diff --git a/htdocs/admin/system/database-tables.php b/htdocs/admin/system/database-tables.php
index abba79fc5cc..7dfd6b9f2c8 100644
--- a/htdocs/admin/system/database-tables.php
+++ b/htdocs/admin/system/database-tables.php
@@ -1,8 +1,9 @@
 <?php
-/* Copyright (C) 2003      Rodolphe Quiedeville <rodolphe@quiedeville.org>
- * Copyright (C) 2004-2005 Laurent Destailleur  <eldy@users.sourceforge.net>
- * Copyright (C) 2004      Sebastien Di Cintio  <sdicintio@ressource-toi.org>
- * Copyright (C) 2004      Benoit Mortier       <benoit.mortier@opensides.be>
+/* Copyright (C) 2003		Rodolphe Quiedeville	<rodolphe@quiedeville.org>
+ * Copyright (C) 2004-2005	Laurent Destailleur		<eldy@users.sourceforge.net>
+ * Copyright (C) 2004		Sebastien Di Cintio		<sdicintio@ressource-toi.org>
+ * Copyright (C) 2004		Benoit Mortier			<benoit.mortier@opensides.be>
+ * Copyright (C) 2005-2012	Regis Houssin			<regis@dolibarr.fr>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -27,10 +28,13 @@ require("../../main.inc.php");
 
 $langs->load("admin");
 
-if (!$user->admin) accessforbidden();
+if (! $user->admin)
+	accessforbidden();
+
+$action=GETPOST('action','alpha');
 
 
-if ($_GET["action"] == 'convert')
+if ($action == 'convert')
 {
 	$db->query("alter table ".$_GET["table"]." ENGINE=INNODB");
 }
@@ -103,7 +107,7 @@ else
 
 				print '<td><a href="dbtable.php?table='.$obj->Name.'">'.$obj->Name.'</a></td>';
 				print '<td>'.$obj->Engine.'</td>';
-				if ($row[1] == "MyISAM")
+				if (isset($row[1]) && $row[1] == "MyISAM")
 				{
 					print '<td><a href="database-tables.php?action=convert&amp;table='.$row[0].'">'.$langs->trans("Convert").'</a></td>';
 				}
@@ -138,7 +142,9 @@ else
 		print '<td>Nb tuples modify</td>';
 		print '<td>Nb tuples delete</td>';
 		print "</tr>\n";
-		$sql = "select relname,seq_tup_read,idx_tup_fetch,n_tup_ins,n_tup_upd,n_tup_del from pg_stat_user_tables;";
+
+		$sql = "SELECT relname, seq_tup_read, idx_tup_fetch, n_tup_ins, n_tup_upd, n_tup_del";
+		$sql.= " FROM pg_stat_user_tables";
 
 		$resql = $db->query($sql);
 		if ($resql)
@@ -166,4 +172,5 @@ else
 }
 
 llxFooter();
-?>
+$db->close();
+?>
\ No newline at end of file
diff --git a/htdocs/admin/system/dbtable.php b/htdocs/admin/system/dbtable.php
index f389e73a053..bc6cc57405e 100644
--- a/htdocs/admin/system/dbtable.php
+++ b/htdocs/admin/system/dbtable.php
@@ -1,8 +1,9 @@
 <?php
-/* Copyright (C) 2003      Rodolphe Quiedeville <rodolphe@quiedeville.org>
- * Copyright (C) 2004-2005 Laurent Destailleur  <eldy@users.sourceforge.net>
- * Copyright (C) 2004      Sebastien Di Cintio  <sdicintio@ressource-toi.org>
- * Copyright (C) 2004      Benoit Mortier       <benoit.mortier@opensides.be>
+/* Copyright (C) 2003		Rodolphe Quiedeville	<rodolphe@quiedeville.org>
+ * Copyright (C) 2004-2005	Laurent Destailleur		<eldy@users.sourceforge.net>
+ * Copyright (C) 2004		Sebastien Di Cintio		<sdicintio@ressource-toi.org>
+ * Copyright (C) 2004		Benoit Mortier			<benoit.mortier@opensides.be>
+ * Copyright (C) 2005-2012	Regis Houssin			<regis@dolibarr.fr>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -27,8 +28,10 @@ require("../../main.inc.php");
 
 $langs->load("admin");
 
+if (! $user->admin)
+	accessforbidden();
 
-if (!$user->admin) accessforbidden();
+$table=GETPOST('table','alpha');
 
 
 /*
@@ -38,31 +41,29 @@ if (!$user->admin) accessforbidden();
 llxHeader();
 
 
-print_fiche_titre($langs->trans("Table") . " ".$_GET["table"],'','setup');
+print_fiche_titre($langs->trans("Table") . " ".$table,'','setup');
 
 // Define request to get table description
 $base=0;
 if (preg_match('/mysql/i',$conf->db->type))
 {
-	$sql = "SHOW TABLE STATUS LIKE '".$_GET["table"]."'";
+	$sql = "SHOW TABLE STATUS LIKE '".$db->escape($table)."'";
 	$base=1;
 }
-
-if ($conf->db->type == 'pgsql')
+else if ($conf->db->type == 'pgsql')
 {
 	$sql = "SELECT conname,contype FROM pg_constraint";
 	$base=2;
 }
 
-
 if (! $base)
 {
 	print $langs->trans("FeatureNotAvailableWithThisDatabaseDriver");
 }
 else
 {
-	$result = $db->query($sql);
-	if ($result)
+	$resql = $db->query($sql);
+	if ($resql)
 	{
 		$num = $db->num_rows($resql);
 		$var=True;
@@ -74,24 +75,24 @@ else
 		}
 	}
 
-
-	if ($base==1)
+	if ($base == 1)
 	{
-
-		$cons = explode(";",$row[14]);
-
-		foreach  ($cons as $cc)
+		$link=array();
+		$cons = explode(";", $row[14]);
+		if (! empty($cons))
 		{
-			$cx = preg_replace("/\)\sREFER/", "", $cc);
-			$cx = preg_replace("/\(`/", "", $cx);
-			$cx = preg_replace("/`\)/", "", $cx);
-			$cx = preg_replace("/`\s/", "", $cx);
+			foreach($cons as $cc)
+			{
+				$cx = preg_replace("/\)\sREFER/", "", $cc);
+				$cx = preg_replace("/\(`/", "", $cx);
+				$cx = preg_replace("/`\)/", "", $cx);
+				$cx = preg_replace("/`\s/", "", $cx);
 
-			$val = explode("`",$cx);
-
-			$link[trim($val[0])][0] = $val[1];
-			$link[trim($val[0])][1] = $val[2];
+				$val = explode("`",$cx);
 
+				$link[trim($val[0])][0] = (isset($val[1])?$val[1]:'');
+				$link[trim($val[0])][1] = (isset($val[2])?$val[2]:'');
+			}
 		}
 
 		//  var_dump($link);
@@ -100,26 +101,24 @@ else
 		print '<tr class="liste_titre"><td>'.$langs->trans("Fields").'</td><td>'.$langs->trans("Type").'</td><td>'.$langs->trans("Index").'</td>';
 		print '<td>'.$langs->trans("FieldsLinked").'</td></tr>';
 
-		$sql = "DESCRIBE ".$_GET["table"];
-		$result = $db->query($sql);
-		if ($result)
+		$sql = "DESCRIBE ".$table;
+		$resql = $db->query($sql);
+		if ($resql)
 		{
-			$num = $db->num_rows($result);
+			$num = $db->num_rows($resql);
 			$var=True;
 			$i=0;
 			while ($i < $num)
 			{
-				$row = $db->fetch_row($result);
+				$row = $db->fetch_row($resql);
 				$var=!$var;
 				print "<tr $bc[$var]>";
 
-
 				print "<td>$row[0]</td>";
 				print "<td>$row[1]</td>";
 				print "<td>$row[3]</td>";
-				print "<td>".$link[$row[0]][0].".";
-				print $link[$row[0]][1]."</td>";
-
+				print "<td>".(isset($link[$row[0]][0])?$link[$row[0]][0]:'').".";
+				print (isset($link[$row[0]][1])?$link[$row[0]][1]:'')."</td>";
 
 				print '</tr>';
 				$i++;
@@ -130,4 +129,5 @@ else
 }
 
 llxFooter();
-?>
+$db->close();
+?>
\ No newline at end of file
diff --git a/htdocs/admin/system/dolibarr.php b/htdocs/admin/system/dolibarr.php
index 52da5ba5325..5c9a262a268 100644
--- a/htdocs/admin/system/dolibarr.php
+++ b/htdocs/admin/system/dolibarr.php
@@ -1,6 +1,7 @@
 <?php
-/* Copyright (C) 2005-2012 Laurent Destailleur  <eldy@users.sourceforge.net>
- * Copyright (C) 2007      Rodolphe Quiedeville <rodolphe@quiedeville.org>
+/* Copyright (C) 2005-2012	Laurent Destailleur		<eldy@users.sourceforge.net>
+ * Copyright (C) 2007		Rodolphe Quiedeville	<rodolphe@quiedeville.org>
+ * Copyright (C) 2007-2012	Regis Houssin			<regis@dolibarr.fr>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -29,8 +30,8 @@ $langs->load("admin");
 $langs->load("install");
 $langs->load("other");
 
-if (!$user->admin)
-  accessforbidden();
+if (! $user->admin)
+	accessforbidden();
 
 
 /*
@@ -153,7 +154,7 @@ if (($thousand != ',' && $thousand != '.') || ($thousand != ' '))
 $var=!$var;
 print '<tr '.$bc[$var].'><td width="300">&nbsp; => price(1234.56)</td><td>'.price(1234.56).'</td>';
 // Timezone
-$txt =$langs->trans("OSTZ").' (variable system TZ): '.($_ENV["TZ"]?$_ENV["TZ"]:$langs->trans("NotDefined")).'<br>'."\n";
+$txt =$langs->trans("OSTZ").' (variable system TZ): '.(! empty($_ENV["TZ"])?$_ENV["TZ"]:$langs->trans("NotDefined")).'<br>'."\n";
 $txt.=$langs->trans("PHPTZ").' (php.ini date.timezone): '.(ini_get("date.timezone")?ini_get("date.timezone"):$langs->trans("NotDefined")).''."\n"; // date.timezone must be in valued defined in http://fr3.php.net/manual/en/timezones.europe.php
 $var=!$var;
 print '<tr '.$bc[$var].'><td width="300">'.$langs->trans("CurrentTimeZone").'</td><td>';	// Timezone server PHP
@@ -212,4 +213,4 @@ print '<br>';
 llxFooter();
 
 $db->close();
-?>
+?>
\ No newline at end of file
diff --git a/htdocs/admin/system/modules.php b/htdocs/admin/system/modules.php
index 616c551d00c..1a10f15ca1e 100644
--- a/htdocs/admin/system/modules.php
+++ b/htdocs/admin/system/modules.php
@@ -1,7 +1,7 @@
 <?php
 /* Copyright (C) 2005-2009	Laurent Destailleur		<eldy@users.sourceforge.net>
  * Copyright (C) 2007		Rodolphe Quiedeville	<rodolphe@quiedeville.org>
- * Copyright (C) 2010-2011	Regis Houssin			<regis@dolibarr.fr>
+ * Copyright (C) 2010-2012	Regis Houssin			<regis@dolibarr.fr>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -29,7 +29,8 @@ $langs->load("admin");
 $langs->load("install");
 $langs->load("other");
 
-if (!$user->admin) accessforbidden();
+if (! $user->admin)
+	accessforbidden();
 
 
 /*
@@ -123,12 +124,14 @@ foreach($sortorder as $numero=>$name)
 print '</table>';
 print '<br>';
 sort($rights_ids);
+$old='';
 foreach($rights_ids as $right_id)
 {
 	if ($old == $right_id)
-	print "Warning duplicate id on permission : ".$right_id."<br>";
+		print "Warning duplicate id on permission : ".$right_id."<br>";
 	$old = $right_id;
 }
 
 llxFooter();
-?>
+$db->close();
+?>
\ No newline at end of file
diff --git a/htdocs/admin/system/phpinfo.php b/htdocs/admin/system/phpinfo.php
index 57fab93dc40..01ab2a200e3 100644
--- a/htdocs/admin/system/phpinfo.php
+++ b/htdocs/admin/system/phpinfo.php
@@ -1,6 +1,7 @@
 <?php
-/* Copyright (C) 2001-2002 Rodolphe Quiedeville <rodolphe@quiedeville.org>
- * Copyright (C) 2004-2005 Laurent Destailleur  <eldy@users.sourceforge.net>
+/* Copyright (C) 2001-2002	Rodolphe Quiedeville	<rodolphe@quiedeville.org>
+ * Copyright (C) 2004-2005	Laurent Destailleur		<eldy@users.sourceforge.net>
+ * Copyright (C) 2005-2012	Regis Houssin			<regis@dolibarr.fr>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -25,8 +26,10 @@ require("../../main.inc.php");
 
 $langs->load("admin");
 
-if (!$user->admin)
-accessforbidden();
+if (! $user->admin)
+	accessforbidden();
+
+$what=GETPOST('what','alpha');
 
 
 /*
@@ -61,17 +64,17 @@ llxHeader();
 
 ob_start();
 
-if ($_GET["what"] == 'conf')
+if ($what == 'conf')
 {
 	$title = 'Setup';
 	phpinfo(INFO_CONFIGURATION);
 }
-elseif ($_GET["what"] == 'env')
+elseif ($what == 'env')
 {
 	$title = 'OSEnv';
 	phpinfo(INFO_ENVIRONMENT);
 }
-elseif ($_GET["what"] == 'modules')
+elseif ($what == 'modules')
 {
 	$title = 'Modules';
 	phpinfo(INFO_MODULES);
@@ -115,4 +118,5 @@ print "$chaine\n";	// Ne pas centrer la reponse php car certains tableau du bas
 print "<br>\n";
 
 llxFooter();
-?>
+$db->close();
+?>
\ No newline at end of file
diff --git a/htdocs/admin/tools/dolibarr_export.php b/htdocs/admin/tools/dolibarr_export.php
index e7442679c4d..047b9c6ffe9 100644
--- a/htdocs/admin/tools/dolibarr_export.php
+++ b/htdocs/admin/tools/dolibarr_export.php
@@ -1,5 +1,6 @@
 <?php
-/* Copyright (C) 2006-2012 Laurent Destailleur  <eldy@users.sourceforge.net>
+/* Copyright (C) 2006-2012	Laurent Destailleur	<eldy@users.sourceforge.net>
+ * Copyright (C) 2006-2012	Regis Houssin		<regis@dolibarr.fr>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -28,19 +29,19 @@ require_once(DOL_DOCUMENT_ROOT."/core/class/html.formfile.class.php");
 
 $langs->load("admin");
 
-$action=GETPOST('action');
+$action=GETPOST('action','alpha');
 
-$sortfield = GETPOST("sortfield");
-$sortorder = GETPOST("sortorder");
-$page = GETPOST("page");
+$sortfield = GETPOST('sortfield','alpha');
+$sortorder = GETPOST('sortorder','alpha');
+$page = GETPOST('page','int');
 if (! $sortorder) $sortorder="DESC";
 if (! $sortfield) $sortfield="date";
 if ($page < 0) { $page = 0; }
 $limit = $conf->liste_limit;
 $offset = $limit * $page;
 
-if (! $user->admin) accessforbidden();
-
+if (! $user->admin)
+	accessforbidden();
 
 
 /*
@@ -115,13 +116,6 @@ print $langs->trans("BackupDescX").'<br><br>';
 print $langs->trans("BackupDesc3",DOL_DATA_ROOT).'<br>';
 print $langs->trans("BackupDescY").'<br><br>';
 
-if ($_GET["msg"])
-{
-	print '<div class="error">'.$_GET["msg"].'</div>';
-	print '<br>';
-	print "\n";
-}
-
 
 ?>
 
diff --git a/htdocs/admin/tools/dolibarr_import.php b/htdocs/admin/tools/dolibarr_import.php
index 325d1c834bc..cd2119ca4c8 100644
--- a/htdocs/admin/tools/dolibarr_import.php
+++ b/htdocs/admin/tools/dolibarr_import.php
@@ -1,5 +1,6 @@
 <?php
-/* Copyright (C) 2006-2010 Laurent Destailleur  <eldy@users.sourceforge.net>
+/* Copyright (C) 2006-2012	Laurent Destailleur	<eldy@users.sourceforge.net>
+ * Copyright (C) 2006-2012	Regis Houssin		<regis@dolibarr.fr>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -26,7 +27,11 @@ require("../../main.inc.php");
 $langs->load("admin");
 $langs->load("other");
 
-if (! $user->admin) accessforbidden();
+if (! $user->admin)
+	accessforbidden();
+
+$radio_dump=GETPOST('radio_dump');
+$showpass=GETPOST('showpass');
 
 
 /*
@@ -41,8 +46,8 @@ llxHeader('','',$help_url);
 ?>
 <script type="text/javascript">
 jQuery(document).ready(function() {
-	jQuery("#mysql_options").<?php echo GETPOST('radio_dump')=='mysql_options'?'show()':'hide()'; ?>;
-	jQuery("#postgresql_options").<?php echo GETPOST('radio_dump')=='postgresql_options'?'show()':'hide()'; ?>;
+	jQuery("#mysql_options").<?php echo $radio_dump=='mysql_options'?'show()':'hide()'; ?>;
+	jQuery("#postgresql_options").<?php echo $radio_dump=='postgresql_options'?'show()':'hide()'; ?>;
 
 	jQuery("#radio_dump_mysql").click(function() {
 		jQuery("#mysql_options").show();
@@ -79,7 +84,7 @@ print $langs->trans("RestoreDesc3",DOL_DATA_ROOT).'<br><br>';
     {
     ?>
     <div class="formelementrow">
-        <input type="radio" name="what" value="mysql" id="radio_dump_mysql"<?php echo ($_GET["radio_dump"]=='mysql_options'?' checked':''); ?> />
+        <input type="radio" name="what" value="mysql" id="radio_dump_mysql"<?php echo ($radio_dump=='mysql_options'?' checked':''); ?> />
         <label for="radio_dump_mysql">MySQL (mysql)</label>
     </div>
     <?php
@@ -88,7 +93,7 @@ print $langs->trans("RestoreDesc3",DOL_DATA_ROOT).'<br><br>';
     {
     ?>
     <div class="formelementrow">
-        <input type="radio" name="what" value="mysql" id="radio_dump_postgresql"<?php echo ($_GET["radio_dump"]=='postgresql_options'?' checked':''); ?> />
+        <input type="radio" name="what" value="mysql" id="radio_dump_postgresql"<?php echo ($radio_dump=='postgresql_options'?' checked':''); ?> />
         <label for="radio_dump_postgresql">PostgreSQL Restore (pg_restore)</label>
     </div>
     <?php
@@ -132,7 +137,7 @@ if ($label == 'MySQL')
 
 	echo $langs->trans("ImportMySqlDesc");
 	print '<br>';
-	print '<textarea rows="1" cols="120">'.$langs->trans("ImportMySqlCommand",$command,$_GET["showpass"]?$paramclear:$paramcrypted).'</textarea><br>';
+	print '<textarea rows="1" cols="120">'.$langs->trans("ImportMySqlCommand",$command,($showpass?$paramclear:$paramcrypted)).'</textarea><br>';
 
 	if (empty($_GET["showpass"]) && $dolibarr_main_db_pass) print '<br><a href="'.$_SERVER["PHP_SELF"].'?showpass=1&amp;radio_dump=mysql_options">'.$langs->trans("UnHidePassword").'</a>';
 	//else print '<br><a href="'.$_SERVER["PHP_SELF"].'?showpass=0&amp;radio_dump=mysql_options">'.$langs->trans("HidePassword").'</a>';
@@ -168,7 +173,7 @@ else if ($label == 'PostgreSQL')
 
     echo $langs->trans("ImportPostgreSqlDesc");
     print '<br>';
-    print '<textarea rows="1" cols="120">'.$langs->trans("ImportPostgreSqlCommand",$command,$_GET["showpass"]?$paramclear:$paramcrypted).'</textarea><br>';
+    print '<textarea rows="1" cols="120">'.$langs->trans("ImportPostgreSqlCommand",$command,($showpass?$paramclear:$paramcrypted)).'</textarea><br>';
 
     //if (empty($_GET["showpass"]) && $dolibarr_main_db_pass) print '<br><a href="'.$_SERVER["PHP_SELF"].'?showpass=1&amp;radio_dump=postgresql_options">'.$langs->trans("UnHidePassword").'</a>';
     //else print '<br><a href="'.$_SERVER["PHP_SELF"].'?showpass=0&amp;radio_dump=mysql_options">'.$langs->trans("HidePassword").'</a>';
diff --git a/htdocs/admin/tools/index.php b/htdocs/admin/tools/index.php
index aa989c85f24..c6d6e6a0aa4 100644
--- a/htdocs/admin/tools/index.php
+++ b/htdocs/admin/tools/index.php
@@ -1,6 +1,7 @@
 <?php
-/* Copyright (C) 2001-2004 Rodolphe Quiedeville <rodolphe@quiedeville.org>
- * Copyright (C) 2004-2006 Laurent Destailleur  <eldy@users.sourceforge.net>
+/* Copyright (C) 2001-2004	Rodolphe Quiedeville	<rodolphe@quiedeville.org>
+ * Copyright (C) 2004-2006	Laurent Destailleur		<eldy@users.sourceforge.net>
+ * Copyright (C) 2005-2012	Regis Houssin			<regis@dolibarr.fr>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -26,8 +27,8 @@ require("../../main.inc.php");
 $langs->load("admin");
 $langs->load("companies");
 
-if (!$user->admin) accessforbidden();
-
+if (! $user->admin)
+	accessforbidden();
 
 
 /*
@@ -38,21 +39,14 @@ llxHeader();
 
 $form = new Form($db);
 
-
 print_fiche_titre($langs->trans("SystemToolsArea"),'','setup');
 
 print $langs->trans("SystemToolsAreaDesc").'<br>';
 print "<br>";
 
-
-if ($message) print $message.'<br>';
-
-
 print info_admin($langs->trans("SystemAreaForAdminOnly")).'<br>';
 
 
-
-$db->close();
-
 llxFooter();
-?>
+$db->close();
+?>
\ No newline at end of file
diff --git a/htdocs/admin/tools/listevents.php b/htdocs/admin/tools/listevents.php
index be98a382e5b..2423438e6b4 100644
--- a/htdocs/admin/tools/listevents.php
+++ b/htdocs/admin/tools/listevents.php
@@ -1,6 +1,6 @@
 <?php
-/* Copyright (C) 2004-2011 Laurent Destailleur  <eldy@users.sourceforge.net>
- * Copyright (C) 2005-2009 Regis Houssin        <regis@dolibarr.fr>
+/* Copyright (C) 2004-2012	Laurent Destailleur	<eldy@users.sourceforge.net>
+ * Copyright (C) 2005-2012	Regis Houssin		<regis@dolibarr.fr>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -25,9 +25,11 @@
 require("../../main.inc.php");
 require_once(DOL_DOCUMENT_ROOT.'/core/class/events.class.php');
 
-$action=GETPOST('action');
+if (! $user->admin)
+	accessforbidden();
 
-if (! $user->admin) accessforbidden();
+$action=GETPOST('action', 'alpha');
+$confirm=GETPOST('confirm','alpha');
 
 // Security check
 if ($user->societe_id > 0)
@@ -65,7 +67,7 @@ $search_ua   = GETPOST("search_ua");
 $now=dol_now();
 
 // Purge audit events
-if ($action == 'confirm_purge' && $_REQUEST['confirm'] == 'yes' && $user->admin)
+if ($action == 'confirm_purge' && $confirm == 'yes' && $user->admin)
 {
 	$error=0;
 
@@ -81,7 +83,7 @@ if ($action == 'confirm_purge' && $_REQUEST['confirm'] == 'yes' && $user->admin)
 	if (! $resql)
 	{
 		$error++;
-		$mesg='<div class="error">'.$db->lasterror().'</div>';
+		setEventMessage($db->lasterror(), 'errors');
 	}
 
 	// Add event purge
@@ -122,11 +124,11 @@ $sql.= " u.login";
 $sql.= " FROM ".MAIN_DB_PREFIX."events as e";
 $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."user as u ON u.rowid = e.fk_user";
 $sql.= " WHERE e.entity = ".$conf->entity;
-if ($search_code) { $usefilter++; $sql.=" AND e.type like '%".$search_code."%'"; }
-if ($search_ip)   { $usefilter++; $sql.=" AND e.ip like '%".$search_ip."%'"; }
-if ($search_user) { $usefilter++; $sql.=" AND u.login like '%".$search_user."%'"; }
-if ($search_desc) { $usefilter++; $sql.=" AND e.description like '%".$search_desc."%'"; }
-if ($search_ua)   { $usefilter++; $sql.=" AND e.user_agent like '%".$search_ua."%'"; }
+if ($search_code) { $usefilter++; $sql.=" AND e.type LIKE '%".$search_code."%'"; }
+if ($search_ip)   { $usefilter++; $sql.=" AND e.ip LIKE '%".$search_ip."%'"; }
+if ($search_user) { $usefilter++; $sql.=" AND u.login LIKE '%".$search_user."%'"; }
+if ($search_desc) { $usefilter++; $sql.=" AND e.description LIKE '%".$search_desc."%'"; }
+if ($search_ua)   { $usefilter++; $sql.=" AND e.user_agent LIKE '%".$search_ua."%'"; }
 $sql.= $db->order($sortfield,$sortorder);
 $sql.= $db->plimit($conf->liste_limit+1, $offset);
 //print $sql;
@@ -138,7 +140,7 @@ if ($result)
 
 	print_barre_liste($langs->trans("ListOfSecurityEvents"), $page, $_SERVER["PHP_SELF"],"",$sortfield,$sortorder,'',$num,0,'setup');
 
-	if ($_GET["action"] == 'purge')
+	if ($action == 'purge')
 	{
 		$formquestion=array();
 		$ret=$form->form_confirm($_SERVER["PHP_SELF"].'?noparam=noparam', $langs->trans('PurgeAuditEvents'), $langs->trans('ConfirmPurgeAuditEvents'),'confirm_purge',$formquestion,'no',1);
@@ -188,7 +190,7 @@ if ($result)
 
 	$var=True;
 
-	while ($i < min($num,$conf->liste_limit))
+	while ($i < min($num, $conf->liste_limit))
 	{
 		$obj = $db->fetch_object($result);
 
@@ -259,7 +261,7 @@ else
 	dol_print_error($db);
 }
 
-$db->close();
 
 llxFooter();
+$db->close();
 ?>
\ No newline at end of file
diff --git a/htdocs/admin/tools/listsessions.php b/htdocs/admin/tools/listsessions.php
index 80b8e7974a7..10b7dfe6554 100644
--- a/htdocs/admin/tools/listsessions.php
+++ b/htdocs/admin/tools/listsessions.php
@@ -1,6 +1,6 @@
 <?php
-/* Copyright (C) 2004-2010 Laurent Destailleur  <eldy@users.sourceforge.net>
- * Copyright (C) 2005-2009 Regis Houssin        <regis@dolibarr.fr>
+/* Copyright (C) 2004-2012	Laurent Destailleur	<eldy@users.sourceforge.net>
+ * Copyright (C) 2005-2012	Regis Houssin		<regis@dolibarr.fr>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -27,7 +27,11 @@ require_once(DOL_DOCUMENT_ROOT.'/core/lib/admin.lib.php');
 
 $langs->load("install");
 
-if (! $user->admin) accessforbidden();
+if (! $user->admin)
+	accessforbidden();
+
+$action=GETPOST('action', 'alpha');
+$confirm=GETPOST('confirm', 'alpha');
 
 // Security check
 if ($user->societe_id > 0)
@@ -56,13 +60,13 @@ if (! $sortfield) $sortfield="dateevent";
  */
 
 // Purge sessions
-if ($_REQUEST['action'] == 'confirm_purge' && $_REQUEST['confirm'] == 'yes' && $user->admin)
+if ($action == 'confirm_purge' && $confirm == 'yes' && $user->admin)
 {
 	$res=purgeSessions(session_id());
 }
 
 // Lock new sessions
-if ($_REQUEST['action'] == 'confirm_lock' && $_REQUEST['confirm'] == 'yes' && $user->admin)
+if ($action == 'confirm_lock' && $confirm == 'yes' && $user->admin)
 {
 	if (dolibarr_set_const($db, 'MAIN_ONLY_LOGIN_ALLOWED', $user->login, 'text',1,'Logon is restricted to a particular user', 0) < 0)
 	{
@@ -71,7 +75,7 @@ if ($_REQUEST['action'] == 'confirm_lock' && $_REQUEST['confirm'] == 'yes' && $u
 }
 
 // Unlock new sessions
-if ($_REQUEST['action'] == 'confirm_unlock' && $user->admin)
+if ($action == 'confirm_unlock' && $user->admin)
 {
 	if (dolibarr_del_const($db, 'MAIN_ONLY_LOGIN_ALLOWED', -1) < 0)
 	{
@@ -93,6 +97,7 @@ $userstatic=new User($db);
 $usefilter=0;
 
 $listofsessions=listOfSessions();
+$num=count($listofsessions);
 
 print_barre_liste($langs->trans("Sessions"), $page, $_SERVER["PHP_SELF"],"",$sortfield,$sortorder,'',$num,0,'setup');
 
@@ -105,13 +110,13 @@ print '<b>'.$langs->trans("SessionSavePath").'</b>: '.$savepath.'<br>';
 if ($openbasedir) print '<b>'.$langs->trans("OpenBaseDir").'</b>: '.$openbasedir.'<br>';
 print '<br>';
 
-if ($_GET["action"] == 'purge')
+if ($action == 'purge')
 {
 	$formquestion=array();
 	$ret=$form->form_confirm($_SERVER["PHP_SELF"].'?noparam=noparam', $langs->trans('PurgeSessions'), $langs->trans('ConfirmPurgeSessions'),'confirm_purge',$formquestion,'no',2);
 	if ($ret == 'html') print '<br>';
 }
-if ($_GET["action"] == 'lock')
+else if ($action == 'lock')
 {
 	$formquestion=array();
 	$ret=$form->form_confirm($_SERVER["PHP_SELF"].'?noparam=noparam', $langs->trans('LockNewSessions'), $langs->trans('ConfirmLockNewSessions',$user->login),'confirm_lock',$formquestion,'no',1);
@@ -206,7 +211,6 @@ print '</div>';
 
 print '<br>';
 
-$db->close();
-
 llxFooter();
-?>
+$db->close();
+?>
\ No newline at end of file
diff --git a/htdocs/admin/tools/purge.php b/htdocs/admin/tools/purge.php
index 3121ae90e71..e9465de8f73 100644
--- a/htdocs/admin/tools/purge.php
+++ b/htdocs/admin/tools/purge.php
@@ -1,5 +1,6 @@
 <?php
-/* Copyright (C) 2006-2012 Laurent Destailleur  <eldy@users.sourceforge.net>
+/* Copyright (C) 2006-2012	Laurent Destailleur	<eldy@users.sourceforge.net>
+ * Copyright (C) 2006-2012	Regis Houssin		<regis@dolibarr.fr>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -25,13 +26,13 @@ include_once(DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php');
 
 $langs->load("admin");
 
-$action=GETPOST('action');
-$confirm=GETPOST('confirm');
+if (! $user->admin)
+	accessforbidden();
+
+$action=GETPOST('action','alpha');
+$confirm=GETPOST('confirm','alpha');
 $choice=GETPOST('choice');
 
-if (! $user->admin) accessforbidden();
-
-if ($_GET["msg"]) $message='<div class="error">'.$_GET["msg"].'</div>';
 
 // Define filelog to discard it from purge
 $filelog='';
@@ -94,7 +95,7 @@ if ($action=='purge' && ! preg_match('/^confirm/i',$choice) && ($choice != 'allf
 		}
 
 		// Update cachenbofdoc
-		if ($conf->ecm->enabled && $choice=='allfiles')
+		if (! empty($conf->ecm->enabled) && $choice=='allfiles')
 		{
 			require_once(DOL_DOCUMENT_ROOT."/ecm/class/ecmdirectory.class.php");
 			$ecmdirstatic = new EcmDirectory($db);
@@ -102,9 +103,9 @@ if ($action=='purge' && ! preg_match('/^confirm/i',$choice) && ($choice != 'allf
 		}
 	}
 
-	if ($count) $message=$langs->trans("PurgeNDirectoriesDeleted",$count);
-	else $message=$langs->trans("PurgeNothingToDelete");
-	$message='<div class="ok">'.$message.'</div>';
+	if ($count) $mesg=$langs->trans("PurgeNDirectoriesDeleted", $count);
+	else $mesg=$langs->trans("PurgeNothingToDelete");
+	setEventMessage($mesg);
 }
 
 
@@ -123,9 +124,8 @@ print '<br>';
 
 
 print '<form action="'.$_SERVER["PHP_SELF"].'" method="POST">';
-print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
-
-print '<input type="hidden" name="action" value="purge">';
+print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'" />';
+print '<input type="hidden" name="action" value="purge" />';
 
 print '<table class="border" width="100%">';
 
@@ -156,13 +156,6 @@ if ($choice != 'confirm_allfiles')
 
 print '</form>';
 
-
-if ($message)
-{
-	print '<br>'.$message.'<br>';
-	print "\n";
-}
-
 if (preg_match('/^confirm/i',$choice))
 {
 	print '<br>';
@@ -172,6 +165,5 @@ if (preg_match('/^confirm/i',$choice))
 
 
 llxFooter();
-
 $db->close();
 ?>
\ No newline at end of file
diff --git a/htdocs/core/class/html.formfile.class.php b/htdocs/core/class/html.formfile.class.php
index a13523c115a..1597a92e0d6 100644
--- a/htdocs/core/class/html.formfile.class.php
+++ b/htdocs/core/class/html.formfile.class.php
@@ -611,7 +611,7 @@ class FormFile
                 // Delete or view link
                 print '<td align="right">';
                 if ($useinecm)     print '<a href="'.DOL_URL_ROOT.'/ecm/docfile.php?urlfile='.urlencode($file['name']).$param.'" class="editfilelink" rel="'.urlencode($file['name']).'">'.img_view().'</a> &nbsp; ';
-                if ($permtodelete) print '<a href="'.(($useinecm && !empty($conf->use_javascript_ajax) && empty($conf->global->MAIN_ECM_DISABLE_JS))?'#':$url.'?id='.$object->id.'&action=delete&urlfile='.urlencode($file['name']).$param).'" class="deletefilelink" rel="'.urlencode($file['name']).'">'.img_delete().'</a>';
+                if ($permtodelete) print '<a href="'.(($useinecm && ! empty($conf->use_javascript_ajax) && empty($conf->global->MAIN_ECM_DISABLE_JS))?'#':$url.'?action=delete'.(isset($object->id)?'&id='.$object->id:'').'&urlfile='.urlencode($file['name']).$param).'" class="deletefilelink" rel="'.urlencode($file['name']).'">'.img_delete().'</a>';
                 else print '&nbsp;';
                 print "</td>";
                 print "</tr>\n";
diff --git a/htdocs/support/index.php b/htdocs/support/index.php
index ffc4ee4db15..8fb68eaf672 100644
--- a/htdocs/support/index.php
+++ b/htdocs/support/index.php
@@ -1,5 +1,6 @@
 <?php
-/* Copyright (C) 2008-2012 Laurent Destailleur  <eldy@users.sourceforge.net>
+/* Copyright (C) 2008-2012	Laurent Destailleur	<eldy@users.sourceforge.net>
+ * Copyright (C) 2008-2012	Regis Houssin		<regis@dolibarr.fr>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -29,7 +30,8 @@ include_once("./inc.php");
 $uri=preg_replace('/^http(s?):\/\//i','',$dolibarr_main_url_root);
 $pos = strstr($uri, '/');      // $pos contient alors url sans nom domaine
 if ($pos == '/') $pos = '';     // si $pos vaut /, on le met a ''
-define('DOL_URL_ROOT', $pos);	// URL racine relative
+if (! defined('DOL_URL_ROOT'))
+	define('DOL_URL_ROOT', $pos);	// URL racine relative
 
 $langs->load("other");
 $langs->load("help");