diff --git a/htdocs/admin/system/dolibarr.php b/htdocs/admin/system/dolibarr.php
index 9af09164469..0271488b65a 100644
--- a/htdocs/admin/system/dolibarr.php
+++ b/htdocs/admin/system/dolibarr.php
@@ -309,57 +309,58 @@ print '<br>';
 
 // Parameters in conf.php file (when a parameter start with ?, it is shown only if defined)
 $configfileparameters = array(
-		'dolibarr_main_url_root' => $langs->trans("URLRoot"),
-		'?dolibarr_main_url_root_alt' => $langs->trans("URLRoot").' (alt)',
-		'dolibarr_main_document_root'=> $langs->trans("DocumentRootServer"),
-		'?dolibarr_main_document_root_alt' => $langs->trans("DocumentRootServer").' (alt)',
-		'dolibarr_main_data_root' => $langs->trans("DataRootServer"),
-		'dolibarr_main_instance_unique_id' => $langs->trans("InstanceUniqueID"),
-		'separator1' => '',
-		'dolibarr_main_db_host' => $langs->trans("DatabaseServer"),
-		'dolibarr_main_db_port' => $langs->trans("DatabasePort"),
-		'dolibarr_main_db_name' => $langs->trans("DatabaseName"),
-		'dolibarr_main_db_type' => $langs->trans("DriverType"),
-		'dolibarr_main_db_user' => $langs->trans("DatabaseUser"),
-		'dolibarr_main_db_pass' => $langs->trans("DatabasePassword"),
-		'dolibarr_main_db_character_set' => $langs->trans("DBStoringCharset"),
-		'dolibarr_main_db_collation' => $langs->trans("DBSortingCollation"),
-		'?dolibarr_main_db_prefix' => $langs->trans("Prefix"),
-		'separator2' => '',
-		'dolibarr_main_authentication' => $langs->trans("AuthenticationMode"),
-		'?multicompany_transverse_mode'=>  $langs->trans("MultiCompanyMode"),
-		'separator'=> '',
-		'?dolibarr_main_auth_ldap_login_attribute' => 'dolibarr_main_auth_ldap_login_attribute',
-		'?dolibarr_main_auth_ldap_host' => 'dolibarr_main_auth_ldap_host',
-		'?dolibarr_main_auth_ldap_port' => 'dolibarr_main_auth_ldap_port',
-		'?dolibarr_main_auth_ldap_version' => 'dolibarr_main_auth_ldap_version',
-		'?dolibarr_main_auth_ldap_dn' => 'dolibarr_main_auth_ldap_dn',
-		'?dolibarr_main_auth_ldap_admin_login' => 'dolibarr_main_auth_ldap_admin_login',
-		'?dolibarr_main_auth_ldap_admin_pass' => 'dolibarr_main_auth_ldap_admin_pass',
-		'?dolibarr_main_auth_ldap_debug' => 'dolibarr_main_auth_ldap_debug',
-		'separator3' => '',
-		'?dolibarr_lib_ADODB_PATH' => 'dolibarr_lib_ADODB_PATH',
-		'?dolibarr_lib_FPDF_PATH' => 'dolibarr_lib_FPDF_PATH',
-		'?dolibarr_lib_TCPDF_PATH' => 'dolibarr_lib_TCPDF_PATH',
-		'?dolibarr_lib_FPDI_PATH' => 'dolibarr_lib_FPDI_PATH',
-		'?dolibarr_lib_TCPDI_PATH' => 'dolibarr_lib_TCPDI_PATH',
-		'?dolibarr_lib_NUSOAP_PATH' => 'dolibarr_lib_NUSOAP_PATH',
-		'?dolibarr_lib_GEOIP_PATH' => 'dolibarr_lib_GEOIP_PATH',
-		'?dolibarr_lib_ODTPHP_PATH' => 'dolibarr_lib_ODTPHP_PATH',
-		'?dolibarr_lib_ODTPHP_PATHTOPCLZIP' => 'dolibarr_lib_ODTPHP_PATHTOPCLZIP',
-		'?dolibarr_js_CKEDITOR' => 'dolibarr_js_CKEDITOR',
-		'?dolibarr_js_JQUERY' => 'dolibarr_js_JQUERY',
-		'?dolibarr_js_JQUERY_UI' => 'dolibarr_js_JQUERY_UI',
-		'?dolibarr_font_DOL_DEFAULT_TTF' => 'dolibarr_font_DOL_DEFAULT_TTF',
-		'?dolibarr_font_DOL_DEFAULT_TTF_BOLD' => 'dolibarr_font_DOL_DEFAULT_TTF_BOLD',
-		'separator4' => '',
-		'dolibarr_main_prod' => 'Production mode (Hide all error messages)',
-		'dolibarr_main_restrict_os_commands' => 'Restrict CLI commands for backups',
-		'dolibarr_main_restrict_ip' => 'Restrict access to some IPs only',
-		'?dolibarr_mailing_limit_sendbyweb' => 'Limit nb of email sent by page',
-		'?dolibarr_mailing_limit_sendbycli' => 'Limit nb of email sent by cli',
-		'?dolibarr_strict_mode' => 'Strict mode is on/off',
-		'?dolibarr_nocsrfcheck' => 'Disable CSRF security checks'
+	'dolibarr_main_prod' => 'Production mode (Hide all error messages)',
+	'dolibarr_main_instance_unique_id' => $langs->trans("InstanceUniqueID"),
+	'separator0' => '',
+	'dolibarr_main_url_root' => $langs->trans("URLRoot"),
+	'?dolibarr_main_url_root_alt' => $langs->trans("URLRoot").' (alt)',
+	'dolibarr_main_document_root'=> $langs->trans("DocumentRootServer"),
+	'?dolibarr_main_document_root_alt' => $langs->trans("DocumentRootServer").' (alt)',
+	'dolibarr_main_data_root' => $langs->trans("DataRootServer"),
+	'separator1' => '',
+	'dolibarr_main_db_host' => $langs->trans("DatabaseServer"),
+	'dolibarr_main_db_port' => $langs->trans("DatabasePort"),
+	'dolibarr_main_db_name' => $langs->trans("DatabaseName"),
+	'dolibarr_main_db_type' => $langs->trans("DriverType"),
+	'dolibarr_main_db_user' => $langs->trans("DatabaseUser"),
+	'dolibarr_main_db_pass' => $langs->trans("DatabasePassword"),
+	'dolibarr_main_db_character_set' => $langs->trans("DBStoringCharset"),
+	'dolibarr_main_db_collation' => $langs->trans("DBSortingCollation"),
+	'?dolibarr_main_db_prefix' => $langs->trans("DatabasePrefix"),
+	'separator2' => '',
+	'dolibarr_main_authentication' => $langs->trans("AuthenticationMode"),
+	'?multicompany_transverse_mode'=>  $langs->trans("MultiCompanyMode"),
+	'separator'=> '',
+	'?dolibarr_main_auth_ldap_login_attribute' => 'dolibarr_main_auth_ldap_login_attribute',
+	'?dolibarr_main_auth_ldap_host' => 'dolibarr_main_auth_ldap_host',
+	'?dolibarr_main_auth_ldap_port' => 'dolibarr_main_auth_ldap_port',
+	'?dolibarr_main_auth_ldap_version' => 'dolibarr_main_auth_ldap_version',
+	'?dolibarr_main_auth_ldap_dn' => 'dolibarr_main_auth_ldap_dn',
+	'?dolibarr_main_auth_ldap_admin_login' => 'dolibarr_main_auth_ldap_admin_login',
+	'?dolibarr_main_auth_ldap_admin_pass' => 'dolibarr_main_auth_ldap_admin_pass',
+	'?dolibarr_main_auth_ldap_debug' => 'dolibarr_main_auth_ldap_debug',
+	'separator3' => '',
+	'?dolibarr_lib_ADODB_PATH' => 'dolibarr_lib_ADODB_PATH',
+	'?dolibarr_lib_FPDF_PATH' => 'dolibarr_lib_FPDF_PATH',
+	'?dolibarr_lib_TCPDF_PATH' => 'dolibarr_lib_TCPDF_PATH',
+	'?dolibarr_lib_FPDI_PATH' => 'dolibarr_lib_FPDI_PATH',
+	'?dolibarr_lib_TCPDI_PATH' => 'dolibarr_lib_TCPDI_PATH',
+	'?dolibarr_lib_NUSOAP_PATH' => 'dolibarr_lib_NUSOAP_PATH',
+	'?dolibarr_lib_GEOIP_PATH' => 'dolibarr_lib_GEOIP_PATH',
+	'?dolibarr_lib_ODTPHP_PATH' => 'dolibarr_lib_ODTPHP_PATH',
+	'?dolibarr_lib_ODTPHP_PATHTOPCLZIP' => 'dolibarr_lib_ODTPHP_PATHTOPCLZIP',
+	'?dolibarr_js_CKEDITOR' => 'dolibarr_js_CKEDITOR',
+	'?dolibarr_js_JQUERY' => 'dolibarr_js_JQUERY',
+	'?dolibarr_js_JQUERY_UI' => 'dolibarr_js_JQUERY_UI',
+	'?dolibarr_font_DOL_DEFAULT_TTF' => 'dolibarr_font_DOL_DEFAULT_TTF',
+	'?dolibarr_font_DOL_DEFAULT_TTF_BOLD' => 'dolibarr_font_DOL_DEFAULT_TTF_BOLD',
+	'separator4' => '',
+	'dolibarr_main_restrict_os_commands' => 'Restrict CLI commands for backups',
+	'dolibarr_main_restrict_ip' => 'Restrict access to some IPs only',
+	'?dolibarr_mailing_limit_sendbyweb' => 'Limit nb of email sent by page',
+	'?dolibarr_mailing_limit_sendbycli' => 'Limit nb of email sent by cli',
+	'?dolibarr_strict_mode' => 'Strict mode is on/off',
+	'?dolibarr_nocsrfcheck' => 'Disable CSRF security checks'
 );
 
 print '<div class="div-table-responsive-no-min">';
@@ -400,8 +401,10 @@ foreach ($configfileparameters as $key => $value) {
 			if (in_array($newkey, array('dolibarr_main_db_pass', 'dolibarr_main_auth_ldap_admin_pass'))) {
 				if (empty($dolibarr_main_prod)) {
 					print '<!-- '.${$newkey}.' -->';
+					print showValueWithClipboardCPButton(${$newkey}, 0, '********');
+				} else {
+					print '**********';
 				}
-				print '**********';
 			} elseif ($newkey == 'dolibarr_main_url_root' && preg_match('/__auto__/', ${$newkey})) {
 				print ${$newkey}.' => '.constant('DOL_MAIN_URL_ROOT');
 			} elseif ($newkey == 'dolibarr_main_document_root_alt') {
@@ -420,9 +423,14 @@ foreach ($configfileparameters as $key => $value) {
 				}
 			} elseif ($newkey == 'dolibarr_main_instance_unique_id') {
 				//print $conf->file->instance_unique_id;
-				global $dolibarr_main_cookie_cryptkey;
-				$valuetoshow = ${$newkey} ? ${$newkey} : $dolibarr_main_cookie_cryptkey; // Use $dolibarr_main_instance_unique_id first then $dolibarr_main_cookie_cryptkey
-				print $valuetoshow;
+				global $dolibarr_main_cookie_cryptkey, $dolibarr_main_instance_unique_id;
+				$valuetoshow = $dolibarr_main_instance_unique_id ? $dolibarr_main_instance_unique_id : $dolibarr_main_cookie_cryptkey; // Use $dolibarr_main_instance_unique_id first then $dolibarr_main_cookie_cryptkey
+				if (empty($dolibarr_main_prod)) {
+					print '<!-- '.${$newkey}.' -->';
+					print showValueWithClipboardCPButton($valuetoshow, 0, '********');
+				} else {
+					print '**********';
+				}
 				if (empty($valuetoshow)) {
 					print img_warning("EditConfigFileToAddEntry", 'dolibarr_main_instance_unique_id');
 				}
diff --git a/htdocs/compta/bank/class/account.class.php b/htdocs/compta/bank/class/account.class.php
index 46d1bb93684..8619ff25dae 100644
--- a/htdocs/compta/bank/class/account.class.php
+++ b/htdocs/compta/bank/class/account.class.php
@@ -829,8 +829,8 @@ class Account extends CommonObject
 		$sql .= ",min_desired = ".($this->min_desired != '' ? price2num($this->min_desired) : "null");
 		$sql .= ",comment     = '".$this->db->escape($this->comment)."'";
 
-		$sql .= ",state_id = ".($this->state_id > 0 ? $this->state_id : "null");
-		$sql .= ",fk_pays = ".($this->country_id > 0 ? $this->country_id : "null");
+		$sql .= ",state_id = ".($this->state_id > 0 ? ((int) $this->state_id) : "null");
+		$sql .= ",fk_pays = ".($this->country_id > 0 ? ((int) $this->country_id) : "null");
 		$sql .= ",ics = '".$this->db->escape($this->ics)."'";
 		$sql .= ",ics_transfer = '".$this->db->escape($this->ics_transfer)."'";
 
diff --git a/htdocs/compta/sociales/class/cchargesociales.class.php b/htdocs/compta/sociales/class/cchargesociales.class.php
index 8cfadd84f4f..ee9a270b283 100644
--- a/htdocs/compta/sociales/class/cchargesociales.class.php
+++ b/htdocs/compta/sociales/class/cchargesociales.class.php
@@ -260,13 +260,13 @@ class Cchargesociales
 		// Update request
 		$sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element.' SET';
 		$sql .= ' libelle = '.(isset($this->libelle) ? "'".$this->db->escape($this->libelle)."'" : "null").',';
-		$sql .= ' deductible = '.(isset($this->deductible) ? $this->deductible : "null").',';
-		$sql .= ' active = '.(isset($this->active) ? $this->active : "null").',';
+		$sql .= ' deductible = '.(isset($this->deductible) ? ((int) $this->deductible) : "null").',';
+		$sql .= ' active = '.(isset($this->active) ? ((int) $this->active) : "null").',';
 		$sql .= ' code = '.(isset($this->code) ? "'".$this->db->escape($this->code)."'" : "null").',';
-		$sql .= ' fk_pays = '.(isset($this->fk_pays) ? $this->fk_pays : "null").',';
+		$sql .= ' fk_pays = '.((isset($this->fk_pays) && $this->fk_pays > 0) ? ((int) $this->fk_pays) : "null").',';
 		$sql .= ' module = '.(isset($this->module) ? "'".$this->db->escape($this->module)."'" : "null").',';
 		$sql .= ' accountancy_code = '.(isset($this->accountancy_code) ? "'".$this->db->escape($this->accountancy_code)."'" : "null");
-		$sql .= ' WHERE id='.$this->id;
+		$sql .= ' WHERE id='.((int) $this->id);
 
 		$this->db->begin();
 
diff --git a/htdocs/core/lib/security2.lib.php b/htdocs/core/lib/security2.lib.php
index 523b8ccf2cb..4408e2ccd52 100644
--- a/htdocs/core/lib/security2.lib.php
+++ b/htdocs/core/lib/security2.lib.php
@@ -476,8 +476,8 @@ function getRandomPassword($generic = false, $replaceambiguouschars = null, $len
 			}
 
 			$generated_password = str_shuffle($randomCode);
-		} else // Old platform, non cryptographic random
-		{
+		} else {
+			// Old platform, non cryptographic random
 			$max = strlen($lowercase) - 1;
 			for ($x = 0; $x < $nbofchar; $x++) {
 				$tmp = mt_rand(0, $max);
diff --git a/htdocs/core/modules/security/generate/modGeneratePassStandard.class.php b/htdocs/core/modules/security/generate/modGeneratePassStandard.class.php
index e091b5069e9..a358f916429 100644
--- a/htdocs/core/modules/security/generate/modGeneratePassStandard.class.php
+++ b/htdocs/core/modules/security/generate/modGeneratePassStandard.class.php
@@ -99,7 +99,7 @@ class modGeneratePassStandard extends ModeleGenPassword
 		$password = "";
 
 		// define possible characters
-		$possible = "0123456789bcdfghjkmnpqrstvwxyz";
+		$possible = "0123456789qwertyuiopasdfghjklzxcvbnmASDFGHJKLZXCVBNMQWERTYUIOP";
 
 		// set up a counter
 		$i = 0;
@@ -107,10 +107,13 @@ class modGeneratePassStandard extends ModeleGenPassword
 		// add random characters to $password until $length is reached
 		while ($i < $this->length) {
 			// pick a random character from the possible ones
-			$char = substr($possible, mt_rand(0, dol_strlen($possible) - 1), 1);
+			if (function_exists('random_int')) {	// Cryptographic random
+				$char = substr($possible, random_int(0, dol_strlen($possible) - 1), 1);
+			} else {
+				$char = substr($possible, mt_rand(0, dol_strlen($possible) - 1), 1);
+			}
 
-			// we don't want this character if it's already in the password
-			if (!strstr($password, $char)) {
+			if (substr_count($password, $char) <= 6) {	// we don't want this character if it's already 5 times in the password
 				$password .= $char;
 				$i++;
 			}
diff --git a/htdocs/societe/card.php b/htdocs/societe/card.php
index e7e8c10d20c..ba4023dbba9 100644
--- a/htdocs/societe/card.php
+++ b/htdocs/societe/card.php
@@ -554,7 +554,7 @@ if (empty($reshook)) {
 				}
 
 				// We set country_id, country_code and country for the selected country
-				$object->country_id = GETPOST('country_id') != '' ?GETPOST('country_id') : $mysoc->country_id;
+				$object->country_id = GETPOST('country_id', 'int') != '' ? GETPOST('country_id', 'int') : $mysoc->country_id;
 				if ($object->country_id) {
 					$tmparray = getCountry($object->country_id, 'all');
 					$object->country_code = $tmparray['code'];
diff --git a/htdocs/societe/class/societe.class.php b/htdocs/societe/class/societe.class.php
index a213cca5577..eff2ba39c21 100644
--- a/htdocs/societe/class/societe.class.php
+++ b/htdocs/societe/class/societe.class.php
@@ -894,7 +894,7 @@ class Societe extends CommonObject
 			$sql .= ", ".(!empty($user->id) ? ((int) $user->id) : "null");
 			$sql .= ", ".(!empty($this->typent_id) ? ((int) $this->typent_id) : "null");
 			$sql .= ", ".(!empty($this->canvas) ? "'".$this->db->escape($this->canvas)."'" : "null");
-			$sql .= ", ".$this->status;
+			$sql .= ", ".((int) $this->status);
 			$sql .= ", ".(!empty($this->ref_ext) ? "'".$this->db->escape($this->ref_ext)."'" : "null");
 			$sql .= ", 0";
 			$sql .= ", ".(int) $this->fk_incoterms;
@@ -1369,13 +1369,13 @@ class Societe extends CommonObject
 			$sql .= ",zip = ".(!empty($this->zip) ? "'".$this->db->escape($this->zip)."'" : "null");
 			$sql .= ",town = ".(!empty($this->town) ? "'".$this->db->escape($this->town)."'" : "null");
 
-			$sql .= ",fk_departement = '".(!empty($this->state_id) ? $this->state_id : '0')."'";
-			$sql .= ",fk_pays = '".(!empty($this->country_id) ? $this->country_id : '0')."'";
+			$sql .= ",fk_departement = ".((!empty($this->state_id) && $this->state_id > 0) ? ((int) $this->state_id) : 'null');
+			$sql .= ",fk_pays = ".((!empty($this->country_id) && $this->country_id > 0) ? ((int) $this->country_id) : 'null');
 
 			$sql .= ",phone = ".(!empty($this->phone) ? "'".$this->db->escape($this->phone)."'" : "null");
 			$sql .= ",fax = ".(!empty($this->fax) ? "'".$this->db->escape($this->fax)."'" : "null");
 			$sql .= ",email = ".(!empty($this->email) ? "'".$this->db->escape($this->email)."'" : "null");
-			$sql .= ", socialnetworks = '".$this->db->escape(json_encode($this->socialnetworks))."'";
+			$sql .= ",socialnetworks = '".$this->db->escape(json_encode($this->socialnetworks))."'";
 			$sql .= ",url = ".(!empty($this->url) ? "'".$this->db->escape($this->url)."'" : "null");
 
 			$sql .= ",parent = ".($this->parent > 0 ? $this->parent : "null");
diff --git a/htdocs/user/passwordforgotten.php b/htdocs/user/passwordforgotten.php
index cb149f1e481..63f33b5f8ec 100644
--- a/htdocs/user/passwordforgotten.php
+++ b/htdocs/user/passwordforgotten.php
@@ -87,14 +87,14 @@ if (empty($reshook)) {
 	// Validate new password
 	if ($action == 'validatenewpassword' && $username && $passworduidhash) {
 		$edituser = new User($db);
-		$result = $edituser->fetch('', $_GET["username"]);
+		$result = $edituser->fetch('', $username);
 		if ($result < 0) {
 			$message = '<div class="error">'.dol_escape_htmltag($langs->trans("ErrorLoginDoesNotExists", $username)).'</div>';
 		} else {
 			global $dolibarr_main_instance_unique_id;
 
 			//print $edituser->pass_temp.'-'.$edituser->id.'-'.$dolibarr_main_instance_unique_id.' '.$passworduidhash;
-			if (dol_verifyHash($edituser->pass_temp.'-'.$edituser->id.'-'.$dolibarr_main_instance_unique_id, $passworduidhash)) {
+			if ($edituser->pass_temp && dol_verifyHash($edituser->pass_temp.'-'.$edituser->id.'-'.$dolibarr_main_instance_unique_id, $passworduidhash)) {
 				// Clear session
 				unset($_SESSION['dol_login']);
 				$_SESSION['dol_loginmesg'] = $langs->trans('NewPasswordValidated'); // Save message for the session page
diff --git a/test/phpunit/SecurityTest.php b/test/phpunit/SecurityTest.php
index d75ec962020..63c52ac60c5 100644
--- a/test/phpunit/SecurityTest.php
+++ b/test/phpunit/SecurityTest.php
@@ -323,8 +323,8 @@ class SecurityTest extends PHPUnit\Framework\TestCase
 		$this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on testSqlAndScriptInject lll');
 
 		$test="Text with ' encoded with the numeric html entity converted into text entity &#39; (like when submited by CKEditor)";
-		$result=testSqlAndScriptInject($test, 0);
-		$this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on testSqlAndScriptInject mmm');
+		$result=testSqlAndScriptInject($test, 0);	// result must be 0
+		$this->assertEquals(0, $result, 'Error on testSqlAndScriptInject mmm');
 	}
 
 	/**