diff --git a/ChangeLog b/ChangeLog
index cd9397939f5..2e8bfc968c7 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -2,6 +2,50 @@
 English Dolibarr ChangeLog
 --------------------------------------------------------------
 
+***** ChangeLog for 14.0.2 compared to 14.0.1 *****
+
+FIX: #18353 Invoice list translation issue
+FIX: #18375 SQL Error on tasks statistics
+FIX: #18465
+FIX: #18484
+FIX: #18531
+FIX: #18542 REST API: set global $user variable to DolibarrApiAccess::user.
+FIX: #18544 Shipment REST API: load thirdparty object into the shipment before validating.
+FIX: #18544 Shipment rest api: load thirdparty object when validating
+FIX: #18565
+FIX: #18589 #18617
+FIX: #18591 : Remove double quotes of SQL Queries for postgresql compatibility
+FIX: #18666 Order / Shipment list: Don't SQL JOIN category table when not necessary.
+FIX: Accountancy - Some problems of length with general & subledger account
+FIX: add DISTINCT
+FIX: Add option $noescapecommand in executeCLI for better compatibility
+FIX: Add token to remove error when removing widget
+FIX: Add token when remove the last widget on home page
+FIX: an approved holiday can be canceled by an admin.
+FIX: better sql request
+FIX: change LOG_DEBUG with LOG_WARNING in syslog and remove sql error in syslog (already done)
+FIX: Collapsing of extrafields has disappeared.
+FIX: Date of payment of subscription must not be set to 1970-01-01.
+FIX: Export of website generates a package that contains a sql error
+FIX: Field already present in SQL request
+FIX: increase maxlength of password input
+FIX: invoice fetch not found syslog debug level instead of error
+FIX: Invoice list - Wrong name for column total_tva
+FIX: invoice validation: when checking if any vat rate has a negative amount, prevent false positives with -1E-14 amounts
+FIX: Manage credit note on situation invoice for calculate margin
+FIX: Menu List of project was not visible.
+FIX: migration script
+FIX: multicompany transverse mode compatibility
+FIX: option "Default value for field 'Refuse bulk emailings'"
+FIX: Recommended session.cookie_samesite must be 'Lax' not 'Strict'.
+FIX: Relative discount with high nb of decimals
+FIX: salary extrafields don't work and table is not well named
+FIX: Supplier invoice list - Wrong language key used
+FIX: wrong table_element_line
+FIX: wrong users count in multicompany transverse mode
+FIX: #yogosha6944 Protection against traversal path.
+
+
 ***** ChangeLog for 14.0.1 compared to 14.0.0 *****
 
 FIX: $conf->task used but it does not exist, use $conf->projet instead
diff --git a/build/generate_filelist_xml.php b/build/generate_filelist_xml.php
index 8e7ef3ef46c..e5a39c0d0a8 100755
--- a/build/generate_filelist_xml.php
+++ b/build/generate_filelist_xml.php
@@ -239,7 +239,7 @@ fclose($fp);
 if (empty($buildzip)) {
 	print "File ".$outputfile." generated\n";
 } else {
-	$result = dol_compress_file($outputfile, $outputfile.'.zip');
+	$result = dol_compress_file($outputfile, $outputfile.'.zip', 'zip');
 	if ($result > 0) {
 		dol_delete_file($outputfile);
 		print "File ".$outputfile.".zip generated\n";
diff --git a/dev/examples/ldap/ldapsearch_sample1.txt b/dev/examples/ldap/ldapsearch_sample1.txt
index 5f667ffd7a4..a02ad632cd0 100644
--- a/dev/examples/ldap/ldapsearch_sample1.txt
+++ b/dev/examples/ldap/ldapsearch_sample1.txt
@@ -3,11 +3,26 @@
 #
 # Use this sample to search into a ldap
 #
-# ldapsearch -h hostname -x
-# ldapsearch -h hostname -x -b "ou=people,dc=teclib,dc=infra"
-# ldapsearch -h hostname -x -z 0 -b "o=somecompany.com" -D "cn=manager,o=somecompany.com" -w password "(objectclass=*)"
-# ldapsearch -h hostname -x -b "o=somecompany.com" -D "cn=manager,o=somecompany.com" -w password "(objectclass=*)"
+
+# Anonymous access
+# ldapsearch -h hostname -p 389
+#
+# Login access (using a Bind DN)
+# ldapsearch -h hostname -p 389 -z 0 -D "uid=root,cn=users,dc=ldap,dc=test,dc=local" -w password
+# ldapsearch -H ldap://hostname:389 -z 0 -D "uid=root,cn=users,dc=ldap,dc=test,dc=local" -w password
+# ldapsearch -d1 -H ldap://hostname:389 -x -z 0 -D "uid=root,cn=users,dc=ldap,dc=test,dc=local" -w password
+# ldapsearch -H ldap://hostname:389 -z 0 -D "uid=root,cn=users,dc=ldap,dc=test,dc=local" -w password
+#
+# Login access in SSL (using a Bind DN)
+# ldapsearch -H ldaps://hostnamme:636 -z 0 -D "uid=root,cn=users,dc=ldap,dc=test,dc=local" -w password -b "cn=users,dc=ldap,dc=test,dc=local
+# If it fails, you may try to use "hostname" that is real name of certificate.
+# You must also check that /etc/ldap/ldap.conf contains the line TLS_CACERT /etc/ssl/certs/ca-certificates.crt
+
+# What to search
+# ldapsearch -h hostname -p 389 -x -D "uid=root,cn=users,dc=ldap,dc=test,dc=local" -w password -b "cn=users,dc=ldap,dc=test,dc=local"
+# ldapsearch -h hostname -p 389 -x -D "cn=manager,o=somecompany.com" -w password -b "ou=people,dc=teclib,dc=infra"
+# ldapsearch -h hostname -p 389 -x -D "cn=manager,o=somecompany.com" -w password -b "o=somecompany.com" "(objectclass=*)"
 #
 # Example to test a ldap search: 
-# ldapsearch -h hostname -x -z 5 -b 'OU=Collaborateurs,OU=Utilisateurs,OU=MyCompany,DC=bocal,DC=lan' -D 'CN=UserAdmin,OU=Informatique,OU=Utilisateurs,OU=MyCompany,DC=bocal,DC=lan' -w password
+# ldapsearch -h hostname -p 389 -x -z 5 -b 'OU=Collaborateurs,OU=Utilisateurs,OU=MyCompany,DC=bocal,DC=lan' -D 'CN=UserAdmin,OU=Informatique,OU=Utilisateurs,OU=MyCompany,DC=bocal,DC=lan' -w password
 
diff --git a/htdocs/adherents/admin/member.php b/htdocs/adherents/admin/member.php
index 5a589756feb..018498c2457 100644
--- a/htdocs/adherents/admin/member.php
+++ b/htdocs/adherents/admin/member.php
@@ -25,7 +25,7 @@
  */
 
 /**
- *   	\file       htdocs/adherents/admin/adherent.php
+ *   	\file       htdocs/adherents/admin/member.php
  *		\ingroup    member
  *		\brief      Page to setup the module Foundation
  */
diff --git a/htdocs/admin/dolistore/class/dolistore.class.php b/htdocs/admin/dolistore/class/dolistore.class.php
index bfcb751f9a9..5e7a229fee3 100644
--- a/htdocs/admin/dolistore/class/dolistore.class.php
+++ b/htdocs/admin/dolistore/class/dolistore.class.php
@@ -217,15 +217,15 @@ class Dolistore
 		for ($i = 0; $i < $nbofcateg; $i++) {
 			$cat = $this->categories[$i];
 			if ($cat->is_root_category == 1 && $parent == 0) {
-				$html .= '<li class="root"><h3 class="nomargesupinf"><a class="nomargesupinf link2cat" href="?mode=marketplace&categorie='.$cat->id.'" ';
-				$html .= 'title="'.dol_escape_htmltag(strip_tags($cat->description->language[$this->lang - 1])).'">'.$cat->name->language[$this->lang - 1].' <sup>'.$cat->nb_products_recursive.'</sup></a></h3>';
+				$html .= '<li class="root"><h3 class="nomargesupinf"><a class="nomargesupinf link2cat" href="?mode=marketplace&categorie='.((int) $cat->id).'" ';
+				$html .= 'title="'.dol_escape_htmltag(strip_tags($cat->description->language[$this->lang - 1])).'">'.dol_escape_htmltag($cat->name->language[$this->lang - 1]).' <sup>'.dol_escape_htmltag($cat->nb_products_recursive).'</sup></a></h3>';
 				$html .= self::get_categories($cat->id);
 				$html .= "</li>\n";
 			} elseif (trim($cat->id_parent) == $parent && $cat->active == 1 && trim($cat->id_parent) != 0) { // si cat est de ce niveau
 				$select = ($cat->id == $this->categorie) ? ' selected' : '';
-				$html .= '<li><a class="link2cat'.$select.'" href="?mode=marketplace&categorie='.$cat->id.'"';
+				$html .= '<li><a class="link2cat'.$select.'" href="?mode=marketplace&categorie='.((int) $cat->id).'"';
 				$html .= ' title="'.dol_escape_htmltag(strip_tags($cat->description->language[$this->lang - 1])).'" ';
-				$html .= '>'.$cat->name->language[$this->lang - 1].' <sup>'.$cat->nb_products_recursive.'</sup></a>';
+				$html .= '>'.dol_escape_htmltag($cat->name->language[$this->lang - 1]).' <sup>'.dol_escape_htmltag($cat->nb_products_recursive).'</sup></a>';
 				$html .= self::get_categories($cat->id);
 				$html .= "</li>\n";
 			}
@@ -267,9 +267,9 @@ class Dolistore
 
 			// add image or default ?
 			if ($product->id_default_image != '') {
-				$image_url = DOL_URL_ROOT.'/admin/dolistore/ajax/image.php?id_product='.$product->id.'&id_image='.$product->id_default_image;
-				$images = '<a href="'.$image_url.'" class="documentpreview" target="_blank" mime="image/png" title="'.$product->name->language[$this->lang - 1].', '.$langs->trans('Version').' '.$product->module_version.'">';
-				$images .= '<img src="'.$image_url.'&quality=home_default" style="max-height:250px;max-width: 210px;" alt="" /></a>';
+				$image_url = DOL_URL_ROOT.'/admin/dolistore/ajax/image.php?id_product='.((int) $product->id).'&id_image='.((int) $product->id_default_image);
+				$images = '<a href="'.urlencode($image_url).'" class="documentpreview" target="_blank" mime="image/png" title="'.dol_escape_htmltag($product->name->language[$this->lang - 1].', '.$langs->trans('Version').' '.$product->module_version).'">';
+				$images .= '<img src="'.urlencode($image_url).'&quality=home_default" style="max-height:250px;max-width: 210px;" alt="" /></a>';
 			} else {
 				$images = '<img src="'.DOL_URL_ROOT.'/admin/dolistore/img/NoImageAvailable.png" />';
 			}
@@ -277,11 +277,11 @@ class Dolistore
 			// free or pay ?
 			if ($product->price > 0) {
 				$price = '<h3>'.price(price2num($product->price, 'MT'), 0, $langs, 1, -1, -1, 'EUR').' '.$langs->trans("HT").'</h3>';
-				$download_link = '<a target="_blank" href="'.$this->shop_url.$product->id.'"><img width="32" src="'.DOL_URL_ROOT.'/admin/dolistore/img/follow.png" /></a>';
+				$download_link = '<a target="_blank" href="'.urlencode($this->shop_url.$product->id).'"><img width="32" src="'.DOL_URL_ROOT.'/admin/dolistore/img/follow.png" /></a>';
 			} else {
 				$price         = '<h3>'.$langs->trans('Free').'</h3>';
-				$download_link = '<a target="_blank" href="'.$this->shop_url.$product->id.'"><img width="32" src="'.DOL_URL_ROOT.'/admin/dolistore/img/Download-128.png" /></a>';
-				$download_link .= '<br><br><a target="_blank" href="'.$this->shop_url.$product->id.'"><img width="32" src="'.DOL_URL_ROOT.'/admin/dolistore/img/follow.png" /></a>';
+				$download_link = '<a target="_blank" href="'.urlencode($this->shop_url.$product->id).'"><img width="32" src="'.DOL_URL_ROOT.'/admin/dolistore/img/Download-128.png" /></a>';
+				$download_link .= '<br><br><a target="_blank" href="'.urlencode($this->shop_url.$product->id).'"><img width="32" src="'.DOL_URL_ROOT.'/admin/dolistore/img/follow.png" /></a>';
 			}
 
 			//checking versions
@@ -319,14 +319,14 @@ class Dolistore
 			//.'<br><a class="inline-block valignmiddle" target="_blank" href="'.$this->shop_url.$product->id.'"><span class="details button">'.$langs->trans("SeeInMarkerPlace").'</span></a>
 
 			//output template
-			$html .= '<tr class="app oddeven '.$compatible.'">
-                <td class="center" width="210"><div class="newAppParent">'.$newapp.$images.'</div></td>
-                <td class="margeCote"><h2 class="appTitle">'.$product->name->language[$this->lang - 1]
-						.'<br><small>'.$version.'</small></h2>
-                    <small> '.dol_print_date(dol_stringtotime($product->date_upd), 'dayhour').' - '.$langs->trans('Ref').': '.$product->reference.' - '.$langs->trans('Id').': '.$product->id.'</small><br><br>'.$product->description_short->language[$this->lang - 1].'</td>';
+			$html .= '<tr class="app oddeven '.dol_escape_htmltag($compatible).'">
+                <td class="center" width="210"><div class="newAppParent">'.dol_escape_htmltag($newapp.$images).'</div></td>
+                <td class="margeCote"><h2 class="appTitle">'.dol_escape_htmltag($product->name->language[$this->lang - 1])
+						.'<br><small>'.dol_escape_htmltag($version).'</small></h2>
+                    <small> '.dol_print_date(dol_stringtotime($product->date_upd), 'dayhour').' - '.$langs->trans('Ref').': '.dol_escape_htmltag($product->reference).' - '.dol_escape_htmltag($langs->trans('Id')).': '.((int) $product->id).'</small><br><br>'.dol_escape_htmltag($product->description_short->language[$this->lang - 1]).'</td>';
 			// do not load if display none
 			//$html .= '<td style="display:none;" class="long_description">'.$product->description->language[$this->lang - 1].'</td>';
-			$html .= '<td class="margeCote center">'.$price.'</td>';
+			$html .= '<td class="margeCote center">'.dol_escape_htmltag($price).'</td>';
 			$html .= '<td class="margeCote">'.$download_link.'</td>';
 			$html .= '</tr>';
 		}
@@ -343,7 +343,7 @@ class Dolistore
 	public function get_previous_link($text = '<<')
 	{
 		// phpcs:enable
-		return '<a href="'.$this->get_previous_url().'" class="button">'.$text.'</a>';
+		return '<a href="'.$this->get_previous_url().'" class="button">'.dol_escape_htmltag($text).'</a>';
 	}
 
 	// phpcs:disable PEAR.NamingConventions.ValidFunctionName.ScopeNotCamelCaps
@@ -356,7 +356,7 @@ class Dolistore
 	public function get_next_link($text = '>>')
 	{
 		// phpcs:enable
-		return '<a href="'.$this->get_next_url().'" class="button">'.$text.'</a>';
+		return '<a href="'.$this->get_next_url().'" class="button">'.dol_escape_htmltag($text).'</a>';
 	}
 
 	// phpcs:disable PEAR.NamingConventions.ValidFunctionName.ScopeNotCamelCaps
diff --git a/htdocs/admin/ldap.php b/htdocs/admin/ldap.php
index 80897320e90..1a274f8cec1 100644
--- a/htdocs/admin/ldap.php
+++ b/htdocs/admin/ldap.php
@@ -43,6 +43,7 @@ $action = GETPOST('action', 'aZ09');
 // Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context
 $hookmanager->initHooks(array('adminldap', 'globaladmin'));
 
+
 /*
  * Actions
  */
@@ -150,7 +151,7 @@ $arraylist['0'] = $langs->trans("No");
 $arraylist['ldap2dolibarr'] = $langs->trans("LDAPToDolibarr");
 $arraylist['dolibarr2ldap'] = $langs->trans("DolibarrToLDAP");
 print $form->selectarray('activesynchro', $arraylist, $conf->global->LDAP_SYNCHRO_ACTIVE);
-print '</td><td>'.$langs->trans("LDAPDnSynchroActiveExample");
+print '</td><td><span class="opacitymedium">'.$langs->trans("LDAPDnSynchroActiveExample").'</span>';
 if ($conf->global->LDAP_SYNCHRO_ACTIVE && !$conf->global->LDAP_USER_DN) {
 	print '<br><font class="error">'.$langs->trans("LDAPSetupNotComplete").'</font>';
 }
@@ -163,7 +164,7 @@ if (!empty($conf->societe->enabled)) {
 	$arraylist['0'] = $langs->trans("No");
 	$arraylist['1'] = $langs->trans("DolibarrToLDAP");
 	print $form->selectarray('activecontact', $arraylist, $conf->global->LDAP_CONTACT_ACTIVE);
-	print '</td><td>'.$langs->trans("LDAPDnContactActiveExample").'</td></tr>';
+	print '</td><td><span class="opacitymedium">'.$langs->trans("LDAPDnContactActiveExample").'</span></td></tr>';
 }
 
 // Synchro member active
@@ -174,7 +175,7 @@ if (!empty($conf->adherent->enabled)) {
 	$arraylist['1'] = $langs->trans("DolibarrToLDAP");
 	$arraylist['ldap2dolibarr'] = $langs->trans("LDAPToDolibarr").' ('.$langs->trans("SupportedForLDAPImportScriptOnly").')';
 	print $form->selectarray('activemembers', $arraylist, $conf->global->LDAP_MEMBER_ACTIVE);
-	print '</td><td>'.$langs->trans("LDAPDnMemberActiveExample").'</td></tr>';
+	print '</td><td><span class="opacitymedium">'.$langs->trans("LDAPDnMemberActiveExample").'</span></td></tr>';
 }
 
 // Synchro member type active
@@ -185,7 +186,7 @@ if (!empty($conf->adherent->enabled)) {
 	$arraylist['1'] = $langs->trans("DolibarrToLDAP");
 	$arraylist['ldap2dolibarr'] = $langs->trans("LDAPToDolibarr").' ('.$langs->trans("SupportedForLDAPImportScriptOnly").')';
 	print $form->selectarray('activememberstypes', $arraylist, $conf->global->LDAP_MEMBER_TYPE_ACTIVE);
-	print '</td><td>'.$langs->trans("LDAPDnMemberTypeActiveExample").'</td></tr>';
+	print '</td><td><span class="opacitymedium">'.$langs->trans("LDAPDnMemberTypeActiveExample").'</span></td></tr>';
 }
 
 // Fields from hook
@@ -214,33 +215,33 @@ $arraylist = array();
 $arraylist['3'] = 'Version 3';
 $arraylist['2'] = 'Version 2';
 print $form->selectarray('LDAP_SERVER_PROTOCOLVERSION', $arraylist, $conf->global->LDAP_SERVER_PROTOCOLVERSION);
-print '</td><td>'.$langs->trans("LDAPServerProtocolVersion").'</td></tr>';
+print '</td><td><span class="opacitymedium">'.$langs->trans("LDAPServerProtocolVersion").'</span></td></tr>';
 
 // Serveur primaire
 print '<tr class="oddeven"><td>';
 print $langs->trans("LDAPPrimaryServer").'</td><td>';
-print '<input size="25" type="text" name="host" value="'.$conf->global->LDAP_SERVER_HOST.'">';
-print '</td><td>'.$langs->trans("LDAPServerExample").'</td></tr>';
+print '<input class="minwidth200" type="text" name="host" value="'.$conf->global->LDAP_SERVER_HOST.'">';
+print '</td><td><span class="opacitymedium">'.$langs->trans("LDAPServerExample").'</span></td></tr>';
 
 // Serveur secondaire
 print '<tr class="oddeven"><td>';
 print $langs->trans("LDAPSecondaryServer").'</td><td>';
-print '<input size="25" type="text" name="slave" value="'.$conf->global->LDAP_SERVER_HOST_SLAVE.'">';
-print '</td><td>'.$langs->trans("LDAPServerExample").'</td></tr>';
+print '<input class="minwidth200" type="text" name="slave" value="'.$conf->global->LDAP_SERVER_HOST_SLAVE.'">';
+print '</td><td><span class="opacitymedium">'.$langs->trans("LDAPServerExample").'</span></td></tr>';
 
 // Port
 print '<tr class="oddeven"><td>'.$langs->trans("LDAPServerPort").'</td><td>';
 if (!empty($conf->global->LDAP_SERVER_PORT)) {
-	print '<input size="25" type="text" name="port" value="'.$conf->global->LDAP_SERVER_PORT.'">';
+	print '<input class="width75" type="text" name="port" value="'.$conf->global->LDAP_SERVER_PORT.'">';
 } else {
-	print '<input size="25" type="text" name="port" value="389">';
+	print '<input class="width75" type="text" name="port" value="389">';
 }
-print '</td><td>'.$langs->trans("LDAPServerPortExample").'</td></tr>';
+print '</td><td><span class="opacitymedium">'.$langs->trans("LDAPServerPortExample").'</span></td></tr>';
 
 // DNserver
 print '<tr class="oddeven"><td>'.$langs->trans("LDAPServerDn").'</td><td>';
-print '<input size="25" type="text" name="dn" value="'.$conf->global->LDAP_SERVER_DN.'">';
-print '</td><td>'.$langs->trans("LDAPServerDnExample").'</td></tr>';
+print '<input class="minwidth300" type="text" name="dn" value="'.$conf->global->LDAP_SERVER_DN.'">';
+print '</td><td><span class="opacitymedium">'.$langs->trans("LDAPServerDnExample").'</span></td></tr>';
 
 // Utiliser TLS
 print '<tr class="oddeven"><td>'.$langs->trans("LDAPServerUseTLS").'</td><td>';
@@ -248,7 +249,7 @@ $arraylist = array();
 $arraylist['0'] = $langs->trans("No");
 $arraylist['1'] = $langs->trans("Yes");
 print $form->selectarray('usetls', $arraylist, $conf->global->LDAP_SERVER_USE_TLS);
-print '</td><td>'.$langs->trans("LDAPServerUseTLSExample").'</td></tr>';
+print '</td><td><span class="opacitymedium">'.$langs->trans("LDAPServerUseTLSExample").'</span></td></tr>';
 
 print '<tr class="liste_titre">';
 print '<td colspan="3">'.$langs->trans("ForANonAnonymousAccess").'</td>';
@@ -257,18 +258,18 @@ print "</tr>\n";
 // DNAdmin
 print '<!-- LDAP_ADMIN_DN -->';
 print '<tr class="oddeven"><td>'.$langs->trans("LDAPAdminDn").'</td><td>';
-print '<input size="25" type="text" name="admin" value="'.$conf->global->LDAP_ADMIN_DN.'">';
-print '</td><td>'.$langs->trans("LDAPAdminDnExample").'</td></tr>';
+print '<input class="minwidth300" type="text" name="admin" value="'.$conf->global->LDAP_ADMIN_DN.'">';
+print '</td><td class="maxwidthhalf"><span class="opacitymedium">'.$langs->trans("LDAPAdminDnExample").'</span></td></tr>';
 
 // Pass
 print '<!-- LDAP_ADMIN_PASS -->';
 print '<tr class="oddeven"><td>'.$langs->trans("LDAPPassword").'</td><td>';
 if (!empty($conf->global->LDAP_ADMIN_PASS)) {
-	print '<input size="25" type="password" name="pass" value="'.$conf->global->LDAP_ADMIN_PASS.'">'; // je le met en visible pour test
+	print '<input class="minwidth150" type="password" name="pass" value="'.$conf->global->LDAP_ADMIN_PASS.'">'; // je le met en visible pour test
 } else {
-	print '<input size="25" type="text" name="pass" value="'.$conf->global->LDAP_ADMIN_PASS.'">';
+	print '<input class="minwidth150" type="text" name="pass" value="'.$conf->global->LDAP_ADMIN_PASS.'">';
 }
-print '</td><td>'.$langs->trans('Password').' (ex: secret)</td></tr>';
+print '</td><td><span class="opacitymedium">'.$langs->trans('Password').' (ex: secret)</span></td></tr>';
 
 print '</table>';
 
diff --git a/htdocs/admin/modules.php b/htdocs/admin/modules.php
index 658be446765..ccf12d5a104 100644
--- a/htdocs/admin/modules.php
+++ b/htdocs/admin/modules.php
@@ -1025,16 +1025,16 @@ if ($mode == 'marketplace') {
 
 		print '<div class="liste_titre liste_titre_bydiv centpercent"><div class="divsearchfield">';
 
-		print '<form method="POST" class="centpercent" id="searchFormList" action="'.$dolistore->url.'">';
+		print '<form method="POST" class="centpercent" id="searchFormList" action="'.urlencode($dolistore->url).'">';
 		?>
 					<input type="hidden" name="token" value="<?php echo newToken(); ?>">
 					<input type="hidden" name="mode" value="marketplace">
 					<div class="divsearchfield">
-						<input name="search_keyword" placeholder="<?php echo $langs->trans('Keyword') ?>" id="search_keyword" type="text" class="minwidth200" value="<?php echo $options['search'] ?>"><br>
+						<input name="search_keyword" placeholder="<?php echo $langs->trans('Keyword') ?>" id="search_keyword" type="text" class="minwidth200" value="<?php echo dol_escape_htmltag($options['search']) ?>"><br>
 					</div>
 					<div class="divsearchfield">
 						<input class="button buttongen" value="<?php echo $langs->trans('Rechercher') ?>" type="submit">
-						<a class="buttonreset" href="<?php echo $dolistore->url ?>"><?php echo $langs->trans('Reset') ?></a>
+						<a class="buttonreset" href="<?php echo urlencode($dolistore->url) ?>"><?php echo $langs->trans('Reset') ?></a>
 
 						&nbsp;
 					</div>
@@ -1051,7 +1051,7 @@ if ($mode == 'marketplace') {
 
 			<div id="category-tree-left">
 				<ul class="tree">
-					<?php echo $dolistore->get_categories(); ?>
+					<?php echo dol_escape_htmltag($dolistore->get_categories()); ?>
 				</ul>
 			</div>
 			<div id="listing-content">
diff --git a/htdocs/core/class/ldap.class.php b/htdocs/core/class/ldap.class.php
index a2e5d450869..0e8fd3ee7b4 100644
--- a/htdocs/core/class/ldap.class.php
+++ b/htdocs/core/class/ldap.class.php
@@ -205,14 +205,26 @@ class Ldap
 				if ($this->serverPing($host, $this->serverPort) === true) {
 					$this->connection = ldap_connect($host, $this->serverPort);
 				} else {
-					continue;
+					if (preg_match('/^ldaps/i', $host)) {
+						// With host = ldaps://server, the serverPing to ssl://server sometimes fails, even if the ldap_connect succeed, so
+						// we test this case and continue in suche a case even if serverPing fails.
+						$this->connection = ldap_connect($host, $this->serverPort);
+					} else {
+						continue;
+					}
 				}
 
 				if (is_resource($this->connection)) {
-					// Begin TLS if requested by the configuration
+					// Upgrade connexion to TLS, if requested by the configuration
 					if (!empty($conf->global->LDAP_SERVER_USE_TLS)) {
-						if (!ldap_start_tls($this->connection)) {
+						// For test/debug
+						//ldap_set_option($this->connection, LDAP_OPT_DEBUG_LEVEL, 7);
+						//ldap_set_option($this->connection, LDAP_OPT_PROTOCOL_VERSION, 3);
+
+						$resulttls = ldap_start_tls($this->connection);
+						if (!$resulttls) {
 							dol_syslog(get_class($this)."::connect_bind failed to start tls", LOG_WARNING);
+							$this->error = 'ldap_start_tls Failed to start TLS '.ldap_errno($this->connection).' '.ldap_error($this->connection);
 							$connected = 0;
 							$this->close();
 						}
@@ -689,22 +701,38 @@ class Ldap
 	/**
 	 * Ping a server before ldap_connect for avoid waiting
 	 *
-	 * @param string		$host		Server host or address
+	 * @param string	$host		Server host or address
 	 * @param int		$port		Server port (default 389)
-	 * @param int		$timeout		Timeout in second (default 1s)
+	 * @param int		$timeout	Timeout in second (default 1s)
 	 * @return boolean				true or false
 	 */
 	public function serverPing($host, $port = 389, $timeout = 1)
 	{
-		// Replace ldaps:// by ssl://
+		$regs = array();
 		if (preg_match('/^ldaps:\/\/([^\/]+)\/?$/', $host, $regs)) {
+			// Replace ldaps:// by ssl://
 			$host = 'ssl://'.$regs[1];
-		}
-		// Remove ldap://
-		if (preg_match('/^ldap:\/\/([^\/]+)\/?$/', $host, $regs)) {
+		} elseif (preg_match('/^ldap:\/\/([^\/]+)\/?$/', $host, $regs)) {
+			// Remove ldap://
 			$host = $regs[1];
 		}
+
+		//var_dump($newhostforstream); var_dump($host); var_dump($port);
+		//$host = 'ssl://ldap.test.local:636';
+		//$port = 636;
+
+		$errno = $errstr = 0;
+		/*
+		if ($methodtochecktcpconnect == 'socket') {
+			Try to use socket_create() method.
+			Method that use stream_context_create() works only on registered listed in stream stream_get_wrappers(): http, https, ftp, ...
+		}
+		*/
+
+		// Use the method fsockopen to test tcp connect. No way to ignore ssl certificate errors with this method !
 		$op = @fsockopen($host, $port, $errno, $errstr, $timeout);
+
+		//var_dump($op);
 		if (!$op) {
 			return false; //DC is N/A
 		} else {
diff --git a/htdocs/core/get_menudiv.php b/htdocs/core/get_menudiv.php
index d45b6f2f350..84be9ff8e0f 100644
--- a/htdocs/core/get_menudiv.php
+++ b/htdocs/core/get_menudiv.php
@@ -110,14 +110,13 @@ print '
     }
 
     a.alilevel0 {
-        background-image: url(\''.DOL_URL_ROOT.'/theme/'.$conf->theme.'/img/next.png\') !important;
+        background-image: url(\''.DOL_URL_ROOT.'/theme/'.urlencode($conf->theme).'/img/next.png\') !important;
         background-repeat: no-repeat !important;
         background-position-x: 10px;
         background-position-y: 16px;
         padding: 1em 15px 1em 40px;
     }
     li.lilevel0 font.vsmenudisabled {
-        /* background-image: url(/dolibarr_dev/htdocs/theme/eldy/img/next.png) !important; */
         background-repeat: no-repeat !important;
         background-position-x: 10px;
         background-position-y: 16px;
@@ -178,6 +177,9 @@ print '
         white-space: nowrap;
         display: block;
     }
+	.vsmenudisabled .fa, .vsmenudisabled .fas, .vsmenudisabled .far {
+	    color: #aaa !important;
+	}
 </style>
 
 <script type="text/javascript">
diff --git a/htdocs/core/menus/standard/eldy.lib.php b/htdocs/core/menus/standard/eldy.lib.php
index b1746c31d49..0f4aedcd2f9 100644
--- a/htdocs/core/menus/standard/eldy.lib.php
+++ b/htdocs/core/menus/standard/eldy.lib.php
@@ -2098,8 +2098,10 @@ function print_left_eldy_menu($db, $menu_array_before, $menu_array_after, &$tabM
 					$cssmenu = ' menu_contenu'.dol_string_nospecial(preg_replace('/\.php.*$/', '', $menu_array[$i]['url']));
 				}
 
-				if ($menu_array[$i]['enabled'] && $lastlevel0 == 'enabled') {     // Enabled so visible, except if parent was not enabled.
-					print '<div class="menu_contenu'.$cssmenu.'">'.$tabstring;
+				if ($menu_array[$i]['enabled'] && $lastlevel0 == 'enabled') {
+					// Enabled so visible, except if parent was not enabled.
+					print '<div class="menu_contenu'.$cssmenu.'">';
+					print $tabstring;
 					if ($shorturlwithoutparam) {
 						print '<a class="vsmenu" title="'.dol_escape_htmltag(dol_string_nohtmltag($menu_array[$i]['titre'])).'" href="'.$url.'"'.($menu_array[$i]['target'] ? ' target="'.$menu_array[$i]['target'].'"' : '').'>';
 					} else {
@@ -2116,8 +2118,11 @@ function print_left_eldy_menu($db, $menu_array_before, $menu_array_after, &$tabM
 						print '<br>';
 					}
 					print '</div>'."\n";
-				} elseif ($showmenu && $lastlevel0 == 'enabled') {       // Not enabled but visible (so greyed), except if parent was not enabled.
-					print '<div class="menu_contenu'.$cssmenu.'">'.$tabstring.'<font class="vsmenudisabled vsmenudisabledmargin">'.$menu_array[$i]['titre'].'</font><br></div>'."\n";
+				} elseif ($showmenu && $lastlevel0 == 'enabled') {
+					// Not enabled but visible (so greyed), except if parent was not enabled.
+					print '<div class="menu_contenu'.$cssmenu.'">';
+					print $tabstring;
+					print '<font class="vsmenudisabled vsmenudisabledmargin">'.$menu_array[$i]['titre'].'</font><br></div>'."\n";
 				}
 			}
 
diff --git a/htdocs/core/menus/standard/eldy_menu.php b/htdocs/core/menus/standard/eldy_menu.php
index f5f280b659b..a9817f3d1a5 100644
--- a/htdocs/core/menus/standard/eldy_menu.php
+++ b/htdocs/core/menus/standard/eldy_menu.php
@@ -206,6 +206,7 @@ class MenuManager
 					$canonnexturl = preg_replace('/\?.*$/', '', $nexturl);
 					//var_dump($canonrelurl);
 					//var_dump($canonnexturl);
+
 					print '<ul>'."\n";
 					if (($canonrelurl != $canonnexturl && !in_array($val['mainmenu'], array('tools')))
 						|| (strpos($canonrelurl, '/product/index.php') !== false || strpos($canonrelurl, '/compta/bank/list.php') !== false)) {
@@ -225,15 +226,18 @@ class MenuManager
 						print '</li>'."\n";
 					}
 
+					/*
 					if ($val['level'] == 0) {
 						if ($val['enabled']) {
 							$lastlevel[0] = 'enabled';
-						} elseif ($showmenu) {                 // Not enabled but visible (so greyed)
+						} elseif ($showmenu) {
+							// Not enabled but visible (so greyed)
 							$lastlevel[0] = 'greyed';
 						} else {
 							$lastlevel[0] = 'hidden';
 						}
 					}
+					*/
 
 					$lastlevel2 = array();
 					foreach ($submenu->liste as $key2 => $val2) {		// $val['url','titre','level','enabled'=0|1|2,'target','mainmenu','leftmenu'
@@ -313,7 +317,14 @@ class MenuManager
 					print '</ul>';
 				}
 				if ($val['enabled'] == 2) {
-					print '<font class="vsmenudisabled">'.$val['titre'].'</font>';
+					print '<font class="vsmenudisabled">';
+					// Add font-awesome
+					if ($val['level'] == 0 && !empty($val['prefix'])) {
+						print $val['prefix'];
+					}
+
+					print $val['titre'];
+					print '</font>';
 				}
 				print '</li>';
 				print '</ul>'."\n";
diff --git a/htdocs/core/menus/standard/empty.php b/htdocs/core/menus/standard/empty.php
index f51aacdd90e..d1c222570cf 100644
--- a/htdocs/core/menus/standard/empty.php
+++ b/htdocs/core/menus/standard/empty.php
@@ -285,13 +285,12 @@ class MenuManager
 							}
 							print $disabled.'">'; // ui-btn to highlight on clic
 							if ($relurl2) {
-								if ($val2['enabled']) {	// Allowed
-									print '<a href="'.$relurl2.'"';
-									//print ' data-ajax="false"';
-									print '>';
+								if ($val2['enabled']) {
+									// Allowed
+									print '<a href="'.$relurl2.'">';
 									$lastlevel2[$val2['level']] = 'enabled';
-								} else // Not allowed but visible (greyed)
-								{
+								} else {
+									// Not allowed but visible (greyed)
 									print '<a href="#" class="vsmenudisabled">';
 									$lastlevel2[$val2['level']] = 'greyed';
 								}
@@ -310,6 +309,7 @@ class MenuManager
 									// Allowed
 									print '</a>';
 								} else {
+									// Not allowed
 									print '</a>';
 								}
 							}
diff --git a/htdocs/expensereport/class/expensereport.class.php b/htdocs/expensereport/class/expensereport.class.php
index 6dfe761195e..66d5eb6d7c0 100644
--- a/htdocs/expensereport/class/expensereport.class.php
+++ b/htdocs/expensereport/class/expensereport.class.php
@@ -995,14 +995,14 @@ class ExpenseReport extends CommonObject
 			$sql .= " , total_tva = ".((float) price2num($total_tva, 'MT'));
 			$sql .= " WHERE rowid = ".((int) $id);
 			$result = $this->db->query($sql);
-			if ($result) :
+			if ($result) {
 				$this->db->free($result);
 				return 1;
-			else :
+			} else {
 				$this->error = $this->db->lasterror();
 				dol_syslog(get_class($this)."::recalculer: Error ".$this->error, LOG_ERR);
 				return -3;
-			endif;
+			}
 		} else {
 			$this->error = $this->db->lasterror();
 			dol_syslog(get_class($this)."::recalculer: Error ".$this->error, LOG_ERR);
@@ -1749,12 +1749,12 @@ class ExpenseReport extends CommonObject
 		$sql .= " WHERE rowid = ".((int) $this->id);
 
 		$result = $this->db->query($sql);
-		if ($result) :
+		if ($result) {
 			return 1;
-		else :
+		} else {
 			$this->error = $this->db->error();
 			return -1;
-		endif;
+		}
 	}
 
 	// phpcs:disable PEAR.NamingConventions.ValidFunctionName.ScopeNotCamelCaps
@@ -1779,12 +1779,12 @@ class ExpenseReport extends CommonObject
 		$sql .= " WHERE rowid = ".((int) $this->id);
 
 		$result = $this->db->query($sql);
-		if ($result) :
+		if ($result) {
 			return 1;
-		else :
+		} else {
 			$this->error = $this->db->error();
 			return -1;
-		endif;
+		}
 	}
 
 	/**
diff --git a/htdocs/install/default.css b/htdocs/install/default.css
index eede007e072..da5a19a63dc 100644
--- a/htdocs/install/default.css
+++ b/htdocs/install/default.css
@@ -466,7 +466,8 @@ table.tablesupport {
 @media only screen and (max-width: 570px)
 {
 	.blocksupport {
-		width: 90%;
+		width: calc(100% - 4px);
+		padding: 4px;
 	}
 	
 	.tablesupport {
diff --git a/htdocs/langs/en_US/admin.lang b/htdocs/langs/en_US/admin.lang
index faa28a15fb2..96d1d0a9595 100644
--- a/htdocs/langs/en_US/admin.lang
+++ b/htdocs/langs/en_US/admin.lang
@@ -1473,10 +1473,10 @@ LDAPSynchronizeMembersTypes=Organization of foundation's members types in LDAP
 LDAPPrimaryServer=Primary server
 LDAPSecondaryServer=Secondary server
 LDAPServerPort=Server port
-LDAPServerPortExample=Default port: 389
+LDAPServerPortExample=Standard or StartTLS: 389, LDAPs: 636
 LDAPServerProtocolVersion=Protocol version
 LDAPServerUseTLS=Use TLS
-LDAPServerUseTLSExample=Your LDAP server use TLS
+LDAPServerUseTLSExample=Your LDAP server use StartTLS
 LDAPServerDn=Server DN
 LDAPAdminDn=Administrator DN
 LDAPAdminDnExample=Complete DN (ex: cn=admin,dc=example,dc=com or cn=Administrator,cn=Users,dc=example,dc=com for active directory)