diff --git a/ChangeLog b/ChangeLog
index c592a261157..f6a1c949bf5 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -42,6 +42,7 @@ FIX: #12041
 FIX: #12054
 FIX: #12083
 FIX: #12088
+FIX: CVE-2019-17578 CVE-2019-17577 CVE-2019-17576
 FIX: Clean the + of categories on the product view only in POS module
 FIX: access to public interface when origin email has an alias.
 FIX: Alias name is not into the email recipient label.
diff --git a/htdocs/bookmarks/bookmarks.lib.php b/htdocs/bookmarks/bookmarks.lib.php
index 8a26b12f15b..abcb3145a80 100644
--- a/htdocs/bookmarks/bookmarks.lib.php
+++ b/htdocs/bookmarks/bookmarks.lib.php
@@ -66,6 +66,7 @@ function printBookmarksList()
 
 		$ret.= '<!-- form with POST method by default, will be replaced with GET for external link by js -->'."\n";
 		$ret.= '<form id="actionbookmark" name="actionbookmark" method="POST" action="">';
+        $ret.= '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
 		$ret.= '<select name="bookmark" id="boxbookmark" class="flat boxcombo vmenusearchselectcombo" alt="Bookmarks">';
 		$ret.= '<option hidden value="listbookmarks" class="optiongrey" selected rel="'.DOL_URL_ROOT.'/bookmarks/list.php">'.$langs->trans('Bookmarks').'</option>';
 	    $ret.= '<option value="listbookmark" class="optionblue" rel="'.dol_escape_htmltag(DOL_URL_ROOT.'/bookmarks/list.php').'" ';
diff --git a/htdocs/comm/propal/card.php b/htdocs/comm/propal/card.php
index 70cd74ac149..e184a99b43e 100644
--- a/htdocs/comm/propal/card.php
+++ b/htdocs/comm/propal/card.php
@@ -58,7 +58,7 @@ if (!empty($conf->variants->enabled)) {
 }
 
 // Load translation files required by the page
-$langs->loadLangs(array('companies', 'propal', 'compta', 'bills', 'orders', 'products', 'deliveries', 'sendings'));
+$langs->loadLangs(array('companies', 'propal', 'compta', 'bills', 'orders', 'products', 'deliveries', 'sendings', 'other'));
 if (!empty($conf->incoterm->enabled)) $langs->load('incoterm');
 if (! empty($conf->margin->enabled))
 	$langs->load('margins');
diff --git a/htdocs/core/lib/product.lib.php b/htdocs/core/lib/product.lib.php
index 2a2ee90493b..544ca40fcf6 100644
--- a/htdocs/core/lib/product.lib.php
+++ b/htdocs/core/lib/product.lib.php
@@ -488,7 +488,7 @@ function show_stats_for_company($product, $socid)
  *	@param	int		$unit                ID of unit (rowid in llx_c_units table)
  *  @param	int		$use_short_label	 1=Use short label ('g' instead of 'gram'). Short labels are not translated.
  *	@return	string	   			         Unit string
- * 	@see	formproduct->selectMeasuringUnits
+ * 	@see	measuringUnitString() formproduct->selectMeasuringUnits()
  */
 function measuring_units_string($scale = '', $measuring_style = '', $unit = 0, $use_short_label = 0)
 {
@@ -503,7 +503,7 @@ function measuring_units_string($scale = '', $measuring_style = '', $unit = 0, $
  *  @param	string  $scale				 Scale of unit: '0', '-3', '6', ...
  *  @param	int		$use_short_label	 1=Use short label ('g' instead of 'gram'). Short labels are not translated.
  *	@return	string	   			         Unit string
- * 	@see	formproduct->selectMeasuringUnits
+ * 	@see	formproduct->selectMeasuringUnits()
  */
 function measuringUnitString($unit, $measuring_style = '', $scale = '', $use_short_label = 0)
 {
diff --git a/htdocs/core/tpl/objectline_create.tpl.php b/htdocs/core/tpl/objectline_create.tpl.php
index b0d4596a711..cb8138eedae 100644
--- a/htdocs/core/tpl/objectline_create.tpl.php
+++ b/htdocs/core/tpl/objectline_create.tpl.php
@@ -138,22 +138,20 @@ if ($nolinesbefore) {
 		print '<td class="linecolcycleref2 right"></td>';
 	}
     if (! empty($usemargins))
-
 	{
-		if (!empty($user->rights->margins->creer)) {
-		?>
-		<td class="margininfos linecolmargin1 right">
-		<?php
+		if (empty($user->rights->margins->creer)) {
+			$colspan++;
+		}
+		else {
+			print '<td class="margininfos linecolmargin1 right">';
+			if ($conf->global->MARGIN_TYPE == "1")
+				echo $langs->trans('BuyingPrice');
+			else
+				echo $langs->trans('CostPrice');
+			echo '</td>';
+			if (! empty($conf->global->DISPLAY_MARGIN_RATES)) echo '<td class="margininfos linecolmargin2 right"><span class="np_marginRate">'.$langs->trans('MarginRate').'</span></td>';
+			if (! empty($conf->global->DISPLAY_MARK_RATES)) echo '<td class="margininfos linecolmargin2 right"><span class="np_markRate">'.$langs->trans('MarkRate').'</span></td>';
 		}
-		else $colspan++;
-
-		if ($conf->global->MARGIN_TYPE == "1")
-			echo $langs->trans('BuyingPrice');
-		else
-			echo $langs->trans('CostPrice');
-		echo '</td>';
-		if ($user->rights->margins->creer && ! empty($conf->global->DISPLAY_MARGIN_RATES)) echo '<td class="margininfos linecolmargin2 right"><span class="np_marginRate">'.$langs->trans('MarginRate').'</span></td>';
-		if ($user->rights->margins->creer && ! empty($conf->global->DISPLAY_MARK_RATES)) echo '<td class="margininfos linecolmargin2 right"><span class="np_markRate">'.$langs->trans('MarkRate').'</span></td>';
 	}
 	?>
 	<td class="linecoledit" colspan="<?php echo $colspan; ?>">&nbsp;</td>
@@ -438,20 +436,16 @@ if ($nolinesbefore) {
 	{
 		if (!empty($user->rights->margins->creer)) {
 		    $coldisplay++;
-		?>
-		<td class="nobottom margininfos linecolmargin right">
-			<!-- For predef product -->
-			<?php if (! empty($conf->product->enabled) || ! empty($conf->service->enabled)) { ?>
-			<select id="fournprice_predef" name="fournprice_predef" class="flat" style="display: none;"></select>
-			<?php } ?>
-			<!-- For free product -->
-			<input type="text" size="5" id="buying_price" name="buying_price" class="flat right" value="<?php echo (isset($_POST["buying_price"])?GETPOST("buying_price", 'alpha', 2):''); ?>">
-		</td>
-		<?php
-		}
-
-		if ($user->rights->margins->creer)
-		{
+			?>
+			<td class="nobottom margininfos linecolmargin right">
+				<!-- For predef product -->
+				<?php if (! empty($conf->product->enabled) || ! empty($conf->service->enabled)) { ?>
+				<select id="fournprice_predef" name="fournprice_predef" class="flat minwidth75imp" style="display: none;"></select>
+				<?php } ?>
+				<!-- For free product -->
+				<input type="text" id="buying_price" name="buying_price" class="flat maxwidth75 right" value="<?php echo (isset($_POST["buying_price"])?GETPOST("buying_price", 'alpha', 2):''); ?>">
+			</td>
+			<?php
 			if (! empty($conf->global->DISPLAY_MARGIN_RATES))
 			{
 				echo '<td class="nobottom nowrap margininfos right"><input class="flat right" type="text" size="2" id="np_marginRate" name="np_marginRate" value="'.(isset($_POST["np_marginRate"])?GETPOST("np_marginRate", 'alpha', 2):'').'"><span class="np_marginRate hideonsmartphone">%</span></td>';
diff --git a/htdocs/core/tpl/objectline_edit.tpl.php b/htdocs/core/tpl/objectline_edit.tpl.php
index f98bea150de..0b275202d92 100644
--- a/htdocs/core/tpl/objectline_edit.tpl.php
+++ b/htdocs/core/tpl/objectline_edit.tpl.php
@@ -217,10 +217,10 @@ $coldisplay=0;
         <td class="margininfos right">
 			<!-- For predef product -->
 			<?php if (! empty($conf->product->enabled) || ! empty($conf->service->enabled)) { ?>
-			<select id="fournprice_predef" name="fournprice_predef" class="flat right" style="display: none;"></select>
+			<select id="fournprice_predef" name="fournprice_predef" class="flat minwidth75imp right" style="display: none;"></select>
 			<?php } ?>
 			<!-- For free product -->
-			<input class="flat right" type="text" size="5" id="buying_price" name="buying_price" class="hideobject" value="<?php echo price($line->pa_ht, 0, '', 0); ?>">
+			<input class="flat maxwidth75 right" type="text" id="buying_price" name="buying_price" class="hideobject" value="<?php echo price($line->pa_ht, 0, '', 0); ?>">
 		</td>
 		<?php }
 
@@ -232,7 +232,7 @@ $coldisplay=0;
 				if ($line->subprice < 0)
 					echo '<td class="right nowrap margininfos">'.$margin_rate.'<span class="hideonsmartphone">%</span></td>';
 				else
-					echo '<td class="right nowrap margininfos"><input class="right" type="text" size="2" name="np_marginRate" value="'.$margin_rate.'"><span class="hideonsmartphone">%</span></td>';
+					echo '<td class="right nowrap margininfos"><input class="right maxwidth75" type="text" name="np_marginRate" value="'.$margin_rate.'"><span class="hideonsmartphone">%</span></td>';
 				$coldisplay++;
 			}
 			elseif (! empty($conf->global->DISPLAY_MARK_RATES))
@@ -242,7 +242,7 @@ $coldisplay=0;
 				if ($line->subprice < 0)
 					echo '<td class="right nowrap margininfos">'.$mark_rate.'<span class="hideonsmartphone">%</span></td>';
 				else
-					echo '<td class="right nowrap margininfos"><input class="right" type="text" size="2" name="np_markRate" value="'.$mark_rate.'"><span class="hideonsmartphone">%</span></td>';
+					echo '<td class="right nowrap margininfos"><input class="right maxwidth75" type="text" name="np_markRate" value="'.$mark_rate.'"><span class="hideonsmartphone">%</span></td>';
 				$coldisplay++;
 			}
 		}
diff --git a/htdocs/expedition/card.php b/htdocs/expedition/card.php
index 836e7ffd0c7..a101f3964c0 100644
--- a/htdocs/expedition/card.php
+++ b/htdocs/expedition/card.php
@@ -2442,10 +2442,10 @@ elseif ($id || $ref)
 				{
 					// edit-delete buttons
 					print '<td class="linecoledit center">';
-					print '<a href="' . $_SERVER["PHP_SELF"] . '?id=' . $object->id . '&amp;action=editline&amp;lineid=' . $lines[$i]->id . '">' . img_edit() . '</a>';
+					print '<a class="reposition" href="' . $_SERVER["PHP_SELF"] . '?id=' . $object->id . '&amp;action=editline&amp;lineid=' . $lines[$i]->id . '">' . img_edit() . '</a>';
 					print '</td>';
 					print '<td class="linecoldelete" width="10">';
-					print '<a href="' . $_SERVER["PHP_SELF"] . '?id=' . $object->id . '&amp;action=deleteline&amp;lineid=' . $lines[$i]->id . '">' . img_delete() . '</a>';
+					print '<a class="reposition" href="' . $_SERVER["PHP_SELF"] . '?id=' . $object->id . '&amp;action=deleteline&amp;lineid=' . $lines[$i]->id . '">' . img_delete() . '</a>';
 					print '</td>';
 
 					// Display lines extrafields
diff --git a/htdocs/expedition/shipment.php b/htdocs/expedition/shipment.php
index 0773695f6a0..293c00a2319 100644
--- a/htdocs/expedition/shipment.php
+++ b/htdocs/expedition/shipment.php
@@ -42,7 +42,7 @@ if (! empty($conf->propal->enabled)) require_once DOL_DOCUMENT_ROOT.'/comm/propa
 if (! empty($conf->product->enabled) || ! empty($conf->service->enabled)) 	require_once DOL_DOCUMENT_ROOT.'/product/class/product.class.php';
 
 // Load translation files required by the page
-$langs->loadLangs(array('orders',"companies","bills",'propal','deliveries','stocks',"productbatch",'incoterm'));
+$langs->loadLangs(array('orders',"companies","bills",'propal','deliveries','stocks',"productbatch",'incoterm','other'));
 
 $id     = GETPOST('id', 'int');			// id of order
 $ref    = GETPOST('ref', 'alpha');
diff --git a/htdocs/langs/en_US/main.lang b/htdocs/langs/en_US/main.lang
index c176d06aff4..0b47f9b5e54 100644
--- a/htdocs/langs/en_US/main.lang
+++ b/htdocs/langs/en_US/main.lang
@@ -478,6 +478,7 @@ By=By
 From=From
 FromLocation=From
 to=to
+To=to
 and=and
 or=or
 Other=Other
diff --git a/htdocs/langs/fr_FR/main.lang b/htdocs/langs/fr_FR/main.lang
index b375a3e16e0..afeed4b318d 100644
--- a/htdocs/langs/fr_FR/main.lang
+++ b/htdocs/langs/fr_FR/main.lang
@@ -476,6 +476,7 @@ Category=Tag/catégorie
 By=Par
 From=Du
 to=au
+To=à
 and=et
 or=ou
 Other=Autre
diff --git a/htdocs/product/list.php b/htdocs/product/list.php
index 2b36582025f..2f13c4921a9 100644
--- a/htdocs/product/list.php
+++ b/htdocs/product/list.php
@@ -485,6 +485,8 @@ if ($resql)
 	if($type == Product::TYPE_SERVICE) $rightskey='service';
 	if($user->rights->{$rightskey}->creer)
 	{
+		$oldtype=$type;
+
 		if ($type === "") {
 			$newcardbutton.= dolGetButtonTitle($langs->trans('NewProduct'), '', 'fa fa-plus-circle', DOL_URL_ROOT.'/product/card.php?action=create&amp;type=0');
 			$type = Product::TYPE_SERVICE;
@@ -492,7 +494,9 @@ if ($resql)
 		$label='NewProduct';
 		if($type == Product::TYPE_SERVICE) $label='NewService';
         $newcardbutton.= dolGetButtonTitle($langs->trans($label), '', 'fa fa-plus-circle', DOL_URL_ROOT.'/product/card.php?action=create&amp;type='.$type);
-	}
+
+        $type=$oldtype;
+    }
 
 	print '<form action="'.$_SERVER["PHP_SELF"].'" method="post" name="formulaire">';
 	if ($optioncss != '') print '<input type="hidden" name="optioncss" value="'.$optioncss.'">';
diff --git a/htdocs/product/stock/replenish.php b/htdocs/product/stock/replenish.php
index b992be282d4..3536088cab5 100644
--- a/htdocs/product/stock/replenish.php
+++ b/htdocs/product/stock/replenish.php
@@ -140,7 +140,6 @@ if ($action == 'order' && isset($_POST['valid']))
                 	if ($qty)
                 	{
 	                    //might need some value checks
-	                    $obj = $db->fetch_object($resql);
 	                    $line = new CommandeFournisseurLigne($db);
 	                    $line->qty = $qty;
 	                    $line->fk_product = $idprod;
@@ -179,7 +178,7 @@ if ($action == 'order' && isset($_POST['valid']))
                     $error=$db->lasterror();
                     dol_print_error($db);
                 }
-                $db->free($resql);
+
                 unset($_POST['fourn' . $i]);
             }
             unset($_POST[$i]);