diff --git a/htdocs/fourn/facture/rapport.php b/htdocs/fourn/facture/rapport.php
index 7873dd81b2d..1c068e19b7d 100644
--- a/htdocs/fourn/facture/rapport.php
+++ b/htdocs/fourn/facture/rapport.php
@@ -47,7 +47,7 @@ if ($user->socid > 0)
 $dir = $conf->fournisseur->facture->dir_output.'/payments';
 if (!$user->rights->societe->client->voir || $socid) $dir .= '/private/'.$user->id; // If user has no permission to see all, output dir is specific to user
 
-$year = $_GET["year"];
+$year = GETPOST("year", 'int');
 if (!$year) { $year = date("Y"); }
 
 
@@ -69,7 +69,7 @@ if ($action == 'builddoc')
     // We save charset_output to restore it because write_file can change it if needed for
     // output format that does not support UTF8.
     $sav_charset_output = $outputlangs->charset_output;
-    if ($rap->write_file($dir, $_POST["remonth"], $_POST["reyear"], $outputlangs) > 0)
+    if ($rap->write_file($dir, GETPOST("remonth", 'int'), GETPOST("reyear", 'int'), $outputlangs) > 0)
     {
         $outputlangs->charset_output = $sav_charset_output;
     } else {
@@ -77,7 +77,7 @@ if ($action == 'builddoc')
         dol_print_error($db, $obj->error);
     }
 
-    $year = $_POST["reyear"];
+    $year = GETPOST("reyear", 'int');
 }
 
 
diff --git a/htdocs/reception/stats/month.php b/htdocs/reception/stats/month.php
index d2cf628e605..dab1a806406 100644
--- a/htdocs/reception/stats/month.php
+++ b/htdocs/reception/stats/month.php
@@ -27,6 +27,8 @@ require_once DOL_DOCUMENT_ROOT.'/reception/class/reception.class.php';
 require_once DOL_DOCUMENT_ROOT.'/reception/class/receptionstats.class.php';
 require_once DOL_DOCUMENT_ROOT.'/core/class/dolgraph.class.php';
 
+$year = GETPOST("year", 'int');
+
 
 /*
  * View
@@ -39,10 +41,10 @@ $HEIGHT = DolGraph::getDefaultGraphSizeForStats('height');
 
 $mesg = '';
 
-print load_fiche_titre($langs->trans("StatisticsOfReceptions").' '.$_GET["year"], $mesg);
+print load_fiche_titre($langs->trans("StatisticsOfReceptions").' '.GETPOST("year", 'int'), $mesg);
 
 $stats = new ReceptionStats($db);
-$data = $stats->getNbReceptionByMonth($_GET["year"]);
+$data = $stats->getNbReceptionByMonth(GETPOST("year", 'int'));
 
 dol_mkdir($conf->reception->dir_temp);