diff --git a/htdocs/admin/tools/listevents.php b/htdocs/admin/tools/listevents.php
index f2625104fd8..51e5bd4b249 100644
--- a/htdocs/admin/tools/listevents.php
+++ b/htdocs/admin/tools/listevents.php
@@ -205,9 +205,9 @@ if ($result)
 	$i = 0;
 
 	$param='';
-	if (! empty($contextpage) && $contextpage != $_SERVER["PHP_SELF"]) $param.='&contextpage='.$contextpage;
-	if ($limit > 0 && $limit != $conf->liste_limit) $param.='&limit='.$limit;
-	if ($optioncss != '') $param.='&optioncss='.$optioncss;
+	if (! empty($contextpage) && $contextpage != $_SERVER["PHP_SELF"]) $param.='&contextpage='.urlencode($contextpage);
+	if ($limit > 0 && $limit != $conf->liste_limit) $param.='&limit='.urlencode($limit);
+	if ($optioncss != '') $param.='&optioncss='.urlencode($optioncss);
 	if ($search_code) $param.='&search_code='.urlencode($search_code);
 	if ($search_ip)   $param.='&search_ip='.urlencode($search_ip);
 	if ($search_user) $param.='&search_user='.urlencode($search_user);
@@ -332,13 +332,14 @@ if ($result)
 		// Description
 		print '<td>';
 		$text=$langs->trans($obj->description);
+		$reg = array();
 		if (preg_match('/\((.*)\)(.*)/i', $obj->description, $reg))
 		{
 			$val=explode(',', $reg[1]);
 			$text=$langs->trans($val[0], isset($val[1])?$val[1]:'', isset($val[2])?$val[2]:'', isset($val[3])?$val[3]:'', isset($val[4])?$val[4]:'');
 			if (! empty($reg[2])) $text.=$reg[2];
 		}
-		print $text;
+		print dol_escape_htmltag($text);
 		print '</td>';
 
 		if (! empty($arrayfields['e.user_agent']['checked']))
@@ -359,8 +360,8 @@ if ($result)
 
 		// More informations
 		print '<td class="right">';
-		$htmltext='<b>'.$langs->trans("UserAgent").'</b>: '.($obj->user_agent?$obj->user_agent:$langs->trans("Unknown"));
-		$htmltext.='<br><b>'.$langs->trans("PrefixSession").'</b>: '.($obj->prefix_session?$obj->prefix_session:$langs->trans("Unknown"));
+		$htmltext='<b>'.$langs->trans("UserAgent").'</b>: '.($obj->user_agent ? dol_string_nohtmltag($obj->user_agent) : $langs->trans("Unknown"));
+		$htmltext.='<br><b>'.$langs->trans("PrefixSession").'</b>: '.($obj->prefix_session ? dol_string_nohtmltag($obj->prefix_session) : $langs->trans("Unknown"));
 		print $form->textwithpicto('', $htmltext);
 		print '</td>';
 
diff --git a/htdocs/commande/class/commande.class.php b/htdocs/commande/class/commande.class.php
index 04469a38ee6..55eb9a60b96 100644
--- a/htdocs/commande/class/commande.class.php
+++ b/htdocs/commande/class/commande.class.php
@@ -959,6 +959,7 @@ class Commande extends CommonOrder
 						if ($result != self::STOCK_NOT_ENOUGH_FOR_ORDER)
 						{
 							$this->error = $this->db->lasterror();
+							$this->errors[] = $this->error;
 							dol_print_error($this->db);
 						}
 						$this->db->rollback();
@@ -1434,6 +1435,7 @@ class Commande extends CommonOrder
 				{
 					$langs->load("errors");
 					$this->error = $langs->trans('ErrorStockIsNotEnoughToAddProductOnOrder', $product->ref);
+					$this->errors[] = $this->error;
 					dol_syslog(get_class($this)."::addline error=Product ".$product->ref.": ".$this->error, LOG_ERR);
 					$this->db->rollback();
 					return self::STOCK_NOT_ENOUGH_FOR_ORDER;
@@ -3083,6 +3085,7 @@ class Commande extends CommonOrder
 				{
 					$langs->load("errors");
 					$this->error = $langs->trans('ErrorStockIsNotEnoughToAddProductOnOrder', $product->ref);
+					$this->errors[] = $this->error;
 					dol_syslog(get_class($this)."::addline error=Product ".$product->ref.": ".$this->error, LOG_ERR);
 					$this->db->rollback();
 					return self::STOCK_NOT_ENOUGH_FOR_ORDER;
diff --git a/htdocs/expensereport/card.php b/htdocs/expensereport/card.php
index 03339b0a0af..cbca46576a1 100644
--- a/htdocs/expensereport/card.php
+++ b/htdocs/expensereport/card.php
@@ -389,6 +389,7 @@ if (empty($reshook))
 
     			// CONTENT
     			$link = $urlwithroot.'/expensereport/card.php?id='.$object->id;
+				$link = '<a href="' . $link . '">' . $link . '</a>';
     			$message = $langs->transnoentities("ExpenseReportWaitingForApprovalMessage", $expediteur->getFullName($langs), get_date_range($object->date_debut, $object->date_fin, '', $langs), $link);
 
     			// Rebuild pdf
@@ -508,6 +509,7 @@ if (empty($reshook))
 
     			// CONTENT
     			$link = $urlwithroot.'/expensereport/card.php?id='.$object->id;
+				$link = '<a href="' . $link . '">' . $link . '</a>';
 				$dateRefusEx = explode(" ", $object->date_refuse);
     			$message = $langs->transnoentities("ExpenseReportWaitingForReApprovalMessage", $dateRefusEx[0], $object->detail_refuse, $expediteur->getFullName($langs), $link);
 
@@ -633,6 +635,7 @@ if (empty($reshook))
 
        			// CONTENT
        			$link = $urlwithroot.'/expensereport/card.php?id='.$object->id;
+				$link = '<a href="' . $link . '">' . $link . '</a>';
        			$message = $langs->transnoentities("ExpenseReportApprovedMessage", $object->ref, $destinataire->getFullName($langs), $expediteur->getFullName($langs), $link);
 
        			// Rebuilt pdf
@@ -703,7 +706,8 @@ if (empty($reshook))
     	$object = new ExpenseReport($db);
     	$object->fetch($id);
 
-    	$result = $object->setDeny($user, GETPOST('detail_refuse', 'alpha'));
+		$detailRefuse = GETPOST('detail_refuse', 'alpha');
+    	$result = $object->setDeny($user, $detailRefuse);
 
     	if ($result > 0)
     	{
@@ -751,7 +755,8 @@ if (empty($reshook))
 
        			// CONTENT
        			$link = $urlwithroot.'/expensereport/card.php?id='.$object->id;
-    			$message = $langs->transnoentities("ExpenseReportRefusedMessage", $object->ref, $destinataire->getFullName($langs), $expediteur->getFullName($langs), $_POST['detail_refuse'], $link);
+				$link = '<a href="' . $link . '">' . $link . '</a>';
+    			$message = $langs->transnoentities("ExpenseReportRefusedMessage", $object->ref, $destinataire->getFullName($langs), $expediteur->getFullName($langs), $detailRefuse, $link);
 
        			// Rebuilt pdf
     			/*
@@ -831,7 +836,8 @@ if (empty($reshook))
 
 	    	if ($user->id == $object->fk_user_valid || $user->id == $object->fk_user_author)
 	    	{
-	    		$result = $object->set_cancel($user, GETPOST('detail_cancel', 'alpha'));
+				$detailCancel = GETPOST('detail_cancel', 'alpha');
+	    		$result = $object->set_cancel($user, $detailCancel);
 
 	    		if ($result > 0)
 	    		{
@@ -879,7 +885,8 @@ if (empty($reshook))
 
 	    				// CONTENT
 	    				$link = $urlwithroot.'/expensereport/card.php?id='.$object->id;
-	    				$message = $langs->transnoentities("ExpenseReportCanceledMessage", $object->ref, $destinataire->getFullName($langs), $expediteur->getFullName($langs), GETPOST('detail_cancel', 'alpha'), $link);
+						$link = '<a href="' . $link . '">' . $link . '</a>';
+	    				$message = $langs->transnoentities("ExpenseReportCanceledMessage", $object->ref, $destinataire->getFullName($langs), $expediteur->getFullName($langs), $detailCancel, $link);
 
 	    				// Rebuilt pdf
 	    				/*
@@ -1104,6 +1111,7 @@ if (empty($reshook))
 
     			// CONTENT
     			$link = $urlwithroot.'/expensereport/card.php?id='.$object->id;
+				$link = '<a href="' . $link . '">' . $link . '</a>';
     			$message = $langs->transnoentities("ExpenseReportPaidMessage", $object->ref, $destinataire->getFullName($langs), $expediteur->getFullName($langs), $link);
 
         		// Generate pdf before attachment
@@ -1735,7 +1743,7 @@ else
 				if ($action == 'cancel')
 				{
 					$array_input = array('text'=>$langs->trans("ConfirmCancelTrip"), array('type'=>"text", 'label'=>'<strong>'.$langs->trans("Comment").'</strong>', 'name'=>"detail_cancel", 'value'=>""));
-					$formconfirm = $form->formconfirm($_SEVER["PHP_SELF"]."?id=".$id, $langs->trans("Cancel"), "", "confirm_cancel", $array_input, "", 1);
+					$formconfirm = $form->formconfirm($_SERVER["PHP_SELF"]."?id=".$id, $langs->trans("Cancel"), "", "confirm_cancel", $array_input, "", 1);
 				}
 
 				if ($action == 'setdraft')
diff --git a/htdocs/exports/export.php b/htdocs/exports/export.php
index 20ffcf221f3..ffbed97a75c 100644
--- a/htdocs/exports/export.php
+++ b/htdocs/exports/export.php
@@ -377,9 +377,9 @@ if ($step == 2 && $action == 'select_model')
     $result = $objexport->fetch($exportmodelid);
     if ($result > 0)
     {
-		$fieldsarray = explode(',', $objexport->hexa);
+		$fieldsarray = preg_split("/,(?! [^(]*\))/", $objexport->hexa);
 		$i = 1;
-		foreach ($fieldsarray as $val)
+		foreach($fieldsarray as $val)
 		{
 			$array_selected[$val] = $i;
 			$i++;
diff --git a/htdocs/install/mysql/migration/repair.sql b/htdocs/install/mysql/migration/repair.sql
index 4660eaf9246..7f5e6fafe3d 100644
--- a/htdocs/install/mysql/migration/repair.sql
+++ b/htdocs/install/mysql/migration/repair.sql
@@ -179,6 +179,8 @@ delete from llx_categorie_member where fk_categorie not in (select rowid from ll
 delete from llx_categorie_contact where fk_categorie not in (select rowid from llx_categorie where type = 4);
 delete from llx_categorie_project where fk_categorie not in (select rowid from llx_categorie where type = 6);
 
+-- Fix: delete orphelins in ecm_files
+delete from llx_ecm_files where src_object_type = 'expensereport' and src_object_id NOT IN (select rowid from llx_expensereport);
 
 -- Fix: delete orphelin deliveries. Note: deliveries are linked to shipment by llx_element_element only. No other links.
 delete from llx_livraisondet where fk_livraison not in (select fk_target from llx_element_element where targettype = 'delivery') AND fk_livraison not in (select fk_source from llx_element_element where sourcetype = 'delivery');
diff --git a/htdocs/langs/fr_FR/trips.lang b/htdocs/langs/fr_FR/trips.lang
index cffe2cc14e8..efb5b645a3d 100644
--- a/htdocs/langs/fr_FR/trips.lang
+++ b/htdocs/langs/fr_FR/trips.lang
@@ -29,7 +29,7 @@ ExpenseReportApprovedMessage=La note de frais %s a été approuvée.<br>- Utilis
 ExpenseReportRefused=Une note de frais a été refusée
 ExpenseReportRefusedMessage=La note de frais %s a été refusée.<br>- Utilisateur : %s<br>- Refusée par : %s<br>- Motif du refus : %s<br>Cliquez ici pour afficher la note de frais: %s
 ExpenseReportCanceled=Une note de frais a été annulée
-ExpenseReportCanceledMessage=La note de frais %s a été annulée.<br>- Utilisateur : %s<br>- Annulée par : %s<br>- Motif de l'annulation :%s<br>Cliquez ici pour afficher la note de frais %s
+ExpenseReportCanceledMessage=La note de frais %s a été annulée.<br>- Utilisateur : %s<br>- Annulée par : %s<br>- Motif de l'annulation : %s<br>Cliquez ici pour afficher la note de frais %s
 ExpenseReportPaid=Une note de frais a été réglée
 ExpenseReportPaidMessage=La note de frais %s a été réglée.<br>- Utilisateur : %s<br>- Réglée par : %s<br>Cliquez ici pour afficher la note de frais %s
 TripId=Id note de frais