden' : '').'">').'<span class="fa fa-info-circle" title="'.dol_escape_htmltag($admin ? $langs->trans('InfoAdmin') : $langs->trans('Note')).'"></span> '.$text.($nodiv ? '' : '</div>');
 
 		if ($textfordropdown) {
-			$tmpresult .= '<span class="'.$class.'text opacitymedium">'.$langs->trans($textfordropdown).' '.img_picto($langs->trans($textfordropdown), '1downarrow').'</span>';
+			$tmpresult .= '<span class="'.$class.'text opacitymedium cursorpointer">'.$langs->trans($textfordropdown).' '.img_picto($langs->trans($textfordropdown), '1downarrow').'</span>';
 			$tmpresult .= '<script type="text/javascript" language="javascript">
 				jQuery(document).ready(function() {
 					jQuery(".'.$class.'text").click(function() {
@@ -4104,15 +4104,14 @@ function getTitleFieldOfList($name, $thead = 0, $file = "", $field = "", $begin
 	//var_dump('field='.$field.' field1='.$field1.' sortfield='.$sortfield.' sortfield1='.$sortfield1);
 	// If field is used as sort criteria we use a specific css class liste_titre_sel
 	// Example if (sortfield,field)=("nom","xxx.nom") or (sortfield,field)=("nom","nom")
+	$liste_titre = 'liste_titre';
 	if ($field1 && ($sortfield1 == $field1 || $sortfield1 == preg_replace("/^[^\.]+\./", "", $field1))) {
-		$out .= '<'.$tag.' class="'.$prefix.'liste_titre_sel" '.$moreattrib;
-		$out .= (($field && empty($conf->global->MAIN_DISABLE_WRAPPING_ON_COLUMN_TITLE) && preg_match('/^[a-zA-Z_0-9\s\.\-:&;]*$/', $name)) ? ' title="'.dol_escape_htmltag($langs->trans($name)).'"' : '');
-		$out .= '>';
-	} else {
-		$out .= '<'.$tag.' class="'.$prefix.'liste_titre" '.$moreattrib;
-		$out .= (($field && empty($conf->global->MAIN_DISABLE_WRAPPING_ON_COLUMN_TITLE) && preg_match('/^[a-zA-Z_0-9\s\.\-:&;]*$/', $name)) ? ' title="'.dol_escape_htmltag($langs->trans($name)).'"' : '');
-		$out .= '>';
+		$liste_titre = 'liste_titre_sel';
 	}
+	$out .= '<'.$tag.' class="'.$prefix.$liste_titre.'" '.$moreattrib;
+	//$out .= (($field && empty($conf->global->MAIN_DISABLE_WRAPPING_ON_COLUMN_TITLE) && preg_match('/^[a-zA-Z_0-9\s\.\-:&;]*$/', $name)) ? ' title="'.dol_escape_htmltag($langs->trans($name)).'"' : '');
+	$out .= (($field && empty($conf->global->MAIN_DISABLE_WRAPPING_ON_COLUMN_TITLE)) ? ' title="'.dol_escape_htmltag($langs->trans($name)).'"' : '');
+	$out .= '>';
 
 	if (empty($thead) && $field && empty($disablesortlink))    // If this is a sort field
 	{
diff --git a/htdocs/core/lib/security2.lib.php b/htdocs/core/lib/security2.lib.php
index 4e7234d5c73..6f206832e2d 100644
--- a/htdocs/core/lib/security2.lib.php
+++ b/htdocs/core/lib/security2.lib.php
@@ -92,7 +92,7 @@ function checkLoginPassEntity($usertotest, $passwordtotest, $entitytotest, $auth
     				// Call function to check user/password
     				$function = 'check_user_password_'.$mode;
     				$login = call_user_func($function, $usertotest, $passwordtotest, $entitytotest, $context);
-    				if ($login)	// Login is successfull
+    				if ($login && $login != '--bad-login-validity--')	// Login is successfull
     				{
     					$test = false; // To stop once at first login success
     					$conf->authmode = $mode; // This properties is defined only when logged to say what mode was successfully used
diff --git a/htdocs/core/lib/treeview.lib.php b/htdocs/core/lib/treeview.lib.php
index 14538a15b0c..c0cfa20f529 100644
--- a/htdocs/core/lib/treeview.lib.php
+++ b/htdocs/core/lib/treeview.lib.php
@@ -103,15 +103,16 @@ function tree_showpad(&$fulltree, $key, $silent = 0)
  *	$arrayofcss=array('/includes/jquery/plugins/jquerytreeview/jquery.treeview.css');
  *  TODO Replace with jstree plugin instead of treeview plugin.
  *
- *  @param	array	$tab    		Array of all elements
- *  @param  array   $pere   		Array with parent ids ('rowid'=>,'mainmenu'=>,'leftmenu'=>,'fk_mainmenu=>,'fk_leftmenu=>)
- *  @param  int	    $rang   		Level of element
- *  @param	string	$iddivjstree	Id to use for parent ul element
+ *  @param	array	$tab    					Array of all elements
+ *  @param  array   $pere   					Array with parent ids ('rowid'=>,'mainmenu'=>,'leftmenu'=>,'fk_mainmenu=>,'fk_leftmenu=>)
+ *  @param  int	    $rang   					Level of element
+ *  @param	string	$iddivjstree				Id to use for parent ul element
  *  @param  int     $donoresetalreadyloaded     Do not reset global array $donoresetalreadyloaded used to avoid to go down on an aleady processed record
- *  @param  int     $showfk         1=show fk_links to parent into label  (used by menu editor only)
+ *  @param  int     $showfk         			1=show fk_links to parent into label  (used by menu editor only)
+ *  @param	string	$moreparam					Add more param on url of elements
  *  @return	void
  */
-function tree_recur($tab, $pere, $rang, $iddivjstree = 'iddivjstree', $donoresetalreadyloaded = 0, $showfk = 0)
+function tree_recur($tab, $pere, $rang, $iddivjstree = 'iddivjstree', $donoresetalreadyloaded = 0, $showfk = 0, $moreparam = '')
 {
     global $tree_recur_alreadyadded, $menu_handler_to_search;
 
@@ -197,7 +198,7 @@ function tree_recur($tab, $pere, $rang, $iddivjstree = 'iddivjstree', $donoreset
 			if ($showfk)
 			{
 			    print '<table class="nobordernopadding centpercent"><tr><td>';
-			    print '<strong> &nbsp; <a href="edit.php?menu_handler='.$menu_handler_to_search.'&action=edit&menuId='.$tab[$x]['rowid'].'">';
+			    print '<strong> &nbsp; <a href="edit.php?menu_handler='.$menu_handler_to_search.'&action=edit&menuId='.$tab[$x]['rowid'].$moreparam.'">';
 			    print $tab[$x]['title'];
 			    print '</a></strong>';
 			    print '&nbsp; (mainmenu='.$tab[$x]['mainmenu'].' leftmenu='.$tab[$x]['leftmenu'].' - fk_mainmenu='.$tab[$x]['fk_mainmenu'].' fk_leftmenu='.$tab[$x]['fk_leftmenu'].')';
diff --git a/htdocs/core/login/functions_dolibarr.php b/htdocs/core/login/functions_dolibarr.php
index 3cdcda3d0b2..52e50a504af 100644
--- a/htdocs/core/login/functions_dolibarr.php
+++ b/htdocs/core/login/functions_dolibarr.php
@@ -45,6 +45,7 @@ function check_user_password_dolibarr($usertotest, $passwordtotest, $entitytotes
 
 	if (!empty($usertotest))
 	{
+		require_once DOL_DOCUMENT_ROOT.'/core/lib/date.lib.php';
 		dol_syslog("functions_dolibarr::check_user_password_dolibarr usertotest=".$usertotest." passwordtotest=".preg_replace('/./', '*', $passwordtotest)." entitytotest=".$entitytotest);
 
 		// If test username/password asked, we define $test=false if ko and $login var to login if ok, set also $_SESSION["dol_loginmesg"] if ko
@@ -53,14 +54,15 @@ function check_user_password_dolibarr($usertotest, $passwordtotest, $entitytotes
 		$usernamecol2 = 'email';
 		$entitycol = 'entity';
 
-		$sql = 'SELECT rowid, login, entity, pass, pass_crypted';
+		$sql = 'SELECT rowid, login, entity, pass, pass_crypted, datestartvalidity, dateendvalidity';
 		$sql .= ' FROM '.$table;
 		$sql .= ' WHERE ('.$usernamecol1." = '".$db->escape($usertotest)."'";
 		if (preg_match('/@/', $usertotest)) $sql .= ' OR '.$usernamecol2." = '".$db->escape($usertotest)."'";
 		$sql .= ') AND '.$entitycol." IN (0,".($entity ? $entity : 1).")";
 		$sql .= ' AND statut = 1';
-		// Required to first found the user into entity, then the superadmin.
-		// For the case (TODO and that we must avoid) a user has renamed its login with same value than a user in entity 0.
+		// Note: Test on validity is done later
+		// Required to firstly found the user into entity, then the superadmin.
+		// For the case (TODO we must avoid that) a user has renamed its login with same value than a user in entity 0.
 		$sql .= ' ORDER BY entity DESC';
 
 		$resql = $db->query($sql);
@@ -69,6 +71,20 @@ function check_user_password_dolibarr($usertotest, $passwordtotest, $entitytotes
 			$obj = $db->fetch_object($resql);
 			if ($obj)
 			{
+				$now = dol_now();
+				if ($obj->datestartvalidity && $db->jdate($obj->datestartvalidity) > $now) {
+					// Load translation files required by the page
+					$langs->loadLangs(array('main', 'errors'));
+					$_SESSION["dol_loginmesg"] = $langs->trans("ErrorLoginDateValidity");
+					return '--bad-login-validity--';
+				}
+				if ($obj->dateendvalidity && $db->jdate($obj->dateendvalidity) < dol_get_first_hour($now)) {
+					// Load translation files required by the page
+					$langs->loadLangs(array('main', 'errors'));
+					$_SESSION["dol_loginmesg"] = $langs->trans("ErrorLoginDateValidity");
+					return '--bad-login-validity--';
+				}
+
 				$passclear = $obj->pass;
 				$passcrypted = $obj->pass_crypted;
 				$passtyped = $passwordtotest;
@@ -79,19 +95,19 @@ function check_user_password_dolibarr($usertotest, $passwordtotest, $entitytotes
 				$cryptType = '';
 				if (!empty($conf->global->DATABASE_PWD_ENCRYPTED)) $cryptType = $conf->global->DATABASE_PWD_ENCRYPTED;
 
-				// By default, we used MD5
-				if (!in_array($cryptType, array('md5'))) $cryptType = 'md5';
+				// By default, we use default setup for encryption rule
+				if (!in_array($cryptType, array('auto'))) $cryptType = 'auto';
 				// Check crypted password according to crypt algorithm
-				if ($cryptType == 'md5')
+				if ($cryptType == 'auto')
 				{
-					if (dol_verifyHash($passtyped, $passcrypted))
+					if (dol_verifyHash($passtyped, $passcrypted, '0'))
 					{
 						$passok = true;
 						dol_syslog("functions_dolibarr::check_user_password_dolibarr Authentification ok - ".$cryptType." of pass is ok");
 					}
 				}
 
-				// For compatibility with old versions
+				// For compatibility with very old versions
 				if (!$passok)
 				{
 					if ((!$passcrypted || $passtyped)
diff --git a/htdocs/core/login/functions_http.php b/htdocs/core/login/functions_http.php
index 45167fc21c9..7b2eebb0426 100644
--- a/htdocs/core/login/functions_http.php
+++ b/htdocs/core/login/functions_http.php
@@ -33,12 +33,33 @@
 */
 function check_user_password_http($usertotest, $passwordtotest, $entitytotest)
 {
+	global $db, $langs;
+
 	dol_syslog("functions_http::check_user_password_http _SERVER[REMOTE_USER]=".(empty($_SERVER["REMOTE_USER"]) ? '' : $_SERVER["REMOTE_USER"]));
 
 	$login = '';
 	if (!empty($_SERVER["REMOTE_USER"]))
 	{
 		$login = $_SERVER["REMOTE_USER"];
+
+		require_once DOL_DOCUMENT_ROOT.'/core/lib/date.lib.php';
+
+		$tmpuser = new User($db);
+		$tmpuser->fetch('', $login, '', 1, ($entitytotest > 0 ? $entitytotest : -1));
+
+		$now = dol_now();
+		if ($tmpuser->datestartvalidity && $db->jdate($tmpuser->datestartvalidity) >= $now) {
+			// Load translation files required by the page
+			$langs->loadLangs(array('main', 'errors'));
+			$_SESSION["dol_loginmesg"] = $langs->trans("ErrorLoginDateValidity");
+			return '--bad-login-validity--';
+		}
+		if ($tmpuser->dateendvalidity && $db->jdate($tmpuser->dateendvalidity) <= dol_get_first_hour($now)) {
+			// Load translation files required by the page
+			$langs->loadLangs(array('main', 'errors'));
+			$_SESSION["dol_loginmesg"] = $langs->trans("ErrorLoginDateValidity");
+			return '--bad-login-validity--';
+		}
 	}
 
 	return $login;
diff --git a/htdocs/core/login/functions_ldap.php b/htdocs/core/login/functions_ldap.php
index 0885519f0fa..287563b01c3 100644
--- a/htdocs/core/login/functions_ldap.php
+++ b/htdocs/core/login/functions_ldap.php
@@ -151,6 +151,27 @@ function check_user_password_ldap($usertotest, $passwordtotest, $entitytotest)
 				dol_syslog("functions_ldap::check_user_password_ldap Authentification ok");
 				$login = $usertotest;
 
+				require_once DOL_DOCUMENT_ROOT.'/core/lib/date.lib.php';
+
+				$tmpuser = new User($db);
+				$tmpuser->fetch('', $login, '', 1, ($entitytotest > 0 ? $entitytotest : -1));
+
+				$now = dol_now();
+				if ($tmpuser->datestartvalidity && $db->jdate($tmpuser->datestartvalidity) >= $now) {
+					$ldap->close();
+					// Load translation files required by the page
+					$langs->loadLangs(array('main', 'errors'));
+					$_SESSION["dol_loginmesg"] = $langs->trans("ErrorLoginDateValidity");
+					return '--bad-login-validity--';
+				}
+				if ($tmpuser->dateendvalidity && $db->jdate($tmpuser->dateendvalidity) <= dol_get_first_hour($now)) {
+					$ldap->close();
+					// Load translation files required by the page
+					$langs->loadLangs(array('main', 'errors'));
+					$_SESSION["dol_loginmesg"] = $langs->trans("ErrorLoginDateValidity");
+					return '--bad-login-validity--';
+				}
+
 				// ldap2dolibarr synchronisation
 				if ($login && !empty($conf->ldap->enabled) && $conf->global->LDAP_SYNCHRO_ACTIVE == 'ldap2dolibarr')	// ldap2dolibarr synchronisation
 				{
@@ -188,6 +209,7 @@ function check_user_password_ldap($usertotest, $passwordtotest, $entitytotest)
 
 						//$resultUpdate = $usertmp->update_ldap2dolibarr($ldap);
 					}
+
 					unset($usertmp);
 				}
 
diff --git a/htdocs/core/login/functions_openid.php b/htdocs/core/login/functions_openid.php
index 1f23424fb6b..e5e66a7fc80 100644
--- a/htdocs/core/login/functions_openid.php
+++ b/htdocs/core/login/functions_openid.php
@@ -36,7 +36,7 @@ include_once DOL_DOCUMENT_ROOT.'/core/class/openid.class.php';
  */
 function check_user_password_openid($usertotest, $passwordtotest, $entitytotest)
 {
-    global $_POST, $db, $conf, $langs;
+    global $db, $conf, $langs;
 
     dol_syslog("functions_openid::check_user_password_openid usertotest=".$usertotest);
 
@@ -57,7 +57,7 @@ function check_user_password_openid($usertotest, $passwordtotest, $entitytotest)
             $openid->SetApprovedURL($protocol.$_SERVER["HTTP_HOST"].$_SERVER["SCRIPT_NAME"]); // Send Response from OpenID server to this script
             $openid->Redirect(); // This will redirect user to OpenID Server
         } else {
-            $error = $openid->GetError();
+        	$_SESSION["dol_loginmesg"] = $openid->GetError();
             return false;
         }
         return false;
@@ -72,7 +72,7 @@ function check_user_password_openid($usertotest, $passwordtotest, $entitytotest)
         {
             // OK HERE KEY IS VALID
 
-            $sql = "SELECT login";
+            $sql = "SELECT login, entity, datestartvalidity, dateendvalidity";
             $sql .= " FROM ".MAIN_DB_PREFIX."user";
             $sql .= " WHERE openid = '".$db->escape($_GET['openid_identity'])."'";
             $sql .= " AND entity IN (0,".($_SESSION["dol_entity"] ? $_SESSION["dol_entity"] : 1).")";
@@ -84,13 +84,27 @@ function check_user_password_openid($usertotest, $passwordtotest, $entitytotest)
                 $obj = $db->fetch_object($resql);
                 if ($obj)
                 {
+                	$now = dol_now();
+                	if ($obj->datestartvalidity && $db->jdate($obj->datestartvalidity) > $now) {
+                		// Load translation files required by the page
+                		$langs->loadLangs(array('main', 'errors'));
+                		$_SESSION["dol_loginmesg"] = $langs->trans("ErrorLoginDateValidity");
+                		return '--bad-login-validity--';
+                	}
+                	if ($obj->dateendvalidity && $db->jdate($obj->dateendvalidity) < dol_get_first_hour($now)) {
+                		// Load translation files required by the page
+                		$langs->loadLangs(array('main', 'errors'));
+                		$_SESSION["dol_loginmesg"] = $langs->trans("ErrorLoginDateValidity");
+                		return '--bad-login-validity--';
+                	}
+
                     $login = $obj->login;
                 }
             }
         } elseif ($openid->IsError() === true)
         {
             // ON THE WAY, WE GOT SOME ERROR
-            $error = $openid->GetError();
+        	$_SESSION["dol_loginmesg"] = $openid->GetError();
             return false;
         } else {
             // Signature Verification Failed
diff --git a/htdocs/core/modules/syslog/mod_syslog_syslog.php b/htdocs/core/modules/syslog/mod_syslog_syslog.php
index 91a3cdb9b44..58fb5f632bf 100644
--- a/htdocs/core/modules/syslog/mod_syslog_syslog.php
+++ b/htdocs/core/modules/syslog/mod_syslog_syslog.php
@@ -16,7 +16,7 @@ class mod_syslog_syslog extends LogHandler implements LogHandlerInterface
 	 */
 	public function getName()
 	{
-		return 'Syslog';
+		return 'Syslogd';
 	}
 
 	/**
diff --git a/htdocs/core/tpl/commonfields_view.tpl.php b/htdocs/core/tpl/commonfields_view.tpl.php
index 24019c59c75..5f58ba9e7e9 100644
--- a/htdocs/core/tpl/commonfields_view.tpl.php
+++ b/htdocs/core/tpl/commonfields_view.tpl.php
@@ -59,6 +59,7 @@ foreach ($object->fields as $key => $val)
 	print '</td>';
 	print '<td class="valuefield fieldname_'.$key;
 	if ($val['type'] == 'text') print ' wordbreak';
+	if ($val['cssview']) print ' '.$val['cssview'];
 	print '">';
 	if (in_array($val['type'], array('text', 'html'))) print '<div class="longmessagecut">';
 	print $object->showOutputField($val, $key, $value, '', '', '', 0);
@@ -105,7 +106,10 @@ foreach ($object->fields as $key => $val)
 	if (!empty($val['help'])) print $form->textwithpicto($langs->trans($val['label']), $langs->trans($val['help']));
 	else print $langs->trans($val['label']);
 	print '</td>';
-	print '<td>';
+	print '<td class="valuefield fieldname_'.$key;
+	if ($val['type'] == 'text') print ' wordbreak';
+	if ($val['cssview']) print ' '.$val['cssview'];
+	print '">';
 	if (in_array($val['type'], array('text', 'html'))) print '<div class="longmessagecut">';
 	print $object->showOutputField($val, $key, $value, '', '', '', 0);
 	//print dol_escape_htmltag($object->$key, 1, 1);
diff --git a/htdocs/core/tpl/objectline_edit.tpl.php b/htdocs/core/tpl/objectline_edit.tpl.php
index 86cb472da43..6ced56b5e03 100644
--- a/htdocs/core/tpl/objectline_edit.tpl.php
+++ b/htdocs/core/tpl/objectline_edit.tpl.php
@@ -1,6 +1,6 @@
 <?php
 /* Copyright (C) 2010-2012	Regis Houssin		<regis.houssin@inodbox.com>
- * Copyright (C) 2010-2012	Laurent Destailleur	<eldy@users.sourceforge.net>
+ * Copyright (C) 2010-2020	Laurent Destailleur	<eldy@users.sourceforge.net>
  * Copyright (C) 2012		Christophe Battarel	<christophe.battarel@altairis.fr>
  * Copyright (C) 2012       Cédric Salvador     <csalvador@gpcsolutions.fr>
  * Copyright (C) 2012-2014  Raphaël Doursenaud  <rdoursenaud@gpcsolutions.fr>
@@ -29,6 +29,7 @@
  * $forceall (0 by default, 1 for supplier invoices/orders)
  * $senderissupplier (0 by default, 1 for supplier invoices/orders)
  * $inputalsopricewithtax (0 by default, 1 to also show column with unit price including tax)
+ * $canchangeproduct (0 by default, 1 to allow to change the product if it is a predefined product)
  */
 
 // Protection to avoid direct call of template
@@ -42,12 +43,12 @@ if (empty($object) || !is_object($object))
 $usemargins = 0;
 if (!empty($conf->margin->enabled) && !empty($object->element) && in_array($object->element, array('facture', 'facturerec', 'propal', 'commande'))) $usemargins = 1;
 
-global $forceall, $senderissupplier, $inputalsopricewithtax;
+global $forceall, $senderissupplier, $inputalsopricewithtax, $canchangeproduct;
 if (empty($dateSelector)) $dateSelector = 0;
 if (empty($forceall)) $forceall = 0;
 if (empty($senderissupplier)) $senderissupplier = 0;
 if (empty($inputalsopricewithtax)) $inputalsopricewithtax = 0;
-
+if (empty($canchangeproduct)) $canchangeproduct = 0;
 
 // Define colspan for the button 'Add'
 $colspan = 3; // Col total ht + col edit + col delete
@@ -71,27 +72,33 @@ $coldisplay++;
 
 	<input type="hidden" name="lineid" value="<?php echo $line->id; ?>">
 	<input type="hidden" id="product_type" name="type" value="<?php echo $line->product_type; ?>">
-	<input type="hidden" id="product_id" name="productid" value="<?php echo (!empty($line->fk_product) ? $line->fk_product : 0); ?>" />
 	<input type="hidden" id="special_code" name="special_code" value="<?php echo $line->special_code; ?>">
 	<input type="hidden" id="fk_parent_line" name="fk_parent_line" value="<?php echo $line->fk_parent_line; ?>">
 
 	<?php if ($line->fk_product > 0) { ?>
 		<?php
-		if ($line->fk_parent_line > 0) echo img_picto('', 'rightarrow');
+		if (empty($canchangeproduct)) {
+			if ($line->fk_parent_line > 0) echo img_picto('', 'rightarrow');
+			?>
+			<a href="<?php echo DOL_URL_ROOT.'/product/card.php?id='.$line->fk_product; ?>">
+			<?php
+			if ($line->product_type == 1) echo img_object($langs->trans('ShowService'), 'service');
+			else print img_object($langs->trans('ShowProduct'), 'product');
+			echo ' '.$line->ref;
+			?>
+			</a>
+			<?php
+			echo ' - '.nl2br($line->product_label);
+			print '<input type="hidden" id="product_id" name="productid" value="'.(!empty($line->fk_product) ? $line->fk_product : 0).'">';
+		} else {
+			if ($senderissupplier) {
+				print $form->select_produits_fournisseurs(!empty($line->fk_product) ? $line->fk_product : 0, 'productid');
+			} else {
+				print $form->select_produits(!empty($line->fk_product) ? $line->fk_product : 0, 'productid');
+			}
+		}
 		?>
-		<a href="<?php echo DOL_URL_ROOT.'/product/card.php?id='.$line->fk_product; ?>">
-		<?php
-		if ($line->product_type == 1) echo img_object($langs->trans('ShowService'), 'service');
-		else print img_object($langs->trans('ShowProduct'), 'product');
-		echo ' '.$line->ref;
-		?>
-		</a>
-		<?php
-		echo ' - '.nl2br($line->product_label);
-		?>
-
 		<br><br>
-
 	<?php }	?>
 
 	<?php
diff --git a/htdocs/cron/admin/cron.php b/htdocs/cron/admin/cron.php
index 90b7afc717a..7c094a4cd20 100644
--- a/htdocs/cron/admin/cron.php
+++ b/htdocs/cron/admin/cron.php
@@ -61,7 +61,8 @@ if (!empty($actionsave))
  *	View
  */
 
-llxHeader();
+$help_url = '';
+llxHeader('', '', $help_url);
 
 $linkback = '<a href="'.DOL_URL_ROOT.'/admin/modules.php?restore_lastsearch_values=1">'.$langs->trans("BackToModuleList").'</a>';
 print load_fiche_titre($langs->trans("CronSetup"), $linkback, 'title_setup');
@@ -81,17 +82,17 @@ print '<table class="noborder centpercent">';
 print '<tr class="liste_titre">';
 print "<td>".$langs->trans("Parameter")."</td>";
 print "<td>".$langs->trans("Value")."</td>";
-print "<td>&nbsp;</td>";
+print "<td></td>";
 print "</tr>";
 
-print '<tr class="impair">';
+print '<tr class="oddeven">';
 print '<td class="fieldrequired">'.$langs->trans("KeyForCronAccess").'</td>';
 $disabled = '';
 if (!empty($conf->global->CRON_DISABLE_KEY_CHANGE)) $disabled = ' disabled="disabled"';
 print '<td>';
 if (empty($conf->global->CRON_DISABLE_KEY_CHANGE))
 {
-    print '<input type="text" class="flat minwidth200"'.$disabled.' id="CRON_KEY" name="CRON_KEY" value="'.(GETPOST('CRON_KEY') ?GETPOST('CRON_KEY') : (!empty($conf->global->CRON_KEY) ? $conf->global->CRON_KEY : '')).'">';
+    print '<input type="text" class="flat minwidth300"'.$disabled.' id="CRON_KEY" name="CRON_KEY" value="'.(GETPOST('CRON_KEY') ?GETPOST('CRON_KEY') : (!empty($conf->global->CRON_KEY) ? $conf->global->CRON_KEY : '')).'">';
     if (!empty($conf->use_javascript_ajax))
     	print '&nbsp;'.img_picto($langs->trans('Generate'), 'refresh', 'id="generate_token" class="linkobject"');
 } else {
diff --git a/htdocs/expedition/list.php b/htdocs/expedition/list.php
index 77796fc9bc1..3f9de5533fc 100644
--- a/htdocs/expedition/list.php
+++ b/htdocs/expedition/list.php
@@ -359,11 +359,11 @@ if ($resql)
 	if (in_array($massaction, array('presend'))) $arrayofmassactions = array();
 	$massactionbutton = $form->selectMassAction('', $arrayofmassactions);
 
-	$newcardbutton = '';
-	if ($user->rights->expedition->creer)
-	{
-		$newcardbutton .= dolGetButtonTitle($langs->trans('NewSending'), '', 'fa fa-plus-circle', DOL_URL_ROOT.'/expedition/card.php?action=create2');
-	}
+	// Currently: a sending can't create from sending list
+	// $url = DOL_URL_ROOT.'/expedition/card.php?action=create';
+	// if (!empty($socid)) $url .= '&socid='.$socid;
+	// $newcardbutton = dolGetButtonTitle($langs->trans('NewSending'), '', 'fa fa-plus-circle', $url, '', $user->rights->expedition->creer);
+	$newcardbutton = dolGetButtonTitle($langs->trans('NewSending'), '', 'fa fa-plus-circle', DOL_URL_ROOT.'/expedition/card.php?action=create2', '', $user->rights->expedition->creer);
 
 	$i = 0;
 	print '<form method="POST" action="'.$_SERVER["PHP_SELF"].'">'."\n";
diff --git a/htdocs/expensereport/list.php b/htdocs/expensereport/list.php
index bfc5ed64f5e..0a264c59a2a 100644
--- a/htdocs/expensereport/list.php
+++ b/htdocs/expensereport/list.php
@@ -200,48 +200,6 @@ if (empty($reshook))
     $permissiontodelete = $user->rights->expensereport->supprimer;
     $uploaddir = $conf->expensereport->dir_output;
     include DOL_DOCUMENT_ROOT.'/core/actions_massactions.inc.php';
-
-    if ($action == 'update' && !$cancel)
-    {
-    	require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
-
-    	if ($canedituser)    // Case we can edit all field
-    	{
-    		$error = 0;
-
-    		if (!$error)
-    		{
-    			$objectuser->fetch($id);
-
-    			$objectuser->oldcopy = clone $objectuser;
-
-    			$db->begin();
-
-    			$objectuser->default_range = GETPOST('default_range');
-    			$objectuser->default_c_exp_tax_cat = GETPOST('default_c_exp_tax_cat');
-
-    			if (!$error) {
-    				$ret = $objectuser->update($user);
-    				if ($ret < 0) {
-    					$error++;
-    					if ($db->errno() == 'DB_ERROR_RECORD_ALREADY_EXISTS') {
-    						$langs->load("errors");
-    						setEventMessages($langs->trans("ErrorLoginAlreadyExists", $objectuser->login), null, 'errors');
-    					} else {
-    						setEventMessages($objectuser->error, $objectuser->errors, 'errors');
-    					}
-    				}
-    			}
-
-    			if (!$error && !count($objectuser->errors)) {
-    				setEventMessages($langs->trans("UserModified"), null, 'mesgs');
-    				$db->commit();
-    			} else {
-    				$db->rollback();
-    			}
-    		}
-    	}
-    }
 }
 
 
@@ -387,71 +345,22 @@ if ($resql)
 
 		dol_banner_tab($fuser, 'id', $linkback, $user->rights->user->user->lire || $user->admin);
 
-		print '<div class="fichecenter">';
-		print '<div class="underbanner clearboth"></div>';
-
-		if (!empty($conf->global->MAIN_USE_EXPENSE_IK))
-		{
-			print '<table class="border centpercent">';
-
-			if ($action == 'edit')
-			{
-				print '<tr><td class="titlefield">'.$langs->trans("DefaultCategoryCar").'</td>';
-				print '<td>';
-				print $form->selectExpenseCategories($fuser->default_c_exp_tax_cat, 'default_c_exp_tax_cat', 1);
-				print '</td></tr>';
-
-				print '<tr><td>'.$langs->trans("DefaultRangeNumber").'</td>';
-				print '<td>';
-				$maxRangeNum = ExpenseReportIk::getMaxRangeNumber($fuser->default_c_exp_tax_cat);
-				print $form->selectarray('default_range', range(0, $maxRangeNum), $fuser->default_range);
-				print '</td></tr>';
-			} else {
-				print '<tr><td class="titlefield">'.$langs->trans("DefaultCategoryCar").'</td>';
-				print '<td class="fk_c_exp_tax_cat">';
-				print dol_getIdFromCode($db, $fuser->default_c_exp_tax_cat, 'c_exp_tax_cat', 'rowid', 'label');
-				print '</td></tr>';
-
-				print '<tr><td>'.$langs->trans("DefaultRangeNumber").'</td>';
-				print '<td>';
-				print $fuser->default_range;
-				print '</td></tr>';
-			}
-
-			print '</table>';
-		}
-
-		print '</div>';
-
-		/*if (empty($conf->global->HOLIDAY_HIDE_BALANCE))
-		{
-			print '<div class="underbanner clearboth"></div>';
-
-			print '<br>';
-
-			showMyBalance($holiday, $user_id);
-		}*/
-
 		dol_fiche_end();
 
 		if ($action != 'edit')
 		{
 			print '<div class="tabsAction">';
 
-			if (!empty($conf->global->MAIN_USE_EXPENSE_IK))
-			{
-				print '<a href="'.$_SERVER["PHP_SELF"].'?action=edit&id='.$user_id.'" class="butAction">'.$langs->trans("Modify").'</a>';
-			}
-
 			$childids = $user->getAllChildIds(1);
 
 			$canedit = ((in_array($user_id, $childids) && $user->rights->expensereport->creer)
 				|| ($conf->global->MAIN_USE_ADVANCED_PERMS && $user->rights->expensereport->writeall_advance));
 
 			// Buttons for actions
-			if ($canedit)
-			{
+			if ($canedit) {
 				print '<a href="'.DOL_URL_ROOT.'/expensereport/card.php?action=create&fk_user_author='.$fuser->id.'" class="butAction">'.$langs->trans("AddTrip").'</a>';
+			} else {
+				print '<a href="#" class="butActionRefused" title="'.$langs->trans("NotEnoughPermission").'">'.$langs->trans("AddTrip").'</a>';
 			}
 
 			print '</div>';
@@ -463,11 +372,9 @@ if ($resql)
 	} else {
 		$title = $langs->trans("ListTripsAndExpenses");
 
-		$newcardbutton = '';
-		if ($user->rights->expensereport->creer)
-		{
-            $newcardbutton .= dolGetButtonTitle($langs->trans('NewTrip'), '', 'fa fa-plus-circle', DOL_URL_ROOT.'/expensereport/card.php?action=create');
-		}
+		$url = DOL_URL_ROOT.'/expensereport/card.php?action=create';
+		if (!empty($socid)) $url .= '&socid='.$socid;
+		$newcardbutton = dolGetButtonTitle($langs->trans('NewTrip'), '', 'fa fa-plus-circle', $url, '', $user->rights->expensereport->creer);
 
 		print_barre_liste($title, $page, $_SERVER["PHP_SELF"], $param, $sortfield, $sortorder, $massactionbutton, $num, $nbtotalofrecords, 'trip', 0, $newcardbutton, '', $limit, 0, 0, 1);
 	}
diff --git a/htdocs/fichinter/list.php b/htdocs/fichinter/list.php
index 7c48f087be5..e9814ce481c 100644
--- a/htdocs/fichinter/list.php
+++ b/htdocs/fichinter/list.php
@@ -95,9 +95,10 @@ $fieldstosearchall = array(
 	's.nom'=>"ThirdParty",
 	'f.description'=>'Description',
 	'f.note_public'=>'NotePublic',
+	'fd.description'=>'DescriptionOfLine',
 );
 if (empty($user->socid)) $fieldstosearchall["f.note_private"] = "NotePrivate";
-if (!empty($conf->global->FICHINTER_DISABLE_DETAILS)) unset($fieldstosearchall['f.description']);
+if (!empty($conf->global->FICHINTER_DISABLE_DETAILS)) unset($fieldstosearchall['fd.description']);
 
 // Definition of fields for list
 $arrayfields = array(
@@ -319,7 +320,10 @@ if ($resql)
 	$massactionbutton = $form->selectMassAction('', $arrayofmassactions);
 
 	$newcardbutton = '';
-	$morehtmlcenter .= dolGetButtonTitle($langs->trans('NewIntervention'), '', 'fa fa-plus-circle', DOL_URL_ROOT.'/fichinter/card.php?action=create', '', $user->rights->ficheinter->creer);
+
+	$url = DOL_URL_ROOT.'/fichinter/card.php?action=create';
+	if (!empty($socid)) $url .= '&socid='.$socid;
+	$newcardbutton = dolGetButtonTitle($langs->trans('NewIntervention'), '', 'fa fa-plus-circle', $url, '', $user->rights->ficheinter->creer);
 
 	// Lines of title fields
 	print '<form method="POST" id="searchFormList" action="'.$_SERVER["PHP_SELF"].'">'."\n";
diff --git a/htdocs/fourn/commande/list.php b/htdocs/fourn/commande/list.php
index c900431d910..6be60c04249 100644
--- a/htdocs/fourn/commande/list.php
+++ b/htdocs/fourn/commande/list.php
@@ -649,11 +649,9 @@ if ($resql)
 	if (in_array($massaction, array('presend', 'predelete', 'createbills'))) $arrayofmassactions = array();
 	$massactionbutton = $form->selectMassAction('', $arrayofmassactions);
 
-	$newcardbutton = '';
-	if ($user->rights->fournisseur->commande->creer)
-	{
-        $newcardbutton .= dolGetButtonTitle($langs->trans('NewOrder'), '', 'fa fa-plus-circle', DOL_URL_ROOT.'/fourn/commande/card.php?action=create');
-    }
+	$url = DOL_URL_ROOT.'/fourn/commande/card.php?action=create';
+	if (!empty($socid)) $url .= '&socid='.$socid;
+	$newcardbutton = dolGetButtonTitle($langs->trans('NewOrder'), '', 'fa fa-plus-circle', $url, '', $user->rights->fournisseur->commande->creer);
 
 	// Fields title search
 	print '<form method="POST" action="'.$_SERVER["PHP_SELF"].'">';
diff --git a/htdocs/fourn/facture/list.php b/htdocs/fourn/facture/list.php
index bbc4f45e4b2..f893b0e2e72 100644
--- a/htdocs/fourn/facture/list.php
+++ b/htdocs/fourn/facture/list.php
@@ -508,11 +508,9 @@ if ($resql)
 	if (in_array($massaction, array('presend', 'predelete', 'createbills'))) $arrayofmassactions = array();
 	$massactionbutton = $form->selectMassAction('', $arrayofmassactions);
 
-	$newcardbutton = '';
-	if ($user->rights->fournisseur->facture->creer)
-	{
-        $newcardbutton .= dolGetButtonTitle($langs->trans('NewBill'), '', 'fa fa-plus-circle', DOL_URL_ROOT.'/fourn/facture/card.php?action=create');
-	}
+	$url = DOL_URL_ROOT.'/fourn/facture/card.php?action=create';
+	if (!empty($socid)) $url .= '&socid='.$socid;
+	$newcardbutton = dolGetButtonTitle($langs->trans('NewBill'), '', 'fa fa-plus-circle', $url, '', $user->rights->fournisseur->facture->creer);
 
 	$i = 0;
 	print '<form method="POST" name="searchFormList" action="'.$_SERVER["PHP_SELF"].'">'."\n";
diff --git a/htdocs/holiday/list.php b/htdocs/holiday/list.php
index 9ea0aa70180..ca83d9341f2 100644
--- a/htdocs/holiday/list.php
+++ b/htdocs/holiday/list.php
@@ -432,11 +432,7 @@ if ($resql)
 	} else {
 		$title = $langs->trans("ListeCP");
 
-		$newcardbutton = '';
-		if ($user->rights->holiday->write)
-		{
-			$newcardbutton .= dolGetButtonTitle($langs->trans('MenuAddCP'), '', 'fa fa-plus-circle', DOL_URL_ROOT.'/holiday/card.php?action=create');
-	    }
+		$newcardbutton = dolGetButtonTitle($langs->trans('MenuAddCP'), '', 'fa fa-plus-circle', DOL_URL_ROOT.'/holiday/card.php?action=create', '', $user->rights->holiday->write);
 
 		print_barre_liste($title, $page, $_SERVER["PHP_SELF"], $param, $sortfield, $sortorder, $massactionbutton, $num, $nbtotalofrecords, 'title_hrm', 0, $newcardbutton, '', $limit, 0, 0, 1);
 	}
diff --git a/htdocs/install/mysql/migration/12.0.0-13.0.0.sql b/htdocs/install/mysql/migration/12.0.0-13.0.0.sql
index 1f7740de467..c80b1d4ebda 100644
--- a/htdocs/install/mysql/migration/12.0.0-13.0.0.sql
+++ b/htdocs/install/mysql/migration/12.0.0-13.0.0.sql
@@ -325,3 +325,6 @@ ALTER TABLE llx_expensereport_ik ADD COLUMN ikoffset double DEFAULT 0 NOT NULL;
 
 ALTER TABLE llx_paiement ADD COLUMN ref_ext varchar(255) AFTER ref;
 
+ALTER TABLE llx_bank ADD COLUMN origin_id integer;
+ALTER TABLE llx_bank ADD COLUMN origin_type varchar(64) NULL;
+ALTER TABLE llx_bank ADD COLUMN import_key varchar(14);
diff --git a/htdocs/install/mysql/tables/llx_bank.sql b/htdocs/install/mysql/tables/llx_bank.sql
index eb04e314545..8dfdba27baa 100644
--- a/htdocs/install/mysql/tables/llx_bank.sql
+++ b/htdocs/install/mysql/tables/llx_bank.sql
@@ -32,11 +32,14 @@ create table llx_bank
   fk_type         varchar(6),                -- TIP,VIR,PRE,CB,CHQ,... (Code in llx_c_paiement)
   num_releve      varchar(50),
   num_chq         varchar(50),
-  numero_compte   varchar(32) NULL,		     -- FEC:CompteNum	| account number
+  numero_compte   varchar(32) NULL,		       -- FEC:CompteNum	| account number
   rappro          tinyint default 0,
   note            text,
   fk_bordereau    integer DEFAULT 0,
-  banque          varchar(255),             -- banque pour les cheques
-  emetteur        varchar(255),             -- emetteur du cheque
-  author          varchar(40)               -- a supprimer apres migration
+  banque          varchar(255),              -- banque pour les cheques
+  emetteur        varchar(255),              -- emetteur du cheque
+  author          varchar(40),               -- a supprimer apres migration
+  origin_id       integer,
+  origin_type     varchar(64) NULL,
+  import_key	  varchar(14)
 )ENGINE=innodb;
diff --git a/htdocs/langs/en_US/admin.lang b/htdocs/langs/en_US/admin.lang
index 658635e639e..adb53e56edf 100644
--- a/htdocs/langs/en_US/admin.lang
+++ b/htdocs/langs/en_US/admin.lang
@@ -1075,6 +1075,7 @@ LabelUsedByDefault=Label used by default if no translation can be found for code
 LabelOnDocuments=Label on documents
 LabelOrTranslationKey=Label or translation key
 ValueOfConstantKey=Value of a configuration constant
+ConstantIsOn=Option %s is on
 NbOfDays=No. of days
 AtEndOfMonth=At end of month
 CurrentNext=Current/Next
@@ -1599,7 +1600,7 @@ SyslogLevel=Level
 SyslogFilename=File name and path
 YouCanUseDOL_DATA_ROOT=You can use DOL_DATA_ROOT/dolibarr.log for a log file in Dolibarr "documents" directory. You can set a different path to store this file.
 ErrorUnknownSyslogConstant=Constant %s is not a known Syslog constant
-OnlyWindowsLOG_USER=Windows only supports LOG_USER
+OnlyWindowsLOG_USER=On Windows, only the LOG_USER facility will be supported
 CompressSyslogs=Compression and backup of debug log files (generated by module Log for debug)
 SyslogFileNumberOfSaves=Number of backup logs to keep
 ConfigureCleaningCronjobToSetFrequencyOfSaves=Configure cleaning scheduled job to set log backup frequency
diff --git a/htdocs/langs/en_US/categories.lang b/htdocs/langs/en_US/categories.lang
index 9bb71984ecf..c813f6d694f 100644
--- a/htdocs/langs/en_US/categories.lang
+++ b/htdocs/langs/en_US/categories.lang
@@ -84,7 +84,7 @@ AddProductServiceIntoCategory=Add the following product/service
 ShowCategory=Show tag/category
 ByDefaultInList=By default in list
 ChooseCategory=Choose category
-StocksCategoriesArea=Warehouses Categories Area
-ActionCommCategoriesArea=Events Categories Area
-WebsitePagesCategoriesArea=Page-Container Categories Area
+StocksCategoriesArea=Warehouses Categories
+ActionCommCategoriesArea=Events Categories
+WebsitePagesCategoriesArea=Page-Container Categories
 UseOrOperatorForCategories=Use or operator for categories
diff --git a/htdocs/langs/en_US/errors.lang b/htdocs/langs/en_US/errors.lang
index 773e073955e..ba3beb753b5 100644
--- a/htdocs/langs/en_US/errors.lang
+++ b/htdocs/langs/en_US/errors.lang
@@ -216,7 +216,7 @@ ErrorChooseBetweenFreeEntryOrPredefinedProduct=You must choose if article is a p
 ErrorDiscountLargerThanRemainToPaySplitItBefore=The discount you try to apply is larger than remain to pay. Split the discount in 2 smaller discounts before.
 ErrorFileNotFoundWithSharedLink=File was not found. May be the share key was modified or file was removed recently.
 ErrorProductBarCodeAlreadyExists=The product barcode %s already exists on another product reference.
-ErrorNoteAlsoThatSubProductCantBeFollowedByLot=Note also that using virtual product to have auto increase/decrease of subproducts is not possible when at least one subproduct (or subproduct of subproducts) needs a serial/lot number.
+ErrorNoteAlsoThatSubProductCantBeFollowedByLot=Note also that using kits to have auto increase/decrease of subproducts is not possible when at least one subproduct (or subproduct of subproducts) needs a serial/lot number.
 ErrorDescRequiredForFreeProductLines=Description is mandatory for lines with free product
 ErrorAPageWithThisNameOrAliasAlreadyExists=The page/container <strong>%s</strong> has the same name or alternative alias that the one your try to use
 ErrorDuringChartLoad=Error when loading chart of accounts. If few accounts were not loaded, you can still enter them manually.
@@ -244,6 +244,7 @@ ErrorProductNeedBatchNumber=Error, product '<b>%s</b>' need a lot/serial number
 ErrorProductDoesNotNeedBatchNumber=Error, product '<b>%s</b>' does not accept a lot/serial number
 ErrorFailedToReadObject=Error, failed to read object of type <b>%s</b>
 ErrorParameterMustBeEnabledToAllwoThisFeature=Error, parameter <b>%s</b> must be enabled into <b>conf/conf.php<b> to allow use of Command Line Interface by the internal job scheduler
+ErrorLoginDateValidity=Error, this login is outside the validity date range
 # Warnings
 WarningParamUploadMaxFileSizeHigherThanPostMaxSize=Your PHP parameter upload_max_filesize (%s) is higher than PHP parameter post_max_size (%s). This is not a consistent setup.
 WarningPasswordSetWithNoAccount=A password was set for this member. However, no user account was created. So this password is stored but can't be used to login to Dolibarr. It may be used by an external module/interface but if you don't need to define any login nor password for a member, you can disable option "Manage a login for each member" from Member module setup. If you need to manage a login but don't need any password, you can keep this field empty to avoid this warning. Note: Email can also be used as a login if the member is linked to a user.
diff --git a/htdocs/langs/en_US/modulebuilder.lang b/htdocs/langs/en_US/modulebuilder.lang
index b1f8fbf6384..6b61f8c06c1 100644
--- a/htdocs/langs/en_US/modulebuilder.lang
+++ b/htdocs/langs/en_US/modulebuilder.lang
@@ -77,7 +77,7 @@ IsAMeasure=Is a measure
 DirScanned=Directory scanned
 NoTrigger=No trigger
 NoWidget=No widget
-GoToApiExplorer=Go to API explorer
+GoToApiExplorer=API explorer
 ListOfMenusEntries=List of menu entries
 ListOfDictionariesEntries=List of dictionaries entries
 ListOfPermissionsDefined=List of defined permissions
diff --git a/htdocs/langs/en_US/products.lang b/htdocs/langs/en_US/products.lang
index b59aa2f7080..51f547dbdce 100644
--- a/htdocs/langs/en_US/products.lang
+++ b/htdocs/langs/en_US/products.lang
@@ -108,20 +108,20 @@ FillWithLastServiceDates=Fill with last service line dates
 MultiPricesAbility=Multiple price segments per product/service (each customer is in one price segment)
 MultiPricesNumPrices=Number of prices
 DefaultPriceType=Base of prices per default (with versus without tax) when adding new sale prices
-AssociatedProductsAbility=Activate virtual products (kits)
-AssociatedProducts=Virtual products
-AssociatedProductsNumber=Number of products composing this virtual product
+AssociatedProductsAbility=Activate kits (virtual products)
+AssociatedProducts=Kits
+AssociatedProductsNumber=Number of products composing this kit
 ParentProductsNumber=Number of parent packaging product
 ParentProducts=Parent products
-IfZeroItIsNotAVirtualProduct=If 0, this product is not a virtual product
-IfZeroItIsNotUsedByVirtualProduct=If 0, this product is not used by any virtual product
+IfZeroItIsNotAVirtualProduct=If 0, this product is not a kit
+IfZeroItIsNotUsedByVirtualProduct=If 0, this product is not used by any kit
 KeywordFilter=Keyword filter
 CategoryFilter=Category filter
 ProductToAddSearch=Search product to add
 NoMatchFound=No match found
 ListOfProductsServices=List of products/services
-ProductAssociationList=List of products/services that are component(s) of this virtual product/kit
-ProductParentList=List of virtual products/services with this product as a component
+ProductAssociationList=List of products/services that are component(s) of this kit
+ProductParentList=List of kits with this product as a component
 ErrorAssociationIsFatherOfThis=One of selected product is parent with current product
 DeleteProduct=Delete a product/service
 ConfirmDeleteProduct=Are you sure you want to delete this product/service?
diff --git a/htdocs/langs/en_US/stocks.lang b/htdocs/langs/en_US/stocks.lang
index 70bd81f45b2..ac97c24085c 100644
--- a/htdocs/langs/en_US/stocks.lang
+++ b/htdocs/langs/en_US/stocks.lang
@@ -198,8 +198,6 @@ inventoryWarningProductAlreadyExists=This product is already into list
 SelectCategory=Category filter
 SelectFournisseur=Vendor filter
 inventoryOnDate=Inventory
-INVENTORY_DISABLE_VIRTUAL=Virtual product (kit): do not decrement stock of a child product
-INVENTORY_USE_MIN_PA_IF_NO_LAST_PA=Use the buy price if no last buy price can be found
 INVENTORY_USE_INVENTORY_DATE_FOR_DATE_OF_MVT=Stock movements will have the date of inventory (instead of the date of inventory validation)
 inventoryChangePMPPermission=Allow to change PMP value for a product
 ColumnNewPMP=New unit PMP
diff --git a/htdocs/langs/en_US/users.lang b/htdocs/langs/en_US/users.lang
index 7e81efd0d16..d6ffb849aa8 100644
--- a/htdocs/langs/en_US/users.lang
+++ b/htdocs/langs/en_US/users.lang
@@ -111,8 +111,10 @@ UserAccountancyCode=User accounting code
 UserLogoff=User logout
 UserLogged=User logged
 DateOfEmployment=Employment date
-DateEmployment=Employment Start Date
+DateEmployment=Employment
+DateEmploymentstart=Employment Start Date
 DateEmploymentEnd=Employment End Date
+RangeOfLoginValidity=Date range of login validity
 CantDisableYourself=You can't disable your own user record
 ForceUserExpenseValidator=Force expense report validator
 ForceUserHolidayValidator=Force leave request validator
diff --git a/htdocs/langs/en_US/website.lang b/htdocs/langs/en_US/website.lang
index 9f6c12677bb..c32fcd06f09 100644
--- a/htdocs/langs/en_US/website.lang
+++ b/htdocs/langs/en_US/website.lang
@@ -31,7 +31,7 @@ AddWebsite=Add website
 Webpage=Web page/container
 AddPage=Add page/container
 HomePage=Home Page
-PageContainer=Page/container
+PageContainer=Page
 PreviewOfSiteNotYetAvailable=Preview of your website <strong>%s</strong> not yet available. You must first '<strong>Import a full website template</strong>' or just '<strong>Add a page/container</strong>'.
 RequestedPageHasNoContentYet=Requested page with id %s has no content yet, or cache file .tpl.php was removed. Edit content of the page to solve this.
 SiteDeleted=Web site '%s' deleted
@@ -134,4 +134,5 @@ AvailableLanguagesAreDefinedIntoWebsiteProperties=Available languages are define
 ReplacementDoneInXPages=Replacement done in %s pages or containers
 RSSFeed=RSS Feed
 RSSFeedDesc=You can get a RSS feed of latest articles with type 'blogpost' using this URL
-PagesRegenerated=%s page(s)/container(s) regenerated
\ No newline at end of file
+PagesRegenerated=%s page(s)/container(s) regenerated
+RegenerateWebsiteContent=Regenerate web site cache files
\ No newline at end of file
diff --git a/htdocs/loan/list.php b/htdocs/loan/list.php
index 168e603099e..82ef8ed9407 100644
--- a/htdocs/loan/list.php
+++ b/htdocs/loan/list.php
@@ -150,11 +150,9 @@ if ($resql)
 	if ($search_amount) $param .= "&search_amount=".urlencode($search_amount);
 	if ($optioncss != '') $param .= '&optioncss='.urlencode($optioncss);
 
-	$newcardbutton = '';
-	if ($user->rights->loan->write)
-	{
-        $newcardbutton .= dolGetButtonTitle($langs->trans('NewLoan'), '', 'fa fa-plus-circle', DOL_URL_ROOT.'/loan/card.php?action=create');
-	}
+	$url = DOL_URL_ROOT.'/loan/card.php?action=create';
+	if (!empty($socid)) $url .= '&socid='.$socid;
+	$newcardbutton = dolGetButtonTitle($langs->trans('NewLoan'), '', 'fa fa-plus-circle', $url, '', $user->rights->loan->write);
 
 	print '<form method="POST" id="searchFormList" action="'.$_SERVER["PHP_SELF"].'">'."\n";
 	if ($optioncss != '') print '<input type="hidden" name="optioncss" value="'.$optioncss.'">';
diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php
index 60bac4dcfb4..ce0af2bfd67 100644
--- a/htdocs/main.inc.php
+++ b/htdocs/main.inc.php
@@ -144,7 +144,9 @@ function analyseVarsForSqlAndScriptsInjection(&$var, $type)
 				$errormessage = 'Access refused to '.$ip.' by SQL or Script injection protection in main.inc.php (type='.htmlentities($type).' key='.htmlentities($key).' value='.htmlentities($value).' page='.htmlentities($_SERVER["REQUEST_URI"]).')';
 				print $errormessage;
 				// Add entry into error log
-				error_log($errormessage);
+				if (function_exists('error_log')) {
+					error_log($errormessage);
+				}
 				// TODO Add entry into security audit table
 				exit;
 			}
@@ -380,9 +382,13 @@ if ((!defined('NOCSRFCHECK') && empty($dolibarr_nocsrfcheck) && !empty($conf->gl
 		//print 'Unset POST by CSRF protection in main.inc.php.';	// Do not output anything because this create problems when using the BACK button on browsers.
 		setEventMessages('SecurityTokenHasExpiredSoActionHasBeenCanceledPleaseRetry', null, 'warnings');
 		//if ($conf->global->MAIN_FEATURES_LEVEL >= 1) setEventMessages('Unset POST and GET params by CSRF protection in main.inc.php (Token provided was not generated by the previous page).'."<br>\n".'$_SERVER[REQUEST_URI] = '.$_SERVER['REQUEST_URI'].' $_SERVER[REQUEST_METHOD] = '.$_SERVER['REQUEST_METHOD'].' GETPOST(token) = '.GETPOST('token', 'alpha').' $_SESSION[token] = '.$_SESSION['token'], null, 'warnings');
+		$savid = ((int) $_POST['id']);
 		unset($_POST);
+		//unset($_POST['action']);
+		//unset($_POST['confirm']);
 		unset($_GET['confirm']);
 		unset($_GET['action']);
+		$_POST['id'] = ((int) $savid);
 	}
 }
 
@@ -557,6 +563,10 @@ if (!defined('NOLOGIN'))
 		if ($test && $goontestloop && (GETPOST('actionlogin', 'aZ09') == 'login' || $dolibarr_main_authentication != 'dolibarr'))
 		{
 			$login = checkLoginPassEntity($usertotest, $passwordtotest, $entitytotest, $authmode);
+			if ($login === '--bad-login-validity--') {
+				$login = '';
+			}
+
 			if ($login)
 			{
 				$dol_authmode = $conf->authmode; // This properties is defined only when logged, to say what mode was successfully used
@@ -613,11 +623,16 @@ if (!defined('NOLOGIN'))
 			// No data to test login, so we show the login page.
 			dol_syslog("--- Access to ".$_SERVER["PHP_SELF"]." - action=".GETPOST('action', 'aZ09')." - actionlogin=".GETPOST('actionlogin', 'aZ09')." - showing the login form and exit");
 			if (defined('NOREDIRECTBYMAINTOLOGIN')) return 'ERROR_NOT_LOGGED';
-			else dol_loginfunction($langs, $conf, (!empty($mysoc) ? $mysoc : ''));
+			else {
+				if ($_SERVER["HTTP_USER_AGENT"] == 'securitytest') {
+					http_response_code(401);		// It makes easier to understand if session was broken during security tests
+				}
+				dol_loginfunction($langs, $conf, (!empty($mysoc) ? $mysoc : ''));
+			}
 			exit;
 		}
 
-		$resultFetchUser = $user->fetch('', $login, '', 1, ($entitytotest > 0 ? $entitytotest : -1));
+		$resultFetchUser = $user->fetch('', $login, '', 1, ($entitytotest > 0 ? $entitytotest : -1));	// login was retreived previously when checking password.
 		if ($resultFetchUser <= 0)
 		{
 			dol_syslog('User not found, connexion refused');
diff --git a/htdocs/modulebuilder/index.php b/htdocs/modulebuilder/index.php
index 35201e78952..2404a81b101 100644
--- a/htdocs/modulebuilder/index.php
+++ b/htdocs/modulebuilder/index.php
@@ -94,6 +94,7 @@ $result = restrictedArea($user, 'modulebuilder', null);
 
 $error = 0;
 
+$form = new Form($db);
 
 // Define $listofmodules
 $dirsrootforscan = array($dirread);
@@ -101,7 +102,7 @@ $dirsrootforscan = array($dirread);
 if ($dirread != DOL_DOCUMENT_ROOT && ($conf->global->MAIN_FEATURES_LEVEL >= 2 || !empty($conf->global->MODULEBUILDER_ADD_DOCUMENT_ROOT))) { $dirsrootforscan[] = DOL_DOCUMENT_ROOT; }
 
 // Search modules to edit
-$textforlistofdirs = '<!-- Scanned dir -->'."\n";
+$textforlistofdirs = '<!-- Directory scanned -->'."\n";
 $listofmodules = array();
 $i = 0;
 foreach ($dirsrootforscan as $dirread)
@@ -170,6 +171,10 @@ foreach ($dirsrootforscan as $dirread)
 	if (empty($i)) $textforlistofdirs .= $langs->trans("DirScanned").' : ';
 	else $textforlistofdirs .= ', ';
 	$textforlistofdirs .= '<strong class="wordbreakimp">'.$dirread.'</strong>';
+	if ($dirread == DOL_DOCUMENT_ROOT) {
+		if ($conf->global->MAIN_FEATURES_LEVEL >= 2) $textforlistofdirs .= $form->textwithpicto('', $langs->trans("ConstantIsOn", "MAIN_FEATURES_LEVEL"));
+		if (! empty($conf->global->MODULEBUILDER_ADD_DOCUMENT_ROOT)) $textforlistofdirs .= $form->textwithpicto('', $langs->trans("ConstantIsOn", "MODULEBUILDER_ADD_DOCUMENT_ROOT"));
+	}
 	$i++;
 }
 
@@ -1562,7 +1567,7 @@ llxHeader('', $langs->trans("ModuleBuilder"), '', '', 0, 0,
 	'/includes/ace/src/ext-statusbar.js',
 	'/includes/ace/src/ext-language_tools.js',
 	//'/includes/ace/src/ext-chromevox.js'
-	), array());
+	), array(), '', 'classforhorizontalscrolloftabs');
 
 
 $text = $langs->trans("ModuleBuilder");
@@ -2558,6 +2563,7 @@ if ($module == 'initmodule')
 							print '<th class="center">'.$form->textwithpicto($langs->trans("SearchAll"), $langs->trans("SearchAllDesc")).'</th>';
 							print '<th class="center">'.$form->textwithpicto($langs->trans("IsAMeasure"), $langs->trans("IsAMeasureDesc")).'</th>';
 							print '<th class="center">'.$langs->trans("CSSClass").'</th>';
+							print '<th class="center">'.$langs->trans("CSSViewClass").'</th>';
 							print '<th class="center">'.$langs->trans("KeyForTooltip").'</th>';
 							print '<th class="center">'.$langs->trans("ShowOnCombobox").'</th>';
 							//print '<th class="center">'.$langs->trans("Disabled").'</th>';
@@ -2589,6 +2595,7 @@ if ($module == 'initmodule')
 								print '<td class="center"><input class="text" size="2" name="propsearchall" value="'.dol_escape_htmltag(GETPOST('propsearchall', 'alpha')).'"></td>';
 								print '<td class="center"><input class="text" size="2" name="propisameasure" value="'.dol_escape_htmltag(GETPOST('propisameasure', 'alpha')).'"></td>';
 								print '<td class="center"><input class="text" size="2" name="propcss" value="'.dol_escape_htmltag(GETPOST('propcss', 'alpha')).'"></td>';
+								print '<td class="center"><input class="text" size="2" name="propcssview" value="'.dol_escape_htmltag(GETPOST('propcssview', 'alpha')).'"></td>';
 								print '<td class="center"><input class="text" size="2" name="prophelp" value="'.dol_escape_htmltag(GETPOST('prophelp', 'alpha')).'"></td>';
 								print '<td class="center"><input class="text" size="2" name="propshowoncombobox" value="'.dol_escape_htmltag(GETPOST('propshowoncombobox', 'alpha')).'"></td>';
 								//print '<td class="center"><input class="text" size="2" name="propdisabled" value="'.dol_escape_htmltag(GETPOST('propdisabled', 'alpha')).'"></td>';
@@ -2629,6 +2636,7 @@ if ($module == 'initmodule')
 									$propsearchall = $propval['searchall'];
 									$propisameasure = $propval['isameasure'];
 									$propcss = $propval['css'];
+									$propcssview = $propval['cssview'];
 									$prophelp = $propval['help'];
 									$propshowoncombobox = $propval['showoncombobox'];
 									//$propdisabled=$propval['disabled'];
@@ -2637,63 +2645,70 @@ if ($module == 'initmodule')
 									print '<tr class="oddeven">';
 
 									print '<td>';
-									print $propname;
+									print dol_escape_htmltag($propname);
 									print '</td>';
 									print '<td>';
-									print $proplabel;
+									print dol_escape_htmltag($proplabel);
 									print '</td>';
-									print '<td class="wordbreak">';
-									print $proptype;
+									print '<td class="tdoverflowmax200">';
+									print '<span title="'.dol_escape_htmltag($proptype).'">'.dol_escape_htmltag($proptype).'</span>';
 									print '</td>';
-									print '<td class="wordbreak">';
+									print '<td class="tdoverflowmax200">';
 									if ($proparrayofkeyval) {
-										print json_encode($proparrayofkeyval);
+										print '<span title="'.dol_escape_htmltag(json_encode($proparrayofkeyval)).'">';
+										print dol_escape_htmltag(json_encode($proparrayofkeyval));
+										print '</span>';
 									}
 									print '</td>';
 									print '<td class="center">';
-									print $propnotnull;
+									print dol_escape_htmltag($propnotnull);
 									print '</td>';
 									print '<td>';
-									print $propdefault;
+									print dol_escape_htmltag($propdefault);
 									print '</td>';
 									print '<td class="center">';
 									print $propindex ? '1' : '';
 									print '</td>';
 									print '<td class="center">';
-									print $propforeignkey ? $propforeignkey : '';
+									print $propforeignkey ? dol_escape_htmltag($propforeignkey) : '';
 									print '</td>';
 									print '<td class="right">';
-									print $propposition;
+									print dol_escape_htmltag($propposition);
 									print '</td>';
 									print '<td class="center">';
-									print $propenabled ? $propenabled : '';
+									print $propenabled ? dol_escape_htmltag($propenabled) : '';
 									print '</td>';
 									print '<td class="center">';
-									print $propvisible ? $propvisible : '0';
+									print $propvisible ? dol_escape_htmltag($propvisible) : '0';
 									print '</td>';
 									print '<td class="center">';
-									print $propnoteditable ? $propnoteditable : '';
+									print $propnoteditable ? dol_escape_htmltag($propnoteditable) : '';
 									print '</td>';
 									print '<td class="center">';
 									print $propsearchall ? '1' : '';
 									print '</td>';
 									print '<td class="center">';
-									print $propisameasure ? $propisameasure : '';
+									print $propisameasure ? dol_escape_htmltag($propisameasure) : '';
 									print '</td>';
 									print '<td class="center">';
-									print $propcss ? $propcss : '';
+									print $propcss ? dol_escape_htmltag($propcss) : '';
 									print '</td>';
 									print '<td class="center">';
-									print $prophelp ? $prophelp : '';
+									print $propcssview ? dol_escape_htmltag($propcssview) : '';
+									print '</td>';
+									print '<td class="tdoverflowmax200">';
+									print $prophelp ? dol_escape_htmltag($prophelp) : '';
 									print '</td>';
 									print '<td class="center">';
-									print $propshowoncombobox ? $propshowoncombobox : '';
+									print $propshowoncombobox ? dol_escape_htmltag($propshowoncombobox) : '';
 									print '</td>';
 									/*print '<td class="center">';
 									print $propdisabled?$propdisabled:'';
 									print '</td>';*/
-									print '<td>';
-									print $propcomment;
+									print '<td class="tdoverflowmax200">';
+									print '<span title="'.dol_escape_htmltag($propcomment).'">';
+									print dol_escape_htmltag($propcomment);
+									print '</span>';
 									print '</td>';
 									print '<td class="center">';
 									if ($propname != 'rowid')
diff --git a/htdocs/modulebuilder/template/class/myobject.class.php b/htdocs/modulebuilder/template/class/myobject.class.php
index f52d28c2489..399dd3b10b8 100644
--- a/htdocs/modulebuilder/template/class/myobject.class.php
+++ b/htdocs/modulebuilder/template/class/myobject.class.php
@@ -83,7 +83,7 @@ class MyObject extends CommonObject
 	 *  'foreignkey'=>'tablename.field' if the field is a foreign key (it is recommanded to name the field fk_...).
 	 *  'searchall' is 1 if we want to search in this field when making a search from the quick search button.
 	 *  'isameasure' must be set to 1 if you want to have a total on list for this field. Field type must be summable like integer or double(24,8).
-	 *  'css' is the CSS style to use on field. For example: 'maxwidth200'
+	 *  'css' and 'cssview' is the CSS style to use on field. 'css' is used in creation and update. 'cssview' is used in view mode. For example: 'maxwidth200', 'wordbreak'
 	 *  'help' is a string visible as a tooltip on field
 	 *  'showoncombobox' if value of the field must be visible into the label of the combobox that list record
 	 *  'disabled' is 1 if we want to have the field locked by a 'disabled' attribute. In most cases, this is never set into the definition of $fields into class, but is set dynamically by some part of code.
@@ -102,7 +102,7 @@ class MyObject extends CommonObject
 		'rowid'         => array('type'=>'integer', 'label'=>'TechnicalID', 'enabled'=>1, 'visible'=>-2, 'noteditable'=>1, 'notnull'=> 1, 'index'=>1, 'position'=>1, 'comment'=>'Id', 'css'=>'left'),
 		'ref'           => array('type'=>'varchar(128)', 'label'=>'Ref', 'enabled'=>1, 'visible'=>1, 'noteditable'=>0, 'default'=>'', 'notnull'=> 1, 'showoncombobox'=>1, 'index'=>1, 'position'=>10, 'searchall'=>1, 'comment'=>'Reference of object'),
 		'entity'        => array('type'=>'integer', 'label'=>'Entity', 'enabled'=>1, 'visible'=>0, 'notnull'=> 1, 'default'=>1, 'index'=>1, 'position'=>20),
-		'label'         => array('type'=>'varchar(255)', 'label'=>'Label', 'enabled'=>1, 'visible'=>1, 'position'=>30, 'searchall'=>1, 'css'=>'minwidth200', 'help'=>'Help text', 'showoncombobox'=>1),
+		'label'         => array('type'=>'varchar(255)', 'label'=>'Label', 'enabled'=>1, 'visible'=>1, 'position'=>30, 'searchall'=>1, 'css'=>'minwidth300', 'cssview'=>'wordbreak', 'help'=>'Help text', 'showoncombobox'=>1),
 		'amount'        => array('type'=>'price', 'label'=>'Amount', 'enabled'=>1, 'visible'=>1, 'default'=>'null', 'position'=>40, 'searchall'=>0, 'isameasure'=>1, 'help'=>'Help text for amount'),
 		'qty'           => array('type'=>'real', 'label'=>'Qty', 'enabled'=>1, 'visible'=>1, 'default'=>'0', 'position'=>45, 'searchall'=>0, 'isameasure'=>1, 'help'=>'Help text for quantity', 'css'=>'maxwidth75imp'),
 		'fk_soc' 		=> array('type'=>'integer:Societe:societe/class/societe.class.php:1:status=1 AND entity IN (__SHARED_ENTITIES__)', 'label'=>'ThirdParty', 'visible'=> 1, 'enabled'=>1, 'position'=>50, 'notnull'=>-1, 'index'=>1, 'help'=>'LinkToThirparty'),
diff --git a/htdocs/product/list.php b/htdocs/product/list.php
index 18e6e1c3500..a0bfa073afa 100644
--- a/htdocs/product/list.php
+++ b/htdocs/product/list.php
@@ -313,8 +313,6 @@ if (empty($reshook))
  * View
  */
 
-$htmlother = new FormOther($db);
-
 $title = $langs->trans("ProductsAndServices");
 
 if ($search_type != '' && $search_type != '-1')
@@ -543,21 +541,18 @@ if ($resql)
 	if ($type === "") $perm = ($user->rights->produit->creer || $user->rights->service->creer);
 	elseif ($type == Product::TYPE_SERVICE) $perm = $user->rights->service->creer;
 	elseif ($type == Product::TYPE_PRODUCT) $perm = $user->rights->produit->creer;
-	if ($perm)
-	{
-		$oldtype = $type;
-		$params = array();
-		if ($type === "") $params['forcenohideoftext'] = 1;
-		if ($type === "") {
-			$newcardbutton .= dolGetButtonTitle($langs->trans('NewProduct'), '', 'fa fa-plus-circle', DOL_URL_ROOT.'/product/card.php?action=create&type=0', '', 1, $params);
-			$type = Product::TYPE_SERVICE;
-		}
-		$label = 'NewProduct';
-		if ($type == Product::TYPE_SERVICE) $label = 'NewService';
-		$newcardbutton .= dolGetButtonTitle($langs->trans($label), '', 'fa fa-plus-circle', DOL_URL_ROOT.'/product/card.php?action=create&type='.$type, '', 1, $params);
-
-		$type = $oldtype;
+	$oldtype = $type;
+	$params = array();
+	if ($type === "") $params['forcenohideoftext'] = 1;
+	if ($type === "") {
+		$newcardbutton .= dolGetButtonTitle($langs->trans('NewProduct'), '', 'fa fa-plus-circle', DOL_URL_ROOT.'/product/card.php?action=create&type=0', '', $perm, $params);
+		$type = Product::TYPE_SERVICE;
 	}
+	$label = 'NewProduct';
+	if ($type == Product::TYPE_SERVICE) $label = 'NewService';
+	$newcardbutton .= dolGetButtonTitle($langs->trans($label), '', 'fa fa-plus-circle', DOL_URL_ROOT.'/product/card.php?action=create&type='.$type, '', $perm, $params);
+
+	$type = $oldtype;
 
 	print '<form action="'.$_SERVER["PHP_SELF"].'" method="post" name="formulaire">';
 	if ($optioncss != '') print '<input type="hidden" name="optioncss" value="'.$optioncss.'">';
diff --git a/htdocs/product/stock/card.php b/htdocs/product/stock/card.php
index e2cf02ce3c7..11aa5e860ae 100644
--- a/htdocs/product/stock/card.php
+++ b/htdocs/product/stock/card.php
@@ -258,7 +258,7 @@ if ($action == 'create')
 
 	// Parent entrepot
 	print '<tr><td>'.$langs->trans("AddIn").'</td><td>';
-	print $formproduct->selectWarehouses('', 'fk_parent', '', 1);
+	print $formproduct->selectWarehouses('ifone', 'fk_parent', '', 1);
 	print '</td></tr>';
 
 	// Description
diff --git a/htdocs/product/stock/class/mouvementstock.class.php b/htdocs/product/stock/class/mouvementstock.class.php
index ca6e39c2b07..534b9300158 100644
--- a/htdocs/product/stock/class/mouvementstock.class.php
+++ b/htdocs/product/stock/class/mouvementstock.class.php
@@ -211,6 +211,7 @@ class MouvementStock extends CommonObject
 		{
 			if (empty($batch))
 			{
+				$langs->load("errors");
 				$this->errors[] = $langs->transnoentitiesnoconv("ErrorTryToMakeMoveOnProductRequiringBatchData", $product->ref);
 				dol_syslog("Try to make a movement of a product with status_batch on without any batch data");
 
diff --git a/htdocs/product/stock/product.php b/htdocs/product/stock/product.php
index 858058ef684..54d57bf5d75 100644
--- a/htdocs/product/stock/product.php
+++ b/htdocs/product/stock/product.php
@@ -195,7 +195,7 @@ if ($action == 'setdesiredstock' && !empty($user->rights->produit->creer))
 // Correct stock
 if ($action == "correct_stock" && !$cancel)
 {
-	if (!(GETPOST("id_entrepot") > 0))
+	if (!(GETPOST("id_entrepot", 'int') > 0))
 	{
 		setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("Warehouse")), null, 'errors');
 		$error++;
diff --git a/htdocs/product/stock/replenish.php b/htdocs/product/stock/replenish.php
index 08fb9d6a1f0..98b9f54b2ff 100644
--- a/htdocs/product/stock/replenish.php
+++ b/htdocs/product/stock/replenish.php
@@ -312,6 +312,9 @@ if (!empty($conf->global->STOCK_ALLOW_ADD_LIMIT_STOCK_BY_WAREHOUSE) && $fk_entre
 $sql .= ' '.$sqldesiredtock.' as desiredstockcombined, '.$sqlalertstock.' as seuil_stock_alertecombined,';
 $sql .= ' s.fk_product,';
 $sql .= ' SUM('.$db->ifsql("s.reel IS NULL", "0", "s.reel").') as stock_physique';
+if (!empty($conf->global->STOCK_ALLOW_ADD_LIMIT_STOCK_BY_WAREHOUSE) && $fk_entrepot > 0) {
+	$sql .= ', SUM('.$db->ifsql("s.reel IS NULL OR s.fk_entrepot <> ".$fk_entrepot, "0", "s.reel").') as stock_real_warehouse';
+}
 
 // Add fields from hooks
 $parameters = array();
@@ -530,18 +533,20 @@ if (empty($fk_warhouse) && !empty($conf->global->STOCK_ALLOW_ADD_LIMIT_STOCK_BY_
 if ($usevirtualstock == 1)
 {
 	print $langs->trans("CurentSelectionMode").': ';
-	print $langs->trans("CurentlyUsingVirtualStock").' - ';
-	print '<a href="'.$_SERVER["PHP_SELF"].'?mode=physical&fk_supplier='.$fk_supplier.'&fk_entrepot='.$fk_entrepot.'">'.$langs->trans("UsePhysicalStock").'</a><br>';
+	print $langs->trans("CurentlyUsingVirtualStock");
+	print ' (<a href="'.$_SERVER["PHP_SELF"].'?mode=physical&fk_supplier='.$fk_supplier.'&fk_entrepot='.$fk_entrepot.'">'.$langs->trans("UsePhysicalStock").'</a>)';
+	print '<br>';
 }
 if ($usevirtualstock == 0)
 {
 	print $langs->trans("CurentSelectionMode").': ';
-	print $langs->trans("CurentlyUsingPhysicalStock").' - ';
-	print '<a href="'.$_SERVER["PHP_SELF"].'?mode=virtual&fk_supplier='.$fk_supplier.'&fk_entrepot='.$fk_entrepot.'">'.$langs->trans("UseVirtualStock").'</a><br>';
+	print $langs->trans("CurentlyUsingPhysicalStock");
+	print ' (<a href="'.$_SERVER["PHP_SELF"].'?mode=virtual&fk_supplier='.$fk_supplier.'&fk_entrepot='.$fk_entrepot.'">'.$langs->trans("UseVirtualStock").'</a>)';
+	print '<br>';
 }
 print '<br>'."\n";
 
-print '<form name="formFilterWarehouse" method="POST" action="">';
+print '<form name="formFilterWarehouse" method="POST" action="'.$_SERVER["PHP_SELF"].'">';
 print '<input type="hidden" name="token" value="'.newToken().'">';
 print '<input type="hidden" name="action" value="filter">';
 print '<input type="hidden" name="search_ref" value="'.$search_ref.'">';
@@ -636,11 +641,13 @@ $param .= '&fk_supplier='.$fk_supplier;
 $param .= '&fk_entrepot='.$fk_entrepot;
 
 $stocklabel = $langs->trans('Stock');
+$stocklabelbis = $langs->trans('Stock');
 if ($usevirtualstock == 1) $stocklabel = $langs->trans('VirtualStock');
 if ($usevirtualstock == 0) $stocklabel = $langs->trans('PhysicalStock');
 if (!empty($conf->global->STOCK_ALLOW_ADD_LIMIT_STOCK_BY_WAREHOUSE) && $fk_entrepot > 0)
 {
-    $stocklabel .= ' ('.$langs->trans("AllWarehouses").')';
+	$stocklabelbis = $stocklabel.' (Selected warehouse)';
+	$stocklabel .= ' ('.$langs->trans("AllWarehouses").')';
 }
 $texte = $langs->trans('Replenishment');
 
@@ -689,6 +696,10 @@ if (!empty($conf->service->enabled) && $type == 1) print '<td class="liste_titre
 print '<td class="liste_titre right">'.$form->textwithpicto($langs->trans('IncludeEmptyDesiredStock'), $langs->trans('IncludeProductWithUndefinedAlerts')).'&nbsp;<input type="checkbox" id="includeproductswithoutdesiredqty" name="includeproductswithoutdesiredqty" '.(!empty($includeproductswithoutdesiredqtychecked) ? $includeproductswithoutdesiredqtychecked : '').'></td>';
 print '<td class="liste_titre right"></td>';
 print '<td class="liste_titre right">'.$langs->trans('AlertOnly').'&nbsp;<input type="checkbox" id="salert" name="salert" '.(!empty($alertchecked) ? $alertchecked : '').'></td>';
+if (!empty($conf->global->STOCK_ALLOW_ADD_LIMIT_STOCK_BY_WAREHOUSE) && $fk_entrepot > 0)
+{
+	print '<td class="liste_titre">&nbsp;</td>';
+}
 print '<td class="liste_titre right">';
 if (! empty($conf->global->STOCK_REPLENISH_ADD_CHECKBOX_INCLUDE_DRAFT_ORDER)) {
 	print $langs->trans('IncludeAlsoDraftOrders').'&nbsp;<input type="checkbox" id="draftorder" name="draftorder" '.(!empty($draftchecked) ? $draftchecked : '').'>';
@@ -715,6 +726,10 @@ if (!empty($conf->service->enabled) && $type == 1) print_liste_field_titre('Dura
 print_liste_field_titre('DesiredStock', $_SERVER["PHP_SELF"], 'p.desiredstock', $param, '', '', $sortfield, $sortorder, 'right ');
 print_liste_field_titre('StockLimitShort', $_SERVER["PHP_SELF"], 'p.seuil_stock_alerte', $param, '', '', $sortfield, $sortorder, 'right ');
 print_liste_field_titre($stocklabel, $_SERVER["PHP_SELF"], 'stock_physique', $param, '', '', $sortfield, $sortorder, 'right ');
+if (!empty($conf->global->STOCK_ALLOW_ADD_LIMIT_STOCK_BY_WAREHOUSE) && $fk_entrepot > 0)
+{
+	print_liste_field_titre($stocklabelbis, $_SERVER["PHP_SELF"], 'stock_real_warehouse', $param, '', '', $sortfield, $sortorder, 'right ');
+}
 print_liste_field_titre('Ordered', $_SERVER["PHP_SELF"], '', $param, '', '', $sortfield, $sortorder, 'right ');
 print_liste_field_titre('StockToBuy', $_SERVER["PHP_SELF"], '', $param, '', '', $sortfield, $sortorder, 'right ');
 print_liste_field_titre('SupplierRef', $_SERVER["PHP_SELF"], '', $param, '', '', $sortfield, $sortorder, 'right ');
@@ -757,8 +772,10 @@ while ($i < ($limit ? min($num, $limit) : $num))
 		{
 			// If option to increase/decrease is not on an object validation, virtual stock may differs from physical stock.
 			$stock = $prod->stock_theorique;
+			//TODO $stockwarehouse = $prod->stock_warehouse[$fk_entrepot]->;
 		} else {
 			$stock = $prod->stock_reel;
+			$stockwarehouse = $prod->stock_warehouse[$fk_entrepot]->real;
 		}
 
 		// Force call prod->load_stats_xxx to choose status to count (otherwise it is loaded by load_stock function)
@@ -774,20 +791,29 @@ while ($i < ($limit ? min($num, $limit) : $num))
 		//print $prod->stats_reception['qty'];
 		$ordered = $prod->stats_commande_fournisseur['qty'] - $prod->stats_reception['qty'];
 
-		$desiredstock = ($objp->desiredstockpse ? $objp->desiredstockpse : $objp->desiredstock);
-		$alertstock = ($objp->seuil_stock_alertepse ? $objp->seuil_stock_alertepse : $objp->seuil_stock_alerte);
+		$desiredstock = $objp->desiredstock;
+		$alertstock = $objp->seuil_stock_alerte;
+		$desiredstockwarehouse = ($objp->desiredstockpse ? $objp->desiredstockpse : '');
+		$alertstockwarehouse = ($objp->seuil_stock_alertepse ? $objp->seuil_stock_alertepse : '');
 
 		$warning = '';
 		if ($alertstock && ($stock < $alertstock))
 		{
 			$warning = img_warning($langs->trans('StockTooLow')).' ';
 		}
+		$warningwarehouse = '';
+		if ($alertstockwarehouse && ($stockwarehouse < $alertstockwarehouse))
+		{
+			$warningwarehouse = img_warning($langs->trans('StockTooLow')).' ';
+		}
 
 		//depending on conf, use either physical stock or
 		//virtual stock to compute the stock to buy value
 
 		if (empty($usevirtualstock)) $stocktobuy = max(max($desiredstock, $alertstock) - $stock - $ordered, 0);
 		else $stocktobuy = max(max($desiredstock, $alertstock) - $stock, 0); //ordered is already in $stock in virtual mode
+		if (empty($usevirtualstock)) $stocktobuywarehouse = max(max($desiredstockwarehouse, $alertstockwarehouse) - $stockwarehouse - $ordered, 0);
+		else $stocktobuywarehouse = max(max($desiredstockwarehouse, $alertstockwarehouse) - $stockwarehouse, 0); //ordered is already in $stock in virtual mode
 
 		$picto = '';
 		if ($ordered > 0)
@@ -803,57 +829,67 @@ while ($i < ($limit ? min($num, $limit) : $num))
 			$picto = img_picto($langs->trans("NoPendingReceptionOnSupplierOrder"), 'help');
 		}
 
-		print '<tr class="oddeven">';
+		$variants = $prod->hasVariants();
+		if (!$variants || !empty($conf->global->VARIANT_ALLOW_STOCK_MOVEMENT_ON_VARIANT_PARENT)) {
+			print '<tr class="oddeven">';
 
-		// Select field
-		print '<td><input type="checkbox" class="check" name="choose'.$i.'"></td>';
+			// Select field
+			print '<td><input type="checkbox" class="check" name="choose'.$i.'"></td>';
 
-		print '<td class="nowrap">'.$prod->getNomUrl(1, '').'</td>';
+			print '<td class="nowrap">'.$prod->getNomUrl(1, 'stock').'</td>';
 
-		print '<td>'.$objp->label;
-		print '<input type="hidden" name="desc'.$i.'" value="'.dol_escape_htmltag($objp->description).'">'; // TODO Remove this and make a fetch to get description when creating order instead of a GETPOST
-		print '</td>';
+			print '<td>'.$objp->label;
+			print '<input type="hidden" name="desc'.$i.'" value="'.dol_escape_htmltag($objp->description).'">'; // TODO Remove this and make a fetch to get description when creating order instead of a GETPOST
+			print '</td>';
 
-		if (!empty($conf->service->enabled) && $type == 1)
-		{
-			if (preg_match('/([0-9]+)y/i', $objp->duration, $regs)) {
-				$duration = $regs[1].' '.$langs->trans('DurationYear');
-			} elseif (preg_match('/([0-9]+)m/i', $objp->duration, $regs)) {
-				$duration = $regs[1].' '.$langs->trans('DurationMonth');
-			} elseif (preg_match('/([0-9]+)d/i', $objp->duration, $regs)) {
-				$duration = $regs[1].' '.$langs->trans('DurationDay');
-			} else {
-				$duration = $objp->duration;
+			if (!empty($conf->service->enabled) && $type == 1)
+			{
+				$regs = array();
+				if (preg_match('/([0-9]+)y/i', $objp->duration, $regs)) {
+					$duration = $regs[1].' '.$langs->trans('DurationYear');
+				} elseif (preg_match('/([0-9]+)m/i', $objp->duration, $regs)) {
+					$duration = $regs[1].' '.$langs->trans('DurationMonth');
+				} elseif (preg_match('/([0-9]+)d/i', $objp->duration, $regs)) {
+					$duration = $regs[1].' '.$langs->trans('DurationDay');
+				} else {
+					$duration = $objp->duration;
+				}
+				print '<td class="center">'.$duration.'</td>';
 			}
-			print '<td class="center">'.$duration.'</td>';
+
+			// Desired stock
+			print '<td class="right">'.($fk_entrepot > 0 ? $desiredstockwarehouse : $desiredstock).'</td>';
+
+			// Limit stock for alert
+			print '<td class="right">'.($fk_entrepot > 0 ? $alertstockwarehouse : $alertstock).'</td>';
+
+			// Current stock (all warehouses)
+			print '<td class="right">'.$warning.$stock.'</td>';
+
+			// Current stock (warehouse selected only)
+			if (!empty($conf->global->STOCK_ALLOW_ADD_LIMIT_STOCK_BY_WAREHOUSE) && $fk_entrepot > 0)
+			{
+				print '<td class="right">'.$warningwarehouse.$stockwarehouse.'</td>';
+			}
+
+			// Already ordered
+			print '<td class="right"><a href="replenishorders.php?search_product='.$prod->id.'">'.$ordered.'</a> '.$picto.'</td>';
+
+			// To order
+			print '<td class="right"><input type="text" size="4" name="tobuy'.$i.'" value="'.($fk_entrepot > 0 ? $stocktobuywarehouse : $stocktobuy).'"></td>';
+
+			// Supplier
+			print '<td class="right">';
+	        print $form->select_product_fourn_price($prod->id, 'fourn'.$i, $fk_supplier);
+	        print '</td>';
+
+			// Fields from hook
+			$parameters = array('objp'=>$objp);
+			$reshook = $hookmanager->executeHooks('printFieldListValue', $parameters); // Note that $action and $object may have been modified by hook
+			print $hookmanager->resPrint;
+
+			print '</tr>';
 		}
-
-		// Desired stock
-		print '<td class="right">'.$desiredstock.'</td>';
-
-		// Limit stock for alert
-		print '<td class="right">'.$alertstock.'</td>';
-
-		// Current stock (all warehouses)
-		print '<td class="right">'.$warning.$stock.'</td>';
-
-		// Already ordered
-		print '<td class="right"><a href="replenishorders.php?search_product='.$prod->id.'">'.$ordered.'</a> '.$picto.'</td>';
-
-		// To order
-		print '<td class="right"><input type="text" size="4" name="tobuy'.$i.'" value="'.$stocktobuy.'"></td>';
-
-		// Supplier
-		print '<td class="right">';
-        print $form->select_product_fourn_price($prod->id, 'fourn'.$i, $fk_supplier);
-        print '</td>';
-
-		// Fields from hook
-		$parameters = array('objp'=>$objp);
-		$reshook = $hookmanager->executeHooks('printFieldListValue', $parameters); // Note that $action and $object may have been modified by hook
-		print $hookmanager->resPrint;
-
-		print '</tr>';
 	}
 	$i++;
 }
diff --git a/htdocs/projet/list.php b/htdocs/projet/list.php
index 8157adcf5c4..c73a68b98ee 100644
--- a/htdocs/projet/list.php
+++ b/htdocs/projet/list.php
@@ -448,11 +448,9 @@ if (in_array($massaction, array('presend', 'predelete'))) $arrayofmassactions =
 
 $massactionbutton = $form->selectMassAction('', $arrayofmassactions);
 
-$newcardbutton = '';
-if ($user->rights->projet->creer)
-{
-    $newcardbutton .= dolGetButtonTitle($langs->trans('NewProject'), '', 'fa fa-plus-circle', DOL_URL_ROOT.'/projet/card.php?action=create');
-}
+$url = DOL_URL_ROOT.'/projet/card.php?action=create';
+if (!empty($socid)) $url .= '&socid='.$socid;
+$newcardbutton = dolGetButtonTitle($langs->trans('NewProject'), '', 'fa fa-plus-circle', $url, '', $user->rights->projet->creer);
 
 print '<form method="POST" id="searchFormList" action="'.$_SERVER["PHP_SELF"].'">';
 if ($optioncss != '') print '<input type="hidden" name="optioncss" value="'.$optioncss.'">';
@@ -461,7 +459,6 @@ print '<input type="hidden" name="formfilteraction" id="formfilteraction" value=
 print '<input type="hidden" name="action" value="list">';
 print '<input type="hidden" name="sortfield" value="'.$sortfield.'">';
 print '<input type="hidden" name="sortorder" value="'.$sortorder.'">';
-print '<input type="hidden" name="type" value="'.$type.'">';
 print '<input type="hidden" name="contextpage" value="'.$contextpage.'">';
 
 // Show description of content
diff --git a/htdocs/projet/tasks/list.php b/htdocs/projet/tasks/list.php
index 20d917b2ae8..7d1a8354bb3 100644
--- a/htdocs/projet/tasks/list.php
+++ b/htdocs/projet/tasks/list.php
@@ -421,11 +421,7 @@ if ($user->rights->societe->supprimer) $arrayofmassactions['predelete'] = '<span
 if (in_array($massaction, array('presend', 'predelete'))) $arrayofmassactions = array();
 $massactionbutton = $form->selectMassAction('', $arrayofmassactions);
 
-$newcardbutton = '';
-if ($user->rights->projet->creer)
-{
-    $newcardbutton .= dolGetButtonTitle($langs->trans('NewTask'), '', 'fa fa-plus-circle', DOL_URL_ROOT.'/projet/tasks.php?action=create');
-}
+$newcardbutton = dolGetButtonTitle($langs->trans('NewTask'), '', 'fa fa-plus-circle', DOL_URL_ROOT.'/projet/tasks.php?action=create', '', $user->rights->projet->creer);
 
 print '<form method="POST" id="searchFormList" action="'.$_SERVER["PHP_SELF"].'">';
 if ($optioncss != '') print '<input type="hidden" name="optioncss" value="'.$optioncss.'">';
diff --git a/htdocs/public/payment/newpayment.php b/htdocs/public/payment/newpayment.php
index f7f632459d4..d880025259b 100644
--- a/htdocs/public/payment/newpayment.php
+++ b/htdocs/public/payment/newpayment.php
@@ -68,8 +68,8 @@ $action = GETPOST('action', 'aZ09');
 $suffix = GETPOST("suffix", 'aZ09');
 $amount = price2num(GETPOST("amount", 'alpha'));
 if (!GETPOST("currency", 'alpha')) $currency = $conf->currency;
-else $currency = GETPOST("currency", 'alpha');
-$source = GETPOST("s", 'alpha') ?GETPOST("s", 'alpha') : GETPOST("source", 'alpha');
+else $currency = GETPOST("currency", 'aZ09');
+$source = GETPOST("s", 'aZ09') ?GETPOST("s", 'aZ09') : GETPOST("source", 'aZ09');
 $download = GETPOST('d', 'int') ?GETPOST('d', 'int') : GETPOST('download', 'int');
 
 if (!$action)
@@ -964,8 +964,8 @@ if ($source == 'order')
 	// Tag
 	print '<tr class="CTableRow'.($var ? '1' : '2').'"><td class="CTableRow'.($var ? '1' : '2').'">'.$langs->trans("PaymentCode");
 	print '</td><td class="CTableRow'.($var ? '1' : '2').'"><b style="word-break: break-all;">'.$fulltag.'</b>';
-	print '<input type="hidden" name="tag" value="'.$tag.'">';
-	print '<input type="hidden" name="fulltag" value="'.$fulltag.'">';
+	print '<input type="hidden" name="tag" value="'.dol_escape_htmltag($tag).'">';
+	print '<input type="hidden" name="fulltag" value="'.dol_escape_htmltag($fulltag).'">';
 	print '</td></tr>'."\n";
 
 	// Shipping address
@@ -979,20 +979,20 @@ if ($source == 'order')
 	$phoneNum = $order->thirdparty->phone;
 	if ($shipToName && $shipToStreet && $shipToCity && $shipToCountryCode && $shipToZip)
 	{
-		print '<input type="hidden" name="shipToName" value="'.$shipToName.'">'."\n";
-		print '<input type="hidden" name="shipToStreet" value="'.$shipToStreet.'">'."\n";
-		print '<input type="hidden" name="shipToCity" value="'.$shipToCity.'">'."\n";
-		print '<input type="hidden" name="shipToState" value="'.$shipToState.'">'."\n";
-		print '<input type="hidden" name="shipToCountryCode" value="'.$shipToCountryCode.'">'."\n";
-		print '<input type="hidden" name="shipToZip" value="'.$shipToZip.'">'."\n";
-		print '<input type="hidden" name="shipToStreet2" value="'.$shipToStreet2.'">'."\n";
-		print '<input type="hidden" name="phoneNum" value="'.$phoneNum.'">'."\n";
+		print '<input type="hidden" name="shipToName" value="'.dol_escape_htmltag($shipToName).'">'."\n";
+		print '<input type="hidden" name="shipToStreet" value="'.dol_escape_htmltag($shipToStreet).'">'."\n";
+		print '<input type="hidden" name="shipToCity" value="'.dol_escape_htmltag($shipToCity).'">'."\n";
+		print '<input type="hidden" name="shipToState" value="'.dol_escape_htmltag($shipToState).'">'."\n";
+		print '<input type="hidden" name="shipToCountryCode" value="'.dol_escape_htmltag($shipToCountryCode).'">'."\n";
+		print '<input type="hidden" name="shipToZip" value="'.dol_escape_htmltag($shipToZip).'">'."\n";
+		print '<input type="hidden" name="shipToStreet2" value="'.dol_escape_htmltag($shipToStreet2).'">'."\n";
+		print '<input type="hidden" name="phoneNum" value="'.dol_escape_htmltag($phoneNum).'">'."\n";
 	} else {
 		print '<!-- Shipping address not complete, so we don t use it -->'."\n";
 	}
 	if (is_object($order->thirdparty)) print '<input type="hidden" name="thirdparty_id" value="'.$order->thirdparty->id.'">'."\n";
 	print '<input type="hidden" name="email" value="'.$order->thirdparty->email.'">'."\n";
-	print '<input type="hidden" name="vatnumber" value="'.$order->thirdparty->tva_intra.'">'."\n";
+	print '<input type="hidden" name="vatnumber" value="'.dol_escape_htmltag($order->thirdparty->tva_intra).'">'."\n";
 	$labeldesc = $langs->trans("Order").' '.$order->ref;
 	if (GETPOST('desc', 'alpha')) $labeldesc = GETPOST('desc', 'alpha');
 	print '<input type="hidden" name="desc" value="'.dol_escape_htmltag($labeldesc).'">'."\n";
@@ -1065,8 +1065,9 @@ if ($source == 'invoice')
 	print '<tr class="CTableRow'.($var ? '1' : '2').'"><td class="CTableRow'.($var ? '1' : '2').'">'.$langs->trans("PaymentAmount");
 	if (empty($amount) && empty($object->paye)) print ' ('.$langs->trans("ToComplete").')';
 	print '</td><td class="CTableRow'.($var ? '1' : '2').'">';
-	if (empty($object->paye))
-	{
+	if ($object->type == $object::TYPE_CREDIT_NOTE) {
+		print '<b>'.$langs->trans("CreditNote").'</b>';
+	} elseif (empty($object->paye)) {
 		if (empty($amount) || !is_numeric($amount))
 		{
 			print '<input type="hidden" name="amount" value="'.GETPOST("amount", 'int').'">';
@@ -1076,12 +1077,13 @@ if ($source == 'invoice')
 			print '<input type="hidden" name="amount" value="'.$amount.'">';
 			print '<input type="hidden" name="newamount" value="'.$amount.'">';
 		}
+		print ' <b>'.$langs->trans("Currency".$currency).'</b>';
+		print '<input type="hidden" name="currency" value="'.$currency.'">';
 	} else {
 		print '<b>'.price($object->total_ttc, 1, $langs).'</b>';
+		print ' <b>'.$langs->trans("Currency".$currency).'</b>';
+		print '<input type="hidden" name="currency" value="'.$currency.'">';
 	}
-	// Currency
-	print ' <b>'.$langs->trans("Currency".$currency).'</b>';
-	print '<input type="hidden" name="currency" value="'.$currency.'">';
 	print '</td></tr>'."\n";
 
 	// Tag
diff --git a/htdocs/salaries/list.php b/htdocs/salaries/list.php
index 4c1c58edf6f..9341599ba70 100644
--- a/htdocs/salaries/list.php
+++ b/htdocs/salaries/list.php
@@ -153,11 +153,9 @@ if ($result)
 	if ($typeid) $param .= '&amp;typeid='.$typeid;
 	if ($optioncss != '') $param .= '&amp;optioncss='.$optioncss;
 
-	$newcardbutton = '';
-	if (!empty($user->rights->salaries->write))
-	{
-		$newcardbutton .= dolGetButtonTitle($langs->trans('NewSalaryPayment'), '', 'fa fa-plus-circle', DOL_URL_ROOT.'/salaries/card.php?action=create');
-	}
+	$url = DOL_URL_ROOT.'/salaries/card.php?action=create';
+	if (!empty($socid)) $url .= '&socid='.$socid;
+	$newcardbutton = dolGetButtonTitle($langs->trans('NewSalaryPayment'), '', 'fa fa-plus-circle', $url, '', $user->rights->salaries->write);
 
 	print '<form method="POST" action="'.$_SERVER["PHP_SELF"].'">';
     if ($optioncss != '') print '<input type="hidden" name="optioncss" value="'.$optioncss.'">';
@@ -186,12 +184,10 @@ if ($result)
 	// Date
 	print '<td class="liste_titre center">';
 	print '<div class="nowrap">';
-	print $langs->trans('From').' ';
-	print $form->selectDate($search_date_start ? $search_date_start : -1, 'search_date_start', 0, 0, 1);
+	print $form->selectDate($search_date_start ? $search_date_start : -1, 'search_date_start', 0, 0, 1, '', 1, 0, 0, '', '', '', '', 1, '', $langs->trans('From'));
 	print '</div>';
 	print '<div class="nowrap">';
-	print $langs->trans('to').' ';
-	print $form->selectDate($search_date_end ? $search_date_end : -1, 'search_date_end', 0, 0, 1);
+	print $form->selectDate($search_date_end ? $search_date_end : -1, 'search_date_end', 0, 0, 1, '', 1, 0, 0, '', '', '', '', 1, '', $langs->trans('to'));
 	print '</div>';
 	print '</td>';
 	// Type
diff --git a/htdocs/societe/list.php b/htdocs/societe/list.php
index ad9813c4fec..ea0b3a55d8e 100644
--- a/htdocs/societe/list.php
+++ b/htdocs/societe/list.php
@@ -598,26 +598,28 @@ if ($user->rights->societe->supprimer) $arrayofmassactions['predelete'] = '<span
 if (GETPOST('nomassaction', 'int') || in_array($massaction, array('presend', 'predelete'))) $arrayofmassactions = array();
 $massactionbutton = $form->selectMassAction('', $arrayofmassactions);
 
-$newcardbutton = '';
-if ($user->rights->societe->creer && $contextpage != 'poslist')
-{
-	$typefilter = '';
-	$label = 'MenuNewThirdParty';
+$typefilter = '';
+$label = 'MenuNewThirdParty';
 
-	if (!empty($type))
-	{
-		$typefilter = '&amp;type='.$type;
-		if ($type == 'p') $label = 'MenuNewProspect';
-		if ($type == 'c') $label = 'MenuNewCustomer';
-		if ($type == 'f') $label = 'NewSupplier';
-	}
-
-    $newcardbutton .= dolGetButtonTitle($langs->trans($label), '', 'fa fa-plus-circle', DOL_URL_ROOT.'/societe/card.php?action=create'.$typefilter);
-} elseif ($user->rights->societe->creer && $contextpage == 'poslist')
+if (!empty($type))
 {
+	$typefilter = '&amp;type='.$type;
+	if ($type == 'p') $label = 'MenuNewProspect';
+	if ($type == 'c') $label = 'MenuNewCustomer';
+	if ($type == 'f') $label = 'NewSupplier';
+}
+
+// Show the new button only when this page is not opend from the Extended POS (pop-up window)
+// but allow it too, when a user has the rights to create a new customer
+if ($contextpage != 'poslist')
+{
+	$url = DOL_URL_ROOT.'/societe/card.php?action=create'.$typefilter;
+	if (!empty($socid)) $url .= '&socid='.$socid;
+	$newcardbutton = dolGetButtonTitle($langs->trans($label), '', 'fa fa-plus-circle', $url, '', $user->rights->societe->creer);
+} elseif ($user->rights->societe->creer) {
+	$url = DOL_URL_ROOT.'/societe/card.php?action=create&type=c&contextpage=poslist&optioncss=print&backtopage='.$_SERVER["PHP_SELF"].'?contextpage=poslist&nomassaction=1&optioncss=print&place='.urlencode($place);
 	$label = 'MenuNewCustomer';
-
-	$newcardbutton .= dolGetButtonTitle($langs->trans($label), '', 'fa fa-plus-circle', DOL_URL_ROOT.'/societe/card.php?action=create&type=c&contextpage=poslist&optioncss=print&backtopage='.$_SERVER["PHP_SELF"].'?contextpage=poslist&nomassaction=1&optioncss=print&place='.urlencode($place));
+	$newcardbutton .= dolGetButtonTitle($langs->trans($label), '', 'fa fa-plus-circle', $url);
 }
 
 print '<form method="POST" action="'.$_SERVER["PHP_SELF"].'" name="formfilter" autocomplete="off">';
@@ -701,6 +703,7 @@ if ($moreforfilter)
 
 $varpage = empty($contextpage) ? $_SERVER["PHP_SELF"] : $contextpage;
 $selectedfields = $form->multiSelectArrayWithCheckbox('selectedfields', $arrayfields, $varpage); // This also change content of $arrayfields
+// Show the massaction checkboxes only when this page is not opend from the Extended POS
 if ($massactionbutton && $contextpage != 'poslist') $selectedfields .= $form->showCheckAddButtons('checkforselect', 1);
 
 if (empty($arrayfields['customerorsupplier']['checked'])) print '<input type="hidden" name="type" value="'.$type.'">';
@@ -1308,7 +1311,7 @@ while ($i < min($num, $limit))
 		if (!$i) $totalarray['nbfield']++;
 	}
 
-	// Action column
+	// Action column (Show the massaction button only when this page is not opend from the Extended POS)
 	print '<td class="nowrap center">';
 	if (($massactionbutton || $massaction) && $contextpage != 'poslist')   // If we are in select mode (massactionbutton defined) or if we have already selected and sent an action ($massaction) defined
 	{
diff --git a/htdocs/supplier_proposal/list.php b/htdocs/supplier_proposal/list.php
index 1340dce3b3b..b0f8bf40609 100644
--- a/htdocs/supplier_proposal/list.php
+++ b/htdocs/supplier_proposal/list.php
@@ -414,11 +414,9 @@ if ($resql)
 	if (in_array($massaction, array('presend', 'predelete'))) $arrayofmassactions = array();
 	$massactionbutton = $form->selectMassAction('', $arrayofmassactions);
 
-	$newcardbutton = '';
-	if ($user->rights->supplier_proposal->creer)
-	{
-        $newcardbutton .= dolGetButtonTitle($langs->trans('NewAskPrice'), '', 'fa fa-plus-circle', DOL_URL_ROOT.'/supplier_proposal/card.php?action=create');
-    }
+	$url = DOL_URL_ROOT.'/supplier_proposal/card.php?action=create';
+	if (!empty($socid)) $url .= '&socid='.$socid;
+	$newcardbutton = dolGetButtonTitle($langs->trans('NewAskPrice'), '', 'fa fa-plus-circle', $url, '', $user->rights->supplier_proposal->creer);
 
 	// Fields title search
 	print '<form method="POST" id="searchFormList" action="'.$_SERVER["PHP_SELF"].'">';
diff --git a/htdocs/takepos/admin/terminal.php b/htdocs/takepos/admin/terminal.php
index fb43af6356a..384be4f8f13 100644
--- a/htdocs/takepos/admin/terminal.php
+++ b/htdocs/takepos/admin/terminal.php
@@ -202,11 +202,11 @@ if (!empty($conf->stock->enabled))
 
 
 	print '<tr class="oddeven"><td>'.$langs->trans("CashDeskIdWareHouse").'</td>'; // Force warehouse (this is not a default value)
-	print '<td>';
+	print '<td class="minwidth300">';
 	if (!$disabled)
 	{
-		print $formproduct->selectWarehouses($conf->global->{'CASHDESK_ID_WAREHOUSE'.$terminal}, 'CASHDESK_ID_WAREHOUSE'.$terminal, '', 1, $disabled);
-		print ' <a href="'.DOL_URL_ROOT.'/product/stock/card.php?action=create&backtopage='.urlencode($_SERVER["PHP_SELF"]).'"><span class="fa fa-plus-circle valignmiddle"></span></a>';
+		print $formproduct->selectWarehouses($conf->global->{'CASHDESK_ID_WAREHOUSE'.$terminal}, 'CASHDESK_ID_WAREHOUSE'.$terminal, '', 1, $disabled, 0, '', 0, 0, array(), 'maxwidth250');
+		print ' <a href="'.DOL_URL_ROOT.'/product/stock/card.php?action=create&backtopage='.urlencode($_SERVER["PHP_SELF"].'?&terminal='.$terminal).'"><span class="fa fa-plus-circle valignmiddle"></span></a>';
 	} else {
 		print '<span class="opacitymedium">'.$langs->trans("StockDecreaseForPointOfSaleDisabled").'</span>';
 	}
diff --git a/htdocs/takepos/index.php b/htdocs/takepos/index.php
index c29f74a53fd..73b039d97e9 100644
--- a/htdocs/takepos/index.php
+++ b/htdocs/takepos/index.php
@@ -836,7 +836,7 @@ if (empty($conf->global->TAKEPOS_HIDE_HEAD_BAR)) {
 				<div class="login_block_other">
 				<input type="text" id="search" name="search" onkeyup="Search2(<?php echo $keyCodeForEnter; ?>);"  placeholder="<?php echo $langs->trans("Search"); ?>" autofocus>
 				<a onclick="ClearSearch();"><span class="fa fa-backspace"></span></a>
-				<a onclick="window.location.href='<?php echo DOL_URL_ROOT; ?>';"><span class="fas fa-home"></span></a>
+				<a onclick="window.location.href='<?php echo DOL_URL_ROOT.'/'; ?>';"><span class="fas fa-home"></span></a>
 				<?php if (empty($conf->dol_use_jmobile)) { ?>
 				<a onclick="FullScreen();"><span class="fa fa-expand-arrows-alt"></span></a>
 				<?php } ?>
diff --git a/htdocs/takepos/invoice.php b/htdocs/takepos/invoice.php
index 3ab9f91c9ff..3a7d90cb732 100644
--- a/htdocs/takepos/invoice.php
+++ b/htdocs/takepos/invoice.php
@@ -1065,7 +1065,30 @@ if ($placeid > 0)
 
 				$htmlforlines .= '</td>';
 				$htmlforlines .= '<td class="right">'.vatrate($line->remise_percent, true).'</td>';
-				$htmlforlines .= '<td class="right">'.$line->qty.'</td>';
+				$htmlforlines .= '<td class="right">';
+				if (!empty($conf->stock->enabled))
+				{
+					$constantforkey = 'CASHDESK_ID_WAREHOUSE'.$_SESSION["takeposterminal"];
+					$sql = "SELECT e.rowid, e.ref, e.lieu, e.fk_parent, e.statut, ps.reel, ps.rowid as product_stock_id, p.pmp";
+					$sql .= " FROM ".MAIN_DB_PREFIX."entrepot as e,";
+					$sql .= " ".MAIN_DB_PREFIX."product_stock as ps";
+					$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product as p ON p.rowid = ps.fk_product";
+					$sql .= " WHERE ps.reel != 0";
+					$sql .= " AND ps.fk_entrepot = ".$conf->global->$constantforkey;
+					$sql .= " AND e.entity IN (".getEntity('stock').")";
+					$sql .= " AND ps.fk_product = ".$line->fk_product;
+					$resql = $db->query($sql);
+					if ($resql) {
+						$obj = $db->fetch_object($resql);
+						$stock_real = price2num($obj->reel, 'MS');
+						$htmlforlines .= $line->qty;
+						if ($line->qty && $line->qty > $stock_real) $htmlforlines .= '<span style="color: var(--amountremaintopaycolor)">';
+						$htmlforlines .= ' <span class="posstocktoolow">('.$langs->trans("Stock").' '.$stock_real.')</span>';
+						if ($line->qty && $line->qty > $stock_real) $htmlforlines .= "</span>";
+					}
+				}
+				else $htmlforlines .= $line->qty;
+				$htmlforlines .= '</td>';
 				$htmlforlines .= '<td class="right classfortooltip" title="'.$moreinfo.'">'.price($line->total_ttc).'</td>';
 			}
 			$htmlforlines .= '</tr>'."\n";
diff --git a/htdocs/theme/eldy/global.inc.php b/htdocs/theme/eldy/global.inc.php
index ad4884eb059..96bf875bf3b 100644
--- a/htdocs/theme/eldy/global.inc.php
+++ b/htdocs/theme/eldy/global.inc.php
@@ -118,7 +118,7 @@ body {
 th a { font-weight: <?php echo ($useboldtitle ? 'bold' : 'normal'); ?> !important; }
 a.tab { font-weight: 500 !important; }
 
-a:link, a:visited, a:hover, a:active { color: var(--colortextlink); text-decoration: none;  }
+a:link, a:visited, a:hover, a:active, .classlink { color: var(--colortextlink); text-decoration: none;  }
 a:hover { text-decoration: underline; color: var(--colortextlink); }
 a.commonlink { color: var(--colortextlink) !important; text-decoration: none; }
 th.liste_titre a div div:hover, th.liste_titre_sel a div div:hover { text-decoration: underline; }
@@ -191,10 +191,6 @@ input, select {
 #mainbody input.button:not(.buttongen):not(.bordertransp) {
 	background: var(--butactionbg);
 	color: #FFF !important;
-
-	/* -webkit-box-shadow: 0px 0px 1px 1px rgba(0, 0, 0, 0.2), 0px 0px 0px rgba(60,60,60,0.1);
-    box-shadow: 0px 0px 1px 1px rgba(0, 0, 0, 0.2), 0px 0px 0px rgba(60,60,60,0.1); */
-
 	border-radius: 3px;
     border-collapse: collapse;
     border: none;
@@ -220,7 +216,6 @@ input:invalid, select:invalid {
 
 /* Focus definitions must be after standard definition */
 textarea:focus {
-    /* v6 box-shadow: 0 0 4px #8091BF; */
 	border: 1px solid #aaa !important;
 }
 input:focus, select:focus {
@@ -571,6 +566,9 @@ th .button {
 .centpercent {
 	width: 100%;
 }
+.centpercentwithoutmenu {
+	width: calc(100% - 200px);
+}
 .quatrevingtpercent, .inputsearch {
 	width: 80%;
 }
@@ -1211,6 +1209,7 @@ table[summary="list_of_modules"] .fa-cog {
 .maxwidth125 { max-width: 125px; }
 .maxwidth150 { max-width: 150px; }
 .maxwidth200 { max-width: 200px; }
+.maxwidth250 { max-width: 250px; }
 .maxwidth300 { max-width: 300px; }
 .maxwidth400 { max-width: 400px; }
 .maxwidth500 { max-width: 500px; }
@@ -1272,6 +1271,11 @@ table[summary="list_of_modules"] .fa-cog {
     .minwidth500imp { min-width: 250px !important; }
 }
 
+.widthcentpercentminusx {
+	width: calc(100% - 50px) !important;
+	display: inline-block;
+}
+
 /* Force values for small screen 767 */
 @media only screen and (max-width: 767px)
 {
@@ -1294,7 +1298,7 @@ table[summary="list_of_modules"] .fa-cog {
 		margin-bottom: 15px !important;
 	}
 
-	select.minwidth100imp, select.minwidth100, select.minwidth200, select.minwidth300, .widthcentpercentminusx {
+	select.minwidth100imp, select.minwidth100, select.minwidth200, select.minwidth300 {
 		width: calc(100% - 50px) !important;
 		display: inline-block;
 	}
@@ -1495,20 +1499,20 @@ td.showDragHandle {
 	padding-bottom: 20px;
 }
 
-/* For having horizontal scroll into array (like with smartphone) */
-/*
-#id-container {
+/* DOL_XXX For having horizontal scroll into array (like with smartphone) */
+
+.classforhorizontalscrolloftabs #id-container {
 	width: 100%;
 }
-.side-nav {
+.classforhorizontalscrolloftabs .side-nav {
 	display: block;
 	float: left;
 }
-#id-right {
+.classforhorizontalscrolloftabs #id-right {
 	width:calc(100% - 210px);
 	display: inline-block;
 }
-*/
+
 
 
 <?php if (empty($conf->global->THEME_DISABLE_STICKY_TOPMENU)) {  ?>
@@ -1868,7 +1872,7 @@ div.attacharea {
 }
 div.attachareaformuserfileecm {
 	padding-top: 0;
-	padding-bottom: 0;
+	padding-bottom: 6px;
 }
 
 div.arearef {
@@ -3207,6 +3211,7 @@ div.refid  {
 	font-weight: bold;
   	color: var(--colortexttitlenotab);
   	font-size: 1.2em;
+  	word-break: break-word;
 }
 div.refidno  {
 	padding-top: 3px;
@@ -4419,7 +4424,7 @@ span[phptag] {
 	border-bottom: 1px solid #ccc;
 	background: #e6e6e6;
 	display: inline-block;
-	padding: 4px 0 4px 0;
+	padding: 5px 0 5px 0;
 	z-index: 1000;
 }
 .websitebar .buttonDelete, .websitebar .button {
diff --git a/htdocs/theme/eldy/manifest.json.php b/htdocs/theme/eldy/manifest.json.php
index bc6262d1a92..d7f01b3375e 100644
--- a/htdocs/theme/eldy/manifest.json.php
+++ b/htdocs/theme/eldy/manifest.json.php
@@ -41,6 +41,8 @@ require_once __DIR__.'/../../main.inc.php';
 $appli = constant('DOL_APPLICATION_TITLE');
 if (!empty($conf->global->MAIN_APPLICATION_TITLE)) $appli = $conf->global->MAIN_APPLICATION_TITLE;
 
+top_httphead('text/json');
+
 ?>
 {
     "name": "<?php echo $appli; ?>",
diff --git a/htdocs/theme/md/manifest.json.php b/htdocs/theme/md/manifest.json.php
index e3423149e30..33a5fcddb52 100644
--- a/htdocs/theme/md/manifest.json.php
+++ b/htdocs/theme/md/manifest.json.php
@@ -41,6 +41,8 @@ require_once __DIR__.'/../../main.inc.php';
 $appli=constant('DOL_APPLICATION_TITLE');
 if (!empty($conf->global->MAIN_APPLICATION_TITLE)) $appli=$conf->global->MAIN_APPLICATION_TITLE;
 
+top_httphead('text/json');
+
 ?>
 {
     "name": "<?php echo $appli; ?>",
diff --git a/htdocs/theme/md/style.css.php b/htdocs/theme/md/style.css.php
index b033ee637c2..d468eccf87d 100644
--- a/htdocs/theme/md/style.css.php
+++ b/htdocs/theme/md/style.css.php
@@ -1205,6 +1205,7 @@ table[summary="list_of_modules"] .fa-cog {
 .maxwidth125 { max-width: 125px; }
 .maxwidth150 { max-width: 150px; }
 .maxwidth200 { max-width: 200px; }
+.maxwidth250 { max-width: 250px; }
 .maxwidth300 { max-width: 300px; }
 .maxwidth400 { max-width: 400px; }
 .maxwidth500 { max-width: 500px; }
@@ -1461,6 +1462,22 @@ td.showDragHandle {
 <?php } ?>
 }
 
+/* DOL_XXX For having horizontal scroll into array (like with smartphone) */
+
+.classforhorizontalscrolloftabs #id-container {
+	width: 100%;
+}
+.classforhorizontalscrolloftabs .side-nav {
+	display: block;
+	float: left;
+}
+.classforhorizontalscrolloftabs #id-right {
+	width:calc(100% - 210px);
+	display: inline-block;
+}
+
+
+
 .side-nav {
 <?php if (GETPOST('optioncss', 'aZ09') == 'print') { ?>
 	display: none;
@@ -1513,9 +1530,10 @@ td.showDragHandle {
 ?>
 }
 
-/*
-*	Slide animation
-*/
+
+/**
+ *	Slide animation
+ */
 .side-nav-vert, #id-right {
 	transition: padding-left 0.5s ease, margin-left 0.5s ease;
 }
diff --git a/htdocs/ticket/list.php b/htdocs/ticket/list.php
index 9fc1357f817..12dd4c37058 100644
--- a/htdocs/ticket/list.php
+++ b/htdocs/ticket/list.php
@@ -568,8 +568,9 @@ print '<input type="hidden" name="mode" value="'.$mode.'" >';
 if ($socid)     print '<input type="hidden" name="socid" value="'.$socid.'" >';
 if ($projectid) print '<input type="hidden" name="projectid" value="'.$projectid.'" >';
 
-$newcardbutton = '';
-$newcardbutton .= dolGetButtonTitle($langs->trans('NewTicket'), '', 'fa fa-plus-circle', DOL_URL_ROOT.'/ticket/card.php?action=create'.($socid ? '&socid='.$socid : '').($projectid ? '&origin=projet_project&originid='.$projectid : ''), '', !empty($user->rights->ticket->write));
+$url = DOL_URL_ROOT.'/ticket/card.php?action=create'.($socid ? '&socid='.$socid : '').($projectid ? '&origin=projet_project&originid='.$projectid : '');
+if (!empty($socid)) $url .= '&socid='.$socid;
+$newcardbutton = dolGetButtonTitle($langs->trans('NewTicket'), '', 'fa fa-plus-circle', $url, '', $user->rights->ticket->write);
 
 $picto = 'ticket';
 if ($socid > 0) $picto = '';
diff --git a/htdocs/user/bank.php b/htdocs/user/bank.php
index 5363ec728c2..af7aa162790 100644
--- a/htdocs/user/bank.php
+++ b/htdocs/user/bank.php
@@ -114,6 +114,49 @@ if ($action == 'update' && !$cancel)
 {
     $account->userid = $object->id;
 
+    /*
+    if ($action == 'update' && !$cancel)
+    {
+    	require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
+
+    	if ($canedituser)    // Case we can edit all field
+    	{
+    		$error = 0;
+
+    		if (!$error)
+    		{
+    			$objectuser->fetch($id);
+
+    			$objectuser->oldcopy = clone $objectuser;
+
+    			$db->begin();
+
+    			$objectuser->default_range = GETPOST('default_range');
+    			$objectuser->default_c_exp_tax_cat = GETPOST('default_c_exp_tax_cat');
+
+    			if (!$error) {
+    				$ret = $objectuser->update($user);
+    				if ($ret < 0) {
+    					$error++;
+    					if ($db->errno() == 'DB_ERROR_RECORD_ALREADY_EXISTS') {
+    						$langs->load("errors");
+    						setEventMessages($langs->trans("ErrorLoginAlreadyExists", $objectuser->login), null, 'errors');
+    					} else {
+    						setEventMessages($objectuser->error, $objectuser->errors, 'errors');
+    					}
+    				}
+    			}
+
+    			if (!$error && !count($objectuser->errors)) {
+    				setEventMessages($langs->trans("UserModified"), null, 'mesgs');
+    				$db->commit();
+    			} else {
+    				$db->rollback();
+    			}
+    		}
+    	}
+    }*/
+
 	$account->bank            = GETPOST('bank', 'alpha');
 	$account->label           = GETPOST('label', 'alpha');
 	$account->courant         = GETPOST('courant', 'alpha');
@@ -155,6 +198,23 @@ if ($action == 'setpersonal_mobile')
 	if ($result < 0) setEventMessages($object->error, $object->errors, 'errors');
 }
 
+// update default_c_exp_tax_cat
+if ($action == 'setdefault_c_exp_tax_cat')
+{
+	$object->default_c_exp_tax_cat = GETPOST('default_c_exp_tax_cat', 'int');
+	$result = $object->update($user);
+	if ($result < 0) setEventMessages($object->error, $object->errors, 'errors');
+}
+
+// update default range
+if ($action == 'setdefault_range')
+{
+	$object->default_range = GETPOST('default_range', 'int');
+	$result = $object->update($user);
+	if ($result < 0) setEventMessages($object->error, $object->errors, 'errors');
+}
+
+
 
 /*
  *	View
@@ -223,6 +283,51 @@ if ($action != 'edit' && $action != 'create')		// If not bank account yet, $acco
 	print '</td>';
 	print '</tr>';
 
+	if (!empty($conf->global->MAIN_USE_EXPENSE_IK))
+	{
+		print '<tr class="nowrap">';
+		print '<td>';
+		print $form->editfieldkey("DefaultCategoryCar", 'default_c_exp_tax_cat', $object->default_c_exp_tax_cat, $object, $user->rights->user->user->creer);
+		print '</td><td>';
+		if ($action == 'editdefault_c_exp_tax_cat') {
+			$ret = '<form method="post" action="'.$_SERVER["PHP_SELF"].($moreparam ? '?'.$moreparam : '').'">';
+			$ret .= '<input type="hidden" name="action" value="setdefault_c_exp_tax_cat">';
+			$ret .= '<input type="hidden" name="token" value="'.newToken().'">';
+			$ret .= '<input type="hidden" name="id" value="'.$object->id.'">';
+			$ret .= $form->selectExpenseCategories($object->default_c_exp_tax_cat, 'default_c_exp_tax_cat', 1);
+			$ret .= '<input type="submit" class="button" name="modify" value="'.$langs->trans("Modify").'"> ';
+			$ret .= '<input type="submit" class="button" name="cancel" value="'.$langs->trans("Cancel").'">';
+			$ret .= '</form>';
+			print $ret;
+		} else {
+			print dol_getIdFromCode($db, $object->default_c_exp_tax_cat, 'c_exp_tax_cat', 'rowid', 'label');
+			//print $form->editfieldval("DefaultCategoryCar", 'default_c_exp_tax_cat', $object->default_c_exp_tax_cat, $object, $user->rights->user->user->creer, 'string', ($object->default_c_exp_tax_cat != '' ? $object->default_c_exp_tax_cat : ''));
+		}
+		print '</td>';
+		print '</tr>';
+
+		print '<tr class="nowrap">';
+		print '<td>';
+		print $form->editfieldkey("DefaultRangeNumber", 'default_range', $object->default_range, $object, $user->rights->user->user->creer);
+		print '</td><td>';
+		if ($action == 'editdefault_range') {
+			$ret = '<form method="post" action="'.$_SERVER["PHP_SELF"].($moreparam ? '?'.$moreparam : '').'">';
+			$ret .= '<input type="hidden" name="action" value="setdefault_range">';
+			$ret .= '<input type="hidden" name="token" value="'.newToken().'">';
+			$ret .= '<input type="hidden" name="id" value="'.$object->id.'">';
+			$maxRangeNum = ExpenseReportIk::getMaxRangeNumber($object->default_c_exp_tax_cat);
+			$ret .= $form->selectarray('default_range', range(0, $maxRangeNum), $object->default_range);
+			$ret .= '<input type="submit" class="button" name="modify" value="'.$langs->trans("Modify").'"> ';
+			$ret .= '<input type="submit" class="button" name="cancel" value="'.$langs->trans("Cancel").'">';
+			$ret .= '</form>';
+			print $ret;
+		} else {
+			print $object->default_range;
+		}
+		print '</td>';
+		print '</tr>';
+	}
+
     print '</table>';
 
 	print '</div><div class="fichehalfright"><div class="ficheaddleft">';
diff --git a/htdocs/user/card.php b/htdocs/user/card.php
index 1a81520eec8..96b9d55af6a 100644
--- a/htdocs/user/card.php
+++ b/htdocs/user/card.php
@@ -61,6 +61,12 @@ $group = GETPOST("group", "int", 3);
 $cancel		= GETPOST('cancel', 'alpha');
 $contextpage = GETPOST('contextpage', 'aZ') ?GETPOST('contextpage', 'aZ') : 'useracard'; // To manage different context of search
 
+$dateemployment = dol_mktime(0, 0, 0, GETPOST('dateemploymentmonth', 'int'), GETPOST('dateemploymentday', 'int'), GETPOST('dateemploymentyear', 'int'));
+$dateemploymentend = dol_mktime(0, 0, 0, GETPOST('dateemploymentendmonth', 'int'), GETPOST('dateemploymentendday', 'int'), GETPOST('dateemploymentendyear', 'int'));
+$datestartvalidity = dol_mktime(0, 0, 0, GETPOST('datestartvaliditymonth', 'int'), GETPOST('datestartvalidityday', 'int'), GETPOST('datestartvalidityyear', 'int'));
+$dateendvalidity = dol_mktime(0, 0, 0, GETPOST('dateendvaliditymonth', 'int'), GETPOST('dateendvalidityday', 'int'), GETPOST('dateendvalidityyear', 'int'));
+$dateofbirth = dol_mktime(0, 0, 0, GETPOST('dateofbirthmonth', 'int'), GETPOST('dateofbirthday', 'int'), GETPOST('dateofbirthyear', 'int'));
+
 // Define value to know what current user can do on users
 $canadduser = (!empty($user->admin) || $user->rights->user->user->creer);
 $canreaduser = (!empty($user->admin) || $user->rights->user->user->lire);
@@ -202,8 +208,6 @@ if (empty($reshook)) {
 			$object->login = GETPOST("login", 'alphanohtml');
 			$object->api_key = GETPOST("api_key", 'alphanohtml');
 			$object->gender = GETPOST("gender", 'aZ09');
-			$birth = dol_mktime(0, 0, 0, GETPOST('birthmonth', 'int'), GETPOST('birthday', 'int'), GETPOST('birthyear', 'int'));
-			$object->birth = $birth;
 			$object->admin = GETPOST("admin", 'int');
 			$object->address = GETPOST('address', 'alphanohtml');
 			$object->zip = GETPOST('zipcode', 'alphanohtml');
@@ -247,11 +251,12 @@ if (empty($reshook)) {
 			$object->weeklyhours = GETPOST("weeklyhours", 'alphanohtml') != '' ? GETPOST("weeklyhours", 'alphanohtml') : '';
 
 			$object->color = GETPOST("color", 'alphanohtml') != '' ? GETPOST("color", 'alphanohtml') : '';
-			$dateemployment = dol_mktime(0, 0, 0, GETPOST('dateemploymentmonth', 'int'), GETPOST('dateemploymentday', 'int'), GETPOST('dateemploymentyear', 'int'));
-			$object->dateemployment = $dateemployment;
 
-			$dateemploymentend = dol_mktime(0, 0, 0, GETPOST('dateemploymentendmonth', 'int'), GETPOST('dateemploymentendday', 'int'), GETPOST('dateemploymentendyear', 'int'));
+			$object->dateemployment = $dateemployment;
 			$object->dateemploymentend = $dateemploymentend;
+			$object->datestartvalidity = $datestartvalidity;
+			$object->dateendvalidity = $dateendvalidity;
+			$object->birth = $dateofbirth;
 
 			$object->fk_warehouse = GETPOST('fk_warehouse', 'int');
 
@@ -364,8 +369,6 @@ if (empty($reshook)) {
 				$object->firstname = GETPOST("firstname", 'alphanohtml');
 				$object->login = GETPOST("login", 'alphanohtml');
 				$object->gender = GETPOST("gender", 'aZ09');
-				$birth = dol_mktime(0, 0, 0, GETPOST('birthmonth', 'int'), GETPOST('birthday', 'int'), GETPOST('birthyear', 'int'));
-				$object->birth = $birth;
 				$object->pass = GETPOST("password", 'none');
 				$object->api_key = (GETPOST("api_key", 'alphanohtml')) ? GETPOST("api_key", 'alphanohtml') : $object->api_key;
 				if (!empty($user->admin)) $object->admin = GETPOST("admin", "int"); // admin flag can only be set/unset by an admin user. A test is also done later when forging sql request
@@ -409,10 +412,11 @@ if (empty($reshook)) {
 				$object->weeklyhours = price2num($object->weeklyhours);
 
 				$object->color = GETPOST("color", 'alphanohtml') != '' ? GETPOST("color", 'alphanohtml') : '';
-				$dateemployment = dol_mktime(0, 0, 0, GETPOST('dateemploymentmonth', 'int'), GETPOST('dateemploymentday', 'int'), GETPOST('dateemploymentyear', 'int'));
 				$object->dateemployment = $dateemployment;
-				$dateemploymentend = dol_mktime(0, 0, 0, GETPOST('dateemploymentendmonth', 'int'), GETPOST('dateemploymentendday', 'int'), GETPOST('dateemploymentendyear', 'int'));
 				$object->dateemploymentend = $dateemploymentend;
+				$object->datestartvalidity = $datestartvalidity;
+				$object->dateendvalidity = $dateendvalidity;
+				$object->birth = $dateofbirth;
 
 				if (!empty($conf->stock->enabled))
 				{
@@ -1229,21 +1233,29 @@ if ($action == 'create' || $action == 'adduserldap')
 	// Date employment
 	print '<tr><td>'.$langs->trans("DateEmployment").'</td>';
 	print '<td>';
-	print $form->selectDate(GETPOST('dateemployment'), 'dateemployment', 0, 0, 1, 'formdateemployment', 1, 0);
+	print $form->selectDate($dateemployment, 'dateemployment', 0, 0, 1, 'formdateemployment', 1, 1);
+
+	print ' - ';
+
+	print $form->selectDate($dateemploymentend, 'dateemploymentend', 0, 0, 1, 'formdateemploymentend', 1, 0);
 	print '</td>';
 	print "</tr>\n";
 
-	// Date employment END
-	print '<tr><td>'.$langs->trans("DateEmploymentEnd").'</td>';
+	// Date validity
+	print '<tr><td>'.$langs->trans("RangeOfLoginValidity").'</td>';
 	print '<td>';
-	print $form->selectDate(GETPOST('dateemploymentend'), 'dateemploymentend', 0, 0, 1, 'formdateemploymentend', 1, 0);
+	print $form->selectDate($datestartvalidity, 'datestartvalidity', 0, 0, 1, 'formdatestartvalidity', 1, 1);
+
+	print ' - ';
+
+	print $form->selectDate($dateendvalidity, 'dateendvalidity', 0, 0, 1, 'formdateendvalidity', 1, 0);
 	print '</td>';
 	print "</tr>\n";
 
 	// Date birth
-	print '<tr><td>'.$langs->trans("DateToBirth").'</td>';
+	print '<tr><td>'.$langs->trans("DateOfBirth").'</td>';
 	print '<td>';
-	print $form->selectDate(GETPOST('birth'), 'birth', 0, 0, 1, 'createuser', 1, 0);
+	print $form->selectDate($dateofbirth, 'dateofbirth', 0, 0, 1, 'createuser', 1, 0);
 	print '</td>';
 	print "</tr>\n";
 
@@ -1621,24 +1633,32 @@ if ($action == 'create' || $action == 'adduserldap')
 			print '<tr><td>'.$langs->trans("DateOfEmployment").'</td>';
 			print '<td>';
 			if ($object->dateemployment) {
-				print '<span class="opacitymedium">'.$langs->trans("FromDate ").'</span>';
+				print '<span class="opacitymedium">'.$langs->trans("FromDate").'</span> ';
 				print dol_print_date($object->dateemployment, 'day');
 			}
-			//print '</td>';
-			//print "</tr>\n";
-
-			// Date employment
-			//print '<tr><td>'.$langs->trans("DateEmploymentEnd").'</td>';
-			//print '<td>';
 			if ($object->dateemploymentend) {
-				print '<span class="opacitymedium"> - '.$langs->trans("To ").'</span>';
+				print '<span class="opacitymedium"> - '.$langs->trans("To").'</span> ';
 				print dol_print_date($object->dateemploymentend, 'day');
 			}
 			print '</td>';
 			print "</tr>\n";
 
+			// Date login validity
+			print '<tr><td>'.$langs->trans("RangeOfLoginValidity").'</td>';
+			print '<td>';
+			if ($object->datestartvalidity) {
+				print '<span class="opacitymedium">'.$langs->trans("FromDate").'</span> ';
+				print dol_print_date($object->datestartvalidity, 'day');
+			}
+			if ($object->dateendvalidity) {
+				print '<span class="opacitymedium"> - '.$langs->trans("To").'</span> ';
+				print dol_print_date($object->dateendvalidity, 'day');
+			}
+			print '</td>';
+			print "</tr>\n";
+
 			// Date of birth
-			print '<tr><td>'.$langs->trans("DateToBirth").'</td>';
+			print '<tr><td>'.$langs->trans("DateOfBirth").'</td>';
 			print '<td>';
 			print dol_print_date($object->birth, 'day');
 			print '</td>';
@@ -2672,19 +2692,16 @@ if ($action == 'create' || $action == 'adduserldap')
 			print '<td>';
 			if ($caneditfield)
 			{
-				print $form->selectDate(GETPOST('dateemployment') ?GETPOST('dateemployment') : $object->dateemployment, 'dateemployment', 0, 0, 1, 'formdateemployment', 1, 0);
+				print $form->selectDate($dateemployment ? $dateemployment : $object->dateemployment, 'dateemployment', 0, 0, 1, 'formdateemployment', 1, 1);
 			} else {
 				print dol_print_date($object->dateemployment, 'day');
 			}
-			print '</td>';
-			print "</tr>\n";
 
-			// Date employmentEnd
-			print '<tr><td>'.$langs->trans("DateEmploymentEnd").'</td>';
-			print '<td>';
+			if ($dateemployment && $dateemploymentend) print ' - ';
+
 			if ($caneditfield)
 			{
-				print $form->selectDate(GETPOST('dateemploymentend') ?GETPOST('dateemploymentend') : $object->dateemploymentend, 'dateemploymentend', 0, 0, 1, 'formdateemploymentend', 1, 0);
+				print $form->selectDate($dateemploymentend ? $dateemploymentend : $object->dateemploymentend, 'dateemploymentend', 0, 0, 1, 'formdateemploymentend', 1, 0);
 			} else {
 				print dol_print_date($object->dateemploymentend, 'day');
 			}
@@ -2692,12 +2709,33 @@ if ($action == 'create' || $action == 'adduserldap')
 			print "</tr>\n";
 
 
-			// Date birth
-			print '<tr><td>'.$langs->trans("DateToBirth").'</td>';
+			// Date login validity
+			print '<tr><td>'.$langs->trans("RangeOfLoginValidity").'</td>';
 			print '<td>';
 			if ($caneditfield)
 			{
-				echo $form->selectDate(GETPOST('birth') ?GETPOST('birth') : $object->birth, 'birth', 0, 0, 1, 'updateuser', 1, 0);
+				print $form->selectDate($datestartvalidity ? $datestartvalidity : $object->datestartvalidity, 'datestartvalidity', 0, 0, 1, 'formdatestartvalidity', 1, 1);
+			} else {
+				print dol_print_date($object->datestartvalidity, 'day');
+			}
+
+			if ($datestartvalidity && $dateendvalidity) print ' - ';
+
+			if ($caneditfield)
+			{
+				print $form->selectDate($dateendvalidity ? $datendevalidity : $object->dateendvalidity, 'dateendvalidity', 0, 0, 1, 'formdateendvalidity', 1, 0);
+			} else {
+				print dol_print_date($object->dateendvalidity, 'day');
+			}
+			print '</td>';
+			print "</tr>\n";
+
+
+			// Date birth
+			print '<tr><td>'.$langs->trans("DateOfBirth").'</td>';
+			print '<td>';
+			if ($caneditfield) {
+				echo $form->selectDate($dateofbirth ? $dateofbirth : $object->birth, 'dateofbirth', 0, 0, 1, 'updateuser', 1, 0);
 			} else {
 				print dol_print_date($object->birth, 'day');
 			}
diff --git a/htdocs/user/class/user.class.php b/htdocs/user/class/user.class.php
index 6f650d4a312..786af8c81d1 100644
--- a/htdocs/user/class/user.class.php
+++ b/htdocs/user/class/user.class.php
@@ -154,7 +154,7 @@ class User extends CommonObject
 	public $datelastlogin;
 	public $datepreviouslogin;
 	public $datestartvalidity;
-	public $dateedvalidity;
+	public $dateendvalidity;
 	public $photo;
 	public $lang;
 
@@ -1467,7 +1467,6 @@ class User extends CommonObject
 		$this->employee    	= $this->employee ? $this->employee : 0;
 		$this->login        = trim($this->login);
 		$this->gender       = trim($this->gender);
-		$this->birth        = trim($this->birth);
 		$this->pass         = trim($this->pass);
 		$this->api_key      = trim($this->api_key);
 		$this->address = $this->address ?trim($this->address) : trim($this->address);
@@ -1495,6 +1494,9 @@ class User extends CommonObject
 		$this->color = empty($this->color) ? '' : $this->color;
 		$this->dateemployment = empty($this->dateemployment) ? '' : $this->dateemployment;
 		$this->dateemploymentend = empty($this->dateemploymentend) ? '' : $this->dateemploymentend;
+		$this->datestartvalidity = empty($this->datestartvalidity) ? '' : $this->datestartvalidity;
+		$this->dateendvalidity = empty($this->dateendvalidity) ? '' : $this->dateendvalidity;
+		$this->birth        = trim($this->birth);
 		$this->fk_warehouse = trim(empty($this->fk_warehouse) ? '' : $this->fk_warehouse);
 
 		// Check parameters
@@ -1507,7 +1509,7 @@ class User extends CommonObject
 		if (empty($this->login))
 		{
 			$langs->load("errors");
-			$this->error = $langs->trans("ErrorFieldRequired", $this->login);
+			$this->error = $langs->trans("ErrorFieldRequired", 'Login');
 			return -1;
 		}
 
@@ -1541,6 +1543,8 @@ class User extends CommonObject
 		$sql .= ", color = '".$this->db->escape($this->color)."'";
 		$sql .= ", dateemployment=".(strval($this->dateemployment) != '' ? "'".$this->db->idate($this->dateemployment)."'" : 'null');
 		$sql .= ", dateemploymentend=".(strval($this->dateemploymentend) != '' ? "'".$this->db->idate($this->dateemploymentend)."'" : 'null');
+		$sql .= ", datestartvalidity=".(strval($this->datestartvalidity) != '' ? "'".$this->db->idate($this->datestartvalidity)."'" : 'null');
+		$sql .= ", dateendvalidity=".(strval($this->dateendvalidity) != '' ? "'".$this->db->idate($this->dateendvalidity)."'" : 'null');
 		$sql .= ", note = '".$this->db->escape($this->note_private)."'";
 		$sql .= ", note_public = '".$this->db->escape($this->note_public)."'";
 		$sql .= ", photo = ".($this->photo ? "'".$this->db->escape($this->photo)."'" : "null");
@@ -1558,7 +1562,6 @@ class User extends CommonObject
 		$sql .= ", default_c_exp_tax_cat = ".($this->default_c_exp_tax_cat > 0 ? $this->default_c_exp_tax_cat : 'null');
 		$sql .= ", fk_warehouse = ".($this->fk_warehouse ? "'".$this->db->escape($this->fk_warehouse)."'" : "null");
 		$sql .= ", lang = ".($this->lang ? "'".$this->db->escape($this->lang)."'" : "null");
-
 		$sql .= " WHERE rowid = ".$this->id;
 
 		dol_syslog(get_class($this)."::update", LOG_DEBUG);
diff --git a/htdocs/user/list.php b/htdocs/user/list.php
index 92826eac19e..406401bdf38 100644
--- a/htdocs/user/list.php
+++ b/htdocs/user/list.php
@@ -301,11 +301,9 @@ include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_list_search_param.tpl.php';
 
 $text = $langs->trans("ListOfUsers");
 
-$newcardbutton = '';
-if ($canadduser)
-{
-    $newcardbutton .= dolGetButtonTitle($langs->trans('NewUser'), '', 'fa fa-plus-circle', DOL_URL_ROOT.'/user/card.php?action=create'.($mode == 'employee' ? '&employee=1' : '').'&leftmenu=');
-}
+$url = DOL_URL_ROOT.'/user/card.php?action=create'.($mode == 'employee' ? '&employee=1' : '').'&leftmenu=';
+if (!empty($socid)) $url .= '&socid='.$socid;
+$newcardbutton = dolGetButtonTitle($langs->trans('NewUser'), '', 'fa fa-plus-circle', $url, '', $canadduser);
 
 print '<form method="POST" id="searchFormList" action="'.$_SERVER["PHP_SELF"].'">'."\n";
 if ($optioncss != '') print '<input type="hidden" name="optioncss" value="'.$optioncss.'">';
diff --git a/htdocs/website/index.php b/htdocs/website/index.php
index c0b5ba207f1..a36f33ee682 100644
--- a/htdocs/website/index.php
+++ b/htdocs/website/index.php
@@ -108,7 +108,7 @@ $objectpage = new WebsitePage($db);
 $object->fetchAll('ASC', 'position'); // Init $object->records with list of websites
 
 // If website not defined, we take first found
-if (!($websiteid > 0) && empty($websitekey))
+if (!($websiteid > 0) && empty($websitekey) && $action != 'createsite')
 {
 	foreach ($object->records as $key => $valwebsite)
 	{
@@ -2182,7 +2182,7 @@ $formadmin = new FormAdmin($db);
 $formwebsite = new FormWebsite($db);
 $formother = new FormOther($db);
 
-$help_url = '';
+$helpurl = 'EN:Module_Website|FR:Module_Website_FR|ES:M&oacute;dulo_Website';
 
 $arrayofjs = array(
 	'/includes/ace/src/ace.js',
@@ -2204,7 +2204,7 @@ $moreheadjs .= '<script type="text/javascript">'."\n";
 $moreheadjs .= 'var indicatorBlockUI = \''.DOL_URL_ROOT."/theme/".$conf->theme."/img/working.gif".'\';'."\n";
 $moreheadjs .= '</script>'."\n";
 
-llxHeader($moreheadcss.$moreheadjs, $langs->trans("WebsiteSetup"), $help_url, '', 0, 0, $arrayofjs, $arrayofcss, '', '', '<!-- Begin div class="fiche" -->'."\n".'<div class="fichebutwithotherclass">');
+llxHeader($moreheadcss.$moreheadjs, $langs->trans("WebsiteSetup"), $helpurl, '', 0, 0, $arrayofjs, $arrayofcss, '', '', '<!-- Begin div class="fiche" -->'."\n".'<div class="fichebutwithotherclass">');
 
 print "\n";
 print '<form action="'.$_SERVER["PHP_SELF"].'" method="POST" enctype="multipart/form-data">';
@@ -2276,45 +2276,6 @@ if (!GETPOST('hide_websitemenu'))
 	$disabled = '';
 	if (empty($user->rights->website->write)) $disabled = ' disabled="disabled"';
 
-	//var_dump($objectpage);exit;
-	print '<div class="centpercent websitebar">';
-
-
-	// ***** Part for web sites
-	print '<!-- Bar for website -->';
-	print '<span class="websiteselection hideonsmartphoneimp minwidth100 tdoverflowmax100">';
-	print $langs->trans("Website").' : ';
-	print '</span>';
-
-	print '<span class="websiteselection hideonsmartphoneimp">';
-	print '<a href="'.$_SERVER["PHP_SEFL"].'?action=createsite&website='.$website->ref.'" class="button bordertransp"'.$disabled.' title="'.dol_escape_htmltag($langs->trans("AddWebsite")).'"><span class="fa fa-plus-circle valignmiddle btnTitle-icon"><span></a>';
-	print '</span>';
-
-	// List of website
-	print '<span class="websiteselection">';
-	$out = '';
-	$out .= '<select name="website" class="minwidth100 maxwidth300 maxwidth150onsmartphone" id="website">';
-	if (empty($object->records)) $out .= '<option value="-1">&nbsp;</option>';
-	// Loop on each sites
-	$i = 0;
-	foreach ($object->records as $key => $valwebsite)
-	{
-		if (empty($websitekey)) $websitekey = $valwebsite->ref;
-
-		$out .= '<option value="'.$valwebsite->ref.'"';
-		if ($websitekey == $valwebsite->ref) $out .= ' selected'; // To preselect a value
-		$out .= '>';
-		$out .= $valwebsite->ref;
-		$out .= '</option>';
-		$i++;
-	}
-	$out .= '</select>';
-	$out .= ajax_combobox('website');
-	print $out;
-	//print '<input type="submit" class="button" name="refreshsite" value="'.$langs->trans("Load").'">';
-	print '<input type="image" class="valignmiddle" src="'.img_picto('', 'refresh', '', 0, 1).'" name="refreshsite" value="'.$langs->trans("Load").'">';
-
-
 	if ($websitekey)
 	{
 		$virtualurl = '';
@@ -2331,70 +2292,146 @@ if (!GETPOST('hide_websitemenu'))
 	if (!is_array($array) && $array < 0) dol_print_error('', $objectpage->error, $objectpage->errors);
 	$atleastonepage = (is_array($array) && count($array) > 0);
 
-	if ($websitekey && $websitekey != '-1' && ($action == 'preview' || $action == 'createfromclone' || $action == 'createpagefromclone' || $action == 'deletesite'))
-	{
-		print ' &nbsp; ';
 
-		print '<input type="submit" class="button bordertransp"'.$disabled.' value="'.dol_escape_htmltag($langs->trans("EditCss")).'" name="editcss">';
+	//var_dump($objectpage);exit;
+	print '<div class="centpercent websitebar">';
 
-		$importlabel = $langs->trans("ImportSite");
-		$exportlabel = $langs->trans("ExportSite");
-		if (! empty($conf->dol_optimize_smallscreen)) {
-			$importlabel = $langs->trans("Import");
-			$exportlabel = $langs->trans("Export");
+	//
+	// Toolbar for websites
+	//
+
+	print '<!-- Bar for website -->';
+	if ($action != 'file_manager') {
+		print '<span class="websiteselection hideonsmartphoneimp minwidth100 tdoverflowmax100">';
+		print $langs->trans("Website").' : ';
+		print '</span>';
+
+		$urltocreatenewwebsite = $_SERVER["PHP_SEFL"].'?action=createsite';
+		if (empty($conf->use_javascript_ajax)) {
+			print '<span class="websiteselection hideonsmartphoneimp">';
+			print '<a href="'.$urltocreatenewwebsite.'" class="button bordertransp"'.$disabled.' title="'.dol_escape_htmltag($langs->trans("AddWebsite")).'"><span class="fa fa-plus-circle valignmiddle btnTitle-icon"><span></a>';
+			print '</span>';
 		}
 
-		if ($atleastonepage)
+		// List of website
+		print '<span class="websiteselection">';
+		$out = '';
+		$out .= '<select name="website" class="minwidth100 width200 maxwidth150onsmartphone" id="website">';
+		if (empty($object->records)) $out .= '<option value="-1">&nbsp;</option>';
+		if (! empty($conf->use_javascript_ajax)) {
+			$valueoption = '<span class="classlink">'.img_picto('', 'add', 'class="paddingrightonly"').$langs->trans("AddWebsite").'</span>';
+			$out .= '<option value="-2" data-html="'.dol_escape_htmltag($valueoption).'">'.$valueoption.'</option>';
+		}
+		// Loop on each sites
+		$i = 0;
+		foreach ($object->records as $key => $valwebsite)
 		{
-			print '<input type="submit" class="button bordertransp" disabled="disabled" value="'.dol_escape_htmltag($importlabel).'" name="importsite">';
+			if (empty($websitekey)) {
+				if ($action != 'createsite') $websitekey = $valwebsite->ref;
+			}
+
+			$out .= '<option value="'.$valwebsite->ref.'"';
+			if ($websitekey == $valwebsite->ref) $out .= ' selected'; // To preselect a value
+			//$outoption = $valwebsite->getLibStatut(3).' '.$valwebsite->ref.' ';
+			$outoption = (($valwebsite->status == $valwebsite::STATUS_DRAFT)?'<span class="opacitymedium">':'').$valwebsite->ref.(($valwebsite->status == $valwebsite::STATUS_DRAFT)?'</span>':'');
+			$out .= ' data-html="'.dol_escape_htmltag($outoption).'"';
+			$out .= '>';
+			$out .= $valwebsite->ref;
+			$out .= '</option>';
+			$i++;
 		}
-		else {
-			print '<input type="submit" class="button bordertransp"'.$disabled.' value="'.dol_escape_htmltag($importlabel).'" name="importsite">';
+		$out .= '</select>';
+		$out .= ajax_combobox('website');
+
+		if (!empty($conf->use_javascript_ajax)) {
+			$out .= '<script language="javascript">';
+			$out .= 'jQuery(document).ready(function () {';
+			$out .= '	jQuery("#website").change(function () {';
+			$out .= '   	console.log("We select "+jQuery("#website option:selected").val());';
+			$out .= '   	if (jQuery("#website option:selected").val() == \'-2\') {';
+			$out .= '  			window.location.href = "'.$urltocreatenewwebsite.'";';
+			$out .= '		} else {';
+			$out .= '  			window.location.href = "'.$_SERVER["PHP_SEFL"].'?website="+jQuery("#website option:selected").val();';
+			$out .= '       }';
+			$out .= '   });';
+			$out .= '});';
+			$out .= '</script>';
+		}
+		print $out;
+
+		if (empty($conf->use_javascript_ajax)) {
+			print '<input type="image" class="valignmiddle" src="'.img_picto('', 'refresh', '', 0, 1).'" name="refreshsite" value="'.$langs->trans("Load").'">';
 		}
 
-		//print '<input type="submit" class="button"'.$disabled.' value="'.dol_escape_htmltag($langs->trans("EditMenu")).'" name="editmenu">';
-		print '<input type="submit" class="button bordertransp"'.$disabled.' value="'.dol_escape_htmltag($exportlabel).'" name="exportsite">';
-		print '<input type="submit" class="button bordertransp"'.$disabled.' value="'.dol_escape_htmltag($langs->trans("CloneSite")).'" name="createfromclone">';
+		if ($websitekey && $websitekey != '-1' && ($action == 'preview' || $action == 'createfromclone' || $action == 'createpagefromclone' || $action == 'deletesite'))
+		{
+			print ' &nbsp; ';
 
-		print '<input type="submit" class="buttonDelete bordertransp" name="deletesite" value="'.$langs->trans("Delete").'"'.($atleastonepage ? ' disabled="disabled"' : '').'>';
+			print '<input type="submit" class="button bordertransp"'.$disabled.' value="'.dol_escape_htmltag($langs->trans("EditCss")).'" name="editcss">';
 
-		print ' &nbsp; ';
+			$importlabel = $langs->trans("ImportSite");
+			$exportlabel = $langs->trans("ExportSite");
+			if (! empty($conf->dol_optimize_smallscreen)) {
+				$importlabel = $langs->trans("Import");
+				$exportlabel = $langs->trans("Export");
+			}
 
-		print '<a href="'.$_SERVER["PHP_SEFL"].'?action=file_manager&website='.$website->ref.'" class="button bordertransp"'.$disabled.' title="'.dol_escape_htmltag($langs->trans("MediaFiles")).'"><span class="fa fa-image"><span></a>';
-		//print '<input type="submit" class="button bordertransp"'.$disabled.' value="'.dol_escape_htmltag($langs->trans("MediaFiles")).'" name="file_manager">';
-		/*print '<a class="button button_file_manager"'.$disabled.'>'.dol_escape_htmltag($langs->trans("MediaFiles")).'</a>';
-		print '<script language="javascript">
-			jQuery(document).ready(function () {
-           		jQuery(".button_file_manager").click(function () {
-					var $dialog = $(\'<div></div>\').html(\'<iframe style="border: 0px;" src="'.DOL_URL_ROOT.'/website/index.php?hide_websitemenu=1&dol_hide_topmenu=1&dol_hide_leftmenu=1&file_manager=1&website='.$websitekey.'&pageid='.$pageid.'" width="100%" height="100%"></iframe>\')
-					.dialog({
-						autoOpen: false,
-						modal: true,
-						height: 500,
-						width: \'80%\',
-						title: "'.dol_escape_js($langs->trans("FileManager")).'"
-					});
-					$dialog.dialog(\'open\');
-				});
-			});
-			</script>';
-		*/
+			if ($atleastonepage)
+			{
+				print '<input type="submit" class="button bordertransp" disabled="disabled" value="'.dol_escape_htmltag($importlabel).'" name="importsite">';
+			}
+			else {
+				print '<input type="submit" class="button bordertransp"'.$disabled.' value="'.dol_escape_htmltag($importlabel).'" name="importsite">';
+			}
 
-		print '<a href="'.$_SERVER["PHP_SEFL"].'?action=replacesite&website='.$website->ref.'" class="button bordertransp"'.$disabled.' title="'.dol_escape_htmltag($langs->trans("ReplaceWebsiteContent")).'"><span class="fa fa-search"><span></a>';
+			//print '<input type="submit" class="button"'.$disabled.' value="'.dol_escape_htmltag($langs->trans("EditMenu")).'" name="editmenu">';
+			print '<input type="submit" class="button bordertransp"'.$disabled.' value="'.dol_escape_htmltag($exportlabel).'" name="exportsite">';
+			print '<input type="submit" class="button bordertransp"'.$disabled.' value="'.dol_escape_htmltag($langs->trans("CloneSite")).'" name="createfromclone">';
 
-		if (! empty($conf->categorie->enabled)) {
-			print '<a href="'.DOL_URL_ROOT.'/categories/index.php?leftmenu=website&type=website_page&website='.$website->ref.'" class="button bordertransp"'.$disabled.' title="'.dol_escape_htmltag($langs->trans("Categories")).'"><span class="fa fa-tags"><span></a>';
-		}
+			print '<input type="submit" class="buttonDelete bordertransp" name="deletesite" value="'.$langs->trans("Delete").'"'.($atleastonepage ? ' disabled="disabled"' : '').'>';
+
+			print ' &nbsp; ';
+
+			print '<a href="'.$_SERVER["PHP_SEFL"].'?action=replacesite&website='.$website->ref.'" class="button bordertransp"'.$disabled.' title="'.dol_escape_htmltag($langs->trans("ReplaceWebsiteContent")).'"><span class="fa fa-search"><span></a>';
 
-		if (! empty($conf->global->WEBSITE_ADD_REGENERATE_BUTTON)) {
 			print '<a href="'.$_SERVER["PHP_SEFL"].'?action=regeneratesite&website='.$website->ref.'" class="button bordertransp"'.$disabled.' title="'.dol_escape_htmltag($langs->trans("RegenerateWebsiteContent")).'"><span class="fa fa-cogs"><span></a>';
 		}
+
+		print '</span>';
+
+		if ($websitekey && $websitekey != '-1' && ($action == 'preview' || $action == 'createfromclone' || $action == 'createpagefromclone' || $action == 'deletesite'))
+		{
+			print '<span class="websiteselection">';
+			print '<a href="'.$_SERVER["PHP_SEFL"].'?action=file_manager&website='.$website->ref.'" class="button bordertransp"'.$disabled.' title="'.dol_escape_htmltag($langs->trans("MediaFiles")).'"><span class="fa fa-image"><span></a>';
+
+			if (! empty($conf->categorie->enabled)) {
+				//print '<a href="'.DOL_URL_ROOT.'/categories/index.php?leftmenu=website&dol_hide_leftmenu=1&nosearch=1&type=website_page&website='.$website->ref.'" class="button bordertransp"'.$disabled.' title="'.dol_escape_htmltag($langs->trans("Categories")).'"><span class="fa fa-tags"><span></a>';
+
+				//print '<input type="submit" class="button bordertransp"'.$disabled.' value="'.dol_escape_htmltag($langs->trans("MediaFiles")).'" name="file_manager">';
+				print '<a class="button bordertransp button_categories"'.$disabled.' title="'.dol_escape_htmltag($langs->trans("Categories")).'"><span class="fa fa-tags"><span></a>';
+				print '<script language="javascript">
+				 jQuery(document).ready(function () {
+					 jQuery(".button_categories").click(function () {
+						 var $dialog = $(\'<div></div>\').html(\'<iframe class="iframedialog" style="border: 0px;" src="'.DOL_URL_ROOT.'/categories/index.php?leftmenu=website&nosearch=1&type=website_page&website='.$website->ref.'" width="100%" height="98%"></iframe>\')
+						 .dialog({
+						 	autoOpen: false,
+						 	modal: true,
+						 	height: (window.innerHeight - 150),
+						 	width: \'80%\',
+						 	title: "'.dol_escape_js($langs->transnoentitiesnoconv("Categories")).'"
+						 });
+						 $dialog.dialog(\'open\');
+					 });
+				 });
+				 </script>';
+			}
+
+			print '</span>';
+		}
+	} else {
+		print '<input type="hidden" name="website" id="website" value='.$websitekey.'">';
 	}
 
-	print '</span>';
-
-
-	// Toolbar for websites
 
 	print '<span class="websitetools websiteselection">';
 
@@ -2405,7 +2442,7 @@ if (!GETPOST('hide_websitemenu'))
 
 		print '<span class="websiteinputurl valignmiddle" id="websiteinputurl">';
 		$linktotestonwebserver = '<a href="'.($virtualurl ? $virtualurl : '#').'" class="valignmiddle">';
-		$linktotestonwebserver .= '<span class="hideonsmartphone">'.$langs->trans("TestDeployOnWeb", $virtualurl).' </span>'.img_picto('', 'globe');
+		$linktotestonwebserver .= '<span class="hideonsmartphone paddingrightonly">'.$langs->trans("TestDeployOnWeb", $virtualurl).'</span>'.img_picto('', 'globe');
 		$linktotestonwebserver .= '</a>';
 		$htmltext = '';
 		if (empty($object->fk_default_home))
@@ -2469,8 +2506,10 @@ if (!GETPOST('hide_websitemenu'))
 
 	print '</span>';
 
-
+	//
 	// Toolbar for pages
+	//
+
 	if ($websitekey && $websitekey != '-1' && !in_array($action, array('editcss', 'editmenu', 'importsite', 'file_manager', 'replacesite', 'replacesiteconfirm')) && !$file_manager)
 	{
 		print '</div>'; // Close current websitebar to open a new one
@@ -2483,7 +2522,6 @@ if (!GETPOST('hide_websitemenu'))
 		print '</span>';
 
 		print '<span class="websiteselection hideonsmartphoneimp">';
-		//print '<input type="submit"'.$disabled.' class="button" value="'.dol_escape_htmltag($langs->trans("Add")).'" name="createcontainer">';
 		print '<a href="'.$_SERVER["PHP_SEFL"].'?action=createcontainer&website='.$website->ref.'" class="button bordertransp"'.$disabled.' title="'.dol_escape_htmltag($langs->trans("AddPage")).'"><span class="fa fa-plus-circle valignmiddle btnTitle-icon"><span></a>';
 		print '</span>';
 
@@ -2491,7 +2529,28 @@ if (!GETPOST('hide_websitemenu'))
 
 		if ($action != 'addcontainer')
 		{
-			print '<span class="websiteselection">'.$formwebsite->selectContainer($website, 'pageid', $pageid, 0, $action, 'maxwidth200onsmartphone').'</span>';
+			print '<span class="websiteselection">';
+			print $formwebsite->selectContainer($website, 'pageid', $pageid, 0, $action, 'maxwidth200onsmartphone');
+			print '</span>';
+
+			$urltocreatenewpage = $_SERVER["PHP_SEFL"].'?action=createcontainer&website='.$website->ref;
+
+			$out = '';
+			if (!empty($conf->use_javascript_ajax)) {
+				$out .= '<script language="javascript">';
+				$out .= 'jQuery(document).ready(function () {';
+				$out .= '	jQuery("#pageid").change(function () {';
+				$out .= '   	console.log("We select "+jQuery("#pageid option:selected").val());';
+				$out .= '   	if (jQuery("#pgeid option:selected").val() == \'-2\') {';
+				$out .= '  			window.location.href = "'.$urltocreatenewpage.'";';
+				$out .= '		} else {';
+				$out .= '  			window.location.href = "'.$_SERVER["PHP_SEFL"].'?website='.$website->ref.'&pageid="+jQuery("#pageid option:selected").val();';
+				$out .= '       }';
+				$out .= '   });';
+				$out .= '});';
+				$out .= '</script>';
+			}
+			print $out;
 		}
 		else {
 			print $langs->trans("New");
@@ -3142,7 +3201,7 @@ if ($action == 'createsite')
 	if (GETPOST('WEBSITE_OTHERLANG'))   $siteotherlang = GETPOST('WEBSITE_OTHERLANG', 'aZ09comma');
 
 	print '<tr><td class="titlefieldcreate fieldrequired">';
-	print $langs->trans('Ref');
+	print $form->textwithpicto($langs->trans('WebSite'), $langs->trans("Example").': www.mywebsite.com, myportal, ...');
 	print '</td><td>';
 	print '<input type="text" class="flat maxwidth300" name="WEBSITE_REF" value="'.dol_escape_htmltag($siteref).'" autofocus>';
 	print '</td></tr>';
diff --git a/test/sqlmap/README b/test/sqlmap/README
new file mode 100644
index 00000000000..c07730a48b6
--- /dev/null
+++ b/test/sqlmap/README
@@ -0,0 +1,72 @@
+To test there is no SQL injection, we can use:
+
+-- Installation of sqlmap
+-------------------------
+
+git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap
+
+cd sqlmap
+
+./sqlmap.py --update
+
+./sqlmap.py --purge
+
+
+Add, into file ~/git/sqlmap/data/xml/payloads/boolean_blind.xml, the custom rule:
+
+    <!-- Boolean-based blind tests - WHERE/HAVING clause -->
+    <test>
+     <title>Our_ORDERBY_Payload</title>
+        <stype>1</stype>
+        <level>1</level>
+        <risk>1</risk>
+        <clause>1</clause>
+        <where>1</where>
+     <vector>,(select * from(select (CASE WHEN ([INFERENCE]) THEN 1 ELSE exp(710) END))a)</vector>
+     <request>
+         <payload>,(select * from(select (CASE WHEN (1=1) THEN 1 ELSE exp(710) END))a)</payload>
+     </request>
+     <response>
+         <comparison>,(select * from(select (CASE WHEN (1=2) THEN 1 ELSE exp(710) END))a)</comparison>
+     </response>
+     <details>
+         <dbms>mysql</dbms>
+         <os>linux</os>
+     </details>
+ </test>
+
+
+
+
+-- Launch sqlmap on a given url/parameter
+-----------------------------------------
+
+Introduce a vulnerability by changing the GETPOST on parameter search_status into GETPOST('search_status', 'none') and removing $db->sanitize when parameter is used;
+
+./sqlmap.py --fresh-queries -u "http://localhostdev/comm/propal/list.php?search_status=*"
+
+./sqlmap.py -A "securitytest" --threads=4 -u "http://localhostdev/comm/propal/list.php?search_status=*" --dbms=mysql --os=linux --technique=B --batch --skip-waf \
+	--cookie="DOLSESSID_xxxxxx=yyyyyyyy;" --prefix='1' -v 4 > sqlmap.txt
+
+Check vulnerability is found into sqlmap.txt. Scanner is working.
+
+
+
+-- Launch sqlmap on all the application
+---------------------------------------
+
+Set $dolibarr_nocsrfcheck='1' into conf.php file to make access easier.
+
+With prefix (required to have some rules working)
+
+./sqlmap.py -A "securitytest" --threads=4 -u "http://localhostdev/" --crawl=2 --crawl-exclude="logout|user\/card|custom\/" \
+  --skip=sortorder --skip=sortfield --dbms=mysql --os=linux --technique=B --batch --skip-waf \
+  --cookie="DOLSESSID_xxxxxxxxx=yyyyyyyyyyyyyyyy;" --prefix='1' -v
+
+Without prefix
+
+./sqlmap.py -A "securitytest" --threads=4 -u "http://localhostdev/" --crawl=2 --crawl-exclude="logout|user\/card|custom\/" \
+  --skip=sortorder --skip=sortfield --dbms=mysql --os=linux --technique=B --batch --skip-waf \
+  --cookie="DOLSESSID_xxxxxxxxx=yyyyyyyyyyyyyyyy;" -v
+
+