diff --git a/htdocs/admin/mailman.php b/htdocs/admin/mailman.php
index 4ee9e214890..a2403315614 100644
--- a/htdocs/admin/mailman.php
+++ b/htdocs/admin/mailman.php
@@ -158,8 +158,10 @@ $head = mailmanspip_admin_prepare_head();
 if (! empty($conf->global->ADHERENT_USE_MAILMAN))
 {
     print '<form action="'.$_SERVER["PHP_SELF"].'" method="POST">';
+    print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
+    print '<input type="hidden" name="action" value="update">';
 
-    dol_fiche_head($head, 'mailman', $langs->trans("Setup"), 0, 'user');
+    dol_fiche_head($head, 'mailman', $langs->trans("Setup"), -1, 'user');
 
     //$link=img_picto($langs->trans("Active"),'tick').' ';
     $link='<a class="reposition" href="'.$_SERVER["PHP_SELF"].'?action=unset&value=0&name=ADHERENT_USE_MAILMAN">';
@@ -227,14 +229,21 @@ else
 if (! empty($conf->global->ADHERENT_USE_MAILMAN))
 {
     print '<form action="'.$_SERVER["PHP_SELF"].'">';
+    print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
     print '<input type="hidden" name="action" value="testsubscribe">';
+
     print $langs->trans("TestSubscribe").'<br>';
     print $langs->trans("EMail").' <input type="email" class="flat" name="testsubscribeemail" value="'.GETPOST('testsubscribeemail').'"> <input class="button" type="submit" value="'.$langs->trans("Test").'"><br>';
+
     print '</form>';
+
     print '<form action="'.$_SERVER["PHP_SELF"].'">';
+    print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
     print '<input type="hidden" name="action" value="testunsubscribe">';
+
     print $langs->trans("TestUnSubscribe").'<br>';
     print $langs->trans("EMail").' <input type="email" class="flat" name="testunsubscribeemail" value="'.GETPOST('testunsubscribeemail').'"> <input class="button" type="submit" value="'.$langs->trans("Test").'"><br>';
+
     print '</form>';
 }
 
diff --git a/htdocs/admin/spip.php b/htdocs/admin/spip.php
index e0b4b986969..579363395f3 100644
--- a/htdocs/admin/spip.php
+++ b/htdocs/admin/spip.php
@@ -123,8 +123,10 @@ $head = mailmanspip_admin_prepare_head();
 if (! empty($conf->global->ADHERENT_USE_SPIP))
 {
 	print '<form action="'.$_SERVER["PHP_SELF"].'" method="POST">';
+	print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
+	print '<input type="hidden" name="action" value="update">';
 
-	dol_fiche_head($head, 'spip', $langs->trans("Setup"), 0, 'user');
+	dol_fiche_head($head, 'spip', $langs->trans("Setup"), -1, 'user');
 
     //$link=img_picto($langs->trans("Active"),'tick').' ';
     $link='<a href="'.$_SERVER["PHP_SELF"].'?action=unset&value=0&name=ADHERENT_USE_SPIP">';
diff --git a/htdocs/externalsite/frames.php b/htdocs/externalsite/frames.php
index eb8e06919d3..9c232cbe710 100644
--- a/htdocs/externalsite/frames.php
+++ b/htdocs/externalsite/frames.php
@@ -49,6 +49,7 @@ if (empty($keyforcontent) && empty($conf->global->EXTERNALSITE_URL))
 	llxHeader();
 	print '<div class="error">'.$langs->trans('ExternalSiteModuleNotComplete').'</div>';
 	llxFooter();
+	exit;
 }
 
 if (! empty($keyforcontent))
diff --git a/htdocs/holiday/card.php b/htdocs/holiday/card.php
index 87305a19fd4..2207148e4ea 100644
--- a/htdocs/holiday/card.php
+++ b/htdocs/holiday/card.php
@@ -122,7 +122,7 @@ if ($action == 'create')
 	    elseif ($starthalfday == 'afternoon') $halfday=-1;
 	    elseif ($endhalfday == 'morning') $halfday=1;
 
-	    $valideur = GETPOST('valideur');
+	    $valideur = GETPOST('valideur', 'int');
 	    $description = trim(GETPOST('description'));
 
     	// If no type
@@ -270,8 +270,8 @@ if ($action == 'update' && ! GETPOSTISSET('savevalidator'))
         // If this is the requestor or has read/write rights
         if ($cancreate)
         {
-            $valideur = $_POST['valideur'];
-            $description = trim($_POST['description']);
+            $valideur = GETPOST('valideur', 'int');
+            $description = trim(GETPOST('description', 'none'));
 
             // If no start date
             if (empty($_POST['date_debut_'])) {
@@ -1297,7 +1297,8 @@ else
                     if (empty($include_users)) print img_warning().' '.$langs->trans("NobodyHasPermissionToValidateHolidays");
                     else
                     {
-                        $s=$form->select_dolusers($object->fk_validator, "valideur", (($action == 'editvalidator') ? 0 : 1), ($user->admin ? '' : array($user->id)), 0, $include_users);
+                    	$arrayofvalidatorstoexclude = (($user->admin || ($user->id != $userRequest->id))? '' : array($user->id));	// Nobody if we are admin or if we are not the user of the leave.
+                    	$s=$form->select_dolusers($object->fk_validator, "valideur", (($action == 'editvalidator') ? 0 : 1), $arrayofvalidatorstoexclude, 0, $include_users);
                     	print $form->textwithpicto($s, $langs->trans("AnyOtherInThisListCanValidate"));
                     }
                     if ($action == 'editvalidator')
diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php
index 2e91298f570..5ce7dfcebf1 100644
--- a/htdocs/main.inc.php
+++ b/htdocs/main.inc.php
@@ -1766,7 +1766,7 @@ function top_menu_user(User $user, Translate $langs)
     $dropdownBody.= '<br>';
 
     $dropdownBody.= '<br><u>'.$langs->trans("Session").'</u>';
-    $dropdownBody.= '<br><b>'.$langs->trans("IPAddress").'</b>: '.$_SERVER["REMOTE_ADDR"];
+    $dropdownBody.= '<br><b>'.$langs->trans("IPAddress").'</b>: '.dol_escape_htmltag($_SERVER["REMOTE_ADDR"]);
     if (! empty($conf->global->MAIN_MODULE_MULTICOMPANY)) $dropdownBody.= '<br><b>'.$langs->trans("ConnectedOnMultiCompany").':</b> '.$conf->entity.' (user entity '.$user->entity.')';
     $dropdownBody.= '<br><b>'.$langs->trans("AuthenticationMode").':</b> '.$_SESSION["dol_authmode"].(empty($dolibarr_main_demo)?'':' (demo)');
     $dropdownBody.= '<br><b>'.$langs->trans("ConnectedSince").':</b> '.dol_print_date($user->datelastlogin, "dayhour", 'tzuser');
@@ -1775,7 +1775,7 @@ function top_menu_user(User $user, Translate $langs)
     $dropdownBody.= '<br><b>'.$langs->trans("CurrentMenuManager").':</b> '.$menumanager->name;
     $langFlag=picto_from_langcode($langs->getDefaultLang());
     $dropdownBody.= '<br><b>'.$langs->trans("CurrentUserLanguage").':</b> '.($langFlag?$langFlag.' ':'').$langs->getDefaultLang();
-    $dropdownBody.= '<br><b>'.$langs->trans("Browser").':</b> '.$conf->browser->name.($conf->browser->version?' '.$conf->browser->version:'').' ('.$_SERVER['HTTP_USER_AGENT'].')';
+    $dropdownBody.= '<br><b>'.$langs->trans("Browser").':</b> '.$conf->browser->name.($conf->browser->version?' '.$conf->browser->version:'').' ('.dol_escape_htmltag($_SERVER['HTTP_USER_AGENT']).')';
     $dropdownBody.= '<br><b>'.$langs->trans("Layout").':</b> '.$conf->browser->layout;
     $dropdownBody.= '<br><b>'.$langs->trans("Screen").':</b> '.$_SESSION['dol_screenwidth'].' x '.$_SESSION['dol_screenheight'];
     if ($conf->browser->layout == 'phone') $dropdownBody.= '<br><b>'.$langs->trans("Phone").':</b> '.$langs->trans("Yes");
diff --git a/htdocs/theme/eldy/global.inc.php b/htdocs/theme/eldy/global.inc.php
index 6817039e7a1..86b4fa82c12 100644
--- a/htdocs/theme/eldy/global.inc.php
+++ b/htdocs/theme/eldy/global.inc.php
@@ -2242,6 +2242,9 @@ img.toolbarbutton {
     height: 30px;
 }
 
+li.expanded > a.fmdirlia.jqft.ecmjqft {
+    font-weight: bold !important;
+}
 
 
 
diff --git a/htdocs/theme/md/style.css.php b/htdocs/theme/md/style.css.php
index d46fe752cb7..205ed21bdcf 100644
--- a/htdocs/theme/md/style.css.php
+++ b/htdocs/theme/md/style.css.php
@@ -2361,6 +2361,9 @@ img.toolbarbutton {
     height: 30px;
 }
 
+li.expanded > a.fmdirlia.jqft.ecmjqft {
+    font-weight: bold !important;
+}
 
 
 /* ============================================================================== */