Merge branch 'develop' into fix_eventcreation

2020-09-27 17:58:05 +02:00 · 2020-09-27 17:58:05 +02:00 · f9d4a4d2ba
commit f9d4a4d2ba
parent 1efec17228 cdc54a9f4a
183 changed files with 3627 additions and 1768 deletions
--- a/57
+++ b/57
@ -2,25 +2,72 @@
 English Dolibarr ChangeLog
 --------------------------------------------------------------
 ***** ChangeLog for 13.0.0 compared to 12.0.0 *****
 For users:
-NEW: Add module Credit transfer SEPA to manage payment of supplier using bank credit transfer SEPA files
+NEW: Add module "Credit transfer SEPA" to manage payment of vendors using bank credit transfer SEPA files.
-NEW: Module Reception (for a more accurate management of your receptions) moved from experimental to stable
+NEW: Module Reception (for a more accurate management of your receptions) moved from experimental to stable.
 WARNING:
 Following changes may create regressions for some external modules, but were necessary to make Dolibarr better:
 * Properties ->contactid has been renamed into ->contact_id
-* Rename property $paiementid in API api_supplier_invoices into $payment_mode_id
+* Property $paiementid in API api_supplier_invoices has been renamed into into $payment_mode_id (english)
-* The deprecated subsitution key __SIGNATURE__ has been removed. Replace with __USER_SIGNATURE__ if you still use old syntax in
+* The deprecated subsitution key __SIGNATURE__ has been removed. Replace with __USER_SIGNATURE__ if you used the old syntax in
  your email templates. 
 * The hidden option HOLIDAY_MORE_PUBLIC_HOLIDAYS has been removed. Use instead the dictionary table if you need to define custom
  days of holiday.
 * Property num_paiement has been renamed num_payment everywhere for better code consistency.
 * If you build a class that implement CommonObject to use the incoterm properties or method (->fk_incoterm, ->label_incoterm, ->location_incoterm),
  you must now also include declaration of the Trait CommonIncoterm in your class. All incoterm functions were moved into this Trait. 
-* The GETPOST(..., 'alpha') has now the same behaviour than GETPOST(..., 'alpahnohtml');
+* The GETPOST(..., 'alpha') has now the same behaviour than GETPOST(..., 'alphanohtml');
 ***** ChangeLog for 12.0.3 compared to 12.0.2 *****
 FIX: 10.0 - when the mime file name is different from the filesystem name, the attachment name should be the mime filename
 FIX: 11.0 - expenses lines overlapping the total amounts frame
 FIX: 12.0 - round value of virtual stock on product stock reassort list
 FIX: #14469
 FIX: #14474 Error when deleting
 FIX: #14530
 FIX: #14703
 FIX: - Accountancy balance Error SQL on entity
 FIX: Bad number of subscription (forgotten when member was resiliated)
 FIX: bad route url to delete subproduct with API
 FIX: Category for suplements not saved
 FIX: Compatibility with modules without document generation
 FIX: Cron load lang
 FIX: CSS
 FIX: Error management. Do no try to approve PO if validation fails.
 FIX: expenses lines overlapping the frame for total amounts.
 FIX: Filter in "billed" of orders was not saved
 FIX: infinite fetch object linked loop
 FIX: Intervention lose html tags when updating
 FIX: JS CRASH - bad usage of moreparam
 FIX: lang fr retained warranty
 FIX: Look and feel v12: First tab must be name of object
 FIX: missing entity check
 FIX: missing param for hook
 FIX: Missing transaction on PO actions
 FIX: MySql Strict mode
 FIX: param entity in html form file
 FIX: Problems on FEC format
 FIX: round stock value on product list
 FIX: - Send mail from contact : select mail model
 FIX: set sales representatives on create company card
 FIX: Setup of stock increase/decrease
 FIX: sign of amount with credit note and multicurrencies
 FIX: Static property called as non static
 FIX: task leftmenu
 FIX: title button attribute id empty
 FIX: unit price divided by quantity when accepting supplier price proposal
 FIX: Update extrafields on line only if it is supported
 FIX: Update line of BOM
 FIX: using decimal on stock correction
 FIX: Visualization rights correction on last modified contacts box
 FIX: Wrong redirection
 FIX: Yogosha report 4425 (backport)
 ***** ChangeLog for 12.0.2 compared to 12.0.1 *****
 FIX: computation of the bottom margin of <body> returns NaN because body is not loaded yet
--- a/SECURITY.md
+++ b/SECURITY.md
@ -97,19 +97,19 @@ Scope is the web application (back office) and the APIs.
 ## Non-qualifying vulnerabilities for Bug bounty programs, but qualified for reporting
 * "Self" XSS
 * Missing cookie flags
 * SSL/TLS best practices
 * Denial of Service attacks
 * Clickjacking/UI redressing
-* Physical or social engineering attempts
+* Physical or social engineering attempts or issues that require physical access to a victim’s computer/device
 * Presence of autocomplete attribute on web forms
 * Vulnerabilities affecting outdated browsers or platforms
 * Issues that require physical access to a victim’s computer/device
 * Logout and other instances of low-severity Cross-Site Request Forgery
 * Missing cookie flags
 * Missing security-related HTTP headers which do not lead directly to a vulnerability
 * Reports from automated web vulnerability scanners (Acunetix, Vega, etc.) that have not been validated
 * Invalid or missing SPF (Sender Policy Framework) records (Incomplete or missing SPF/DKIM/DMARC)
 * Reports on features flagged as "experimental" or "development"
-* Software version disclosure when logged user is admin
+* Software version or private IP disclosure when logged user is admin
 * Stack traces or path disclosure when logged user is admin
 * Any vulnerabilities due to a configuration different than the one defined into chapter "Scope for qualified vulnerabilities".
--- a/htdocs/accountancy/bookkeeping/list.php
+++ b/htdocs/accountancy/bookkeeping/list.php
@ -640,7 +640,9 @@ $newcardbutton .= dolGetButtonTitle($buttonLabel, $langs->trans("ExportFilteredL
 $newcardbutton .= dolGetButtonTitle($langs->trans('GroupByAccountAccounting'), '', 'fa fa-stream paddingleft', DOL_URL_ROOT.'/accountancy/bookkeeping/listbyaccount.php?'.$param);
-$newcardbutton .= dolGetButtonTitle($langs->trans('NewAccountingMvt'), '', 'fa fa-plus-circle paddingleft', './card.php?action=create', '', $user->rights->accounting->mouvements->creer);
+$url = './card.php?action=create';
 if (!empty($socid)) $url .= '&socid='.$socid;
 $newcardbutton .= dolGetButtonTitle($langs->trans('NewAccountingMvt'), '', 'fa fa-plus-circle paddingleft', $url, '', $user->rights->accounting->mouvements->creer);
 print_barre_liste($title_page, $page, $_SERVER["PHP_SELF"], $param, $sortfield, $sortorder, '', $num, $nbtotalofrecords, 'title_accountancy', 0, $newcardbutton, '', $limit);
--- a/htdocs/accountancy/expensereport/list.php
+++ b/htdocs/accountancy/expensereport/list.php
@ -43,7 +43,7 @@ $massaction = GETPOST('massaction', 'alpha');
 $show_files = GETPOST('show_files', 'int');
 $confirm = GETPOST('confirm', 'alpha');
 $toselect = GETPOST('toselect', 'array');
-$contextpage = GETPOST('contextpage', 'aZ') ? GETPOST('contextpage', 'aZ') : 'myobjectlist'; // To manage different context of search
+$contextpage = GETPOST('contextpage', 'aZ') ? GETPOST('contextpage', 'aZ') : 'expensereportlist'; // To manage different context of search
 $optioncss = GETPOST('optioncss', 'aZ'); // Option for the css output (always '' except when 'print')
--- a/htdocs/accountancy/index.php
+++ b/htdocs/accountancy/index.php
@ -38,6 +38,7 @@ if ($user->socid > 0)
 // Initialize technical object to manage hooks. Note that conf->hooks_modules contains array of hooks
 $hookmanager->initHooks(array('accountancyindex'));
 /*
 * Actions
 */
@ -54,6 +55,7 @@ if (GETPOST('addbox'))	// Add box (when submit is done from a form when ajax dis
    if ($result > 0) setEventMessages($langs->trans("BoxAdded"), null);
 }
 /*
 * View
 */
--- a/htdocs/adherents/index.php
+++ b/htdocs/adherents/index.php
@ -282,7 +282,7 @@ print '</div><div class="fichetwothirdright"><div class="ficheaddleft">';
 /*
 * Latest modified members
 */
-$max = 5;
+$max = $conf->global->MAIN_SIZE_SHORTLIST_LIMIT;
 $sql = "SELECT a.rowid, a.statut, a.lastname, a.firstname, a.societe as company, a.fk_soc,";
 $sql .= " a.tms as datem, datefin as date_end_subscription,";
@ -337,7 +337,7 @@ if ($resql) {
 /*
 * Last modified subscriptions
 */
-$max = 5;
+$max = $conf->global->MAIN_SIZE_SHORTLIST_LIMIT;
 $sql = "SELECT a.rowid, a.statut, a.lastname, a.firstname, a.societe as company, a.fk_soc,";
 $sql .= " datefin as date_end_subscription,";
--- a/htdocs/adherents/list.php
+++ b/htdocs/adherents/list.php
@ -44,8 +44,6 @@ $contextpage = GETPOST('contextpage', 'aZ') ?GETPOST('contextpage', 'aZ') : 'mem
 // Security check
 $result = restrictedArea($user, 'adherent');
 $filter = GETPOST("filter", 'alpha');
 $statut = GETPOST("statut", 'intcomma');
 $search = GETPOST("search", 'alpha');
 $search_ref = GETPOST("search_ref", 'alpha');
 $search_lastname = GETPOST("search_lastname", 'alpha');
@ -65,12 +63,19 @@ $search_phone_mobile = GETPOST("search_phone_mobile", 'alpha');
 $search_type = GETPOST("search_type", 'alpha');
 $search_email = GETPOST("search_email", 'alpha');
 $search_categ = GETPOST("search_categ", 'int');
 $search_filter = GETPOST("search_filter", 'alpha');
 $search_status = GETPOST("search_status", 'intcomma');
 $catid        = GETPOST("catid", 'int');
 $optioncss = GETPOST('optioncss', 'alpha');
 $filter = GETPOST("filter", 'alpha');
 if ($filter) $search_filter = $filter; // For backward compatibility
 $statut = GETPOST("statut", 'alpha');
 if ($statut != '') $search_status = $statut; // For backward compatibility
 $sall = trim((GETPOST('search_all', 'alphanohtml') != '') ?GETPOST('search_all', 'alphanohtml') : GETPOST('sall', 'alphanohtml'));
-if ($statut < -1) $statut = '';
+if ($search_status < -1) $search_status = '';
 $limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit;
 $sortfield = GETPOST("sortfield", 'alpha');
@ -166,6 +171,9 @@ if (empty($reshook)) {
 	// Purge search criteria
 	if (GETPOST('button_removefilter_x', 'alpha') || GETPOST('button_removefilter.x', 'alpha') || GETPOST('button_removefilter', 'alpha')) { // All tests are required to be compatible with all browsers
 		$statut = '';
 		$filter = '';
 		$search = "";
 		$search_ref = "";
 		$search_lastname = "";
@ -186,9 +194,10 @@ if (empty($reshook)) {
 		$search_phone_mobile = '';
 		$search_morphy = "";
 		$search_categ = "";
 		$search_filter = "";
 		$search_status = "";
 		$catid = "";
 		$sall = "";
 		$statut = '';
 		$toselect = '';
 		$search_array_options = array();
 	}
@ -273,7 +282,10 @@ if ($search_categ == -2) $sql .= " AND cm.fk_categorie IS NULL";
 $sql .= " AND d.entity IN (".getEntity('adherent').")";
 if ($sall) $sql .= natural_search(array_keys($fieldstosearchall), $sall);
 if ($search_type > 0) $sql .= " AND t.rowid=".$db->escape($search_type);
-if ($statut != '') $sql .= " AND d.statut in (".$db->escape($statut).")"; // Peut valoir un nombre ou liste de nombre separes par virgules
+if ($search_filter == 'withoutsubscription') $sql .= " AND (datefin IS NULL OR t.subscription = 0)";
 if ($search_filter == 'uptodate') $sql .= " AND (datefin >= '".$db->idate($now)."' OR t.subscription = 0)";
 if ($search_filter == 'outofdate') $sql .= " AND (datefin < '".$db->idate($now)."' AND t.subscription = 1)";
 if ($search_status != '') $sql .= " AND d.statut in (".$db->sanitize($db->escape($search_status)).")"; // Peut valoir un nombre ou liste de nombre separes par virgules
 if ($search_ref) {
 	if (is_numeric($search_ref)) $sql .= " AND (d.rowid = ".$db->escape($search_ref).")";
 	else $sql .= " AND 1 = 2"; // Always wrong
@ -293,8 +305,6 @@ if ($search_phone)      $sql .= natural_search("d.phone", $search_phone);
 if ($search_phone_perso)      $sql .= natural_search("d.phone_perso", $search_phone_perso);
 if ($search_phone_mobile)      $sql .= natural_search("d.phone_mobile", $search_phone_mobile);
 if ($search_country) $sql .= " AND d.country IN (".$search_country.')';
 if ($filter == 'uptodate') $sql .= " AND (datefin >= '".$db->idate($now)."' OR t.subscription = 0)";
 if ($filter == 'outofdate') $sql .= " AND ((datefin IS NULL OR datefin < '".$db->idate($now)."') AND t.subscription = 1)";
 // Add where from extra fields
 include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_list_search_sql.tpl.php';
@ -341,13 +351,14 @@ if ($num == 1 && !empty($conf->global->MAIN_SEARCH_DIRECT_OPEN_IF_ONLY_ONE) && $
 llxHeader('', $langs->trans("Member"), 'EN:Module_Foundations|FR:Module_Adh&eacute;rents|ES:M&oacute;dulo_Miembros');
 $titre = $langs->trans("MembersList");
-if (GETPOSTISSET("statut")) {
+if (GETPOSTISSET("search_status")) {
-	if ($statut == '-1,1') { $titre = $langs->trans("MembersListQualified"); }
+	if ($search_status == '-1,1') { $titre = $langs->trans("MembersListQualified"); }
-	if ($statut == '-1') { $titre = $langs->trans("MembersListToValid"); }
+	if ($search_status == '-1') { $titre = $langs->trans("MembersListToValid"); }
-	if ($statut == '1' && !$filter) { $titre = $langs->trans("MembersListValid"); }
+	if ($search_status == '1' && $filter == '') { $titre = $langs->trans("MembersValidated"); }
-	if ($statut == '1' && $filter == 'uptodate') { $titre = $langs->trans("MembersListUpToDate"); }
+	if ($search_status == '1' && $filter == 'withoutsubscription') { $titre = $langs->trans("MembersWithSubscriptionToReceive"); }
-	if ($statut == '1' && $filter == 'outofdate') { $titre = $langs->trans("MembersListNotUpToDate"); }
+	if ($search_status == '1' && $filter == 'uptodate') { $titre = $langs->trans("MembersListUpToDate"); }
-	if ($statut == '0') { $titre = $langs->trans("MembersListResiliated"); }
+	if ($search_status == '1' && $filter == 'outofdate') { $titre = $langs->trans("MembersListNotUpToDate"); }
 	if ($search_status == '0') { $titre = $langs->trans("MembersListResiliated"); }
 } elseif ($action == 'search') {
 	$titre = $langs->trans("MembersListQualified");
 }
@ -362,7 +373,6 @@ $param = '';
 if (!empty($contextpage) && $contextpage != $_SERVER["PHP_SELF"]) $param .= '&contextpage='.urlencode($contextpage);
 if ($limit > 0 && $limit != $conf->liste_limit) $param .= '&limit='.urlencode($limit);
 if ($sall != "") $param .= "&sall=".urlencode($sall);
 if ($statut != "") $param .= "&statut=".urlencode($statut);
 if ($search_ref)   $param .= "&search_ref=".urlencode($search_ref);
 if ($search_civility) $param .= "&search_civility=".urlencode($search_civility);
 if ($search_firstname) $param .= "&search_firstname=".urlencode($search_firstname);
@ -380,7 +390,8 @@ if ($search_country != '') $param .= "&search_country=".urlencode($search_countr
 if ($search_phone != '') $param .= "&search_phone=".urlencode($search_phone);
 if ($search_phone_perso != '') $param .= "&search_phone_perso=".urlencode($search_phone_perso);
 if ($search_phone_mobile != '') $param .= "&search_phone_mobile=".urlencode($search_phone_mobile);
-if ($filter)         $param .= "&filter=".urlencode($filter);
+if ($search_filter && $search_filter != '-1') $param .= "&search_filter=".urlencode($search_filter);
 if ($search_status != "" && $search_status != '-1') $param .= "&search_status=".urlencode($search_status);
 if ($search_type > 0)       $param .= "&search_type=".urlencode($search_type);
 if ($optioncss != '')       $param .= '&optioncss='.urlencode($optioncss);
 // Add $param from extra fields
@ -549,6 +560,8 @@ if (!empty($arrayfields['d.email']['checked'])) {
 // End of subscription date
 if (!empty($arrayfields['d.datefin']['checked'])) {
 	print '<td class="liste_titre left">';
 	$selectarray=array('-1'=>'', 'withoutsubscription'=>$langs->trans("WithoutSubscription"), 'uptodate'=>$langs->trans("UpToDate"), 'outofdate'=>$langs->trans("OutOfDate"));
 	print $form->selectarray('search_filter', $selectarray, $search_filter);
 	print '</td>';
 }
 // Extra fields
@ -563,7 +576,7 @@ if (!empty($arrayfields['d.datec']['checked'])) {
 	print '<td class="liste_titre">';
 	print '</td>';
 }
-//Birthday
+// Birthday
 if (!empty($arrayfields['d.birth']['checked'])) {
 	print '<td class="liste_titre">';
 	print '</td>';
@ -581,7 +594,7 @@ if (!empty($arrayfields['d.statut']['checked'])) {
 		'1'=>$langs->trans("Validated"),
 		'0'=>$langs->trans("Resiliated")
 	);
-	print $form->selectarray('statut', $liststatus, $statut, -2);
+	print $form->selectarray('search_status', $liststatus, $search_status, -2);
 	print '</td>';
 }
 // Action column
--- a/htdocs/adherents/subscription/list.php
+++ b/htdocs/adherents/subscription/list.php
@ -33,10 +33,9 @@ $langs->loadLangs(array("members", "companies"));
 $action = GETPOST('action', 'aZ09');
 $massaction = GETPOST('massaction', 'alpha');
 $contextpage = GETPOST('contextpage', 'aZ09');
 $confirm = GETPOST('confirm', 'alpha');
 $toselect = GETPOST('toselect', 'array');
-$contextpage = GETPOST('contextpage', 'aZ') ? GETPOST('contextpage', 'aZ') : 'myobjectlist'; // To manage different context of search
+$contextpage = GETPOST('contextpage', 'aZ') ? GETPOST('contextpage', 'aZ') : 'subscriptionlist'; // To manage different context of search
 $statut = (GETPOSTISSET("statut") ?GETPOST("statut", "alpha") : 1);
 $search_ref = GETPOST('search_ref', 'alpha');
--- a/htdocs/admin/boxes.php
+++ b/htdocs/admin/boxes.php
@ -175,10 +175,10 @@ if ($action == 'switch')
 	$db->begin();
 	$objfrom = new ModeleBoxes($db);
-	$objfrom->fetch($_GET["switchfrom"]);
+	$objfrom->fetch(GETPOST("switchfrom", 'int'));
 	$objto = new ModeleBoxes($db);
-	$objto->fetch($_GET["switchto"]);
+	$objto->fetch(GETPOST('switchto', 'int'));
 	$resultupdatefrom = 0;
 	$resultupdateto = 0;
@ -192,12 +192,12 @@ if ($action == 'switch')
 			 $newsecondnum = preg_replace('/[a-zA-Z]+/', '', $newsecond);
 			 $newsecond = sprintf("%s%02d", $newsecondchar ? $newsecondchar : 'A', $newsecondnum + 1);
 		}
-		$sql = "UPDATE ".MAIN_DB_PREFIX."boxes SET box_order='".$db->escape($newfirst)."' WHERE rowid=".$objfrom->rowid;
+		$sql = "UPDATE ".MAIN_DB_PREFIX."boxes SET box_order='".$db->escape($newfirst)."' WHERE rowid=".((int) $objfrom->rowid);
 		dol_syslog($sql);
 		$resultupdatefrom = $db->query($sql);
 		if (!$resultupdatefrom) { dol_print_error($db); }
-		$sql = "UPDATE ".MAIN_DB_PREFIX."boxes SET box_order='".$db->escape($newsecond)."' WHERE rowid=".$objto->rowid;
+		$sql = "UPDATE ".MAIN_DB_PREFIX."boxes SET box_order='".$db->escape($newsecond)."' WHERE rowid=".((int) $objto->rowid);
 		dol_syslog($sql);
 		$resultupdateto = $db->query($sql);
 		if (!$resultupdateto) { dol_print_error($db); }
--- a/htdocs/admin/company.php
+++ b/htdocs/admin/company.php
@ -558,7 +558,7 @@ $langs->load("companies");
 // Managing Director(s)
 print '<tr class="oddeven"><td><label for="director">'.$langs->trans("ManagingDirectors").'</label></td><td>';
-print '<input name="MAIN_INFO_SOCIETE_MANAGERS" id="director" class="minwidth200" value="'.dol_escape_htmltag($conf->global->MAIN_INFO_SOCIETE_MANAGERS).'"></td></tr>';
+print '<input name="MAIN_INFO_SOCIETE_MANAGERS" id="director" class="minwidth500" value="'.dol_escape_htmltag($conf->global->MAIN_INFO_SOCIETE_MANAGERS).'"></td></tr>';
 // GDPR contact
 print '<tr class="oddeven"><td>';
@ -568,7 +568,7 @@ print '<input name="MAIN_INFO_GDPR" id="director" class="minwidth500" value="'.d
 // Capital
 print '<tr class="oddeven"><td><label for="capital">'.$langs->trans("Capital").'</label></td><td>';
-print '<input name="capital" id="capital" class="minwidth100" value="'.dol_escape_htmltag($conf->global->MAIN_INFO_CAPITAL).'"></td></tr>';
+print '<input name="capital" id="capital" class="maxwidth100" value="'.dol_escape_htmltag($conf->global->MAIN_INFO_CAPITAL).'"></td></tr>';
 // Juridical Status
 print '<tr class="oddeven"><td><label for="forme_juridique_code">'.$langs->trans("JuridicalStatus").'</label></td><td>';
--- a/htdocs/admin/emailcollector_card.php
+++ b/htdocs/admin/emailcollector_card.php
@ -45,7 +45,7 @@ $ref        = GETPOST('ref', 'alpha');
 $action = GETPOST('action', 'aZ09');
 $confirm    = GETPOST('confirm', 'alpha');
 $cancel     = GETPOST('cancel', 'aZ09');
-$contextpage = GETPOST('contextpage', 'aZ') ?GETPOST('contextpage', 'aZ') : 'myobjectcard'; // To manage different context of search
+$contextpage = GETPOST('contextpage', 'aZ') ?GETPOST('contextpage', 'aZ') : 'emailcollectorcard'; // To manage different context of search
 $backtopage = GETPOST('backtopage', 'alpha');
 $operationid = GETPOST('operationid', 'int');
--- a/htdocs/admin/emailcollector_list.php
+++ b/htdocs/admin/emailcollector_list.php
@ -31,10 +31,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/date.lib.php';
 require_once DOL_DOCUMENT_ROOT.'/core/lib/company.lib.php';
 dol_include_once('/emailcollector/class/emailcollector.class.php');
-if (!$user->admin) accessforbidden();
+// Load translation files required by page
 if (empty($conf->emailcollector->enabled)) accessforbidden();
 // Load traductions files required by page
 $langs->loadLangs(array("admin", "other"));
 $action     = GETPOST('action', 'aZ09') ?GETPOST('action', 'aZ09') : 'view'; // The action 'add', 'create', 'edit', 'update', 'view', ...
@ -54,7 +51,7 @@ $limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit;
 $sortfield = GETPOST('sortfield', 'aZ09comma');
 $sortorder = GETPOST('sortorder', 'aZ09comma');
 $page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int');
-if (empty($page) || $page == -1 || GETPOST('button_search', 'alpha') || GETPOST('button_removefilter', 'alpha') || (empty($toselect) && $massaction === '0')) { $page = 0; }     // If $page is not defined, or '' or -1 or if we click on clear filters or if we select empty mass action
+if (empty($page) || $page < 0 || GETPOST('button_search', 'alpha') || GETPOST('button_removefilter', 'alpha') || (empty($toselect) && $massaction === '0')) { $page = 0; }     // If $page is not defined, or '' or -1 or if we click on clear filters or if we select empty mass action
 $offset = $limit * $page;
 $pageprev = $page - 1;
 $pagenext = $page + 1;
@ -86,11 +83,11 @@ if ($user->socid > 0)	// Protection if external user
 //$result = restrictedArea($user, 'emailcollector', $id, '');
 // Initialize array of search criterias
-$search_all = GETPOST("search_all", 'alpha');
+$search_all = GETPOST("search_all", 'alphanohtml');
 $search = array();
 foreach ($object->fields as $key => $val)
 {
-	if (GETPOST('search_'.$key, 'alpha')) $search[$key] = GETPOST('search_'.$key, 'alpha');
+	if (GETPOST('search_'.$key, 'alpha') !== '') $search[$key] = GETPOST('search_'.$key, 'alpha');
 }
 // List of fields to search into when doing a "search in all"
@ -100,25 +97,47 @@ foreach ($object->fields as $key => $val)
 	if ($val['searchall']) $fieldstosearchall['t.'.$key] = $val['label'];
 }
-// Definition of fields for list
+// Definition of array of fields for columns
 $arrayfields = array();
 foreach ($object->fields as $key => $val)
 {
 	// If $val['visible']==0, then we never show the field
-	if (!empty($val['visible'])) $arrayfields['t.'.$key] = array('label'=>$val['label'], 'checked'=>(($val['visible'] < 0) ? 0 : 1), 'enabled'=>$val['enabled'], 'position'=>$val['position']);
+	if (!empty($val['visible'])) {
 		$visible = dol_eval($val['visible'], 1);
 		$arrayfields['t.'.$key] = array(
 			'label'=>$val['label'],
 			'checked'=>(($visible < 0) ? 0 : 1),
 			'enabled'=>($visible != 3 && dol_eval($val['enabled'], 1)),
 			'position'=>$val['position']
 		);
 	}
 }
 // Extra fields
 if (is_array($extrafields->attributes[$object->table_element]['label']) && count($extrafields->attributes[$object->table_element]['label']) > 0)
 {
 	foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val)
 	{
-		if (!empty($extrafields->attributes[$object->table_element]['list'][$key]))
+		if (!empty($extrafields->attributes[$object->table_element]['list'][$key])) {
-			$arrayfields["ef.".$key] = array('label'=>$extrafields->attributes[$object->table_element]['label'][$key], 'checked'=>(($extrafields->attributes[$object->table_element]['list'][$key] < 0) ? 0 : 1), 'position'=>$extrafields->attributes[$object->table_element]['pos'][$key], 'enabled'=>(abs($extrafields->attributes[$object->table_element]['list'][$key]) != 3 && $extrafields->attributes[$object->table_element]['perms'][$key]));
+			$arrayfields["ef.".$key] = array(
 				'label'=>$extrafields->attributes[$object->table_element]['label'][$key],
 				'checked'=>(($extrafields->attributes[$object->table_element]['list'][$key] < 0) ? 0 : 1),
 				'position'=>$extrafields->attributes[$object->table_element]['pos'][$key],
 				'enabled'=>(abs($extrafields->attributes[$object->table_element]['list'][$key]) != 3 && $extrafields->attributes[$object->table_element]['perms'][$key]),
 				'langfile'=>$extrafields->attributes[$object->table_element]['langfile'][$key]
 			);
 		}
 	}
 }
 $object->fields = dol_sort_array($object->fields, 'position');
 $arrayfields = dol_sort_array($arrayfields, 'position');
 $permissiontoread = $user->rights->emailcollector->read;
 $permissiontoadd = $user->rights->emailcollector->write;
 $permissiontodelete = $user->rights->emailcollector->delete;
 if (!$user->admin) accessforbidden();
 if (empty($conf->emailcollector->enabled)) accessforbidden('Module not enabled');
 /*
@ -182,13 +201,14 @@ foreach ($object->fields as $key => $val)
 	$sql .= 't.'.$key.', ';
 }
 // Add fields from extrafields
-if (!empty($extrafields->attributes[$object->table_element]['label']))
+if (!empty($extrafields->attributes[$object->table_element]['label'])) {
 	foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? "ef.".$key.' as options_'.$key.', ' : '');
 }
 // Add fields from hooks
 $parameters = array();
 $reshook = $hookmanager->executeHooks('printFieldListSelect', $parameters, $object); // Note that $action and $object may have been modified by hook
-$sql .= $hookmanager->resPrint;
+$sql .= preg_replace('/^,/', '', $hookmanager->resPrint);
-$sql = preg_replace('/, $/', '', $sql);
+$sql = preg_replace('/,\s*$/', '', $sql);
 $sql .= " FROM ".MAIN_DB_PREFIX.$object->table_element." as t";
 if (is_array($extrafields->attributes[$object->table_element]['label']) && count($extrafields->attributes[$object->table_element]['label'])) $sql .= " LEFT JOIN ".MAIN_DB_PREFIX.$object->table_element."_extrafields as ef on (t.rowid = ef.fk_object)";
 if ($object->ismultientitymanaged == 1) $sql .= " WHERE t.entity IN (".getEntity($object->element).")";
@ -197,6 +217,10 @@ foreach ($search as $key => $val)
 {
 	if ($key == 'status' && $search[$key] == -1) continue;
 	$mode_search = (($object->isInt($object->fields[$key]) || $object->isFloat($object->fields[$key])) ? 1 : 0);
 	if (strpos($object->fields[$key]['type'], 'integer:') === 0) {
 		if ($search[$key] == '-1') $search[$key] = '';
 		$mode_search = 2;
 	}
 	if ($search[$key] != '') $sql .= natural_search($key, $search[$key], (($key == 'status') ? 2 : $mode_search));
 }
 if ($search_all) $sql .= natural_search(array_keys($fieldstosearchall), $search_all);
@ -208,7 +232,7 @@ $reshook = $hookmanager->executeHooks('printFieldListWhere', $parameters, $objec
 $sql .= $hookmanager->resPrint;
 /* If a group by is required
-$sql.= " GROUP BY "
+$sql.= " GROUP BY ";
 foreach ($object->fields as $key => $val)
 {
 	$sql.='t.'.$key.', ';
@ -216,6 +240,7 @@ foreach ($object->fields as $key => $val)
 // Add fields from extrafields
 if (! empty($extrafields->attributes[$object->table_element]['label'])) {
 	foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) $sql.=($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? "ef.".$key.', ' : '');
 }
 // Add where from hooks
 $parameters=array();
 $reshook=$hookmanager->executeHooks('printFieldListGroupBy',$parameters);    // Note that $action and $object may have been modified by hook
@ -238,11 +263,11 @@ if (empty($conf->global->MAIN_DISABLE_FULL_SCANLIST))
 	}
 }
 // if total of record found is smaller than limit, no need to do paging and to restart another select with limits set.
-if (is_numeric($nbtotalofrecords) && $limit > $nbtotalofrecords)
+if (is_numeric($nbtotalofrecords) && ($limit > $nbtotalofrecords || empty($limit)))
 {
 	$num = $nbtotalofrecords;
 } else {
-	$sql .= $db->plimit($limit + 1, $offset);
+	if ($limit) $sql .= $db->plimit($limit + 1, $offset);
 	$resql = $db->query($sql);
 	if (!$resql)
@ -255,7 +280,7 @@ if (is_numeric($nbtotalofrecords) && $limit > $nbtotalofrecords)
 }
 // Direct jump if only one record found
-if ($num == 1 && !empty($conf->global->MAIN_SEARCH_DIRECT_OPEN_IF_ONLY_ONE) && $search_all)
+if ($num == 1 && !empty($conf->global->MAIN_SEARCH_DIRECT_OPEN_IF_ONLY_ONE) && $search_all && !$page)
 {
 	$obj = $db->fetch_object($resql);
 	$id = $obj->rowid;
@ -291,7 +316,8 @@ if (!empty($contextpage) && $contextpage != $_SERVER["PHP_SELF"]) $param .= '&co
 if ($limit > 0 && $limit != $conf->liste_limit) $param .= '&limit='.urlencode($limit);
 foreach ($search as $key => $val)
 {
-	$param .= '&search_'.$key.'='.urlencode($search[$key]);
+	if (is_array($search[$key]) && count($search[$key])) foreach ($search[$key] as $skey) $param .= '&search_'.$key.'[]='.urlencode($skey);
 	else $param .= '&search_'.$key.'='.urlencode($search[$key]);
 }
 if ($optioncss != '')     $param .= '&optioncss='.urlencode($optioncss);
 // Add $param from extra fields
@ -302,7 +328,7 @@ $arrayofmassactions = array(
 	//'presend'=>$langs->trans("SendByMail"),
 	//'builddoc'=>$langs->trans("PDFMerge"),
 );
-if ($user->rights->emailcollector->delete) $arrayofmassactions['predelete'] = '<span class="fa fa-trash paddingrightonly"></span>'.$langs->trans("Delete");
+if ($permissiontodelete) $arrayofmassactions['predelete'] = '<span class="fa fa-trash paddingrightonly"></span>'.$langs->trans("Delete");
 if (GETPOST('nomassaction', 'int') || in_array($massaction, array('presend', 'predelete'))) $arrayofmassactions = array();
 $massactionbutton = $form->selectMassAction('', $arrayofmassactions);
@ -318,13 +344,9 @@ print '<input type="hidden" name="contextpage" value="'.$contextpage.'">';
 $linkback = '<a href="'.DOL_URL_ROOT.'/admin/modules.php?restore_lastsearch_values=1">'.$langs->trans("BackToModuleList").'</a>';
-$newcardbutton = '';
+$newcardbutton = dolGetButtonTitle($langs->trans('New'), '', 'fa fa-plus-circle', 'emailcollector_card.php?action=create&backtopage='.urlencode($_SERVER['PHP_SELF']), '', $permissiontoadd);
 //if ($user->rights->emailcollector->creer)
 //{
 $newcardbutton .= dolGetButtonTitle($langs->trans('New'), '', 'fa fa-plus-circle', 'emailcollector_card.php?action=create&backtopage='.urlencode($_SERVER['PHP_SELF']));
 //}
-print_barre_liste($title, $page, $_SERVER["PHP_SELF"], $param, $sortfield, $sortorder, $massactionbutton, $num, $nbtotalofrecords, 'email', 0, $newcardbutton.' '.$linkback, '', $limit);
+print_barre_liste($title, $page, $_SERVER["PHP_SELF"], $param, $sortfield, $sortorder, $massactionbutton, $num, $nbtotalofrecords, 'email', 0, $newcardbutton.' '.$linkback, '', $limit, 0, 0, 1);
 // Add code for pre mass action (confirmation or email presend form)
 /*$topicmail="";
@ -355,7 +377,7 @@ $selectedfields = $form->multiSelectArrayWithCheckbox('selectedfields', $arrayfi
 $selectedfields .= (count($arrayofmassactions) ? $form->showCheckAddButtons('checkforselect', 1) : '');
 print '<div class="div-table-responsive">'; // You can use div-table-responsive-no-min if you dont need reserved height for your table
-print '<table class="tagtable liste'.($moreforfilter ? " listwithfilterbefore" : "").'">'."\n";
+print '<table class="tagtable nobottomiftotal liste'.($moreforfilter ? " listwithfilterbefore" : "").'">'."\n";
 // Fields title search
@ -363,11 +385,20 @@ print '<table class="tagtable liste'.($moreforfilter ? " listwithfilterbefore" :
 print '<tr class="liste_titre">';
 foreach ($object->fields as $key => $val)
 {
-    $cssforfield = '';
+	$cssforfield = (empty($val['css']) ? '' : $val['css']);
-    if (in_array($val['type'], array('date', 'datetime', 'timestamp'))) $cssforfield .= ($cssforfield ? ' ' : '').'center';
+	if ($key == 'status') $cssforfield .= ($cssforfield ? ' ' : '').'center';
-    if (in_array($val['type'], array('timestamp'))) $cssforfield .= ($cssforfield ? ' ' : '').'nowrap';
+	elseif (in_array($val['type'], array('date', 'datetime', 'timestamp'))) $cssforfield .= ($cssforfield ? ' ' : '').'center';
-    if ($key == 'status') $cssforfield .= ($cssforfield ? ' ' : '').'center';
+	elseif (in_array($val['type'], array('timestamp'))) $cssforfield .= ($cssforfield ? ' ' : '').'nowrap';
-    if (!empty($arrayfields['t.'.$key]['checked'])) print '<td class="liste_titre'.($cssforfield ? ' '.$cssforfield : '').'"><input type="text" class="flat maxwidth75" name="search_'.$key.'" value="'.dol_escape_htmltag($search[$key]).'"></td>';
+	elseif (in_array($val['type'], array('double(24,8)', 'double(6,3)', 'integer', 'real', 'price')) && $val['label'] != 'TechnicalID') $cssforfield .= ($cssforfield ? ' ' : '').'right';
 	if (!empty($arrayfields['t.'.$key]['checked']))
 	{
 		print '<td class="liste_titre'.($cssforfield ? ' '.$cssforfield : '').'">';
 		if (is_array($val['arrayofkeyval'])) print $form->selectarray('search_'.$key, $val['arrayofkeyval'], $search[$key], $val['notnull'], 0, 0, '', 1, 0, 0, '', 'maxwidth75');
 		elseif (strpos($val['type'], 'integer:') === 0) {
 			print $object->showInputField($val, $key, $search[$key], '', '', 'search_', 'maxwidth150', 1);
 		} elseif (!preg_match('/^(date|timestamp)/', $val['type'])) print '<input type="text" class="flat maxwidth75" name="search_'.$key.'" value="'.dol_escape_htmltag($search[$key]).'">';
 		print '</td>';
 	}
 }
 // Extra fields
 include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_list_search_input.tpl.php';
@ -389,11 +420,12 @@ print '</tr>'."\n";
 print '<tr class="liste_titre">';
 foreach ($object->fields as $key => $val)
 {
-    $cssforfield = '';
+	$cssforfield = (empty($val['css']) ? '' : $val['css']);
-    if (in_array($val['type'], array('date', 'datetime', 'timestamp'))) $cssforfield .= ($cssforfield ? ' ' : '').'center';
+	if ($key == 'status') $cssforfield .= ($cssforfield ? ' ' : '').'center';
-    if (in_array($val['type'], array('timestamp'))) $cssforfield .= ($cssforfield ? ' ' : '').'nowrap';
+	elseif (in_array($val['type'], array('date', 'datetime', 'timestamp'))) $cssforfield .= ($cssforfield ? ' ' : '').'center';
-    if ($key == 'status') $cssforfield .= ($cssforfield ? ' ' : '').'center';
+	elseif (in_array($val['type'], array('timestamp'))) $cssforfield .= ($cssforfield ? ' ' : '').'nowrap';
-    if (!empty($arrayfields['t.'.$key]['checked']))
+	elseif (in_array($val['type'], array('double(24,8)', 'double(6,3)', 'integer', 'real', 'price')) && $val['label'] != 'TechnicalID') $cssforfield .= ($cssforfield ? ' ' : '').'right';
 	if (!empty($arrayfields['t.'.$key]['checked']))
    {
        print getTitleFieldOfList($arrayfields['t.'.$key]['label'], 0, $_SERVER['PHP_SELF'], 't.'.$key, '', $param, ($cssforfield ? 'class="'.$cssforfield.'"' : ''), $sortfield, $sortorder, ($cssforfield ? $cssforfield.' ' : ''))."\n";
    }
@ -404,6 +436,7 @@ include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_list_search_title.tpl.php';
 $parameters = array('arrayfields'=>$arrayfields, 'param'=>$param, 'sortfield'=>$sortfield, 'sortorder'=>$sortorder);
 $reshook = $hookmanager->executeHooks('printFieldListTitle', $parameters, $object); // Note that $action and $object may have been modified by hook
 print $hookmanager->resPrint;
 // Action column
 print getTitleFieldOfList($selectedfields, 0, $_SERVER["PHP_SELF"], '', '', '', '', $sortfield, $sortorder, 'center maxwidthsearch ')."\n";
 print '</tr>'."\n";
@ -423,52 +456,46 @@ if (is_array($extrafields->attributes[$object->table_element]['computed']) && co
 // --------------------------------------------------------------------
 $i = 0;
 $totalarray = array();
-while ($i < min($num, $limit))
+while ($i < ($limit ? min($num, $limit) : $num))
 {
 	$obj = $db->fetch_object($resql);
 	if (empty($obj)) break; // Should not happen
 	// Store properties in $object
-	$object->id = $obj->rowid;
+	$object->setVarsFromFetchObj($obj);
 	foreach ($object->fields as $key => $val)
 	{
 		if (property_exists($obj, $key)) $object->$key = $obj->$key;
 	}
 	// Show here line of result
 	print '<tr class="oddeven">';
 	foreach ($object->fields as $key => $val)
 	{
-	    $cssforfield = '';
+		$cssforfield = (empty($val['css']) ? '' : $val['css']);
-	    if (in_array($val['type'], array('date', 'datetime', 'timestamp'))) $cssforfield .= ($cssforfield ? ' ' : '').'center';
+		if (in_array($val['type'], array('date', 'datetime', 'timestamp'))) $cssforfield .= ($cssforfield ? ' ' : '').'center';
 	    elseif ($key == 'status') $cssforfield .= ($cssforfield ? ' ' : '').'center';
 	    if (in_array($val['type'], array('timestamp'))) $cssforfield .= ($cssforfield ? ' ' : '').'nowrap';
 	    elseif ($key == 'ref') $cssforfield .= ($cssforfield ? ' ' : '').'nowrap';
 	    if (in_array($val['type'], array('double(24,8)', 'double(6,3)', 'integer', 'real', 'price')) && !in_array($key, array('rowid', 'status'))) $cssforfield .= ($cssforfield ? ' ' : '').'right';
 	    //if (in_array($key, array('fk_soc', 'fk_user', 'fk_warehouse'))) $cssforfield = 'tdoverflowmax100';
 	    if (!empty($arrayfields['t.'.$key]['checked']))
 	    {
-	        print '<td';
+	    	print '<td'.($cssforfield ? ' class="'.$cssforfield.'"' : '').'>';
-	        if ($cssforfield || $val['css']) print ' class="';
+	    	if ($key == 'status') print $object->getLibStatut(5);
-	        print $cssforfield;
+	    	else print $object->showOutputField($val, $key, $object->$key, '');
-	        if ($cssforfield && $val['css']) print ' ';
+	    	print '</td>';
-	        print $val['css'];
+	    	if (!$i) $totalarray['nbfield']++;
-	        if ($cssforfield || $val['css']) print '"';
+	    	if (!empty($val['isameasure']))
-	        print '>';
+	    	{
-			print $object->showOutputField($val, $key, $obj->$key, '');
+	    		if (!$i) $totalarray['pos'][$totalarray['nbfield']] = 't.'.$key;
-			print '</td>';
+	    		$totalarray['val']['t.'.$key] += $object->$key;
-			if (!$i) $totalarray['nbfield']++;
+	    	}
 			if (!empty($val['isameasure']))
 			{
 				if (!$i) $totalarray['pos'][$totalarray['nbfield']] = 't.'.$key;
 				$totalarray['val']['t.'.$key] += $obj->$key;
 			}
 		}
 	}
 	// Extra fields
 	include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_list_print_fields.tpl.php';
 	// Fields from hook
-	$parameters = array('arrayfields'=>$arrayfields, 'obj'=>$obj, 'i'=>$i, 'totalarray'=>&$totalarray);
+	$parameters = array('arrayfields'=>$arrayfields, 'object'=>$object, 'obj'=>$obj, 'i'=>$i, 'totalarray'=>&$totalarray);
 	$reshook = $hookmanager->executeHooks('printFieldListValue', $parameters, $object); // Note that $action and $object may have been modified by hook
 	print $hookmanager->resPrint;
 	// Action column
@ -476,13 +503,13 @@ while ($i < min($num, $limit))
 	if ($massactionbutton || $massaction)   // If we are in select mode (massactionbutton defined) or if we have already selected and sent an action ($massaction) defined
 	{
 		$selected = 0;
-		if (in_array($obj->rowid, $arrayofselected)) $selected = 1;
+		if (in_array($object->id, $arrayofselected)) $selected = 1;
-		print '<input id="cb'.$obj->rowid.'" class="flat checkforselect" type="checkbox" name="toselect[]" value="'.$obj->rowid.'"'.($selected ? ' checked="checked"' : '').'>';
+		print '<input id="cb'.$object->id.'" class="flat checkforselect" type="checkbox" name="toselect[]" value="'.$object->id.'"'.($selected ? ' checked="checked"' : '').'>';
 	}
 	print '</td>';
 	if (!$i) $totalarray['nbfield']++;
-	print '</tr>';
+	print '</tr>'."\n";
 	$i++;
 }
@ -524,8 +551,8 @@ if (in_array('builddoc', $arrayofmassactions) && ($nbtotalofrecords === '' || $n
 	$urlsource .= str_replace('&amp;', '&', $param);
 	$filedir = $diroutputmassaction;
-	$genallowed = $user->rights->emailcollector->read;
+	$genallowed = $permissiontoread;
-	$delallowed = $user->rights->emailcollector->create;
+	$delallowed = $permissiontoadd;
 	print $formfile->showdocuments('massfilesarea_emailcollector', '', $filedir, $urlsource, 0, $delallowed, '', 1, 1, 0, 48, 1, $param, $title, '', '', '', null, $hidegeneratedfilelistifempty);
 }
--- a/htdocs/admin/events.php
+++ b/htdocs/admin/events.php
@ -36,7 +36,7 @@ if (!$user->admin) {
 $langs->loadLangs(array("users", "admin", "other"));
 $action = GETPOST('action', 'aZ09');
-$contextpage = GETPOST('contextpage', 'aZ') ? GETPOST('contextpage', 'aZ') : 'myobjectlist'; // To manage different context of search
+$contextpage = GETPOST('contextpage', 'aZ') ? GETPOST('contextpage', 'aZ') : 'auditeventslist'; // To manage different context of search
 $optioncss = GETPOST('optioncss', 'aZ'); // Option for the css output (always '' except when 'print')
 // Load variable for pagination
--- a/htdocs/admin/geoipmaxmind.php
+++ b/htdocs/admin/geoipmaxmind.php
@ -47,7 +47,12 @@ if ($action == 'set')
 	$gimcdf = GETPOST("GEOIPMAXMIND_COUNTRY_DATAFILE");
-	if (!$gimcdf && !file_exists($gimcdf))
+	if (!$error && $gimcdf && ! preg_match('/\.(dat|mmdb)$/', $gimcdf)) {
 		setEventMessages($langs->trans("ErrorFileMustHaveFormat", '.dat|.mmdb'), null, 'errors');
 		$error++;
 	}
 	if (!$error && $gimcdf && !file_exists($gimcdf))
 	{
 		setEventMessages($langs->trans("ErrorFileNotFound", $gimcdf), null, 'errors');
 		$error++;
@ -126,7 +131,7 @@ if ($conf->global->GEOIP_VERSION == 'php')
 {
 	print 'Using geoip PHP internal functions. Value must be '.geoip_db_filename(GEOIP_COUNTRY_EDITION).' or '.geoip_db_filename(GEOIP_CITY_EDITION_REV1).' or /pathtodatafile/GeoLite2-Country.mmdb<br>';
 }
-print '<input size="50" type="text" name="GEOIPMAXMIND_COUNTRY_DATAFILE" value="'.$conf->global->GEOIPMAXMIND_COUNTRY_DATAFILE.'">';
+print '<input size="50" type="text" name="GEOIPMAXMIND_COUNTRY_DATAFILE" value="'.dol_escape_htmltag($conf->global->GEOIPMAXMIND_COUNTRY_DATAFILE).'">';
 print '</td></tr>';
 print '</table>';
@ -148,7 +153,7 @@ print $langs->trans("YouCanDownloadAdvancedDatFileTo", '<a href="'.$url2.'" targ
 if ($geoip)
 {
 	print '<br><br>';
-	print '<br>'.$langs->trans("TestGeoIPResult", $ip).':';
+	print '<br><span class="opacitymedium">'.$langs->trans("TestGeoIPResult", $ip).':</span>';
 	$ip = '24.24.24.24';
 	print '<br>'.$ip.' -> ';
--- a/htdocs/admin/perms.php
+++ b/htdocs/admin/perms.php
@ -128,9 +128,10 @@ print '<table class="noborder centpercent">';
 print '<tr class="liste_titre">';
 print '<td>'.$langs->trans("Module").'</td>';
 print '<td class="center">&nbsp;</td>';
 print '<td class="center">'.$langs->trans("Default").'</td>';
 print '<td class="center">&nbsp;</td>';
 print '<td>'.$langs->trans("Permissions").'</td>';
 if ($user->admin) print '<td class="right">'.$langs->trans("ID").'</td>';
 print '</tr>'."\n";
 //print "xx".$conf->global->MAIN_USE_ADVANCED_PERMS;
@ -178,7 +179,6 @@ if ($result)
        $found = false;
        foreach ($modules[$obj->module]->rights as $key => $val)
        {
        	$rights_class = $objMod->rights_class;
        	if ($val[4] == $obj->perms && (empty($val[5]) || $val[5] == $obj->subperms))
        	{
        		$found = true;
@ -209,6 +209,8 @@ if ($result)
           	print '<td>&nbsp;</td>';
            print '<td>&nbsp;</td>';
            print '<td>&nbsp;</td>';
            // Permission id
            if ($user->admin) print '<td class="right"></td>';
            print '</tr>'."\n";
        }
@ -223,15 +225,21 @@ if ($result)
 		// Tick
 		if ($obj->bydefault == 1)
 		{
-			print '<td>';
+			print '<td class="center">';
-			print '<a class="reposition" href="perms.php?pid='.$obj->id.'&amp;action=remove">'.img_edit_remove().'</a>';
+			print '<a class="reposition" href="perms.php?pid='.$obj->id.'&amp;action=remove">';
 			//print img_edit_remove();
 			print img_picto('', 'switch_on');
 			print '</a>';
 			print '</td>';
 			print '<td class="center">';
-			print img_picto($langs->trans("Active"), 'tick');
+			//print img_picto($langs->trans("Active"), 'tick');
 			print '</td>';
 		} else {
-			print '<td>';
+			print '<td class="center">';
-			print '<a class="reposition" href="perms.php?pid='.$obj->id.'&amp;action=add">'.img_edit_add().'</a>';
+			print '<a class="reposition" href="perms.php?pid='.$obj->id.'&amp;action=add">';
 			//print img_edit_add();
 			print img_picto('', 'switch_off');
 			print '</a>';
 			print '</td>';
 			print '<td class="center">';
 			print '&nbsp;';
@ -241,6 +249,9 @@ if ($result)
 		// Permission and tick
        print '<td>'.$perm_libelle.'</td>';
        // Permission id
        if ($user->admin) print '<td class="right"><span class="opacitymedium">'.$obj->id.'</span></td>';
        print '</tr>'."\n";
        $i++;
--- a/htdocs/admin/stock.php
+++ b/htdocs/admin/stock.php
@ -23,7 +23,7 @@
 /**
 *	\file       htdocs/admin/stock.php
 *	\ingroup    stock
- *	\brief      Page d'administration/configuration du module gestion de stock
+ *	\brief      Page to setup module stock
 */
 require '../main.inc.php';
 require_once DOL_DOCUMENT_ROOT.'/core/lib/admin.lib.php';
@ -760,76 +760,6 @@ print '</table>';
 print '</form>';
 /*
 print '<br>';
 if ($conf->global->MAIN_FEATURES_LEVEL >= 2)
 {
 	print '<table class="noborder centpercent">';
 	print '<tr class="liste_titre">';
 	print '<td>'.$langs->trans("Inventory").'</td>'."\n";
 	print '<td class="right">'.$langs->trans("Status").'</td>'."\n";
 	print '</tr>'."\n";
 	// Example with a yes / no select
 	print '<tr class="oddeven">';
 	print '<td>'.$langs->trans("INVENTORY_DISABLE_VIRTUAL").'</td>';
 	print '<td class="center">';
 	if ($conf->use_javascript_ajax) {
 		print ajax_constantonoff('INVENTORY_DISABLE_VIRTUAL');
 	} else {
 		$arrval = array('0' => $langs->trans("No"), '1' => $langs->trans("Yes"));
 		print $form->selectarray("INVENTORY_DISABLE_VIRTUAL", $arrval, $conf->global->INVENTORY_DISABLE_VIRTUAL);
 	}
 	print '</td></tr>';
 	// Example with a yes / no select
    print '<tr class="oddeven">';
 	print '<td>'.$langs->trans("INVENTORY_USE_MIN_PA_IF_NO_LAST_PA").'</td>';
 	print '<td class="center">';
  	if ($conf->use_javascript_ajax) {
  		print ajax_constantonoff('INVENTORY_USE_MIN_PA_IF_NO_LAST_PA');
  	} else {
  		$arrval = array('0' => $langs->trans("No"), '1' => $langs->trans("Yes"));
  		print $form->selectarray("INVENTORY_USE_MIN_PA_IF_NO_LAST_PA", $arrval, $conf->global->INVENTORY_USE_MIN_PA_IF_NO_LAST_PA);
  	}
  	print '</td></tr>';
  	// Example with a yes / no select
 	print '<tr class="oddeven">';
 	print '<td>'.$langs->trans("INVENTORY_USE_INVENTORY_DATE_FOR_DATE_OF_MVT").'</td>';
 	print '<td class="right">';
 	if ($conf->use_javascript_ajax) {
    	print ajax_constantonoff('INVENTORY_USE_INVENTORY_DATE_FOR_DATE_OF_MVT');
 	} else {
    	$arrval = array('0' => $langs->trans("No"), '1' => $langs->trans("Yes"));
    	print $form->selectarray("INVENTORY_USE_INVENTORY_DATE_FOR_DATE_OF_MVT", $arrval, $conf->global->INVENTORY_USE_INVENTORY_DATE_FOR_DATE_OF_MVT);
 	}
 	print '</td></tr>';
 	print '</table>';
 }
 */
 /* I keep the option/feature, but hidden to end users for the moment. If feature is used by module, no need to have users see it.
 If not used by a module, I still need to understand in which case user may need this now we can set rule on product page.
 if ($conf->global->PRODUIT_SOUSPRODUITS)
 {
 	print '<tr class="oddeven">';
 	print '<td>'.$langs->trans("IndependantSubProductStock").'</td>';
 	print '<td class="right">';
 	print "<form method=\"post\" action=\"stock.php\">";
 	print '<input type="hidden" name="token" value="'.newToken().'">';
 	print "<input type=\"hidden\" name=\"action\" value=\"INDEPENDANT_SUBPRODUCT_STOCK\">";
 	print $form->selectyesno("INDEPENDANT_SUBPRODUCT_STOCK",$conf->global->INDEPENDANT_SUBPRODUCT_STOCK,1);
 	print '<input type="submit" class="button" value="'.$langs->trans("Modify").'">';
 	print '</form>';
 	print "</td>\n";
 	print "</tr>\n";
 }
 */
 // End of page
 llxFooter();
 $db->close();
--- a/htdocs/admin/syslog.php
+++ b/htdocs/admin/syslog.php
@ -212,6 +212,12 @@ foreach ($syslogModules as $moduleName)
 	print '<td width="140">';
 	print '<input class="oddeven" type="checkbox" name="SYSLOG_HANDLERS[]" value="'.$moduleName.'" '.(in_array($moduleName, $activeModules) ? 'checked' : '').($moduleactive <= 0 ? 'disabled' : '').'> ';
 	print $module->getName();
 	if ($moduleName == 'mod_syslog_syslog') {
 		if (! $module->isActive()) {
 			$langs->load("errors");
 			print $form->textwithpicto('', $langs->trans("ErrorPHPNeedModule", 'SysLog'));
 		}
 	}
 	print '</td>';
 	print '<td class="nowrap">';
--- a/htdocs/admin/system/filecheck.php
+++ b/htdocs/admin/system/filecheck.php
@ -91,6 +91,7 @@ if (preg_match('/beta|alpha|rc/i', DOL_VERSION) || !empty($conf->global->MAIN_AL
 $enableremotecheck = true;
 print '<form name="check" action="'.$_SERVER["PHP_SELF"].'">';
 print '<input type="hidden" name="token" value="'.newToken().'">';
 print $langs->trans("MakeIntegrityAnalysisFrom").':<br>';
 print '<!-- for a local check target=local&xmlshortfile=... -->'."\n";
 if (dol_is_file($xmlfile))
--- a/htdocs/admin/tools/listevents.php
+++ b/htdocs/admin/tools/listevents.php
@ -226,6 +226,7 @@ if ($result)
    }
 	print '<form method="POST" action="'.$_SERVER["PHP_SELF"].'">';
 	print '<input type="hidden" name="token" value="'.newToken().'">';
    print_barre_liste($langs->trans("ListOfSecurityEvents"), $page, $_SERVER["PHP_SELF"], $param, $sortfield, $sortorder, $center, $num, $nbtotalofrecords, 'setup', 0, '', '', $limit);
--- a/htdocs/admin/website.php
+++ b/htdocs/admin/website.php
@ -411,7 +411,7 @@ print "<br>\n";
 // Confirmation de la suppression de la ligne
 if ($action == 'delete')
 {
-    print $form->formconfirm($_SERVER["PHP_SELF"].'?'.($page ? 'page='.$page.'&' : '').'sortfield='.$sortfield.'&sortorder='.$sortorder.'&rowid='.$rowid, $langs->trans('DeleteWebsite'), $langs->trans('ConfirmDeleteWebsite'), 'confirm_delete', '', 0, 1);
+    print $form->formconfirm($_SERVER["PHP_SELF"].'?'.($page ? 'page='.$page.'&' : '').'sortfield='.$sortfield.'&sortorder='.$sortorder.'&rowid='.$rowid, $langs->trans('DeleteWebsite'), $langs->trans('ConfirmDeleteWebsite'), 'confirm_delete', '', 0, 1, 220);
 }
 //var_dump($elementList);
--- a/htdocs/asset/card.php
+++ b/htdocs/asset/card.php
@ -37,7 +37,7 @@ $ref        = GETPOST('ref', 'alpha');
 $action     = GETPOST('action', 'aZ09');
 $confirm    = GETPOST('confirm', 'alpha');
 $cancel     = GETPOST('cancel', 'aZ09');
-$contextpage = GETPOST('contextpage', 'aZ') ?GETPOST('contextpage', 'aZ') : 'myobjectcard'; // To manage different context of search
+$contextpage = GETPOST('contextpage', 'aZ') ?GETPOST('contextpage', 'aZ') : 'assetcard'; // To manage different context of search
 $backtopage = GETPOST('backtopage', 'alpha');
 $backtopageforcancel = GETPOST('backtopageforcancel', 'alpha');
@ -65,6 +65,9 @@ if (empty($action) && empty($id) && empty($ref)) $action = 'view';
 // Load object
 include DOL_DOCUMENT_ROOT.'/core/actions_fetchobject.inc.php'; // Must be include, not include_once.
 // Security check
 if (!empty($user->socid)) $socid = $user->socid;
 $result = restrictedArea($user, 'asset', $id);
 $permissiontoread = $user->rights->asset->read;
 $permissiontoadd = $user->rights->asset->write; // Used by the include of actions_addupdatedelete.inc.php and actions_lineupdown.inc.php
--- a/htdocs/asset/class/asset.class.php
+++ b/htdocs/asset/class/asset.class.php
@ -55,6 +55,10 @@ class Asset extends CommonObject
 	public $picto = 'asset';
 	const STATUS_DRAFT = 0;
 	const STATUS_VALIDATED = 1;
 	/**
 	 *  'type' if the field format.
 	 *  'label' the translation key.
@ -390,31 +394,16 @@ class Asset extends CommonObject
        // phpcs:enable
 		global $langs;
-		if ($mode == 0 || $mode == 1)
+		$langs->load("contracts");
-		{
+		$labelStatus[self::STATUS_DRAFT] = $langs->trans('Disabled');
-			if ($status == 1) return $langs->trans('Enabled');
+		$labelStatus[self::STATUS_VALIDATED] = $langs->trans('Enabled');
-			elseif ($status == 0) return $langs->trans('Disabled');
+		$labelStatusShort[self::STATUS_DRAFT] = $langs->trans('Disabled');
-		} elseif ($mode == 2)
+		$labelStatusShort[self::STATUS_VALIDATED] = $langs->trans('Enabled');
-		{
+
-			if ($status == 1) return img_picto($langs->trans('Enabled'), 'statut4').' '.$langs->trans('Enabled');
+		$statusType = 'status0';
-			elseif ($status == 0) return img_picto($langs->trans('Disabled'), 'statut5').' '.$langs->trans('Disabled');
+		if ($status == self::STATUS_VALIDATED) $statusType = 'status4';
-		} elseif ($mode == 3)
+
-		{
+		return dolGetStatus($labelStatus[$status], $labelStatusShort[$status], '', $statusType, $mode);
 			if ($status == 1) return img_picto($langs->trans('Enabled'), 'statut4');
 			elseif ($status == 0) return img_picto($langs->trans('Disabled'), 'statut5');
 		} elseif ($mode == 4)
 		{
 			if ($status == 1) return img_picto($langs->trans('Enabled'), 'statut4').' '.$langs->trans('Enabled');
 			elseif ($status == 0) return img_picto($langs->trans('Disabled'), 'statut5').' '.$langs->trans('Disabled');
 		} elseif ($mode == 5)
 		{
 			if ($status == 1) return $langs->trans('Enabled').' '.img_picto($langs->trans('Enabled'), 'statut4');
 			elseif ($status == 0) return $langs->trans('Disabled').' '.img_picto($langs->trans('Disabled'), 'statut5');
 		} elseif ($mode == 6)
 		{
 			if ($status == 1) return $langs->trans('Enabled').' '.img_picto($langs->trans('Enabled'), 'statut4');
 			elseif ($status == 0) return $langs->trans('Disabled').' '.img_picto($langs->trans('Disabled'), 'statut5');
 		}
 	}
 	/**
--- a/htdocs/asset/document.php
+++ b/htdocs/asset/document.php
@ -68,6 +68,10 @@ $extrafields->fetch_name_optionals_label($object->table_element);
 // Load object
 include DOL_DOCUMENT_ROOT.'/core/actions_fetchobject.inc.php'; // Must be include, not include_once  // Must be include, not include_once. Include fetch and fetch_thirdparty but not fetch_optionals
 // Security check
 if (!empty($user->socid)) $socid = $user->socid;
 $result = restrictedArea($user, 'asset', $id);
 //if ($id > 0 || ! empty($ref)) $upload_dir = $conf->sellyoursaas->multidir_output[$object->entity] . "/packages/" . dol_sanitizeFileName($object->id);
 if ($id > 0 || !empty($ref)) $upload_dir = $conf->sellyoursaas->multidir_output[$object->entity]."/packages/".dol_sanitizeFileName($object->ref);
--- a/htdocs/asset/info.php
+++ b/htdocs/asset/info.php
@ -35,15 +35,17 @@ $action = GETPOST('action', 'aZ09');
 // Security check
 if ($user->socid) $socid = $user->socid;
-$result = restrictedArea($user, 'asset', $id, '');
+$result = restrictedArea($user, 'asset', $id);
 $object = new Asset($db);
 $object->fetch($id);
 /*
 * Actions
 */
 // None
 /*
--- a/htdocs/asset/list.php
+++ b/htdocs/asset/list.php
@ -39,7 +39,7 @@ $show_files = GETPOST('show_files', 'int'); // Show files area generated by bulk
 $confirm    = GETPOST('confirm', 'alpha'); // Result of a confirmation
 $cancel     = GETPOST('cancel', 'alpha'); // We click on a Cancel button
 $toselect   = GETPOST('toselect', 'array'); // Array of ids of elements selected into a list
-$contextpage = GETPOST('contextpage', 'aZ') ?GETPOST('contextpage', 'aZ') : 'assetslist'; // To manage different context of search
+$contextpage = GETPOST('contextpage', 'aZ') ?GETPOST('contextpage', 'aZ') : 'assetlist'; // To manage different context of search
 $backtopage = GETPOST('backtopage', 'alpha'); // Go back to a dedicated page
 $optioncss  = GETPOST('optioncss', 'aZ'); // Option for the css output (always '' except when 'print')
@ -73,12 +73,15 @@ if (!$sortorder) $sortorder = "ASC";
 // Security check
 $socid = 0;
 if ($user->socid) $socid = $user->socid;
 if ($user->socid > 0)	// Protection if external user
 {
 	//$socid = $user->socid;
 	accessforbidden();
 }
-//$result = restrictedArea($user, 'asset', $id,'');
+// Security check
 $result = restrictedArea($user, 'asset', $id);
 // Initialize array of search criterias
 $search_all = GETPOST("search_all", 'alpha');
--- a/htdocs/asset/note.php
+++ b/htdocs/asset/note.php
@ -54,6 +54,10 @@ $extrafields->fetch_name_optionals_label($object->table_element);
 include DOL_DOCUMENT_ROOT.'/core/actions_fetchobject.inc.php'; // Must be include, not include_once  // Must be include, not include_once. Include fetch and fetch_thirdparty but not fetch_optionals
 if ($id > 0 || !empty($ref)) $upload_dir = $conf->asset->multidir_output[$object->entity]."/".$object->id;
 // Security check
 if (!empty($user->socid)) $socid = $user->socid;
 $result = restrictedArea($user, 'asset', $id);
 $permissionnote = 1;
 //$permissionnote=$user->rights->asset->creer;	// Used by the include of actions_setnotes.inc.php
--- a/htdocs/blockedlog/admin/blockedlog_list.php
+++ b/htdocs/blockedlog/admin/blockedlog_list.php
@ -311,6 +311,7 @@ if (GETPOST('withtab', 'alpha')) $param .= '&withtab='.urlencode(GETPOST('withta
 //include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_list_search_param.tpl.php';
 print '<form method="POST" id="searchFormList" action="'.$_SERVER["PHP_SELF"].'">';
 print '<input type="hidden" name="token" value="'.newToken().'">';
 print '<div class="right">';
 print $langs->trans("RestrictYearToExport").': ';
--- a/htdocs/bookmarks/list.php
+++ b/htdocs/bookmarks/list.php
@ -32,7 +32,7 @@ $massaction = GETPOST('massaction', 'alpha');
 $show_files = GETPOST('show_files', 'int');
 $confirm = GETPOST('confirm', 'alpha');
 $toselect = GETPOST('toselect', 'array');
-$contextpage = GETPOST('contextpage', 'aZ') ?GETPOST('contextpage', 'aZ') : 'myobjectlist'; // To manage different context of search
+$contextpage = GETPOST('contextpage', 'aZ') ?GETPOST('contextpage', 'aZ') : 'bookmarklist'; // To manage different context of search
 // Security check
 if (!$user->rights->bookmark->lire) {
--- a/htdocs/categories/card.php
+++ b/htdocs/categories/card.php
@ -88,6 +88,10 @@ if ($action == 'add' && $user->rights->categorie->creer)
 		{
 			header("Location: ".$urlfrom);
 			exit;
 		} elseif ($backtopage)
 		{
 			header("Location: ".$backtopage);
 			exit;
 		} elseif ($idProdOrigin)
 		{
 			header("Location: ".DOL_URL_ROOT.'/categories/viewcat.php?id='.$idProdOrigin.'&type='.$type);
@ -235,13 +239,13 @@ if ($user->rights->categorie->creer)
 		// Ref
 		print '<tr>';
-		print '<td class="titlefieldcreate fieldrequired">'.$langs->trans("Ref").'</td><td><input id="label" class="minwidth100" name="label" value="'.$label.'">';
+		print '<td class="titlefieldcreate fieldrequired">'.$langs->trans("Ref").'</td><td><input id="label" class="minwidth100" name="label" value="'.dol_escape_htmltag($label).'">';
 		print'</td></tr>';
 		// Description
 		print '<tr><td class="tdtop">'.$langs->trans("Description").'</td><td>';
 		require_once DOL_DOCUMENT_ROOT.'/core/class/doleditor.class.php';
-		$doleditor = new DolEditor('description', $description, '', 200, 'dolibarr_notes', '', false, true, $conf->global->FCKEDITOR_ENABLE_PRODUCTDESC, ROWS_6, '90%');
+		$doleditor = new DolEditor('description', $description, '', 160, 'dolibarr_notes', '', false, true, $conf->global->FCKEDITOR_ENABLE_PRODUCTDESC, ROWS_5, '90%');
 		$doleditor->Create();
 		print '</td></tr>';
--- a/htdocs/categories/class/categorie.class.php
+++ b/htdocs/categories/class/categorie.class.php
@ -1616,9 +1616,10 @@ class Categorie extends CommonObject
 	 *	@param		int		$withpicto		0=No picto, 1=Include picto into link, 2=Only picto
 	 *	@param		string	$option			Sur quoi pointe le lien ('', 'xyz')
 	 * 	@param		int		$maxlength		Max length of text
 	 *  @param		string	$moreparam		More param on URL link
 	 *	@return		string					Chaine avec URL
 	 */
-	public function getNomUrl($withpicto = 0, $option = '', $maxlength = 0)
+	public function getNomUrl($withpicto = 0, $option = '', $maxlength = 0, $moreparam = '')
 	{
 		global $langs;
@ -1632,7 +1633,7 @@ class Categorie extends CommonObject
 			if (colorIsLight($this->color)) $forced_color = 'categtextblack';
 		}
-		$link = '<a href="'.DOL_URL_ROOT.'/categories/viewcat.php?id='.$this->id.'&type='.$this->type.'&backtopage='.urlencode($_SERVER['PHP_SELF']).'" title="'.dol_escape_htmltag($label, 1).'" class="classfortooltip '.$forced_color.'">';
+		$link = '<a href="'.DOL_URL_ROOT.'/categories/viewcat.php?id='.$this->id.'&type='.$this->type.$moreparam.'&backtopage='.urlencode($_SERVER['PHP_SELF'].($moreparam?'?'.$moreparam:'')).'" title="'.dol_escape_htmltag($label, 1).'" class="classfortooltip '.$forced_color.'">';
 		$linkend = '</a>';
 		$picto = 'category';
--- a/htdocs/categories/index.php
+++ b/htdocs/categories/index.php
@ -39,6 +39,7 @@ if (!$user->rights->categorie->lire) accessforbidden();
 $id = GETPOST('id', 'int');
 $type = (GETPOST('type', 'aZ09') ? GETPOST('type', 'aZ09') : Categorie::TYPE_PRODUCT);
 $catname = GETPOST('catname', 'alpha');
 $nosearch = GETPOST('nosearch', 'int');
 $categstatic = new Categorie($db);
 if (is_numeric($type)) $type = Categorie::$MAP_ID_TO_CODE[$type]; // For backward compatibility
@ -50,6 +51,8 @@ if (is_numeric($type)) $type = Categorie::$MAP_ID_TO_CODE[$type]; // For backwar
 $form = new Form($db);
 $moreparam = ($nosearch ? '&nosearch=1' : '');
 $typetext = $type;
 if ($type == Categorie::TYPE_ACCOUNT) 			$title = $langs->trans('AccountsCategoriesArea');
 elseif ($type == Categorie::TYPE_WAREHOUSE) 	$title = $langs->trans('StocksCategoriesArea');
@ -64,70 +67,69 @@ $arrayofcss = array('/includes/jquery/plugins/jquerytreeview/jquery.treeview.css
 llxHeader('', $title, '', '', 0, 0, $arrayofjs, $arrayofcss);
 $newcardbutton = '';
 if (!empty($user->rights->categorie->creer)) {
-	$newcardbutton .= dolGetButtonTitle($langs->trans('NewCategory'), '', 'fa fa-plus-circle', DOL_URL_ROOT.'/categories/card.php?action=create&type='.$type.'&backtopage='.urlencode($_SERVER["PHP_SELF"].'?type='.$type));
+	$newcardbutton .= dolGetButtonTitle($langs->trans('NewCategory'), '', 'fa fa-plus-circle', DOL_URL_ROOT.'/categories/card.php?action=create&type='.$type.'&backtopage='.urlencode($_SERVER["PHP_SELF"].'?type='.$type.$moreparam).$moreparam);
 }
 print load_fiche_titre($title, $newcardbutton, 'object_category');
-print '<div class="fichecenter"><div class="fichethirdleft">';
+// Search categories
 if (empty($nosearch)) {
 	print '<div class="fichecenter"><div class="fichehalfleft">';
-/*
+	print '<form method="post" action="index.php?type='.$type.'">';
- * Zone recherche produit/service
+	print '<input type="hidden" name="token" value="'.newToken().'">';
- */
+	print '<input type="hidden" name="type" value="'.$type.'">';
-print '<form method="post" action="index.php?type='.$type.'">';
+	print '<input type="hidden" name="nosearch" value="'.$nosearch.'">';
 print '<input type="hidden" name="token" value="'.newToken().'">';
 print '<input type="hidden" name="type" value="'.$type.'">';
-print '<table class="noborder nohover centpercent">';
+	print '<table class="noborder nohover centpercent">';
-print '<tr class="liste_titre">';
+	print '<tr class="liste_titre">';
-print '<td colspan="3">'.$langs->trans("Search").'</td>';
+	print '<td colspan="3">'.$langs->trans("Search").'</td>';
-print '</tr>';
+	print '</tr>';
-print '<tr class="oddeven nohover"><td>';
+	print '<tr class="oddeven nohover"><td>';
-print $langs->trans("Name").':</td><td><input class="flat inputsearch" type="text" name="catname" value="'.$catname.'"/></td><td><input type="submit" class="button" value="'.$langs->trans("Search").'"></td></tr>';
+	print $langs->trans("Name").':</td><td><input class="flat inputsearch" type="text" name="catname" value="'.$catname.'"/></td><td><input type="submit" class="button" value="'.$langs->trans("Search").'"></td></tr>';
-print '</table></form>';
+	print '</table></form>';
-print '</div><div class="fichetwothirdright"><div class="ficheaddleft">';
+	print '</div><div class="fichehalfright">';
-/*
+	/*
- * Categories found
+	 * Categories found
- */
+	 */
-if ($catname || $id > 0)
+	if ($catname || $id > 0)
 {
 	$cats = $categstatic->rechercher($id, $catname, $typetext);
 	print '<table class="noborder centpercent">';
 	print '<tr class="liste_titre"><td colspan="2">'.$langs->trans("FoundCats").'</td></tr>';
 	foreach ($cats as $cat)
 	{
-		print "\t".'<tr class="oddeven">'."\n";
+		$cats = $categstatic->rechercher($id, $catname, $typetext);
 		print "\t\t<td>";
 		$categstatic->id = $cat->id;
 		$categstatic->ref = $cat->label;
 		$categstatic->label = $cat->label;
 		$categstatic->type = $cat->type;
 		$categstatic->color = $cat->color;
 		print '<span class="noborderoncategories" '.($categstatic->color ? ' style="background: #'.$categstatic->color.';"' : ' style="background: #aaa"').'>';
 		print $categstatic->getNomUrl(1, '');
 		print '</span>';
 		print "</td>\n";
 		print "\t\t<td>";
 		print dolGetFirstLineOfText($cat->description);
 		print "</td>\n";
 		print "\t</tr>\n";
 	}
 	print "</table>";
 } else print '&nbsp;';
 		print '<table class="noborder centpercent">';
 		print '<tr class="liste_titre"><td colspan="2">'.$langs->trans("FoundCats").'</td></tr>';
-print '</div></div></div>';
+		foreach ($cats as $cat)
 		{
 			print "\t".'<tr class="oddeven">'."\n";
 			print "\t\t<td>";
 			$categstatic->id = $cat->id;
 			$categstatic->ref = $cat->label;
 			$categstatic->label = $cat->label;
 			$categstatic->type = $cat->type;
 			$categstatic->color = $cat->color;
 			print '<span class="noborderoncategories" '.($categstatic->color ? ' style="background: #'.$categstatic->color.';"' : ' style="background: #aaa"').'>';
 			print $categstatic->getNomUrl(1, '');
 			print '</span>';
 			print "</td>\n";
 			print "\t\t<td>";
 			print dolGetFirstLineOfText($cat->description);
 			print "</td>\n";
 			print "\t</tr>\n";
 		}
 		print "</table>";
 	} else print '&nbsp;';
 	print '</div></div>';
 }
 print '<div class="fichecenter"><br>';
@ -156,7 +158,7 @@ foreach ($fulltree as $key => $val)
 	$categstatic->ref = $val['label'];
 	$categstatic->color = $val['color'];
 	$categstatic->type = $type;
-	$li = $categstatic->getNomUrl(1, '', 60);
+	$li = $categstatic->getNomUrl(1, '', 60, $moreparam.'&backtolist='.urlencode($_SERVER["PHP_SELF"].'?type='.$type.$moreparam));
 	$desc = dol_htmlcleanlastbr($val['description']);
 	$counter = '';
@ -172,7 +174,7 @@ foreach ($fulltree as $key => $val)
 	'rowid'=>$val['rowid'],
 	'fk_menu'=>$val['fk_parent'],
 	'entry'=>'<table class="nobordernopadding centpercent"><tr><td><span class="noborderoncategories" '.($categstatic->color ? ' style="background: #'.$categstatic->color.';"' : ' style="background: #aaa"').'>'.$li.'</span></td>'.$counter.
-		'<td class="right" width="20px;"><a href="'.DOL_URL_ROOT.'/categories/viewcat.php?id='.$val['id'].'&type='.$type.'">'.img_view().'</a></td></tr></table>'
+		'<td class="right" width="20px;"><a href="'.DOL_URL_ROOT.'/categories/viewcat.php?id='.$val['id'].'&type='.$type.$moreparam.'&backtolist='.urlencode($_SERVER["PHP_SELF"].'?type='.$type.$moreparam).'">'.img_view().'</a></td></tr></table>'
 	);
 }
--- a/htdocs/categories/viewcat.php
+++ b/htdocs/categories/viewcat.php
@ -47,10 +47,11 @@ $show_files = GETPOST('show_files', 'int'); // Show files area generated by bulk
 $confirm    = GETPOST('confirm', 'alpha'); // Result of a confirmation
 $cancel     = GETPOST('cancel', 'alpha'); // We click on a Cancel button
 $toselect   = GETPOST('toselect', 'array'); // Array of ids of elements selected into a list
-$contextpage = GETPOST('contextpage', 'aZ') ?GETPOST('contextpage', 'aZ') : 'myobjectlist'; // To manage different context of search
+$contextpage = GETPOST('contextpage', 'aZ') ?GETPOST('contextpage', 'aZ') : 'categorylist'; // To manage different context of search
 $backtopage = GETPOST('backtopage', 'alpha'); // Go back to a dedicated page
 $optioncss  = GETPOST('optioncss', 'aZ'); // Option for the css output (always '' except when 'print')
 // Load variable for pagination
 $limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit;
 $sortfield = GETPOST('sortfield', 'aZ09comma');
--- a/htdocs/comm/action/list.php
+++ b/htdocs/comm/action/list.php
@ -519,20 +519,21 @@ if ($resql)
 	$viewmode .= '<span class="marginrightonly"></span>';
-    $newcardbutton = '';
+	$tmpforcreatebutton = dol_getdate(dol_now(), true);
    if ($user->rights->agenda->myactions->create || $user->rights->agenda->allactions->create)
    {
        $tmpforcreatebutton = dol_getdate(dol_now(), true);
-        $newparam .= '&month='.str_pad($month, 2, "0", STR_PAD_LEFT).'&year='.$tmpforcreatebutton['year'];
+	$newparam .= '&month='.str_pad($month, 2, "0", STR_PAD_LEFT).'&year='.$tmpforcreatebutton['year'];
 	//$param='month='.$monthshown.'&year='.$year;
 	$hourminsec = '100000';
 	$url = DOL_URL_ROOT.'/comm/action/card.php?action=create';
 	$url .= '&datep='.sprintf("%04d%02d%02d", $tmpforcreatebutton['year'], $tmpforcreatebutton['mon'], $tmpforcreatebutton['mday']).$hourminsec;
 	$url .= '&backtopage='.urlencode($_SERVER["PHP_SELF"].($newparam ? '?'.$newparam : ''));
 	$newcardbutton = dolGetButtonTitle($langs->trans('AddAction'), '', 'fa fa-plus-circle', $url, '', $user->rights->agenda->myactions->create || $user->rights->agenda->allactions->create);
        //$param='month='.$monthshown.'&year='.$year;
        $hourminsec = '100000';
        $newcardbutton .= dolGetButtonTitle($langs->trans('AddAction'), '', 'fa fa-plus-circle', DOL_URL_ROOT.'/comm/action/card.php?action=create&datep='.sprintf("%04d%02d%02d", $tmpforcreatebutton['year'], $tmpforcreatebutton['mon'], $tmpforcreatebutton['mday']).$hourminsec.'&backtopage='.urlencode($_SERVER["PHP_SELF"].($newparam ? '?'.$newparam : '')));
    }
 	$param .= '&action='.$action;
 	print_barre_liste($langs->trans("Agenda"), $page, $_SERVER["PHP_SELF"], $param, $sortfield, $sortorder, $massactionbutton, $num, -1 * $nbtotalofrecords, 'object_action', 0, $nav.$newcardbutton, '', $limit, 0, 0, 1, $viewmode);
 	print $s;
--- a/htdocs/comm/action/peruser.php
+++ b/htdocs/comm/action/peruser.php
@ -110,8 +110,8 @@ if ($dateselect > 0)
 $tmp = empty($conf->global->MAIN_DEFAULT_WORKING_HOURS) ? '9-18' : $conf->global->MAIN_DEFAULT_WORKING_HOURS;
 $tmp = str_replace(' ', '', $tmp); // FIX 7533
 $tmparray = explode('-', $tmp);
-$begin_h = GETPOST('begin_h', 'int') != '' ?GETPOST('begin_h', 'int') : ($tmparray[0] != '' ? $tmparray[0] : 9);
+$begin_h = GETPOST('begin_h', 'int') != '' ? GETPOST('begin_h', 'int') : ($tmparray[0] != '' ? $tmparray[0] : 9);
-$end_h   = GETPOST('end_h', 'int') ?GETPOST('end_h', 'int') : ($tmparray[1] != '' ? $tmparray[1] : 18);
+$end_h   = GETPOST('end_h', 'int') ? GETPOST('end_h', 'int') : ($tmparray[1] != '' ? $tmparray[1] : 18);
 if ($begin_h < 0 || $begin_h > 23) $begin_h = 9;
 if ($end_h < 1 || $end_h > 24) $end_h = 18;
 if ($end_h <= $begin_h) $end_h = $begin_h + 1;
--- a/htdocs/comm/card.php
+++ b/htdocs/comm/card.php
@ -591,7 +591,7 @@ if ($object->id > 0)
 		$icon = 'bill';
 		if ($link) $boxstat .= '<a href="'.$link.'" class="boxstatsindicator thumbstat nobold nounderline">';
 		$boxstat .= '<div class="boxstats" title="'.dol_escape_htmltag($text).'">';
-		$boxstat .= '<span class="boxstatstext">'.img_object("", $icon).' '.$text.'</span><br>';
+		$boxstat .= '<span class="boxstatstext">'.img_object("", $icon).' <span>'.$text.'</span></span><br>';
 		$boxstat .= '<span class="boxstatsindicator">'.price($outstandingTotal, 1, $langs, 1, -1, -1, $conf->currency).'</span>';
 		$boxstat .= '</div>';
 		if ($link) $boxstat .= '</a>';
@ -609,7 +609,7 @@ if ($object->id > 0)
 		$icon = 'bill';
 		if ($link) $boxstat .= '<a href="'.$link.'" class="boxstatsindicator thumbstat nobold nounderline">';
 		$boxstat .= '<div class="boxstats" title="'.dol_escape_htmltag($text).'">';
-		$boxstat .= '<span class="boxstatstext">'.img_object("", $icon).' '.$text.'</span><br>';
+		$boxstat .= '<span class="boxstatstext">'.img_object("", $icon).' <span>'.$text.'</span></span><br>';
 		$boxstat .= '<span class="boxstatsindicator">'.price($outstandingTotal, 1, $langs, 1, -1, -1, $conf->currency).'</span>';
 		$boxstat .= '</div>';
 		if ($link) $boxstat .= '</a>';
@ -627,7 +627,7 @@ if ($object->id > 0)
 		$icon = 'bill';
 		if ($link) $boxstat .= '<a href="'.$link.'" class="boxstatsindicator thumbstat nobold nounderline">';
 		$boxstat .= '<div class="boxstats" title="'.dol_escape_htmltag($text).'">';
-		$boxstat .= '<span class="boxstatstext">'.img_object("", $icon).' '.$text.'</span><br>';
+		$boxstat .= '<span class="boxstatstext">'.img_object("", $icon).' <span>'.$text.'</span></span><br>';
 		$boxstat .= '<span class="boxstatsindicator">'.price($outstandingTotal, 1, $langs, 1, -1, -1, $conf->currency).'</span>';
 		$boxstat .= '</div>';
 		if ($link) $boxstat .= '</a>';
@ -643,7 +643,7 @@ if ($object->id > 0)
 		$icon = 'bill';
 		if ($link) $boxstat .= '<a href="'.$link.'" class="boxstatsindicator thumbstat nobold nounderline">';
 		$boxstat .= '<div class="boxstats" title="'.dol_escape_htmltag($text).'">';
-		$boxstat .= '<span class="boxstatstext">'.img_object("", $icon).' '.$text.'</span><br>';
+		$boxstat .= '<span class="boxstatstext">'.img_object("", $icon).' <span>'.$text.'</span></span><br>';
 		$boxstat .= '<span class="boxstatsindicator'.($outstandingOpened > 0 ? ' amountremaintopay' : '').'">'.price($outstandingOpened, 1, $langs, 1, -1, -1, $conf->currency).$warn.'</span>';
 		$boxstat .= '</div>';
 		if ($link) $boxstat .= '</a>';
--- a/htdocs/comm/index.php
+++ b/htdocs/comm/index.php
@ -58,7 +58,7 @@ if (isset($user->socid) && $user->socid > 0) {
 	$socid = $user->socid;
 }
-$max = 3;
+$max = $conf->global->MAIN_SIZE_SHORTLIST_LIMIT;
 $now = dol_now();
 /*
@ -523,7 +523,7 @@ if ($user->rights->agenda->myactions->read) {
 * Actions to do
 */
 if ($user->rights->agenda->myactions->read) {
-	show_array_actions_to_do(10);
+	show_array_actions_to_do($max);
 }
@ -545,12 +545,12 @@ if (!empty($conf->contrat->enabled) && $user->rights->contrat->lire && 0) { // T
 	if (!$user->rights->societe->client->voir && !$socid) $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
 	if ($socid) $sql .= " AND s.rowid = ".$socid;
 	$sql .= " ORDER BY c.tms DESC";
-	$sql .= $db->plimit(5, 0);
+	$sql .= $db->plimit($max + 1, 0);
 	$resql = $db->query($sql);
 	if ($resql) {
 		$num = $db->num_rows($resql);
-		startSimpleTable($langs->trans("LastContracts", 5), "", "", 2);
+		startSimpleTable($langs->trans("LastContracts", $max), "", "", 2);
 		if ($num > 0) {
 			$i = 0;
@ -604,17 +604,26 @@ if (!empty($conf->propal->enabled) && $user->rights->propal->lire) {
 	$resql = $db->query($sql);
 	if ($resql) {
-		$total = 0;
+		$total = $total_ttc = 0;
 		$num = $db->num_rows($resql);
 		$nbofloop = min($num, (empty($conf->global->MAIN_MAXLIST_OVERLOAD) ? 500 : $conf->global->MAIN_MAXLIST_OVERLOAD));
 		startSimpleTable("ProposalsOpened", "comm/propal/list.php", "search_status=1", 4, $num);
 		if ($num > 0) {
 			$i = 0;
 			$othernb = 0;
 			while ($i < $nbofloop) {
 				$obj = $db->fetch_object($resql);
 				if ($i >= $max) {
 					$othernb += 1;
 					$i++;
 					$total += $obj->total_ht;
 					$total_ttc += $obj->total_ttc;
 					continue;
 				}
 				$propalstatic->id = $obj->propalid;
 				$propalstatic->ref = $obj->ref;
 				$propalstatic->ref_client = $obj->ref_client;
@ -655,11 +664,20 @@ if (!empty($conf->propal->enabled) && $user->rights->propal->lire) {
 				print '</tr>';
 				$i++;
-				$total += (!empty($conf->global->MAIN_DASHBOARD_USE_TOTAL_HT) ? $obj->total_ht : $obj->total_ttc);
+				$total += $obj->total_ht;
 				$total_ttc += $obj->total_ttc;
 			}
 			if ($othernb) {
 				print '<tr class="oddeven">';
 				print '<td class="nowrap" colspan="5">';
 				print '<span class="opacitymedium">'.$langs->trans("More").'... ('.$othernb.')</span>';
 				print '</td>';
 				print "</tr>\n";
 			}
 		}
-		addSummaryTableLine(5, $num, $nbofloop, $total, "NoProposal", true);
+		addSummaryTableLine(5, $num, $nbofloop, empty($conf->global->MAIN_DASHBOARD_USE_TOTAL_HT) ? $total_ttc : $total, "NoProposal", true);
 		finishSimpleTable(true);
 		$db->free($resql);
@ -687,17 +705,26 @@ if (!empty($conf->commande->enabled) && $user->rights->commande->lire) {
 	$resql = $db->query($sql);
 	if ($resql) {
-		$total = 0;
+		$total = $total_ttc = 0;
 		$num = $db->num_rows($resql);
 		$nbofloop = min($num, (empty($conf->global->MAIN_MAXLIST_OVERLOAD) ? 500 : $conf->global->MAIN_MAXLIST_OVERLOAD));
 		startSimpleTable("OrdersOpened", "commande/list.php", "search_status=".Commande::STATUS_VALIDATED, 4, $num);
 		if ($num > 0) {
 			$i = 0;
 			$othernb = 0;
 			while ($i < $nbofloop) {
 				$obj = $db->fetch_object($resql);
 				if ($i >= $max) {
 					$othernb += 1;
 					$i++;
 					$total += $obj->total_ht;
 					$total_ttc += $obj->total_ttc;
 					continue;
 				}
 				$orderstatic->id = $obj->commandeid;
 				$orderstatic->ref = $obj->ref;
 				$orderstatic->ref_client = $obj->ref_client;
@ -738,11 +765,20 @@ if (!empty($conf->commande->enabled) && $user->rights->commande->lire) {
 				print '</tr>';
 				$i++;
-				$total +=(!empty($conf->global->MAIN_DASHBOARD_USE_TOTAL_HT) ? $obj->total_ht : $obj->total_ttc);
+				$total += $obj->total_ht;
 				$total_ttc += $obj->total_ttc;
 			}
 			if ($othernb) {
 				print '<tr class="oddeven">';
 				print '<td class="nowrap" colspan="5">';
 				print '<span class="opacitymedium">'.$langs->trans("More").'... ('.$othernb.')</span>';
 				print '</td>';
 				print "</tr>\n";
 			}
 		}
-		addSummaryTableLine(5, $num, $nbofloop, $total, "None", true);
+		addSummaryTableLine(5, $num, $nbofloop, empty($conf->global->MAIN_DASHBOARD_USE_TOTAL_HT) ? $total_ttc : $total, "None", true);
 		finishSimpleTable(true);
 		$db->free($resql);
--- a/htdocs/comm/propal/list.php
+++ b/htdocs/comm/propal/list.php
@ -480,11 +480,9 @@ if ($resql)
 	if (in_array($massaction, array('presend', 'predelete', 'closed'))) $arrayofmassactions = array();
 	$massactionbutton = $form->selectMassAction('', $arrayofmassactions);
-	$newcardbutton = '';
+	$url = DOL_URL_ROOT.'/comm/propal/card.php?action=create';
-	if ($user->rights->propal->creer)
+	if (!empty($socid)) $url .= '&socid='.$socid;
-	{
+	$newcardbutton = dolGetButtonTitle($langs->trans('NewPropal'), '', 'fa fa-plus-circle', $url, '', $user->rights->propal->creer);
 		$newcardbutton .= dolGetButtonTitle($langs->trans('NewPropal'), '', 'fa fa-plus-circle', DOL_URL_ROOT.'/comm/propal/card.php?action=create');
 	}
 	// Fields title search
 	print '<form method="POST" id="searchFormList" action="'.$_SERVER["PHP_SELF"].'">';
@ -638,12 +636,10 @@ if ($resql)
 	{
 		print '<td class="liste_titre center">';
 		print '<div class="nowrap">';
-		print $langs->trans('From').' ';
+		print $form->selectDate($search_date_start ? $search_date_start : -1, 'search_date_start', 0, 0, 1, '', 1, 0, 0, '', '', '', '', 1, '', $langs->trans('From'));
 		print $form->selectDate($search_date_start ? $search_date_start : -1, 'search_date_start', 0, 0, 1);
 		print '</div>';
 		print '<div class="nowrap">';
-		print $langs->trans('to').' ';
+		print $form->selectDate($search_date_end ? $search_date_end : -1, 'search_date_end', 0, 0, 1, '', 1, 0, 0, '', '', '', '', 1, '', $langs->trans('to'));
 		print $form->selectDate($search_date_end ? $search_date_end : -1, 'search_date_end', 0, 0, 1);
 		print '</div>';
 		print '</td>';
 	}
@ -652,12 +648,10 @@ if ($resql)
 	{
 		print '<td class="liste_titre center">';
 		print '<div class="nowrap">';
-		print $langs->trans('From').' ';
+		print $form->selectDate($search_dateend_start ? $search_dateend_start : -1, 'search_dateend_start', 0, 0, 1, '', 1, 0, 0, '', '', '', '', 1, '', $langs->trans('From'));
 		print $form->selectDate($search_dateend_start ? $search_dateend_start : -1, 'search_dateend_start', 0, 0, 1);
 		print '</div>';
 		print '<div class="nowrap">';
-		print $langs->trans('to').' ';
+		print $form->selectDate($search_dateend_end ? $search_dateend_end : -1, 'search_dateend_end', 0, 0, 1, '', 1, 0, 0, '', '', '', '', 1, '', $langs->trans('to'));
 		print $form->selectDate($search_dateend_end ? $search_dateend_end : -1, 'search_dateend_end', 0, 0, 1);
 		print '</div>';
 		print '</td>';
 	}
@ -666,12 +660,10 @@ if ($resql)
 	{
 		print '<td class="liste_titre center">';
 		print '<div class="nowrap">';
-		print $langs->trans('From').' ';
+		print $form->selectDate($search_datedelivery_start ? $search_datedelivery_start : -1, 'search_datedelivery_start', 0, 0, 1, '', 1, 0, 0, '', '', '', '', 1, '', $langs->trans('From'));
 		print $form->selectDate($search_datedelivery_start ? $search_datedelivery_start : -1, 'search_datedelivery_start', 0, 0, 1);
 		print '</div>';
 		print '<div class="nowrap">';
-		print $langs->trans('to').' ';
+		print $form->selectDate($search_datedelivery_end ? $search_datedelivery_end : -1, 'search_datedelivery_end', 0, 0, 1, '', 1, 0, 0, '', '', '', '', 1, '', $langs->trans('From'));
 		print $form->selectDate($search_datedelivery_end ? $search_datedelivery_end : -1, 'search_datedelivery_end', 0, 0, 1);
 		print '</div>';
 		print '</td>';
 	}
--- a/htdocs/commande/list.php
+++ b/htdocs/commande/list.php
@ -483,11 +483,9 @@ if ($resql)
 	if (in_array($massaction, array('presend', 'predelete', 'createbills'))) $arrayofmassactions = array();
 	$massactionbutton = $form->selectMassAction('', $arrayofmassactions);
-	$newcardbutton = '';
+	$url = DOL_URL_ROOT.'/commande/card.php?action=create';
-	if ($contextpage == 'orderlist' && $user->rights->commande->creer)
+	if (!empty($socid)) $url .= '&socid='.$socid;
-	{
+	$newcardbutton = dolGetButtonTitle($langs->trans('NewOrder'), '', 'fa fa-plus-circle', $url, '', $contextpage == 'orderlist' && $user->rights->commande->creer);
        $newcardbutton .= dolGetButtonTitle($langs->trans('NewOrder'), '', 'fa fa-plus-circle', DOL_URL_ROOT.'/commande/card.php?action=create');
    }
 	// Lines of title fields
 	print '<form method="POST" id="searchFormList" action="'.$_SERVER["PHP_SELF"].'">';
@ -632,31 +630,31 @@ if ($resql)
 	if (!empty($arrayfields['c.ref']['checked']))
 	{
 		print '<td class="liste_titre">';
-		print '<input class="flat" size="6" type="text" name="search_ref" value="'.$search_ref.'">';
+		print '<input class="flat" size="6" type="text" name="search_ref" value="'.dol_escape_htmltag($search_ref).'">';
 		print '</td>';
 	}
 	// Ref customer
 	if (!empty($arrayfields['c.ref_client']['checked']))
 	{
 		print '<td class="liste_titre" align="left">';
-		print '<input class="flat" type="text" size="6" name="search_ref_customer" value="'.$search_ref_customer.'">';
+		print '<input class="flat" type="text" size="6" name="search_ref_customer" value="'.dol_escape_htmltag($search_ref_customer).'">';
 		print '</td>';
 	}
 	// Project ref
 	if (!empty($arrayfields['p.ref']['checked']))
 	{
-		print '<td class="liste_titre"><input type="text" class="flat" size="6" name="search_project_ref" value="'.$search_project_ref.'"></td>';
+		print '<td class="liste_titre"><input type="text" class="flat" size="6" name="search_project_ref" value="'.dol_escape_htmltag($search_project_ref).'"></td>';
 	}
 	// Project title
 	if (!empty($arrayfields['p.title']['checked']))
 	{
-	    print '<td class="liste_titre"><input type="text" class="flat" size="6" name="search_project" value="'.$search_project.'"></td>';
+	    print '<td class="liste_titre"><input type="text" class="flat" size="6" name="search_project" value="'.dol_escape_htmltag($search_project).'"></td>';
 	}
 	// Thirpdarty
 	if (!empty($arrayfields['s.nom']['checked']))
 	{
 		print '<td class="liste_titre" align="left">';
-		print '<input class="flat" type="text" name="search_company" value="'.$search_company.'">';
+		print '<input class="flat" type="text" name="search_company" value="'.dol_escape_htmltag($search_company).'">';
 		print '</td>';
 	}
 	// Town
@ -689,12 +687,10 @@ if ($resql)
 	{
 		print '<td class="liste_titre center">';
 		print '<div class="nowrap">';
-		print $langs->trans('From').' ';
+		print $form->selectDate($search_dateorder_start ? $search_dateorder_start : -1, 'search_dateorder_start', 0, 0, 1, '', 1, 0, 0, '', '', '', '', 1, '', $langs->trans('From'));
 		print $form->selectDate($search_dateorder_start ? $search_dateorder_start : -1, 'search_dateorder_start', 0, 0, 1);
 		print '</div>';
 		print '<div class="nowrap">';
-		print $langs->trans('to').' ';
+		print $form->selectDate($search_dateorder_end ? $search_dateorder_end : -1, 'search_dateorder_end', 0, 0, 1, '', 1, 0, 0, '', '', '', '', 1, '', $langs->trans('to'));
 		print $form->selectDate($search_dateorder_end ? $search_dateorder_end : -1, 'search_dateorder_end', 0, 0, 1);
 		print '</div>';
 		print '</td>';
 	}
@ -702,12 +698,10 @@ if ($resql)
 	{
 		print '<td class="liste_titre center">';
 		print '<div class="nowrap">';
-		print $langs->trans('From').' ';
+		print $form->selectDate($search_datedelivery_start ? $search_datedelivery_start : -1, 'search_datedelivery_start', 0, 0, 1, '', 1, 0, 0, '', '', '', '', 1, '', $langs->trans('From'));
 		print $form->selectDate($search_datedelivery_start ? $search_datedelivery_start : -1, 'search_datedelivery_start', 0, 0, 1);
 		print '</div>';
 		print '<div class="nowrap">';
-		print $langs->trans('to').' ';
+		print $form->selectDate($search_datedelivery_end ? $search_datedelivery_end : -1, 'search_datedelivery_end', 0, 0, 1, '', 1, 0, 0, '', '', '', '', 1, '', $langs->trans('to'));
 		print $form->selectDate($search_datedelivery_end ? $search_datedelivery_end : -1, 'search_datedelivery_end', 0, 0, 1);
 		print '</div>';
 		print '</td>';
 	}
@ -715,14 +709,14 @@ if ($resql)
 	{
 		// Amount
 		print '<td class="liste_titre right">';
-		print '<input class="flat" type="text" size="4" name="search_total_ht" value="'.$search_total_ht.'">';
+		print '<input class="flat" type="text" size="4" name="search_total_ht" value="'.dol_escape_htmltag($search_total_ht).'">';
 		print '</td>';
 	}
 	if (!empty($arrayfields['c.total_vat']['checked']))
 	{
 		// Amount
 		print '<td class="liste_titre right">';
-		print '<input class="flat" type="text" size="4" name="search_total_vat" value="'.$search_total_vat.'">';
+		print '<input class="flat" type="text" size="4" name="search_total_vat" value="'.dol_escape_htmltag($search_total_vat).'">';
 		print '</td>';
 	}
 	if (!empty($arrayfields['c.total_ttc']['checked']))
--- a/htdocs/compta/bank/bankentries_list.php
+++ b/htdocs/compta/bank/bankentries_list.php
@ -811,19 +811,19 @@ if ($resql)
 	$moreforfilter .= '<div class="divsearchfield">';
 	$moreforfilter .= $langs->trans('DateOperationShort').' :';
 	$moreforfilter .= ($conf->browser->layout == 'phone' ? '<br>' : ' ');
-	$moreforfilter .= '<div class="nowrap inline-block">'.$langs->trans('From').' ';
+	$moreforfilter .= '<div class="nowrap inline-block">';
-	$moreforfilter .= $form->selectDate($search_dt_start, 'search_start_dt', 0, 0, 1, "search_form", 1, 0).'</div>';
+	$moreforfilter .= $form->selectDate($search_dt_start, 'search_start_dt', 0, 0, 1, "search_form", 1, 0, 0, '', '', '', '', 1, '', $langs->trans('From')).'</div>';
 	//$moreforfilter .= ' - ';
-	$moreforfilter .= '<div class="nowrap inline-block">'.$langs->trans('to').' '.$form->selectDate($search_dt_end, 'search_end_dt', 0, 0, 1, "search_form", 1, 0).'</div>';
+	$moreforfilter .= '<div class="nowrap inline-block">'.$form->selectDate($search_dt_end, 'search_end_dt', 0, 0, 1, "search_form", 1, 0, 0, '', '', '', '', 1, '', $langs->trans('to')).'</div>';
 	$moreforfilter .= '</div>';
 	$moreforfilter .= '<div class="divsearchfield">';
 	$moreforfilter .= $langs->trans('DateValueShort').' : ';
 	$moreforfilter .= ($conf->browser->layout == 'phone' ? '<br>' : ' ');
-	$moreforfilter .= '<div class="nowrap inline-block">'.$langs->trans('From').' ';
+	$moreforfilter .= '<div class="nowrap inline-block">';
-	$moreforfilter .= $form->selectDate($search_dv_start, 'search_start_dv', 0, 0, 1, "search_form", 1, 0).'</div>';
+	$moreforfilter .= $form->selectDate($search_dv_start, 'search_start_dv', 0, 0, 1, "search_form", 1, 0, 0, '', '', '', '', 1, '', $langs->trans('From')).'</div>';
 	//$moreforfilter .= ' - ';
-	$moreforfilter .= '<div class="nowrap inline-block">'.$langs->trans('to').' '.$form->selectDate($search_dv_end, 'search_end_dv', 0, 0, 1, "search_form", 1, 0).'</div>';
+	$moreforfilter .= '<div class="nowrap inline-block">'.$form->selectDate($search_dv_end, 'search_end_dv', 0, 0, 1, "search_form", 1, 0, 0, '', '', '', '', 1, '', $langs->trans('to')).'</div>';
 	$moreforfilter .= '</div>';
 	if (!empty($conf->categorie->enabled))
--- a/htdocs/compta/bank/list.php
+++ b/htdocs/compta/bank/list.php
@ -247,12 +247,7 @@ if ($user->rights->banque->supprimer) $arrayofmassactions['predelete'] = '<span
 if (in_array($massaction, array('presend', 'predelete'))) $arrayofmassactions = array();
 $massactionbutton = $form->selectMassAction('', $arrayofmassactions);
-$newcardbutton = '';
+$newcardbutton = dolGetButtonTitle($langs->trans('NewFinancialAccount'), '', 'fa fa-plus-circle', 'card.php?action=create', '', $user->rights->banque->configurer);
 if ($user->rights->banque->configurer)
 {
    $newcardbutton .= dolGetButtonTitle($langs->trans('NewFinancialAccount'), '', 'fa fa-plus-circle', 'card.php?action=create');
 }
 // Lines of title fields
 print '<form method="POST" id="searchFormList" action="'.$_SERVER["PHP_SELF"].'">';
--- a/htdocs/compta/bank/various_payment/list.php
+++ b/htdocs/compta/bank/various_payment/list.php
@ -240,8 +240,10 @@ if ($result)
 	if ($limit > 0 && $limit != $conf->liste_limit) $param .= '&limit='.urlencode($limit);
 	if ($search_ref)						$param .= '&search_ref='.urlencode($search_ref);
 	if ($search_label)						$param .= '&search_label='.urlencode($search_label);
-	if ($search_date_start)					$param .= '&search_date_start='.urlencode($search_date_start);
+	if ($search_datep_start)				$param .= '&search_datep_start='.urlencode($search_datep_start);
-	if ($search_date_end)					$param .= '&search_date_end='.urlencode($search_date_end);
+	if ($search_datep_end)					$param .= '&search_datep_end='.urlencode($search_datep_end);
 	if ($search_datev_start)				$param .= '&search_datev_start='.urlencode($search_datev_start);
 	if ($search_datev_end)					$param .= '&search_datev_end='.urlencode($search_datev_end);
 	if ($typeid > 0)						$param .= '&typeid='.urlencode($typeid);
 	if ($search_amount_deb)					$param .= '&search_amount_deb='.urlencode($search_amount_deb);
 	if ($search_amount_cred)				$param .= '&search_amount_cred='.urlencode($search_amount_cred);
@ -251,11 +253,9 @@ if ($result)
 	if ($optioncss != '') $param .= '&amp;optioncss='.urlencode($optioncss);
-	$newcardbutton = '';
+	$url = DOL_URL_ROOT.'/compta/bank/various_payment/card.php?action=create';
-	if ($user->rights->banque->modifier)
+	if (!empty($socid)) $url .= '&socid='.$socid;
-	{
+	$newcardbutton = dolGetButtonTitle($langs->trans('MenuNewVariousPayment'), '', 'fa fa-plus-circle', $url, '', $user->rights->banque->modifier);
 		$newcardbutton .= dolGetButtonTitle($langs->trans('MenuNewVariousPayment'), '', 'fa fa-plus-circle', DOL_URL_ROOT.'/compta/bank/various_payment/card.php?action=create');
 	}
 	print '<form method="POST" action="'.$_SERVER["PHP_SELF"].'">';
@ -306,12 +306,10 @@ if ($result)
 	if ($arrayfields['datep']['checked']) {
 		print '<td class="liste_titre center">';
 		print '<div class="nowrap">';
-		print $langs->trans('From').' ';
+		print $form->selectDate($search_datep_start ? $search_datep_start : -1, 'search_date_start', 0, 0, 1, '', 1, 0, 0, '', '', '', '', 1, '', $langs->trans('From'));
 		print $form->selectDate($search_datep_start ? $search_datep_start : -1, 'search_date_start', 0, 0, 1);
 		print '</div>';
 		print '<div class="nowrap">';
-		print $langs->trans('to').' ';
+		print $form->selectDate($search_datep_end ? $search_datep_end : -1, 'search_date_end', 0, 0, 1, '', 1, 0, 0, '', '', '', '', 1, '', $langs->trans('to'));
 		print $form->selectDate($search_datep_end ? $search_datep_end : -1, 'search_date_end', 0, 0, 1);
 		print '</div>';
 		print '</td>';
 	}
@ -320,12 +318,10 @@ if ($result)
 	if ($arrayfields['datev']['checked']) {
 		print '<td class="liste_titre center">';
 		print '<div class="nowrap">';
-		print $langs->trans('From').' ';
+		print $form->selectDate($search_datev_start ? $search_datev_start : -1, 'search_date_value_start', 0, 0, 1, '', 1, 0, 0, '', '', '', '', 1, '', $langs->trans('From'));
 		print $form->selectDate($search_datev_start ? $search_datev_start : -1, 'search_date_value_start', 0, 0, 1);
 		print '</div>';
 		print '<div class="nowrap">';
-		print $langs->trans('to').' ';
+		print $form->selectDate($search_datev_end ? $search_datev_end : -1, 'search_date_value_end', 0, 0, 1, '', 1, 0, 0, '', '', '', '', 1, '', $langs->trans('to'));
 		print $form->selectDate($search_datev_end ? $search_datev_end : -1, 'search_date_value_end', 0, 0, 1);
 		print '</div>';
 		print '</td>';
 	}
@ -333,7 +329,7 @@ if ($result)
 	// Payment type
 	if ($arrayfields['type']['checked']) {
 		print '<td class="liste_titre left">';
-		$form->select_types_paiements($typeid, 'typeid', '', 0, 1, 1, 16);
+		$form->select_types_paiements($typeid, 'typeid', '', 0, 1, 1, 16, 1, 'maxwidth100');
 		print '</td>';
 	}
@ -347,14 +343,14 @@ if ($result)
 	// Bank account
 	if ($arrayfields['bank']['checked']) {
 		print '<td class="liste_titre">';
-		$form->select_comptes($search_bank_account, 'search_account', 0, '', 1);
+		$form->select_comptes($search_bank_account, 'search_account', 0, '', 1, '', 0, 'maxwidth100');
 		print '</td>';
 	}
 	// Bank entry
 	if ($arrayfields['entry']['checked']) {
-		print '<td class="liste_titre right">';
+		print '<td class="liste_titre left">';
-		print '<input name="search_bank_entry" class="flat" type="text" size="8" value="'.$search_bank_entry.'">';
+		print '<input name="search_bank_entry" class="flat maxwidth50" type="text" value="'.dol_escape_htmltag($search_bank_entry).'">';
 		print '</td>';
 	}
@ -379,14 +375,14 @@ if ($result)
 	// Debit
 	if ($arrayfields['debit']['checked']) {
 		print '<td class="liste_titre right">';
-		print '<input name="search_amount_deb" class="flat" type="text" size="8" value="'.$search_amount_deb.'">';
+		print '<input name="search_amount_deb" class="flat maxwidth50" type="text" value="'.dol_escape_htmltag($search_amount_deb).'">';
 		print '</td>';
 	}
 	// Credit
 	if ($arrayfields['credit']['checked']) {
 		print '<td class="liste_titre right">';
-		print '<input name="search_amount_cred" class="flat" type="text" size="8" value="'.$search_amount_cred.'">';
+		print '<input name="search_amount_cred" class="flat maxwidth50" type="text" size="8" value="'.dol_escape_htmltag($search_amount_cred).'">';
 		print '</td>';
 	}
@ -471,7 +467,7 @@ if ($result)
 		// Project
 		if ($arrayfields['project']['checked']) {
 			$proj->fetch($obj->fk_project);
-			print '<td>'.$proj->getNomUrl(1).'</td>';
+			print '<td class="nowraponall">'.$proj->getNomUrl(1).'</td>';
 			if (!$i) $totalarray['nbfield']++;
 		}
--- a/htdocs/compta/facture/card-rec.php
+++ b/htdocs/compta/facture/card-rec.php
@ -1617,13 +1617,12 @@ if ($action == 'create')
 		// Show object lines
 		if (!empty($object->lines))
 		{
-			//$disableedit=1;
+			$canchangeproduct = 1;
 			//$disablemove=1;
 			$ret = $object->printObjectLines($action, $mysoc, $object->thirdparty, $lineid, 0); // No date selector for template invoice
 		}
 		// Form to add new line
-		if ($object->statut == 0 && $user->rights->facture->creer && $action != 'valid' && $action != 'editline')
+		if ($object->statut == $object::STATUS_DRAFT && $user->rights->facture->creer && $action != 'valid' && $action != 'editline')
 		{
 			if ($action != 'editline')
 			{
--- a/htdocs/compta/facture/list.php
+++ b/htdocs/compta/facture/list.php
@ -674,10 +674,12 @@ if ($resql)
 	if (in_array($massaction, array('presend', 'predelete'))) $arrayofmassactions = array();
 	$massactionbutton = $form->selectMassAction('', $arrayofmassactions);
-	$newcardbutton = '';
+	// Show the new button only when this page is not opend from the Extended POS
-	if ($user->rights->facture->creer && $contextpage != 'poslist')
+	if ($contextpage != 'poslist')
 	{
-        $newcardbutton .= dolGetButtonTitle($langs->trans('NewBill'), '', 'fa fa-plus-circle', DOL_URL_ROOT.'/compta/facture/card.php?action=create');
+		$url = DOL_URL_ROOT.'/compta/facture/card.php?action=create';
 		if (!empty($socid)) $url .= '&socid='.$socid;
 		$newcardbutton = dolGetButtonTitle($langs->trans('NewBill'), '', 'fa fa-plus-circle', $url, '', $user->rights->facture->creer);
 	}
 	$i = 0;
@ -756,6 +758,7 @@ if ($resql)
 	$varpage = empty($contextpage) ? $_SERVER["PHP_SELF"] : $contextpage;
 	$selectedfields = $form->multiSelectArrayWithCheckbox('selectedfields', $arrayfields, $varpage); // This also change content of $arrayfields
 	// Show the massaction checkboxes only when this page is not opend from the Extended POS
 	if ($massactionbutton && $contextpage != 'poslist') $selectedfields .= $form->showCheckAddButtons('checkforselect', 1);
 	print '<div class="div-table-responsive">';
@ -804,12 +807,10 @@ if ($resql)
 	{
 		print '<td class="liste_titre center">';
 		print '<div class="nowrap">';
-		print $langs->trans('From').' ';
+		print $form->selectDate($search_date_start ? $search_date_start : -1, 'search_date_start', 0, 0, 1, '', 1, 0, 0, '', '', '', '', 1, '', $langs->trans('From'));
 		print $form->selectDate($search_date_start ? $search_date_start : -1, 'search_date_start', 0, 0, 1);
 		print '</div>';
 		print '<div class="nowrap">';
-		print $langs->trans('to').' ';
+		print $form->selectDate($search_date_end ? $search_date_end : -1, 'search_date_end', 0, 0, 1, '', 1, 0, 0, '', '', '', '', 1, '', $langs->trans('to'));
 		print $form->selectDate($search_date_end ? $search_date_end : -1, 'search_date_end', 0, 0, 1);
 		print '</div>';
 		print '</td>';
 	}
@ -818,12 +819,10 @@ if ($resql)
 	{
 		print '<td class="liste_titre center">';
 		print '<div class="nowrap">';
-		print $langs->trans('From').' ';
+		print $form->selectDate($search_date_valid_start ? $search_date_valid_start : -1, 'search_date_valid_start', 0, 0, 1, '', 1, 0, 0, '', '', '', '', 1, '', $langs->trans('From'));
 		print $form->selectDate($search_date_valid_start ? $search_date_valid_start : -1, 'search_date_valid_start', 0, 0, 1);
 		print '</div>';
 		print '<div class="nowrap">';
-		print $langs->trans('to').' ';
+		print $form->selectDate($search_date_valid_end ? $search_date_valid_end : -1, 'search_date_valid_end', 0, 0, 1, '', 1, 0, 0, '', '', '', '', 1, '', $langs->trans('to'));
 		print $form->selectDate($search_date_valid_end ? $search_date_valid_end : -1, 'search_date_valid_end', 0, 0, 1);
 		print '</div>';
 		print '</td>';
 	}
@ -838,8 +837,7 @@ if ($resql)
 		print '</div>';
 		print '<div class="nowrap">';
 		print $langs->trans('to').' ';*/
-		print $langs->trans("Before").' ';
+		print $form->selectDate($search_datelimit_end ? $search_datelimit_end : -1, 'search_datelimit_end', 0, 0, 1, '', 1, 0, 0, '', '', '', '', 1, '', $langs->trans("Before"));
 		print $form->selectDate($search_datelimit_end ? $search_datelimit_end : -1, 'search_datelimit_end', 0, 0, 1);
 		print '<br><input type="checkbox" name="search_option" value="late"'.($option == 'late' ? ' checked' : '').'> '.$langs->trans("Alert");
 		print '</div>';
 		print '</td>';
@ -1566,7 +1564,7 @@ if ($resql)
 				if (!$i) $totalarray['nbfield']++;
 			}
-			// Action column
+			// Action column (Show the massaction button only when this page is not opend from the Extended POS)
 			print '<td class="nowrap" align="center">';
 			if (($massactionbutton || $massaction) && $contextpage != 'poslist')   // If we are in select mode (massactionbutton defined) or if we have already selected and sent an action ($massaction) defined
 			{
@ -1597,6 +1595,7 @@ if ($resql)
 	print "</form>\n";
 	// Show the file area only when this page is not opend from the Extended POS
 	if ($contextpage != 'poslist') {
 		$hidegeneratedfilelistifempty = 1;
 		if ($massaction == 'builddoc' || $action == 'remove_file' || $show_files) $hidegeneratedfilelistifempty = 0;
--- a/htdocs/compta/index.php
+++ b/htdocs/compta/index.php
@ -60,7 +60,7 @@ if ($user->socid > 0)
 	$socid = $user->socid;
 }
-$max = 3;
+$max = $conf->global->MAIN_SIZE_SHORTLIST_LIMIT;
 // Initialize technical object to manage hooks. Note that conf->hooks_modules contains array
 $hookmanager->initHooks(array('invoiceindex'));
@ -370,6 +370,7 @@ if (!empty($conf->facture->enabled) && $user->rights->facture->lire)
 	{
 		$num = $db->num_rows($resql);
 		$i = 0;
 		$othernb = 0;
        print '<div class="div-table-responsive-no-min">';
 		print '<table class="noborder centpercent">';
@ -386,6 +387,14 @@ if (!empty($conf->facture->enabled) && $user->rights->facture->lire)
 			{
 				$obj = $db->fetch_object($resql);
 				if ($i >= $max) {
 					$othernb += 1;
 					$i++;
 					$total += $obj->total_ht;
 					$total_ttc += $obj->total_ttc;
 					continue;
 				}
 				$facturestatic->ref = $obj->ref;
 				$facturestatic->id = $obj->rowid;
 				$facturestatic->total_ht = $obj->total_ht;
@ -442,6 +451,14 @@ if (!empty($conf->facture->enabled) && $user->rights->facture->lire)
 				$i++;
 			}
 			if ($othernb) {
 				print '<tr class="oddeven">';
 				print '<td class="nowrap" colspan="5">';
 				print '<span class="opacitymedium">'.$langs->trans("More").'... ('.$othernb.')</span>';
 				print '</td>';
 				print "</tr>\n";
 			}
 		} else {
 			$colspan = 5;
 			if (!empty($conf->global->MAIN_SHOW_HT_ON_SUMMARY)) $colspan++;
@ -501,10 +518,20 @@ if ((!empty($conf->fournisseur->enabled) && empty($conf->global->MAIN_USE_NEW_SU
 		{
 			$i = 0;
 			$total = $total_ttc = $totalam = 0;
 			$othernb = 0;
 			while ($i < $num)
 			{
 				$obj = $db->fetch_object($resql);
 				if ($i >= $max) {
 					$othernb += 1;
 					$i++;
 					$total += $obj->total_ht;
 					$total_ttc += $obj->total_ttc;
 					continue;
 				}
 				$facstatic->ref = $obj->ref;
 				$facstatic->id = $obj->rowid;
 				$facstatic->total_ht = $obj->total_ht;
@ -539,6 +566,14 @@ if ((!empty($conf->fournisseur->enabled) && empty($conf->global->MAIN_USE_NEW_SU
 				$totalam += $obj->am;
 				$i++;
 			}
 			if ($othernb) {
 				print '<tr class="oddeven">';
 				print '<td class="nowrap" colspan="5">';
 				print '<span class="opacitymedium">'.$langs->trans("More").'... ('.$othernb.')</span>';
 				print '</td>';
 				print "</tr>\n";
 			}
 		} else {
 			$colspan = 5;
 			if (!empty($conf->global->MAIN_SHOW_HT_ON_SUMMARY)) $colspan++;
@ -574,10 +609,10 @@ if (!empty($conf->don->enabled) && $user->rights->don->lire)
 	$result = $db->query($sql);
 	if ($result)
 	{
 		$var = false;
 		$num = $db->num_rows($result);
 		$i = 0;
 		$othernb = 0;
        print '<div class="div-table-responsive-no-min">';
 		print '<table class="noborder centpercent">';
@ -596,6 +631,14 @@ if (!empty($conf->don->enabled) && $user->rights->don->lire)
 			{
 				$objp = $db->fetch_object($result);
 				if ($i >= $max) {
 					$othernb += 1;
 					$i++;
 					$total += $obj->total_ht;
 					$total_ttc += $obj->total_ttc;
 					continue;
 				}
 				$donationstatic->id = $objp->rowid;
 				$donationstatic->ref = $objp->rowid;
 				$donationstatic->lastname = $objp->lastname;
@ -614,6 +657,14 @@ if (!empty($conf->don->enabled) && $user->rights->don->lire)
 				$i++;
 			}
 			if ($othernb) {
 				print '<tr class="oddeven">';
 				print '<td class="nowrap" colspan="5">';
 				print '<span class="opacitymedium">'.$langs->trans("More").'... ('.$othernb.')</span>';
 				print '</td>';
 				print "</tr>\n";
 			}
 		} else {
 			print '<tr class="oddeven"><td colspan="4" class="opacitymedium">'.$langs->trans("None").'</td></tr>';
 		}
@ -663,10 +714,20 @@ if (!empty($conf->tax->enabled) && $user->rights->tax->charges->lire)
 			{
 				$i = 0;
 				$tot_ttc = 0;
 				$othernb = 0;
 				while ($i < $num)
 				{
 					$obj = $db->fetch_object($resql);
 					if ($i >= $max) {
 						$othernb += 1;
 						$i++;
 						$total += $obj->total_ht;
 						$total_ttc += $obj->total_ttc;
 						continue;
 					}
 					$chargestatic->id = $obj->rowid;
 					$chargestatic->ref = $obj->rowid;
 					$chargestatic->label = $obj->label;
@ -684,6 +745,14 @@ if (!empty($conf->tax->enabled) && $user->rights->tax->charges->lire)
 					$i++;
 				}
 				if ($othernb) {
 					print '<tr class="oddeven">';
 					print '<td class="nowrap" colspan="5">';
 					print '<span class="opacitymedium">'.$langs->trans("More").'... ('.$othernb.')</span>';
 					print '</td>';
 					print "</tr>\n";
 				}
 				print '<tr class="liste_total"><td class="left" colspan="2">'.$langs->trans("Total").'</td>';
 				print '<td class="nowrap right">'.price($tot_ttc).'</td>';
 				print '<td class="right"></td>';
@ -740,6 +809,7 @@ if (!empty($conf->facture->enabled) && !empty($conf->commande->enabled) && $user
 		if ($num)
 		{
 			$i = 0;
 			$othernb = 0;
            print '<div class="div-table-responsive-no-min">';
 			print '<table class="noborder centpercent">';
@ -764,6 +834,14 @@ if (!empty($conf->facture->enabled) && !empty($conf->commande->enabled) && $user
 			{
 				$obj = $db->fetch_object($resql);
 				if ($i >= $max) {
 					$othernb += 1;
 					$i++;
 					$total += $obj->total_ht;
 					$total_ttc += $obj->total_ttc;
 					continue;
 				}
 				$societestatic->id = $obj->socid;
 				$societestatic->name = $obj->name;
 				$societestatic->email = $obj->email;
@ -812,6 +890,14 @@ if (!empty($conf->facture->enabled) && !empty($conf->commande->enabled) && $user
 				$i++;
 			}
 			if ($othernb) {
 				print '<tr class="oddeven">';
 				print '<td class="nowrap" colspan="5">';
 				print '<span class="opacitymedium">'.$langs->trans("More").'... ('.$othernb.')</span>';
 				print '</td>';
 				print "</tr>\n";
 			}
 			print '<tr class="liste_total"><td colspan="2">'.$langs->trans("Total").' &nbsp; <font style="font-weight: normal">('.$langs->trans("RemainderToBill").': '.price($tot_tobill).')</font> </td>';
 			if (!empty($conf->global->MAIN_SHOW_HT_ON_SUMMARY)) print '<td class="right">'.price($tot_ht).'</td>';
 			print '<td class="nowrap right">'.price($tot_ttc).'</td>';
@ -861,6 +947,7 @@ if (!empty($conf->facture->enabled) && $user->rights->facture->lire)
 	{
 		$num = $db->num_rows($resql);
 		$i = 0;
 		$othernb = 0;
 		print '<div class="div-table-responsive-no-min">';
 		print '<table class="noborder centpercent">';
@ -887,6 +974,14 @@ if (!empty($conf->facture->enabled) && $user->rights->facture->lire)
 			{
 				$obj = $db->fetch_object($resql);
 				if ($i >= $max) {
 					$othernb += 1;
 					$i++;
 					$total += $obj->total_ht;
 					$total_ttc += $obj->total_ttc;
 					continue;
 				}
 				$facturestatic->ref = $obj->ref;
 				$facturestatic->id = $obj->rowid;
 				$facturestatic->total_ht = $obj->total_ht;
@ -934,7 +1029,7 @@ if (!empty($conf->facture->enabled) && $user->rights->facture->lire)
 				if (!empty($conf->global->MAIN_SHOW_HT_ON_SUMMARY)) print '<td class="right">'.price($obj->total_ht).'</td>';
 				print '<td class="nowrap right">'.price($obj->total_ttc).'</td>';
 				print '<td class="nowrap right">'.price($obj->am).'</td>';
-				print '<td>'.$facstatic->LibStatut($obj->paye, $obj->fk_statut, 3, $obj->am).'</td>';
+				print '<td>'.$facstatic->LibStatut($obj->paye, $obj->fk_statut, 3, $obj->am, $obj->type).'</td>';
 				print '</tr>';
 				$total_ttc += $obj->total_ttc;
@ -944,6 +1039,14 @@ if (!empty($conf->facture->enabled) && $user->rights->facture->lire)
 				$i++;
 			}
 			if ($othernb) {
 				print '<tr class="oddeven">';
 				print '<td class="nowrap" colspan="5">';
 				print '<span class="opacitymedium">'.$langs->trans("More").'... ('.$othernb.')</span>';
 				print '</td>';
 				print "</tr>\n";
 			}
 			print '<tr class="liste_total"><td colspan="2">'.$langs->trans("Total").' &nbsp; <font style="font-weight: normal">('.$langs->trans("RemainderToTake").': '.price($total_ttc - $totalam).')</font> </td>';
 			print '<td>&nbsp;</td>';
 			if (!empty($conf->global->MAIN_SHOW_HT_ON_SUMMARY)) print '<td class="right">'.price($total).'</td>';
@ -970,7 +1073,7 @@ if ((!empty($conf->fournisseur->enabled) && empty($conf->global->MAIN_USE_NEW_SU
 {
 	$facstatic = new FactureFournisseur($db);
-	$sql = "SELECT ff.rowid, ff.ref, ff.fk_statut, ff.libelle as label, ff.total_ht, ff.total_tva, ff.total_ttc, ff.paye";
+	$sql = "SELECT ff.rowid, ff.ref, ff.fk_statut, ff.type, ff.libelle as label, ff.total_ht, ff.total_tva, ff.total_ttc, ff.paye";
 	$sql .= ", ff.date_lim_reglement";
 	$sql .= ", s.nom as name";
    $sql .= ", s.rowid as socid, s.email";
@ -991,7 +1094,7 @@ if ((!empty($conf->fournisseur->enabled) && empty($conf->global->MAIN_USE_NEW_SU
 	$reshook = $hookmanager->executeHooks('printFieldListWhereSupplierUnpaid', $parameters);
 	$sql .= $hookmanager->resPrint;
-	$sql .= " GROUP BY ff.rowid, ff.ref, ff.fk_statut, ff.libelle, ff.total_ht, ff.tva, ff.total_tva, ff.total_ttc, ff.paye, ff.date_lim_reglement,";
+	$sql .= " GROUP BY ff.rowid, ff.ref, ff.fk_statut, ff.type, ff.libelle, ff.total_ht, ff.tva, ff.total_tva, ff.total_ttc, ff.paye, ff.date_lim_reglement,";
 	$sql .= " s.nom, s.rowid, s.email, s.code_client, s.code_fournisseur, s.code_compta, s.code_compta_fournisseur";
 	$sql .= " ORDER BY ff.date_lim_reglement ASC";
@ -999,6 +1102,7 @@ if ((!empty($conf->fournisseur->enabled) && empty($conf->global->MAIN_USE_NEW_SU
 	if ($resql)
 	{
 		$num = $db->num_rows($resql);
 		$othernb = 0;
 		print '<div class="div-table-responsive-no-min">';
 		print '<table class="noborder centpercent">';
@ -1028,8 +1132,17 @@ if ((!empty($conf->fournisseur->enabled) && empty($conf->global->MAIN_USE_NEW_SU
 			{
 				$obj = $db->fetch_object($resql);
 				if ($i >= $max) {
 					$othernb += 1;
 					$i++;
 					$total += $obj->total_ht;
 					$total_ttc += $obj->total_ttc;
 					continue;
 				}
 				$facstatic->ref = $obj->ref;
 				$facstatic->id = $obj->rowid;
 				$facstatic->type = $obj->type;
 				$facstatic->total_ht = $obj->total_ht;
 				$facstatic->total_tva = $obj->total_tva;
 				$facstatic->total_ttc = $obj->total_ttc;
@ -1052,7 +1165,7 @@ if ((!empty($conf->fournisseur->enabled) && empty($conf->global->MAIN_USE_NEW_SU
 				if (!empty($conf->global->MAIN_SHOW_HT_ON_SUMMARY)) print '<td class="right">'.price($obj->total_ht).'</td>';
 				print '<td class="nowrap right">'.price($obj->total_ttc).'</td>';
 				print '<td class="nowrap right">'.price($obj->am).'</td>';
-				print '<td>'.$facstatic->LibStatut($obj->paye, $obj->fk_statut, 3).'</td>';
+				print '<td>'.$facstatic->LibStatut($obj->paye, $obj->fk_statut, 3, $obj->am, $obj->type).'</td>';
 				print '</tr>';
 				$total += $obj->total_ht;
 				$total_ttc += $obj->total_ttc;
@ -1060,6 +1173,14 @@ if ((!empty($conf->fournisseur->enabled) && empty($conf->global->MAIN_USE_NEW_SU
 				$i++;
 			}
 			if ($othernb) {
 				print '<tr class="oddeven">';
 				print '<td class="nowrap" colspan="5">';
 				print '<span class="opacitymedium">'.$langs->trans("More").'... ('.$othernb.')</span>';
 				print '</td>';
 				print "</tr>\n";
 			}
 			print '<tr class="liste_total"><td colspan="2">'.$langs->trans("Total").' &nbsp; <font style="font-weight: normal">('.$langs->trans("RemainderToPay").': '.price($total_ttc - $totalam).')</font> </td>';
 			print '<td>&nbsp;</td>';
 			if (!empty($conf->global->MAIN_SHOW_HT_ON_SUMMARY)) print '<td class="right">'.price($total).'</td>';
--- a/htdocs/compta/localtax/list.php
+++ b/htdocs/compta/localtax/list.php
@ -31,7 +31,7 @@ $langs->load("compta");
 $socid = GETPOST('socid', 'int');
 if ($user->socid) $socid = $user->socid;
 $result = restrictedArea($user, 'tax', '', '', 'charges');
-$ltt = GETPOST("localTaxType");
+$ltt = GETPOST("localTaxType", 'int');
 /*
@ -42,17 +42,15 @@ llxHeader();
 $localtax_static = new Localtax($db);
-$newcardbutton = '';
+$url = DOL_URL_ROOT.'/compta/localtax/card.php?action=create&localTaxType='.$ltt;
-if ($user->rights->tax->charges->creer)
+if (!empty($socid)) $url .= '&socid='.$socid;
-{
+$newcardbutton = dolGetButtonTitle($langs->trans('NewLocalTaxPayment', ($ltt + 1)), '', 'fa fa-plus-circle', $url, '', $user->rights->tax->charges->creer);
    $newcardbutton .= dolGetButtonTitle($langs->trans('NewLocalTaxPayment', ($ltt + 1)), '', 'fa fa-plus-circle', DOL_URL_ROOT.'/compta/localtax/card.php?action=create&localTaxType='.$ltt);
 }
 print load_fiche_titre($langs->transcountry($ltt == 2 ? "LT2Payments" : "LT1Payments", $mysoc->country_code), $newcardbutton, 'title_accountancy');
 $sql = "SELECT rowid, amount, label, f.datev, f.datep";
 $sql .= " FROM ".MAIN_DB_PREFIX."localtax as f ";
-$sql .= " WHERE f.entity = ".$conf->entity." AND localtaxtype=".$db->escape($ltt);
+$sql .= " WHERE f.entity = ".$conf->entity." AND localtaxtype = ".$db->escape($ltt);
 $sql .= " ORDER BY datev DESC";
 $result = $db->query($sql);
--- a/htdocs/compta/paiement/cheque/list.php
+++ b/htdocs/compta/paiement/cheque/list.php
@ -124,11 +124,9 @@ if ($resql)
    if (!empty($contextpage) && $contextpage != $_SERVER["PHP_SELF"]) $param .= '&contextpage='.$contextpage;
 	if ($limit > 0 && $limit != $conf->liste_limit) $param .= '&limit='.$limit;
-	$newcardbutton = '';
+	$url = DOL_URL_ROOT.'/compta/paiement/cheque/card.php?action=new';
-	if ($user->rights->banque->cheque)
+	if (!empty($socid)) $url .= '&socid='.$socid;
-	{
+	$newcardbutton = dolGetButtonTitle($langs->trans('NewCheckDeposit'), '', 'fa fa-plus-circle', $url, '', $user->rights->banque->cheque);
        $newcardbutton .= dolGetButtonTitle($langs->trans('NewCheckDeposit'), '', 'fa fa-plus-circle', DOL_URL_ROOT.'/compta/paiement/cheque/card.php?action=new');
 	}
 	print '<form method="POST" action="'.$_SERVER["PHP_SELF"].'">';
 	if ($optioncss != '') print '<input type="hidden" name="optioncss" value="'.$optioncss.'">';
--- a/htdocs/compta/prelevement/card.php
+++ b/htdocs/compta/prelevement/card.php
@ -179,7 +179,7 @@ if ($id > 0 || $ref)
 	}*/
-	$linkback = '<a href="'.DOL_URL_ROOT.'/compta/prelevement/bons.php'.($object->type != 'bank-transfer' ? '' : '?type=bank-transfer').'">'.$langs->trans("BackToList").'</a>';
+	$linkback = '<a href="'.DOL_URL_ROOT.'/compta/prelevement/orders_list.php?restore_lastsearch_values=1'.($object->type != 'bank-transfer' ? '' : '&type=bank-transfer').'">'.$langs->trans("BackToList").'</a>';
 	dol_banner_tab($object, 'ref', $linkback, 1, 'ref', 'ref');
--- a/htdocs/compta/prelevement/demandes.php
+++ b/htdocs/compta/prelevement/demandes.php
@ -40,7 +40,7 @@ $status = GETPOST('status', 'int');
 if ($user->socid) $socid = $user->socid;
 $result = restrictedArea($user, 'prelevement', '', '', 'bons');
-$contextpage = GETPOST('contextpage', 'aZ') ?GETPOST('contextpage', 'aZ') : 'myobjectlist'; // To manage different context of search
+$contextpage = GETPOST('contextpage', 'aZ') ?GETPOST('contextpage', 'aZ') : 'directdebitcredittransferlist'; // To manage different context of search
 $backtopage = GETPOST('backtopage', 'alpha'); // Go back to a dedicated page
 $optioncss  = GETPOST('optioncss', 'aZ'); // Option for the css output (always '' except when 'print')
--- a/htdocs/compta/prelevement/factures.php
+++ b/htdocs/compta/prelevement/factures.php
@ -86,7 +86,7 @@ if ($id > 0 || $ref)
 		$head = prelevement_prepare_head($object);
 		dol_fiche_head($head, 'invoices', $langs->trans("WithdrawalsReceipts"), -1, 'payment');
-		$linkback = '<a href="'.DOL_URL_ROOT.'/compta/prelevement/bons.php'.($object->type != 'bank-transfer' ? '' : '?type=bank-transfer').'">'.$langs->trans("BackToList").'</a>';
+		$linkback = '<a href="'.DOL_URL_ROOT.'/compta/prelevement/orders_list.php?restore_lastsearch_values=1'.($object->type != 'bank-transfer' ? '' : '&type=bank-transfer').'">'.$langs->trans("BackToList").'</a>';
 		dol_banner_tab($object, 'ref', $linkback, 1, 'ref', 'ref');
--- a/htdocs/compta/prelevement/fiche-rejet.php
+++ b/htdocs/compta/prelevement/fiche-rejet.php
@ -80,7 +80,7 @@ if ($prev_id > 0 || $ref)
 		$head = prelevement_prepare_head($object);
 		dol_fiche_head($head, 'rejects', $langs->trans("WithdrawalsReceipts"), -1, 'payment');
-		$linkback = '<a href="'.DOL_URL_ROOT.'/compta/prelevement/bons.php'.($object->type != 'bank-transfer' ? '' : '?type=bank-transfer').'">'.$langs->trans("BackToList").'</a>';
+		$linkback = '<a href="'.DOL_URL_ROOT.'/compta/prelevement/orders_list.php?restore_lastsearch_values=1'.($object->type != 'bank-transfer' ? '' : '&type=bank-transfer').'">'.$langs->trans("BackToList").'</a>';
 		dol_banner_tab($object, 'ref', $linkback, 1, 'ref', 'ref');
--- a/htdocs/compta/prelevement/fiche-stat.php
+++ b/htdocs/compta/prelevement/fiche-stat.php
@ -79,7 +79,7 @@ if ($prev_id > 0 || $ref)
 		$head = prelevement_prepare_head($object);
 		dol_fiche_head($head, 'statistics', $langs->trans("WithdrawalsReceipts"), -1, 'payment');
-		$linkback = '<a href="'.DOL_URL_ROOT.'/compta/prelevement/bons.php'.($object->type != 'bank-transfer' ? '' : '?type=bank-transfer').'">'.$langs->trans("BackToList").'</a>';
+		$linkback = '<a href="'.DOL_URL_ROOT.'/compta/prelevement/orders_list.php?restore_lastsearch_values=1'.($object->type != 'bank-transfer' ? '' : '&type=bank-transfer').'">'.$langs->trans("BackToList").'</a>';
 		dol_banner_tab($object, 'ref', $linkback, 1, 'ref', 'ref');
--- a/htdocs/compta/prelevement/list.php
+++ b/htdocs/compta/prelevement/list.php
@ -38,7 +38,7 @@ $show_files = GETPOST('show_files', 'int'); // Show files area generated by bulk
 $confirm    = GETPOST('confirm', 'alpha'); // Result of a confirmation
 $cancel     = GETPOST('cancel', 'alpha'); // We click on a Cancel button
 $toselect   = GETPOST('toselect', 'array'); // Array of ids of elements selected into a list
-$contextpage = GETPOST('contextpage', 'aZ') ? GETPOST('contextpage', 'aZ') : 'myobjectlist'; // To manage different context of search
+$contextpage = GETPOST('contextpage', 'aZ') ? GETPOST('contextpage', 'aZ') : 'directdebitcredittransferlinelist'; // To manage different context of search
 $backtopage = GETPOST('backtopage', 'alpha'); // Go back to a dedicated page
 $optioncss  = GETPOST('optioncss', 'aZ'); // Option for the css output (always '' except when 'print')
--- a/htdocs/compta/prelevement/orders_list.php
+++ b/htdocs/compta/prelevement/orders_list.php
@ -19,9 +19,9 @@
 */
 /**
- * 	\file       htdocs/compta/prelevement/bons.php
+ * 	\file       htdocs/compta/prelevement/orders_list.php
 * 	\ingroup    prelevement
- * 	\brief      Page liste des bons de prelevements
+ * 	\brief      Page to list direct debit orders or credit transfer orders
 */
 require '../../main.inc.php';
@ -31,7 +31,7 @@ require_once DOL_DOCUMENT_ROOT.'/compta/bank/class/account.class.php';
 // Load translation files required by the page
 $langs->loadLangs(array('banks', 'categories', 'widthdrawals'));
-$contextpage = GETPOST('contextpage', 'aZ') ? GETPOST('contextpage', 'aZ') : 'myobjectlist'; // To manage different context of search
+$contextpage = GETPOST('contextpage', 'aZ') ? GETPOST('contextpage', 'aZ') : 'directdebitcredittransferlist'; // To manage different context of search
 // Security check
 $socid = GETPOST('socid', 'int');
--- a/htdocs/compta/tva/list.php
+++ b/htdocs/compta/tva/list.php
@ -146,11 +146,9 @@ if ($result)
 	if ($limit > 0 && $limit != $conf->liste_limit) $param .= '&limit='.$limit;
 	if ($typeid) $param .= '&amp;typeid='.$typeid;
-	$newcardbutton = '';
+	$url = DOL_URL_ROOT.'/compta/tva/card.php?action=create';
-	if ($user->rights->tax->charges->creer)
+	if (!empty($socid)) $url .= '&socid='.$socid;
-	{
+	$newcardbutton = dolGetButtonTitle($langs->trans('NewVATPayment', ($ltt + 1)), '', 'fa fa-plus-circle', $url, '', $user->rights->tax->charges->creer);
        $newcardbutton .= dolGetButtonTitle($langs->trans('NewVATPayment', ($ltt + 1)), '', 'fa fa-plus-circle', DOL_URL_ROOT.'/compta/tva/card.php?action=create');
    }
 	print '<form method="POST" action="'.$_SERVER["PHP_SELF"].'">';
 	if ($optioncss != '') print '<input type="hidden" name="optioncss" value="'.$optioncss.'">';
@ -172,22 +170,18 @@ if ($result)
 	// Date end period
 	print '<td class="liste_titre center">';
 	print '<div class="nowrap">';
-	print $langs->trans('From').' ';
+	print $form->selectDate($search_dateend_start ? $search_dateend_start : -1, 'search_dateend_start', 0, 0, 1, '', 1, 0, 0, '', '', '', '', 1, '', $langs->trans('From'));
 	print $form->selectDate($search_dateend_start ? $search_dateend_start : -1, 'search_dateend_start', 0, 0, 1);
 	print '</div>';
 	print '<div class="nowrap">';
-	print $langs->trans('to').' ';
+	print $form->selectDate($search_dateend_end ? $search_dateend_end : -1, 'search_dateend_end', 0, 0, 1, '', 1, 0, 0, '', '', '', '', 1, '', $langs->trans('to'));
 	print $form->selectDate($search_dateend_end ? $search_dateend_end : -1, 'search_dateend_end', 0, 0, 1);
 	print '</div>';
 	// Date payment
 	print '<td class="liste_titre center">';
 	print '<div class="nowrap">';
-	print $langs->trans('From').' ';
+	print $form->selectDate($search_datepayment_start ? $search_datepayment_start : -1, 'search_datepayment_start', 0, 0, 1, '', 1, 0, 0, '', '', '', '', 1, '', $langs->trans('From'));
 	print $form->selectDate($search_datepayment_start ? $search_datepayment_start : -1, 'search_datepayment_start', 0, 0, 1);
 	print '</div>';
 	print '<div class="nowrap">';
-	print $langs->trans('to').' ';
+	print $form->selectDate($search_datepayment_end ? $search_datepayment_end : -1, 'search_datepayment_end', 0, 0, 1, '', 1, 0, 0, '', '', '', '', 1, '', $langs->trans('to'));
 	print $form->selectDate($search_datepayment_end ? $search_datepayment_end : -1, 'search_datepayment_end', 0, 0, 1);
 	print '</div>';
 	// Type
 	print '<td class="liste_titre left">';
--- a/htdocs/contact/list.php
+++ b/htdocs/contact/list.php
@ -538,11 +538,7 @@ if ($user->rights->societe->supprimer) $arrayofmassactions['predelete'] = '<span
 if (in_array($massaction, array('presend', 'predelete'))) $arrayofmassactions = array();
 $massactionbutton = $form->selectMassAction('', $arrayofmassactions);
-$newcardbutton = '';
+$newcardbutton = dolGetButtonTitle($langs->trans('NewContactAddress'), '', 'fa fa-plus-circle', DOL_URL_ROOT.'/contact/card.php?action=create', '', $user->rights->societe->contact->creer);
 if ($user->rights->societe->contact->creer)
 {
 	$newcardbutton .= dolGetButtonTitle($langs->trans('NewContactAddress'), '', 'fa fa-plus-circle', DOL_URL_ROOT.'/contact/card.php?action=create');
 }
 print '<form method="post" action="'.$_SERVER["PHP_SELF"].'" name="formfilter">';
 if ($optioncss != '') print '<input type="hidden" name="optioncss" value="'.$optioncss.'">';
--- a/htdocs/contrat/card.php
+++ b/htdocs/contrat/card.php
@ -665,6 +665,7 @@ if (empty($reshook))
 			$fk_unit = GETPOST('unit', 'alpha');
 			$objectline->fk_product = GETPOST('idprod', 'int');
 			$objectline->description = GETPOST('product_desc', 'restricthtml');
 			$objectline->price_ht = GETPOST('elprice');
 			$objectline->subprice = GETPOST('elprice');
@ -1436,8 +1437,6 @@ if ($action == 'create')
 		$usemargins = 0;
 		if (!empty($conf->margin->enabled) && !empty($object->element) && in_array($object->element, array('facture', 'propal', 'commande'))) $usemargins = 1;
 		$var = false;
 		// Title line for service
 		$cursorline = 1;
 		print '<div id="contrat-lines-container" data-contractid="'.$object->id.'"  data-element="'.$object->element.'" >';
@ -1448,7 +1447,6 @@ if ($action == 'create')
 			print '<input type="hidden" name="token" value="'.newToken().'">';
 			print '<input type="hidden" name="action" value="updateline">';
 			print '<input type="hidden" name="elrowid" value="'.$object->lines[$cursorline - 1]->id.'">';
 			print '<input type="hidden" name="idprod" value="'.(!empty($object->lines[$cursorline - 1]->fk_product) ? $object->lines[$cursorline - 1]->fk_product : 0).'">';
 			print '<input type="hidden" name="fournprice" value="'.(!empty($object->lines[$cursorline - 1]->fk_fournprice) ? $object->lines[$cursorline - 1]->fk_fournprice : 0).'">';
 			// Area with common detail of line
@ -1632,17 +1630,29 @@ if ($action == 'create')
 					// Ligne carac
 					print '<tr class="oddeven">';
 					print '<td>';
-					if ($objp->fk_product)
+					if ($objp->fk_product > 0)
 					{
-						$productstatic->id = $objp->fk_product;
+						$canchangeproduct = 1;
-						$productstatic->type = $objp->ptype;
+						if (empty($canchangeproduct)) {
-						$productstatic->ref = $objp->pref;
+							$productstatic->id = $objp->fk_product;
-						$productstatic->entity = $objp->pentity;
+							$productstatic->type = $objp->ptype;
-						print $productstatic->getNomUrl(1, '', 32);
+							$productstatic->ref = $objp->pref;
-						print $objp->label ? ' - '.dol_trunc($objp->label, 32) : '';
+							$productstatic->entity = $objp->pentity;
 							print $productstatic->getNomUrl(1, '', 32);
 							print $objp->label ? ' - '.dol_trunc($objp->label, 32) : '';
 							print '<input type="hidden" name="idprod" value="'.(!empty($object->lines[$cursorline - 1]->fk_product) ? $object->lines[$cursorline - 1]->fk_product : 0).'">';
 						} else {
 							$senderissupplier = 0;
 							if (empty($senderissupplier)) {
 								print $form->select_produits((!empty($object->lines[$cursorline - 1]->fk_product) ? $object->lines[$cursorline - 1]->fk_product : 0), 'idprod');
 							} else {
 								print $form->select_produits_fournisseurs((!empty($object->lines[$cursorline - 1]->fk_product) ? $object->lines[$cursorline - 1]->fk_product : 0), 'idprod');
 							}
 						}
 						print '<br>';
 					} else {
 						print $objp->label ? $objp->label.'<br>' : '';
 						print '<input type="hidden" name="idprod" value="'.(!empty($object->lines[$cursorline - 1]->fk_product) ? $object->lines[$cursorline - 1]->fk_product : 0).'">';
 					}
 					// editeur wysiwyg
--- a/htdocs/contrat/class/contrat.class.php
+++ b/htdocs/contrat/class/contrat.class.php
@ -1911,7 +1911,6 @@ class Contrat extends CommonObject
 		}
 		$statusType = 'status'.$status;
 		if ($status == self::STATUS_VALIDATED) $statusType = 'status4';
 		if ($status == self::STATUS_VALIDATED) $statusType = 'status6';
 		if ($mode == 4 || $mode == 6 || $mode == 7)
--- a/htdocs/contrat/list.php
+++ b/htdocs/contrat/list.php
@ -369,11 +369,9 @@ if ($user->rights->contrat->supprimer) $arrayofmassactions['predelete'] = '<span
 if (in_array($massaction, array('presend', 'predelete'))) $arrayofmassactions = array();
 $massactionbutton = $form->selectMassAction('', $arrayofmassactions);
-$newcardbutton = '';
+$url = DOL_URL_ROOT.'/contrat/card.php?action=create';
-if ($user->rights->contrat->creer)
+if (!empty($socid)) $url .= '&socid='.$socid;
-{
+$newcardbutton = dolGetButtonTitle($langs->trans('NewContractSubscription'), '', 'fa fa-plus-circle', $url, '', $user->rights->contrat->creer);
    $newcardbutton .= dolGetButtonTitle($langs->trans('NewContractSubscription'), '', 'fa fa-plus-circle', DOL_URL_ROOT.'/contrat/card.php?action=create');
 }
 print '<form method="POST" action="'.$_SERVER['PHP_SELF'].'">';
 if ($optioncss != '') print '<input type="hidden" name="optioncss" value="'.$optioncss.'">';
--- a/htdocs/core/ajax/check_notifications.php
+++ b/htdocs/core/ajax/check_notifications.php
@ -46,8 +46,8 @@ if (!defined('NOREQUIRETRAN'))  define('NOREQUIRETRAN', '1');
 require '../../main.inc.php';
-$time = (int) GETPOST('time', 'int'); // Use the time parameter that is always increased by time_update, even if call is late
+//$time = (int) GETPOST('time', 'int'); // Use the time parameter that is always increased by time_update, even if call is late
-//$time=dol_now();
+$time=dol_now();
 $action = GETPOST('action', 'aZ09');
 $listofreminderids = GETPOST('listofreminderids', 'aZ09');
@ -58,19 +58,20 @@ $listofreminderids = GETPOST('listofreminderids', 'aZ09');
 if ($action == 'stopreminder') {
 	dol_syslog("Clear notification for listofreminderids=".$listofreminderids);
-	$listofreminderidsarray = explode('-', GETPOST('listofreminderids', 'aZ09'));
+	$listofreminderid = GETPOST('listofreminderids', 'intcomma');
 	// Set the reminder as done
-	foreach ($listofreminderidsarray as $listofreminderid) {
+	//foreach ($listofreminderidsarray as $listofreminderid) {
-		if (empty($listofreminderid)) continue;
+	//	if (empty($listofreminderid)) continue;
-		//$sql = 'DELETE FROM '.MAIN_DB_PREFIX.'action_reminder WHERE rowid = '.$listofreminderid.' AND fk_user = '.$user->id;
+	//$sql = 'DELETE FROM '.MAIN_DB_PREFIX.'action_reminder WHERE rowid = '.$listofreminderid.' AND fk_user = '.$user->id;
-		$sql = 'UPDATE '.MAIN_DB_PREFIX.'actioncomm_reminder SET status = 1';
+	$sql = 'UPDATE '.MAIN_DB_PREFIX.'actioncomm_reminder SET status = 1';
-		$sql .= ' WHERE status = 0 AND rowid = '.$listofreminderid.' AND fk_user = '.$user->id.' AND entity = '.$conf->entity;
+	$sql .= ' WHERE status = 0 AND rowid IN ('.$db->sanitize($db->escape($listofreminderid)).')';
-		$resql = $db->query($sql);
+	$sql .= ' AND fk_user = '.$user->id.' AND entity = '.$conf->entity;
-		if (!$resql) {
+	$resql = $db->query($sql);
-			dol_print_error($db);
+	if (!$resql) {
-		}
+		dol_print_error($db);
 	}
 	//}
 	include_once DOL_DOCUMENT_ROOT.'/core/lib/date.lib.php';
@ -90,7 +91,7 @@ if ($action == 'stopreminder') {
 * View
 */
-top_httphead('text/html'); // TODO Use a json mime type
+top_httphead('application/json');
 global $user, $db, $langs, $conf;
@ -102,9 +103,9 @@ $eventfound = array();
 // TODO Try to make a solution with only a javascript timer that is easier. Difficulty is to avoid notification twice when several tabs are opened.
 // This need to extend period to be sure to not miss and save in session what we notified to avoid duplicate.
-if ($time >= $_SESSION['auto_check_events_not_before'] || GETPOST('forcechecknow', 'int'))
+if (empty($_SESSION['auto_check_events_not_before']) || $time >= $_SESSION['auto_check_events_not_before'] || GETPOST('forcechecknow', 'int'))
 {
-    $time_update = (int) $conf->global->MAIN_BROWSER_NOTIFICATION_FREQUENCY; // Always defined
+    /*$time_update = (int) $conf->global->MAIN_BROWSER_NOTIFICATION_FREQUENCY; // Always defined
    if (!empty($_SESSION['auto_check_events_not_before']))
    {
        // We start scan from the not before so if two tabs were opend at differents seconds and we close one (so the js timer),
@ -121,6 +122,7 @@ if ($time >= $_SESSION['auto_check_events_not_before'] || GETPOST('forcechecknow
    }
    $_SESSION['auto_check_events_not_before'] = $time + $time_update;
 	*/
    // Force save of the session change we did.
    // WARNING: Any change in sessions after that will not be saved !
@ -131,19 +133,19 @@ if ($time >= $_SESSION['auto_check_events_not_before'] || GETPOST('forcechecknow
    dol_syslog('NEW $_SESSION[auto_check_events_not_before]='.$_SESSION['auto_check_events_not_before']);
-    $sql = 'SELECT a.id, a.code, a.datep, a.label, a.location, ar.rowid as id_reminder, ar.dateremind, ar.fk_user as id_user_reminder';
+    $sql = 'SELECT a.id as id_agenda, a.code, a.datep, a.label, a.location, ar.rowid as id_reminder, ar.dateremind, ar.fk_user as id_user_reminder';
    $sql .= ' FROM '.MAIN_DB_PREFIX.'actioncomm as a';
    if (!empty($user->conf->MAIN_USER_WANT_ALL_EVENTS_NOTIFICATIONS)) {
    	$sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'actioncomm_reminder as ar ON a.id = ar.fk_actioncomm AND ar.fk_user = '.$user->id;
    	$sql .= ' WHERE a.code <> "AC_OTH_AUTO"';
    	$sql .= ' AND (';
    	$sql .= " (ar.typeremind = 'browser' AND ar.dateremind < '".$db->idate(dol_now())."' AND ar.status = 0 AND ar.entity = ".$conf->entity;
    	$sql .= " OR (a.datep BETWEEN '".$db->idate($starttime)."' AND '".$db->idate($time + $time_update - 1)."')";
    	$sql .= ' )';
    } else {
    	$sql .= ' JOIN '.MAIN_DB_PREFIX.'actioncomm_reminder as ar ON a.id = ar.fk_actioncomm AND ar.fk_user = '.$user->id;
    	$sql .= " AND ar.typeremind = 'browser' AND ar.dateremind < '".$db->idate(dol_now())."' AND ar.status = 0 AND ar.entity = ".$conf->entity;
    }
    $sql .= $db->order('datep', 'ASC');
    $sql .= ' LIMIT 10'; // Avoid too many notification at once
    $resql = $db->query($sql);
@ -153,8 +155,8 @@ if ($time >= $_SESSION['auto_check_events_not_before'] || GETPOST('forcechecknow
            // Message must be formated and translated to be used with javascript directly
            $event = array();
            $event['type'] = 'agenda';
            $event['id'] = $obj->id;
            $event['id_reminder'] = $obj->id_reminder;
            $event['id_agenda'] = $obj->id_agenda;
            $event['id_user'] = $obj->id_user_reminder;
            $event['code'] = $obj->code;
            $event['label'] = $obj->label;
@ -162,11 +164,11 @@ if ($time >= $_SESSION['auto_check_events_not_before'] || GETPOST('forcechecknow
            $event['reminder_date_formated'] = dol_print_date($db->jdate($obj->dateremind), 'standard');
            $event['event_date_start_formated'] = dol_print_date($db->jdate($obj->datep), 'standard');
-            $eventfound[] = $event;
+            $eventfound[$obj->id_agenda] = $event;
        }
    } else {
        dol_syslog("Error sql = ".$db->lasterror(), LOG_ERR);
    }
 }
-print json_encode($eventfound);
+print json_encode(array('pastreminders'=>$eventfound, 'nextreminder'=>''));
--- a/htdocs/core/boxes/modules_boxes.php
+++ b/htdocs/core/boxes/modules_boxes.php
@ -143,10 +143,10 @@ class ModeleBoxes // Can't be abtract as it is instantiated to build "empty" box
 		global $conf;
 		// Recupere liste des boites d'un user si ce dernier a sa propre liste
-		$sql = "SELECT b.rowid, b.box_id, b.position, b.box_order, b.fk_user";
+		$sql = "SELECT b.rowid as id, b.box_id, b.position, b.box_order, b.fk_user";
 		$sql .= " FROM ".MAIN_DB_PREFIX."boxes as b";
 		$sql .= " WHERE b.entity = ".$conf->entity;
-		$sql .= " AND b.rowid = ".$rowid;
+		$sql .= " AND b.rowid = ".((int) $rowid);
 		dol_syslog(get_class($this)."::fetch rowid=".$rowid);
 		$resql = $this->db->query($sql);
@ -155,7 +155,8 @@ class ModeleBoxes // Can't be abtract as it is instantiated to build "empty" box
 			$obj = $this->db->fetch_object($resql);
 			if ($obj)
 			{
-				$this->rowid = $obj->rowid;
+				$this->id = $obj->id;
 				$this->rowid = $obj->id;	// For backward compatibility
 				$this->box_id = $obj->box_id;
 				$this->position = $obj->position;
 				$this->box_order = $obj->box_order;
--- a/htdocs/core/class/commondocgenerator.class.php
+++ b/htdocs/core/class/commondocgenerator.class.php
@ -397,6 +397,8 @@ abstract class CommonDocGenerator
 		$array_key.'_payment_term_code'=>$object->cond_reglement_code,
 		$array_key.'_payment_term'=>($outputlangs->transnoentitiesnoconv('PaymentCondition'.$object->cond_reglement_code) != 'PaymentCondition'.$object->cond_reglement_code ? $outputlangs->transnoentitiesnoconv('PaymentCondition'.$object->cond_reglement_code) : ($object->cond_reglement_doc ? $object->cond_reglement_doc : $object->cond_reglement)),
        $array_key.'_incoterms'=>(method_exists($object, 'display_incoterms') ? $object->display_incoterms() : ''),
 		$array_key.'_bank_iban'=>$bank_account->iban,
 		$array_key.'_bank_bic'=>$bank_account->bic,
--- a/htdocs/core/class/commoninvoice.class.php
+++ b/htdocs/core/class/commoninvoice.class.php
@ -544,7 +544,7 @@ abstract class CommonInvoice extends CommonObject
 		        $labelStatus = $langs->trans('BillStatusClosedPaidPartially');
 		        $labelStatusShort = $langs->trans('Bill'.$prefix.'StatusClosedPaidPartially');
 		        $statusType = 'status9';
-		    } elseif ($alreadypaid <= 0) {
+		    } elseif ($alreadypaid == 0) {
 		        $labelStatus = $langs->trans('BillStatusNotPaid');
 		        $labelStatusShort = $langs->trans('Bill'.$prefix.'StatusNotPaid');
 		        $statusType = 'status1';
--- a/htdocs/core/class/commonobject.class.php
+++ b/htdocs/core/class/commonobject.class.php
@ -5741,11 +5741,9 @@ abstract class CommonObject
 		}
 		// Set value of $morecss. For this, we use in priority showsize from parameters, then $val['css'] then autodefine
-		if (empty($morecss) && !empty($val['css']))
+		if (empty($morecss) && !empty($val['css'])) {
 		{
 			$morecss = $val['css'];
-		} elseif (empty($morecss))
+		} elseif (empty($morecss)) {
 		{
 			if ($type == 'date')
 			{
 				$morecss = 'minwidth100imp';
@ -5792,16 +5790,16 @@ abstract class CommonObject
 		{
 			$tmp = explode(',', $size);
 			$newsize = $tmp[0];
-			$out = '<input type="text" class="flat '.$morecss.' maxwidthonsmartphone" name="'.$keyprefix.$key.$keysuffix.'" id="'.$keyprefix.$key.$keysuffix.'" maxlength="'.$newsize.'" value="'.dol_escape_htmltag($value).'"'.($moreparam ? $moreparam : '').($autofocusoncreate ? ' autofocus' : '').'>';
+			$out = '<input type="text" class="flat '.$morecss.'" name="'.$keyprefix.$key.$keysuffix.'" id="'.$keyprefix.$key.$keysuffix.'" maxlength="'.$newsize.'" value="'.dol_escape_htmltag($value).'"'.($moreparam ? $moreparam : '').($autofocusoncreate ? ' autofocus' : '').'>';
 		} elseif (in_array($type, array('real')))
 		{
-			$out = '<input type="text" class="flat '.$morecss.' maxwidthonsmartphone" name="'.$keyprefix.$key.$keysuffix.'" id="'.$keyprefix.$key.$keysuffix.'" value="'.dol_escape_htmltag($value).'"'.($moreparam ? $moreparam : '').($autofocusoncreate ? ' autofocus' : '').'>';
+			$out = '<input type="text" class="flat '.$morecss.'" name="'.$keyprefix.$key.$keysuffix.'" id="'.$keyprefix.$key.$keysuffix.'" value="'.dol_escape_htmltag($value).'"'.($moreparam ? $moreparam : '').($autofocusoncreate ? ' autofocus' : '').'>';
 		} elseif (preg_match('/varchar/', $type))
 		{
-			$out = '<input type="text" class="flat '.$morecss.' maxwidthonsmartphone" name="'.$keyprefix.$key.$keysuffix.'" id="'.$keyprefix.$key.$keysuffix.'" maxlength="'.$size.'" value="'.dol_escape_htmltag($value).'"'.($moreparam ? $moreparam : '').($autofocusoncreate ? ' autofocus' : '').'>';
+			$out = '<input type="text" class="flat '.$morecss.'" name="'.$keyprefix.$key.$keysuffix.'" id="'.$keyprefix.$key.$keysuffix.'" maxlength="'.$size.'" value="'.dol_escape_htmltag($value).'"'.($moreparam ? $moreparam : '').($autofocusoncreate ? ' autofocus' : '').'>';
 		} elseif (in_array($type, array('mail', 'phone', 'url')))
 		{
-			$out = '<input type="text" class="flat '.$morecss.' maxwidthonsmartphone" name="'.$keyprefix.$key.$keysuffix.'" id="'.$keyprefix.$key.$keysuffix.'" value="'.dol_escape_htmltag($value).'" '.($moreparam ? $moreparam : '').($autofocusoncreate ? ' autofocus' : '').'>';
+			$out = '<input type="text" class="flat '.$morecss.'" name="'.$keyprefix.$key.$keysuffix.'" id="'.$keyprefix.$key.$keysuffix.'" value="'.dol_escape_htmltag($value).'" '.($moreparam ? $moreparam : '').($autofocusoncreate ? ' autofocus' : '').'>';
 		} elseif ($type == 'text')
 		{
 			if (!preg_match('/search_/', $keyprefix))		// If keyprefix is search_ or search_options_, we must just use a simple text field
@ -6641,7 +6639,7 @@ abstract class CommonObject
 					// Show only the key field in params
 					if (is_array($params) && array_key_exists('onlykey', $params) && $key != $params['onlykey']) continue;
-					// @todo Add test also on 'enabled' (different than 'list' that is 'visibility')
+					// Test on 'enabled' ('enabled' is different than 'list' = 'visibility')
 					$enabled = 1;
 					if ($enabled && isset($extrafields->attributes[$this->table_element]['enabled'][$key]))
 					{
@ -6686,13 +6684,17 @@ abstract class CommonObject
 					switch ($mode) {
 						case "view":
-							$value = $this->array_options["options_".$key.$keysuffix];
+							$value = $this->array_options["options_".$key.$keysuffix];	// Value may be clean or formated later
 							break;
 						case "create":
 						case "edit":
-							$check = 'restricthtml';
+							// We get the value of property found with GETPOST so it takes into account:
-							// TODO Use check = 'alphahtml' or 'int' for some types
+							// default values overwrite, restore back to list link, ... (but not 'default value in database' of field)
-							$getposttemp = GETPOST($keyprefix.'options_'.$key.$keysuffix, $check); // GETPOST can get value from GET, POST or setup of default values.
+							$check = 'alphanohtml';
 							if (in_array($extrafields->attributes[$this->table_element]['type'][$key], array('html', 'text'))) {
 								$check = 'restricthtml';
 							}
 							$getposttemp = GETPOST($keyprefix.'options_'.$key.$keysuffix, $check, 3); // GETPOST can get value from GET, POST or setup of default values overwrite.
 							// GETPOST("options_" . $key) can be 'abc' or array(0=>'abc')
 							if (is_array($getposttemp) || $getposttemp != '' || GETPOSTISSET($keyprefix.'options_'.$key.$keysuffix))
 							{
@ -6757,18 +6759,18 @@ abstract class CommonObject
 							{
 								$datenotinstring = $this->db->jdate($datenotinstring);
 							}
-							$value = GETPOSTISSET($keyprefix.'options_'.$key.$keysuffix) ?dol_mktime(GETPOST($keyprefix.'options_'.$key.$keysuffix."hour", 'int', 3), GETPOST($keyprefix.'options_'.$key.$keysuffix."min", 'int', 3), 0, GETPOST($keyprefix.'options_'.$key.$keysuffix."month", 'int', 3), GETPOST($keyprefix.'options_'.$key.$keysuffix."day", 'int', 3), GETPOST($keyprefix.'options_'.$key.$keysuffix."year", 'int', 3)) : $datenotinstring;
+							$value = (GETPOSTISSET($keyprefix.'options_'.$key.$keysuffix) || $value) ? dol_mktime(GETPOST($keyprefix.'options_'.$key.$keysuffix."hour", 'int', 3), GETPOST($keyprefix.'options_'.$key.$keysuffix."min", 'int', 3), 0, GETPOST($keyprefix.'options_'.$key.$keysuffix."month", 'int', 3), GETPOST($keyprefix.'options_'.$key.$keysuffix."day", 'int', 3), GETPOST($keyprefix.'options_'.$key.$keysuffix."year", 'int', 3)) : $datenotinstring;
 						}
 						// Convert float submited string into real php numeric (value in memory must be a php numeric)
 						if (in_array($extrafields->attributes[$this->table_element]['type'][$key], array('price', 'double')))
 						{
-							$value = GETPOSTISSET($keyprefix.'options_'.$key.$keysuffix) ?price2num(GETPOST($keyprefix.'options_'.$key.$keysuffix, 'alpha', 3)) : $this->array_options['options_'.$key];
+							$value = (GETPOSTISSET($keyprefix.'options_'.$key.$keysuffix) || $value) ? price2num($value) : $this->array_options['options_'.$key];
 						}
-						// HTML, select, integer and text add default value
+
-						if (in_array($extrafields->attributes[$this->table_element]['type'][$key], array('html', 'text', 'select', 'int')))
+						// HTML, text, select, integer and varchar: take into account default value in database if in create mode
 						if (in_array($extrafields->attributes[$this->table_element]['type'][$key], array('html', 'text', 'varchar', 'select', 'int')))
 						{
-							if ($action == 'create') $value = GETPOSTISSET($keyprefix.'options_'.$key.$keysuffix) ? GETPOST($keyprefix.'options_'.$key.$keysuffix, 'restricthtml', 3) : $extrafields->attributes[$this->table_element]['default'][$key];
+							if ($action == 'create') $value = (GETPOSTISSET($keyprefix.'options_'.$key.$keysuffix) || $value) ? $value : $extrafields->attributes[$this->table_element]['default'][$key];
 							else $value = $this->array_options['options_'.$key];
 						}
 						$labeltoshow = $langs->trans($label);
@ -6802,6 +6804,8 @@ abstract class CommonObject
 								$out .= $extrafields->showOutputField($key, $value);
 								break;
 							case "create":
 								$out .= $extrafields->showInputField($key, $value, '', $keysuffix, '', 0, $this->id, $this->table_element);
 								break;
 							case "edit":
 								$out .= $extrafields->showInputField($key, $value, '', $keysuffix, '', 0, $this->id, $this->table_element);
 								break;
--- a/htdocs/core/class/extrafields.class.php
+++ b/htdocs/core/class/extrafields.class.php
@ -132,6 +132,19 @@ class ExtraFields
 	 */
 	public $attribute_list;
 	/**
 	 * @var array Array to store if field is summable
 	 * @deprecated
 	 */
 	public $attribute_totalizable;
 	/**
 	 * @var array Array to store entity id of extrafield
 	 * @deprecated
 	 */
 	public $attribute_entityid;
 	/**
 	 * @var array New array to store extrafields definition
 	 */
--- a/htdocs/core/class/html.form.class.php
+++ b/htdocs/core/class/html.form.class.php
@ -4038,7 +4038,7 @@ class Form
 	 *													type can be 'hidden', 'text', 'password', 'checkbox', 'radio', 'date', 'morecss', ...
 	 * 	   @param  	string			$selectedchoice  	'' or 'no', or 'yes' or '1' or '0'
 	 * 	   @param  	int|string		$useajax		   	0=No, 1=Yes, 2=Yes but submit page with &confirm=no if choice is No, 'xxx'=Yes and preoutput confirm box with div id=dialog-confirm-xxx
-	 *     @param  	int				$height          	Force height of box (0 = auto)
+	 *     @param  	int|string		$height          	Force height of box (0 = auto)
 	 *     @param	int				$width				Force width of box ('999' or '90%'). Ignored and forced to 90% on smartphones.
 	 *     @param	int				$disableformtag		1=Disable form tag. Can be used if we are already inside a <form> section.
 	 *     @return 	string      		    			HTML ajax code if a confirm ajax popup is required, Pure HTML code if it's an html form
@ -4058,7 +4058,7 @@ class Form
 		// Set height automatically if not defined
 		if (empty($height)) {
-			$height = 210;
+			$height = 220;
 			if (is_array($formquestion) && count($formquestion) > 2) {
 				$height += ((count($formquestion) - 2) * 24);
 			}
@ -5280,10 +5280,11 @@ class Form
 	 *  @param  string      $openinghours   Specify hour start and hour end for the select ex 8,20
 	 *  @param  int         $stepminutes    Specify step for minutes between 1 and 30
 	 *  @param	string		$labeladddateof Label to use for the $adddateof parameter.
 	 *  @param	string 		$placeholder    Placeholder
 	 * 	@return string                      Html for selectDate
 	 *  @see    form_date(), select_month(), select_year(), select_dayofweek()
 	 */
-	public function selectDate($set_time = '', $prefix = 're', $h = 0, $m = 0, $empty = 0, $form_name = "", $d = 1, $addnowlink = 0, $disabled = 0, $fullday = '', $addplusone = '', $adddateof = '', $openinghours = '', $stepminutes = 1, $labeladddateof = '')
+	public function selectDate($set_time = '', $prefix = 're', $h = 0, $m = 0, $empty = 0, $form_name = "", $d = 1, $addnowlink = 0, $disabled = 0, $fullday = '', $addplusone = '', $adddateof = '', $openinghours = '', $stepminutes = 1, $labeladddateof = '', $placeholder = '')
 	{
 		global $conf, $langs;
@ -5420,6 +5421,7 @@ class Form
 					$retstring .= '<div class="nowrap inline-block">';
 					$retstring .= '<input id="'.$prefix.'" name="'.$prefix.'" type="text" class="maxwidthdate" maxlength="11" value="'.$formated_date.'"';
 					$retstring .= ($disabled ? ' disabled' : '');
 					$retstring .= ($placeholder ? ' placeholder="'.$placeholder.'"' : '');
 					$retstring .= ' onChange="dpChangeDay(\''.$prefix.'\',\''.$langs->trans("FormatDateShortJavaInput").'\'); "'; // FormatDateShortInput for dol_print_date / FormatDateShortJavaInput that is same for javascript
 					$retstring .= '>';
@ -6461,11 +6463,12 @@ class Form
 							 	templateSelection: formatSelection		/* For 4.0 */
 							});
 						});'."\n";
-			} elseif ($addjscombo == 2)
+			} elseif ($addjscombo == 2 && ! defined('DISABLE_MULTISELECT'))
 			{
 				// Add other js lib
 				// TODO external lib multiselect/jquery.multi-select.js must have been loaded to use this multiselect plugin
 				// ...
 				$out .= 'console.log(\'addjscombo=2 for htmlname='.$htmlname.'\');';
 				$out .= '$(document).ready(function () {
 							$(\'#'.$htmlname.'\').multiSelect({
 								containerHTML: \'<div class="multi-select-container">\',
@ -7158,7 +7161,7 @@ class Form
 		}
 		//if ($conf->browser->layout == 'phone') $ret.='<div class="clearboth"></div>';
-		$ret .= '<div class="inline-block floatleft valignmiddle maxwidth750 refid'.(($shownav && ($previous_ref || $next_ref)) ? ' refidpadding' : '').'">';
+		$ret .= '<div class="inline-block floatleft valignmiddle maxwidth750 marginbottomonly refid'.(($shownav && ($previous_ref || $next_ref)) ? ' refidpadding' : '').'">';
 		// For thirdparty, contact, user, member, the ref is the id, so we show something else
 		if ($object->element == 'societe')
--- a/htdocs/core/class/html.formfile.class.php
+++ b/htdocs/core/class/html.formfile.class.php
@ -1252,7 +1252,7 @@ class FormFile
 							} else {
 								print '<a href="'.$urlforhref['url'].'" class="'.$urlforhref['css'].'" target="'.$urlforhref['target'].'" mime="'.$urlforhref['mime'].'">';
 							}
-							print '<img class="photo maxwidth200" height="'.(($useinecm == 4 || $useinecm == 5 || $useinecm == 6) ? '12' : $maxheightmini).'" src="'.DOL_URL_ROOT.'/viewimage.php?modulepart='.$modulepart.'&entity='.(!empty($object->entity) ? $object->entity : $conf->entity).'&file='.urlencode($relativepath.$smallfile).'" title="">';
+							print '<img class="photo maxwidth200 shadow" height="'.(($useinecm == 4 || $useinecm == 5 || $useinecm == 6) ? '12' : $maxheightmini).'" src="'.DOL_URL_ROOT.'/viewimage.php?modulepart='.$modulepart.'&entity='.(!empty($object->entity) ? $object->entity : $conf->entity).'&file='.urlencode($relativepath.$smallfile).'" title="">';
 							print '</a>';
 						} else print '&nbsp;';
 						print '</td>';
--- a/htdocs/core/class/html.formother.class.php
+++ b/htdocs/core/class/html.formother.class.php
@ -1048,6 +1048,7 @@ class FormOther
        	// Class Form must have been already loaded
        	$selectboxlist .= '<!-- Form with select box list -->'."\n";
 			$selectboxlist .= '<form id="addbox" name="addbox" method="POST" action="'.$_SERVER["PHP_SELF"].'">';
 			$selectboxlist .= '<input type="hidden" name="token" value="'.newToken().'">';
 			$selectboxlist .= '<input type="hidden" name="addbox" value="addbox">';
 			$selectboxlist .= '<input type="hidden" name="userid" value="'.$user->id.'">';
 			$selectboxlist .= '<input type="hidden" name="areacode" value="'.$areacode.'">';
--- a/htdocs/core/class/menu.class.php
+++ b/htdocs/core/class/menu.class.php
@ -120,7 +120,8 @@ class Menu
        $nb = 0;
        foreach ($this->liste as $val)
        {
-            if (!empty($val['enabled'])) $nb++;
+        	//if (dol_eval($val['enabled'], 1)) $nb++;
        	if (!empty($val['enabled'])) $nb++;			// $val['enabled'] is already evaluated to 0 or 1, no need for dol_eval()
        }
        return $nb;
    }
--- a/htdocs/core/js/lib_head.js.php
+++ b/htdocs/core/js/lib_head.js.php
@ -1130,4 +1130,15 @@ $(document).ready(function() {
 });
 <?php } ?>
 // Force to hide menus when page is inside an iFrame
 $(document).ready(function() {
 	if (window.location !== window.parent.location ) {
 		console.log("Page is detected to be into an iframe, we hide by CSS the menus");
 		// The page is in an iframe
 		jQuery(".side-nav-vert, .side-nav").hide();
 		jQuery(".id-container").css('width', '100%');
 	}
 });
 // End of lib_head.js.php
--- a/htdocs/core/js/lib_notification.js.php
+++ b/htdocs/core/js/lib_notification.js.php
@ -74,10 +74,13 @@ if (!($_SERVER['HTTP_REFERER'] === $dolibarr_main_url_root.'/' || $_SERVER['HTTP
            $.ajax("<?php print DOL_URL_ROOT.'/core/ajax/check_notifications.php'; ?>", {
                type: "post",   // Usually post or get
                async: true,
-                data: { time_js_next_test: time_js_next_test },
+                data: { time_js_next_test: time_js_next_test, forcechecknow: 1, token: 'notrequired' },
                dataType: "json",
                success: function (result) {
-                    var arr = JSON.parse(result);
+                	console.log(result);
-                    if (arr.length > 0) {
+                    var arrayofpastreminders = Object.values(result.pastreminders);
                    console.log("arrayofpastreminders.length"+arrayofpastreminders.length);
                    if (arrayofpastreminders && arrayofpastreminders.length > 0) {
                    	var audio = null;
                        <?php
 						if (!empty($conf->global->AGENDA_REMINDER_BROWSER_SOUND)) {
@ -85,48 +88,52 @@ if (!($_SERVER['HTTP_REFERER'] === $dolibarr_main_url_root.'/' || $_SERVER['HTTP
 						}
 						?>
 						var listofreminderids = '';
 						var noti = []
-                        $.each(arr, function (index, value) {
+                        $.each(arrayofpastreminders, function (index, value) {
                        	console.log(value);
                            var url = "notdefined";
                            var title = "Not defined";
-                            var body = value['type'] + ': ' + value['label'];
+                            var body = value.label;
-                            if (value['type'] == 'agenda' && value['location'] != null && value['location'] != '') {
+                            if (value.type == 'agenda' && value.location != null && value.location != '') {
-                                body += '\n' + value['location'];
+                                body += '\n' + value.location;
                            }
-                            if(value['type'] == 'agenda' && (value['event_date_start_formated'] != null || event_date_start_formated['event_date_start'] != '')) {
+                            if (value.type == 'agenda' && (value.event_date_start_formated != null || value.event_date_start_formated['event_date_start'] != '')) {
-                                body += '\n' + value['event_date_start_formated'];
+                                body += '\n' + value.event_date_start_formated;
                            }
-                            if (value['type'] == 'agenda')
+                            if (value.type == 'agenda')
                            {
-                             	url = '<?php echo DOL_URL_ROOT.'/comm/action/card.php?id='; ?>' + value['id'];
+                             	url = '<?php echo DOL_URL_ROOT.'/comm/action/card.php?id='; ?>' + value.id_agenda;
-                                title = '<?php print $langs->trans('Agenda') ?>';
+                                title = '<?php print $langs->trans('EventReminder') ?>';
                            }
                            var extra = {
                                icon: '<?php print DOL_URL_ROOT.'/theme/common/bell.png'; ?>',
                                //image: '<?php print DOL_URL_ROOT.'/theme/common/bell.png'; ?>',
                                body: body,
-                                tag: value['id']
+                                tag: value.id_agenda,
                                requireInteraction: true
                            };
                            // We release the notify
                            console.log("Send notification on browser");
-                            var noti = new Notification(title, extra);
+                            noti[index] = new Notification(title, extra);
                            if (index==0 && audio)
                            {
                            	audio.play();
                            }
-                            if (noti) {
+                            if (noti[index]) {
-	                            noti.onclick = function (event) {
+	                            noti[index].onclick = function (event) {
 	                                console.log("A click on notification on browser has been done");
 	                                event.preventDefault(); // prevent the browser from focusing the Notification's tab
 	                                window.focus();
 	                                window.open(url, '_blank');
-	                                noti.close();
+	                                noti[index].close();
 	                            };
-	                            listofreminderids = listofreminderids + '-' + value['id_reminder']
+	                            listofreminderids = (listofreminderids == '' ? '' : listofreminderids + ',') + value.id_reminder
 	                        }
                        });
@ -135,8 +142,10 @@ if (!($_SERVER['HTTP_REFERER'] === $dolibarr_main_url_root.'/' || $_SERVER['HTTP
 						$.ajax("<?php print DOL_URL_ROOT.'/core/ajax/check_notifications.php?action=stopreminder&listofreminderids='; ?>"+listofreminderids, {
 			                type: "post",   // Usually post or get
 			                async: true,
-			                data: { time_js_next_test: time_js_next_test }
+			                data: { time_js_next_test: time_js_next_test, token: 'notrequired' }
-			                });
+			            });
                    } else {
                    	console.log("No past reminder found, next try at "+time_js_next_test);
                    }
                }
            });
--- a/htdocs/core/lib/date.lib.php
+++ b/htdocs/core/lib/date.lib.php
@ -466,8 +466,8 @@ function dol_get_next_week($day, $week, $month, $year)
 *	@param		int			$year		Year
 * 	@param		int			$month		Month
 * 	@param		mixed		$gm			False or 0 or 'server' = Return date to compare with server TZ, True or 1 to compare with GM date.
- *                          			Exemple: dol_get_first_day(1970,1,false) will return -3600 with TZ+1, after a dol_print_date will return 1970-01-01 00:00:00
+ *                          			Exemple: dol_get_first_day(1970,1,false) will return -3600 with TZ+1, a dol_print_date on it will return 1970-01-01 00:00:00
- *                          			Exemple: dol_get_first_day(1970,1,true) will return 0 whatever is TZ, after a dol_print_date will return 1970-01-01 00:00:00
+ *                          			Exemple: dol_get_first_day(1970,1,true) will return 0 whatever is TZ, a dol_print_date on it will return 1970-01-01 00:00:00
 *  @return		int						Date for first day, '' if error
 */
 function dol_get_first_day($year, $month = 1, $gm = false)
@ -502,6 +502,28 @@ function dol_get_last_day($year, $month = 12, $gm = false)
 	return $datelim;
 }
 /**	Return GMT time for last hour of a given GMT date (it removes hours, min and second part)
 *
 *	@param		int			$date		Date
 *  @return		int						Date for last hour of a given date
 */
 function dol_get_last_hour($date)
 {
 	$tmparray = dol_getdate($date);
 	return dol_mktime(23, 59, 59, $tmparray['mon'], $tmparray['mday'], $tmparray['year'], false);
 }
 /**	Return GMT time for first hour of a given GMT date (it removes hours, min and second part)
 *
 *	@param		int			$date		Date
 *  @return		int						Date for last hour of a given date
 */
 function dol_get_first_hour($date)
 {
 	$tmparray = dol_getdate($date);
 	return dol_mktime(0, 0, 0, $tmparray['mon'], $tmparray['mday'], $tmparray['year'], false);
 }
 /**	Return first day of week for a date. First day of week may be monday if option MAIN_START_WEEK is 1.
 *
 *	@param		int		$day		Day
--- a/htdocs/core/lib/functions.lib.php
+++ b/htdocs/core/lib/functions.lib.php
@ -389,7 +389,6 @@ function GETPOST($paramname, $check = 'alphanohtml', $method = 0, $filter = null
 								if ($qualified)
 								{
 									//var_dump($user->default_values[$relativepathstring][$defkey]['createform']);
 									if (isset($user->default_values[$relativepathstring]['createform'][$defkey][$paramname]))
 									{
 										$out = $user->default_values[$relativepathstring]['createform'][$defkey][$paramname];
@ -1350,19 +1349,28 @@ function dol_get_fiche_head($links = array(), $active = '', $title = '', $notab
 	{
 		$left = ($langs->trans("DIRECTION") == 'rtl' ? 'right' : 'left');
 		$right = ($langs->trans("DIRECTION") == 'rtl' ? 'left' : 'right');
 		$widthofpopup = 200;
 		$tabsname = $moretabssuffix;
 		if (empty($tabsname)) { $tabsname = str_replace("@", "", $picto); }
 		$out .= '<div id="moretabs'.$tabsname.'" class="inline-block tabsElem">';
-		$out .= '<a href="#" class="tab moretab inline-block tabunactive reposition">'.$langs->trans("More").'... ('.$nbintab.')</a>';
+		$out .= '<a href="#" class="tab moretab inline-block tabunactive">'.$langs->trans("More").'... ('.$nbintab.')</a>';	// Do not use "reposition" class in the "More".
-		$out .= '<div id="moretabsList'.$tabsname.'" style="position: absolute; '.$left.': -999em; text-align: '.$left.'; margin:0px; padding:2px; z-index:10;">';
+		$out .= '<div id="moretabsList'.$tabsname.'" style="width: '.$widthofpopup.'px; position: absolute; '.$left.': -999em; text-align: '.$left.'; margin:0px; padding:2px; z-index:10;">';
 		$out .= $outmore;
 		$out .= '</div>';
 		$out .= '<div></div>';
 		$out .= "</div>\n";
 		$out .= "<script>";
-		$out .= "$('#moretabs".$tabsname."').mouseenter( function() { console.log('mouseenter ".$left."'); $('#moretabsList".$tabsname."').css('".$left."','auto');});";
+		$out .= "$('#moretabs".$tabsname."').mouseenter( function() {
 			var x = this.offsetLeft, y = this.offsetTop;
 			console.log('mouseenter ".$left." x='+x+' y='+y+' window.innerWidth='+window.innerWidth);
 			if ((window.innerWidth - x) < ".($widthofpopup+10).") {
 				$('#moretabsList".$tabsname."').css('".$right."','8px');
 			}
 			$('#moretabsList".$tabsname."').css('".$left."','auto');
 			});
 		";
 		$out .= "$('#moretabs".$tabsname."').mouseleave( function() { console.log('mouseleave ".$left."'); $('#moretabsList".$tabsname."').css('".$left."','-999em');});";
 		$out .= "</script>";
 	}
@ -3850,7 +3858,7 @@ function info_admin($text, $infoonimgalt = 0, $nodiv = 0, $admin = '1', $morecss
 		$result = ($nodiv ? '' : '<div class="'.$class.' hideonsmartphone'.($morecss ? ' '.$morecss : '').($textfordropdown ? ' hidden' : '').'">').'<span class="fa fa-info-circle" title="'.dol_escape_htmltag($admin ? $langs->trans('InfoAdmin') : $langs->trans('Note')).'"></span> '.$text.($nodiv ? '' : '</div>');
 		if ($textfordropdown) {
-			$tmpresult .= '<span class="'.$class.'text opacitymedium">'.$langs->trans($textfordropdown).' '.img_picto($langs->trans($textfordropdown), '1downarrow').'</span>';
+			$tmpresult .= '<span class="'.$class.'text opacitymedium cursorpointer">'.$langs->trans($textfordropdown).' '.img_picto($langs->trans($textfordropdown), '1downarrow').'</span>';
 			$tmpresult .= '<script type="text/javascript" language="javascript">
 				jQuery(document).ready(function() {
 					jQuery(".'.$class.'text").click(function() {
@ -3887,20 +3895,21 @@ function dol_print_error($db = '', $error = '', $errors = null)
 	$out = '';
 	$syslog = '';
-	// Si erreur intervenue avant chargement langue
+	// If error occurs before the $lang object was loaded
 	if (!$langs)
 	{
 		require_once DOL_DOCUMENT_ROOT.'/core/class/translate.class.php';
 		$langs = new Translate('', $conf);
 		$langs->load("main");
 	}
-	// Load translation files required by the page
+
 	// Load translation files required by the error messages
 	$langs->loadLangs(array('main', 'errors'));
 	if ($_SERVER['DOCUMENT_ROOT'])    // Mode web
 	{
 		$out .= $langs->trans("DolibarrHasDetectedError").".<br>\n";
-		if (!empty($conf->global->MAIN_FEATURES_LEVEL)) $out .= "You use an experimental or develop level of features, so please do NOT report any bugs, except if problem is confirmed moving option MAIN_FEATURES_LEVEL back to 0.<br>\n";
+		if (!empty($conf->global->MAIN_FEATURES_LEVEL)) $out .= "You use an experimental or develop level of features, so please do NOT report any bugs or vulnerability, except if problem is confirmed after moving option MAIN_FEATURES_LEVEL back to 0.<br>\n";
 		$out .= $langs->trans("InformationToHelpDiagnose").":<br>\n";
 		$out .= "<b>".$langs->trans("Date").":</b> ".dol_print_date(time(), 'dayhourlog')."<br>\n";
@ -3910,7 +3919,7 @@ function dol_print_error($db = '', $error = '', $errors = null)
 		{
 			$out .= "<b>".$langs->trans("PHP").":</b> ".phpversion()."<br>\n";
 		}
-		$out .= "<b>".$langs->trans("Server").":</b> ".$_SERVER["SERVER_SOFTWARE"]."<br>\n";
+		$out .= "<b>".$langs->trans("Server").":</b> ".dol_htmlentities($_SERVER["SERVER_SOFTWARE"])."<br>\n";
 		if (function_exists("php_uname"))
 		{
 			$out .= "<b>".$langs->trans("OS").":</b> ".php_uname()."<br>\n";
@ -3918,8 +3927,8 @@ function dol_print_error($db = '', $error = '', $errors = null)
 		$out .= "<b>".$langs->trans("UserAgent").":</b> ".dol_htmlentities($_SERVER["HTTP_USER_AGENT"], ENT_COMPAT, 'UTF-8')."<br>\n";
 		$out .= "<br>\n";
 		$out .= "<b>".$langs->trans("RequestedUrl").":</b> ".dol_htmlentities($_SERVER["REQUEST_URI"], ENT_COMPAT, 'UTF-8')."<br>\n";
-		$out .= "<b>".$langs->trans("Referer").":</b> ".(isset($_SERVER["HTTP_REFERER"]) ?dol_htmlentities($_SERVER["HTTP_REFERER"], ENT_COMPAT, 'UTF-8') : '')."<br>\n";
+		$out .= "<b>".$langs->trans("Referer").":</b> ".(isset($_SERVER["HTTP_REFERER"]) ? dol_htmlentities($_SERVER["HTTP_REFERER"], ENT_COMPAT, 'UTF-8') : '')."<br>\n";
-		$out .= "<b>".$langs->trans("MenuManager").":</b> ".(isset($conf->standard_menu) ? $conf->standard_menu : '')."<br>\n";
+		$out .= "<b>".$langs->trans("MenuManager").":</b> ".(isset($conf->standard_menu) ? dol_htmlentities($conf->standard_menu) : '')."<br>\n";
 		$out .= "<br>\n";
 		$syslog .= "url=".dol_escape_htmltag($_SERVER["REQUEST_URI"]);
 		$syslog .= ", query_string=".dol_escape_htmltag($_SERVER["QUERY_STRING"]);
@ -3939,9 +3948,9 @@ function dol_print_error($db = '', $error = '', $errors = null)
 		if ($_SERVER['DOCUMENT_ROOT'])  // Mode web
 		{
 			$out .= "<b>".$langs->trans("DatabaseTypeManager").":</b> ".$db->type."<br>\n";
-			$out .= "<b>".$langs->trans("RequestLastAccessInError").":</b> ".($db->lastqueryerror() ?dol_escape_htmltag($db->lastqueryerror()) : $langs->trans("ErrorNoRequestInError"))."<br>\n";
+			$out .= "<b>".$langs->trans("RequestLastAccessInError").":</b> ".($db->lastqueryerror() ? dol_escape_htmltag($db->lastqueryerror()) : $langs->trans("ErrorNoRequestInError"))."<br>\n";
-			$out .= "<b>".$langs->trans("ReturnCodeLastAccessInError").":</b> ".($db->lasterrno() ?dol_escape_htmltag($db->lasterrno()) : $langs->trans("ErrorNoRequestInError"))."<br>\n";
+			$out .= "<b>".$langs->trans("ReturnCodeLastAccessInError").":</b> ".($db->lasterrno() ? dol_escape_htmltag($db->lasterrno()) : $langs->trans("ErrorNoRequestInError"))."<br>\n";
-			$out .= "<b>".$langs->trans("InformationLastAccessInError").":</b> ".($db->lasterror() ?dol_escape_htmltag($db->lasterror()) : $langs->trans("ErrorNoRequestInError"))."<br>\n";
+			$out .= "<b>".$langs->trans("InformationLastAccessInError").":</b> ".($db->lasterror() ? dol_escape_htmltag($db->lasterror()) : $langs->trans("ErrorNoRequestInError"))."<br>\n";
 			$out .= "<br>\n";
 		} else // Mode CLI
 		{
@ -3988,8 +3997,14 @@ function dol_print_error($db = '', $error = '', $errors = null)
 		$out .= "<br>\n";
 	}
-	if (empty($dolibarr_main_prod)) print $out;
+	// Return a http error code if possible
-	else {
+	if (! headers_sent()) {
 		http_response_code(500);
 	}
 	if (empty($dolibarr_main_prod)) {
 		print $out;
 	} else {
 		// This should not happen, except if there is a bug somewhere. Enabled and check log in such case.
 		print 'This website or feature is currently temporarly not available or failed after a technical error.<br><br>This may be due to a maintenance operation. Current status of operation are on next line...<br><br>'."\n";
 		$langs->load("errors");
@ -3997,7 +4012,7 @@ function dol_print_error($db = '', $error = '', $errors = null)
 		print $langs->trans("YouCanSetOptionDolibarrMainProdToZero");
 		define("MAIN_CORE_ERROR", 1);
 	}
-	//else print 'Sorry, an error occured but the parameter $dolibarr_main_prod is defined in conf file so no message is reported to your browser. Please read the log file for error message.';
+
 	dol_syslog("Error ".$syslog, LOG_ERR);
 }
@ -4095,15 +4110,14 @@ function getTitleFieldOfList($name, $thead = 0, $file = "", $field = "", $begin
 	//var_dump('field='.$field.' field1='.$field1.' sortfield='.$sortfield.' sortfield1='.$sortfield1);
 	// If field is used as sort criteria we use a specific css class liste_titre_sel
 	// Example if (sortfield,field)=("nom","xxx.nom") or (sortfield,field)=("nom","nom")
 	$liste_titre = 'liste_titre';
 	if ($field1 && ($sortfield1 == $field1 || $sortfield1 == preg_replace("/^[^\.]+\./", "", $field1))) {
-		$out .= '<'.$tag.' class="'.$prefix.'liste_titre_sel" '.$moreattrib;
+		$liste_titre = 'liste_titre_sel';
 		$out .= (($field && empty($conf->global->MAIN_DISABLE_WRAPPING_ON_COLUMN_TITLE) && preg_match('/^[a-zA-Z_0-9\s\.\-:&;]*$/', $name)) ? ' title="'.dol_escape_htmltag($langs->trans($name)).'"' : '');
 		$out .= '>';
 	} else {
 		$out .= '<'.$tag.' class="'.$prefix.'liste_titre" '.$moreattrib;
 		$out .= (($field && empty($conf->global->MAIN_DISABLE_WRAPPING_ON_COLUMN_TITLE) && preg_match('/^[a-zA-Z_0-9\s\.\-:&;]*$/', $name)) ? ' title="'.dol_escape_htmltag($langs->trans($name)).'"' : '');
 		$out .= '>';
 	}
 	$out .= '<'.$tag.' class="'.$prefix.$liste_titre.'" '.$moreattrib;
 	//$out .= (($field && empty($conf->global->MAIN_DISABLE_WRAPPING_ON_COLUMN_TITLE) && preg_match('/^[a-zA-Z_0-9\s\.\-:&;]*$/', $name)) ? ' title="'.dol_escape_htmltag($langs->trans($name)).'"' : '');
 	$out .= (($field && empty($conf->global->MAIN_DISABLE_WRAPPING_ON_COLUMN_TITLE)) ? ' title="'.dol_escape_htmltag($langs->trans($name)).'"' : '');
 	$out .= '>';
 	if (empty($thead) && $field && empty($disablesortlink))    // If this is a sort field
 	{
@ -6118,7 +6132,7 @@ function getCommonSubstitutionArray($outputlangs, $onlykey = 0, $exclude = null,
 			$birthday = dol_print_date($object->birth, 'day');
-			if (is_object($object) && $object->element == 'adherent' && $object->id > 0)
+			if (is_object($object) && ($object->element == 'adherent' || $object->element == 'member') && $object->id > 0)
 			{
 				$substitutionarray['__MEMBER_ID__'] = (isset($object->id) ? $object->id : '');
 				if (method_exists($object, 'getCivilityLabel')) $substitutionarray['__MEMBER_CIVILITY__'] = $object->getCivilityLabel();
@ -7720,7 +7734,7 @@ function dol_getmypid()
 *                             			If param $mode is 2, can contains a list of int id separated by comma like "1,3,4"
 *                             			If param $mode is 3, can contains a list of string separated by comma like "a,b,c"
 * @param	integer			$mode		0=value is list of keyword strings, 1=value is a numeric test (Example ">5.5 <10"), 2=value is a list of ID separated with comma (Example '1,3,4')
- * 										3=value is list of string separated with comma (Example 'text 1,text 2'), 4=value is a list of ID separated with comma (Example '1,3,4') for search into a multiselect string ('1,2')
+ * 										3=value is list of string separated with comma (Example 'text 1,text 2'), 4=value is a list of ID separated with comma (Example '2,7') to be used to search into a multiselect string '1,2,3,4'
 * @param	integer			$nofirstand	1=Do not output the first 'AND'
 * @return 	string 			$res 		The statement to append to the SQL query
 */
@ -7745,11 +7759,10 @@ function natural_search($fields, $value, $mode = 0, $nofirstand = 0)
 	$res = '';
 	if (!is_array($fields)) $fields = array($fields);
 	$nboffields = count($fields);
 	$end2 = count($crits);
 	$j = 0;
 	foreach ($crits as $crit)
 	{
 		$crit = trim($crit);
 		$i = 0; $i2 = 0;
 		$newres = '';
 		foreach ($fields as $field)
@ -7757,10 +7770,10 @@ function natural_search($fields, $value, $mode = 0, $nofirstand = 0)
 			if ($mode == 1)
 			{
 				$operator = '=';
-				$newcrit = preg_replace('/([<>=]+)/', '', trim($crit));
+				$newcrit = preg_replace('/([<>=]+)/', '', $crit);
 				$reg = array();
-				preg_match('/([<>=]+)/', trim($crit), $reg);
+				preg_match('/([<>=]+)/', $crit, $reg);
 				if ($reg[1])
 				{
 					$operator = $reg[1];
@ -7770,7 +7783,7 @@ function natural_search($fields, $value, $mode = 0, $nofirstand = 0)
 					$numnewcrit = price2num($newcrit);
 					if (is_numeric($numnewcrit))
 					{
-						$newres .= ($i2 > 0 ? ' OR ' : '').$field.' '.$operator.' '.$numnewcrit;
+						$newres .= ($i2 > 0 ? ' OR ' : '').$field.' '.$operator.' '.$db->sanitize($numnewcrit);	// should be a numeric
 					} else {
 						$newres .= ($i2 > 0 ? ' OR ' : '').'1 = 2'; // force false
 					}
@ -7778,41 +7791,45 @@ function natural_search($fields, $value, $mode = 0, $nofirstand = 0)
 				}
 			} elseif ($mode == 2 || $mode == -2)
 			{
-				$newres .= ($i2 > 0 ? ' OR ' : '').$field." ".($mode == -2 ? 'NOT ' : '')."IN (".$db->escape(trim($crit)).")";
+				$crit = preg_replace('/[^0-9,]/', '', $crit);	// ID are always integer
 				$newres .= ($i2 > 0 ? ' OR ' : '').$field." ".($mode == -2 ? 'NOT ' : '');
 				$newres .= $crit ? "IN (".$db->sanitize($db->escape($crit)).")" : "IN (0)";
 				if ($mode == -2) $newres .= ' OR '.$field.' IS NULL';
 				$i2++; // a criteria was added to string
 			} elseif ($mode == 3 || $mode == -3)
 			{
-				$tmparray = explode(',', trim($crit));
+				$tmparray = explode(',', $crit);
 				if (count($tmparray))
 				{
 					$listofcodes = '';
 					foreach ($tmparray as $val)
 					{
 						$val = trim($val);
 						if ($val)
 						{
 							$listofcodes .= ($listofcodes ? ',' : '');
-							$listofcodes .= "'".$db->escape(trim($val))."'";
+							$listofcodes .= "'".$db->escape($val)."'";
 						}
 					}
-					$newres .= ($i2 > 0 ? ' OR ' : '').$field." ".($mode == -3 ? 'NOT ' : '')."IN (".$listofcodes.")";
+					$newres .= ($i2 > 0 ? ' OR ' : '').$field." ".($mode == -3 ? 'NOT ' : '')."IN (".$db->sanitize($listofcodes).")";
 					$i2++; // a criteria was added to string
 				}
 				if ($mode == -3) $newres .= ' OR '.$field.' IS NULL';
 			} elseif ($mode == 4)
 			{
-				$tmparray = explode(',', trim($crit));
+				$tmparray = explode(',', $crit);
 				if (count($tmparray))
 				{
 					$listofcodes = '';
 					foreach ($tmparray as $val)
 					{
 						$val = trim($val);
 						if ($val)
 						{
-							$newres .= ($i2 > 0 ? ' OR (' : '(').$field.' LIKE \''.$db->escape(trim($val)).',%\'';
+							$newres .= ($i2 > 0 ? ' OR (' : '(').$field.' LIKE \''.$db->escape($val).',%\'';
-							$newres .= ' OR '.$field.' = \''.$db->escape(trim($val)).'\'';
+							$newres .= ' OR '.$field.' = \''.$db->escape($val).'\'';
-							$newres .= ' OR '.$field.' LIKE \'%,'.$db->escape(trim($val)).'\'';
+							$newres .= ' OR '.$field.' LIKE \'%,'.$db->escape($val).'\'';
-							$newres .= ' OR '.$field.' LIKE \'%,'.$db->escape(trim($val)).',%\'';
+							$newres .= ' OR '.$field.' LIKE \'%,'.$db->escape($val).',%\'';
 							$newres .= ')';
 							$i2++;
 						}
--- a/htdocs/core/lib/functions2.lib.php
+++ b/htdocs/core/lib/functions2.lib.php
@ -1182,6 +1182,7 @@ function check_value($mask, $value)
 	$hasglobalcounter = false;
 	// Extract value for mask counter, mask raz and mask offset
 	$reg = array();
 	if (preg_match('/\{(0+)([@\+][0-9]+)?([@\+][0-9]+)?\}/i', $mask, $reg))
 	{
 		$masktri = $reg[1].(isset($reg[2]) ? $reg[2] : '').(isset($reg[3]) ? $reg[3] : '');
@ -1192,12 +1193,12 @@ function check_value($mask, $value)
 		$masktri = '00000';
 		$maskcounter = '00000';
 	}
 	$maskraz = -1;
 	$maskoffset = 0;
 	if (dol_strlen($maskcounter) < 3) return 'ErrorCounterMustHaveMoreThan3Digits';
 	// Extract value for third party mask counter
 	$regClientRef = array();
 	if (preg_match('/\{(c+)(0*)\}/i', $mask, $regClientRef))
 	{
 		$maskrefclient = $regClientRef[1].$regClientRef[2];
--- a/htdocs/core/lib/security2.lib.php
+++ b/htdocs/core/lib/security2.lib.php
@ -92,7 +92,7 @@ function checkLoginPassEntity($usertotest, $passwordtotest, $entitytotest, $auth
    				// Call function to check user/password
    				$function = 'check_user_password_'.$mode;
    				$login = call_user_func($function, $usertotest, $passwordtotest, $entitytotest, $context);
-    				if ($login)	// Login is successfull
+    				if ($login && $login != '--bad-login-validity--')	// Login is successfull
    				{
    					$test = false; // To stop once at first login success
    					$conf->authmode = $mode; // This properties is defined only when logged to say what mode was successfully used
--- a/htdocs/core/lib/treeview.lib.php
+++ b/htdocs/core/lib/treeview.lib.php
@ -103,15 +103,16 @@ function tree_showpad(&$fulltree, $key, $silent = 0)
 *	$arrayofcss=array('/includes/jquery/plugins/jquerytreeview/jquery.treeview.css');
 *  TODO Replace with jstree plugin instead of treeview plugin.
 *
- *  @param	array	$tab    		Array of all elements
+ *  @param	array	$tab    					Array of all elements
- *  @param  array   $pere   		Array with parent ids ('rowid'=>,'mainmenu'=>,'leftmenu'=>,'fk_mainmenu=>,'fk_leftmenu=>)
+ *  @param  array   $pere   					Array with parent ids ('rowid'=>,'mainmenu'=>,'leftmenu'=>,'fk_mainmenu=>,'fk_leftmenu=>)
- *  @param  int	    $rang   		Level of element
+ *  @param  int	    $rang   					Level of element
- *  @param	string	$iddivjstree	Id to use for parent ul element
+ *  @param	string	$iddivjstree				Id to use for parent ul element
 *  @param  int     $donoresetalreadyloaded     Do not reset global array $donoresetalreadyloaded used to avoid to go down on an aleady processed record
- *  @param  int     $showfk         1=show fk_links to parent into label  (used by menu editor only)
+ *  @param  int     $showfk         			1=show fk_links to parent into label  (used by menu editor only)
 *  @param	string	$moreparam					Add more param on url of elements
 *  @return	void
 */
-function tree_recur($tab, $pere, $rang, $iddivjstree = 'iddivjstree', $donoresetalreadyloaded = 0, $showfk = 0)
+function tree_recur($tab, $pere, $rang, $iddivjstree = 'iddivjstree', $donoresetalreadyloaded = 0, $showfk = 0, $moreparam = '')
 {
    global $tree_recur_alreadyadded, $menu_handler_to_search;
@ -197,7 +198,7 @@ function tree_recur($tab, $pere, $rang, $iddivjstree = 'iddivjstree', $donoreset
 			if ($showfk)
 			{
 			    print '<table class="nobordernopadding centpercent"><tr><td>';
-			    print '<strong> &nbsp; <a href="edit.php?menu_handler='.$menu_handler_to_search.'&action=edit&menuId='.$tab[$x]['rowid'].'">';
+			    print '<strong> &nbsp; <a href="edit.php?menu_handler='.$menu_handler_to_search.'&action=edit&menuId='.$tab[$x]['rowid'].$moreparam.'">';
 			    print $tab[$x]['title'];
 			    print '</a></strong>';
 			    print '&nbsp; (mainmenu='.$tab[$x]['mainmenu'].' leftmenu='.$tab[$x]['leftmenu'].' - fk_mainmenu='.$tab[$x]['fk_mainmenu'].' fk_leftmenu='.$tab[$x]['fk_leftmenu'].')';
--- a/htdocs/core/login/functions_dolibarr.php
+++ b/htdocs/core/login/functions_dolibarr.php
@ -45,6 +45,7 @@ function check_user_password_dolibarr($usertotest, $passwordtotest, $entitytotes
 	if (!empty($usertotest))
 	{
 		require_once DOL_DOCUMENT_ROOT.'/core/lib/date.lib.php';
 		dol_syslog("functions_dolibarr::check_user_password_dolibarr usertotest=".$usertotest." passwordtotest=".preg_replace('/./', '*', $passwordtotest)." entitytotest=".$entitytotest);
 		// If test username/password asked, we define $test=false if ko and $login var to login if ok, set also $_SESSION["dol_loginmesg"] if ko
@ -53,14 +54,15 @@ function check_user_password_dolibarr($usertotest, $passwordtotest, $entitytotes
 		$usernamecol2 = 'email';
 		$entitycol = 'entity';
-		$sql = 'SELECT rowid, login, entity, pass, pass_crypted';
+		$sql = 'SELECT rowid, login, entity, pass, pass_crypted, datestartvalidity, dateendvalidity';
 		$sql .= ' FROM '.$table;
 		$sql .= ' WHERE ('.$usernamecol1." = '".$db->escape($usertotest)."'";
 		if (preg_match('/@/', $usertotest)) $sql .= ' OR '.$usernamecol2." = '".$db->escape($usertotest)."'";
 		$sql .= ') AND '.$entitycol." IN (0,".($entity ? $entity : 1).")";
 		$sql .= ' AND statut = 1';
-		// Required to first found the user into entity, then the superadmin.
+		// Note: Test on validity is done later
-		// For the case (TODO and that we must avoid) a user has renamed its login with same value than a user in entity 0.
+		// Required to firstly found the user into entity, then the superadmin.
 		// For the case (TODO we must avoid that) a user has renamed its login with same value than a user in entity 0.
 		$sql .= ' ORDER BY entity DESC';
 		$resql = $db->query($sql);
@ -69,6 +71,20 @@ function check_user_password_dolibarr($usertotest, $passwordtotest, $entitytotes
 			$obj = $db->fetch_object($resql);
 			if ($obj)
 			{
 				$now = dol_now();
 				if ($obj->datestartvalidity && $db->jdate($obj->datestartvalidity) > $now) {
 					// Load translation files required by the page
 					$langs->loadLangs(array('main', 'errors'));
 					$_SESSION["dol_loginmesg"] = $langs->trans("ErrorLoginDateValidity");
 					return '--bad-login-validity--';
 				}
 				if ($obj->dateendvalidity && $db->jdate($obj->dateendvalidity) < dol_get_first_hour($now)) {
 					// Load translation files required by the page
 					$langs->loadLangs(array('main', 'errors'));
 					$_SESSION["dol_loginmesg"] = $langs->trans("ErrorLoginDateValidity");
 					return '--bad-login-validity--';
 				}
 				$passclear = $obj->pass;
 				$passcrypted = $obj->pass_crypted;
 				$passtyped = $passwordtotest;
@ -79,19 +95,19 @@ function check_user_password_dolibarr($usertotest, $passwordtotest, $entitytotes
 				$cryptType = '';
 				if (!empty($conf->global->DATABASE_PWD_ENCRYPTED)) $cryptType = $conf->global->DATABASE_PWD_ENCRYPTED;
-				// By default, we used MD5
+				// By default, we use default setup for encryption rule
-				if (!in_array($cryptType, array('md5'))) $cryptType = 'md5';
+				if (!in_array($cryptType, array('auto'))) $cryptType = 'auto';
 				// Check crypted password according to crypt algorithm
-				if ($cryptType == 'md5')
+				if ($cryptType == 'auto')
 				{
-					if (dol_verifyHash($passtyped, $passcrypted))
+					if (dol_verifyHash($passtyped, $passcrypted, '0'))
 					{
 						$passok = true;
 						dol_syslog("functions_dolibarr::check_user_password_dolibarr Authentification ok - ".$cryptType." of pass is ok");
 					}
 				}
-				// For compatibility with old versions
+				// For compatibility with very old versions
 				if (!$passok)
 				{
 					if ((!$passcrypted || $passtyped)
--- a/htdocs/core/login/functions_http.php
+++ b/htdocs/core/login/functions_http.php
@ -33,12 +33,33 @@
 */
 function check_user_password_http($usertotest, $passwordtotest, $entitytotest)
 {
 	global $db, $langs;
 	dol_syslog("functions_http::check_user_password_http _SERVER[REMOTE_USER]=".(empty($_SERVER["REMOTE_USER"]) ? '' : $_SERVER["REMOTE_USER"]));
 	$login = '';
 	if (!empty($_SERVER["REMOTE_USER"]))
 	{
 		$login = $_SERVER["REMOTE_USER"];
 		require_once DOL_DOCUMENT_ROOT.'/core/lib/date.lib.php';
 		$tmpuser = new User($db);
 		$tmpuser->fetch('', $login, '', 1, ($entitytotest > 0 ? $entitytotest : -1));
 		$now = dol_now();
 		if ($tmpuser->datestartvalidity && $db->jdate($tmpuser->datestartvalidity) >= $now) {
 			// Load translation files required by the page
 			$langs->loadLangs(array('main', 'errors'));
 			$_SESSION["dol_loginmesg"] = $langs->trans("ErrorLoginDateValidity");
 			return '--bad-login-validity--';
 		}
 		if ($tmpuser->dateendvalidity && $db->jdate($tmpuser->dateendvalidity) <= dol_get_first_hour($now)) {
 			// Load translation files required by the page
 			$langs->loadLangs(array('main', 'errors'));
 			$_SESSION["dol_loginmesg"] = $langs->trans("ErrorLoginDateValidity");
 			return '--bad-login-validity--';
 		}
 	}
 	return $login;
--- a/htdocs/core/login/functions_ldap.php
+++ b/htdocs/core/login/functions_ldap.php
@ -151,6 +151,27 @@ function check_user_password_ldap($usertotest, $passwordtotest, $entitytotest)
 				dol_syslog("functions_ldap::check_user_password_ldap Authentification ok");
 				$login = $usertotest;
 				require_once DOL_DOCUMENT_ROOT.'/core/lib/date.lib.php';
 				$tmpuser = new User($db);
 				$tmpuser->fetch('', $login, '', 1, ($entitytotest > 0 ? $entitytotest : -1));
 				$now = dol_now();
 				if ($tmpuser->datestartvalidity && $db->jdate($tmpuser->datestartvalidity) >= $now) {
 					$ldap->close();
 					// Load translation files required by the page
 					$langs->loadLangs(array('main', 'errors'));
 					$_SESSION["dol_loginmesg"] = $langs->trans("ErrorLoginDateValidity");
 					return '--bad-login-validity--';
 				}
 				if ($tmpuser->dateendvalidity && $db->jdate($tmpuser->dateendvalidity) <= dol_get_first_hour($now)) {
 					$ldap->close();
 					// Load translation files required by the page
 					$langs->loadLangs(array('main', 'errors'));
 					$_SESSION["dol_loginmesg"] = $langs->trans("ErrorLoginDateValidity");
 					return '--bad-login-validity--';
 				}
 				// ldap2dolibarr synchronisation
 				if ($login && !empty($conf->ldap->enabled) && $conf->global->LDAP_SYNCHRO_ACTIVE == 'ldap2dolibarr')	// ldap2dolibarr synchronisation
 				{
@ -188,6 +209,7 @@ function check_user_password_ldap($usertotest, $passwordtotest, $entitytotest)
 						//$resultUpdate = $usertmp->update_ldap2dolibarr($ldap);
 					}
 					unset($usertmp);
 				}
--- a/htdocs/core/login/functions_openid.php
+++ b/htdocs/core/login/functions_openid.php
@ -36,7 +36,7 @@ include_once DOL_DOCUMENT_ROOT.'/core/class/openid.class.php';
 */
 function check_user_password_openid($usertotest, $passwordtotest, $entitytotest)
 {
-    global $_POST, $db, $conf, $langs;
+    global $db, $conf, $langs;
    dol_syslog("functions_openid::check_user_password_openid usertotest=".$usertotest);
@ -57,7 +57,7 @@ function check_user_password_openid($usertotest, $passwordtotest, $entitytotest)
            $openid->SetApprovedURL($protocol.$_SERVER["HTTP_HOST"].$_SERVER["SCRIPT_NAME"]); // Send Response from OpenID server to this script
            $openid->Redirect(); // This will redirect user to OpenID Server
        } else {
-            $error = $openid->GetError();
+        	$_SESSION["dol_loginmesg"] = $openid->GetError();
            return false;
        }
        return false;
@ -72,7 +72,7 @@ function check_user_password_openid($usertotest, $passwordtotest, $entitytotest)
        {
            // OK HERE KEY IS VALID
-            $sql = "SELECT login";
+            $sql = "SELECT login, entity, datestartvalidity, dateendvalidity";
            $sql .= " FROM ".MAIN_DB_PREFIX."user";
            $sql .= " WHERE openid = '".$db->escape($_GET['openid_identity'])."'";
            $sql .= " AND entity IN (0,".($_SESSION["dol_entity"] ? $_SESSION["dol_entity"] : 1).")";
@ -84,13 +84,27 @@ function check_user_password_openid($usertotest, $passwordtotest, $entitytotest)
                $obj = $db->fetch_object($resql);
                if ($obj)
                {
                	$now = dol_now();
                	if ($obj->datestartvalidity && $db->jdate($obj->datestartvalidity) > $now) {
                		// Load translation files required by the page
                		$langs->loadLangs(array('main', 'errors'));
                		$_SESSION["dol_loginmesg"] = $langs->trans("ErrorLoginDateValidity");
                		return '--bad-login-validity--';
                	}
                	if ($obj->dateendvalidity && $db->jdate($obj->dateendvalidity) < dol_get_first_hour($now)) {
                		// Load translation files required by the page
                		$langs->loadLangs(array('main', 'errors'));
                		$_SESSION["dol_loginmesg"] = $langs->trans("ErrorLoginDateValidity");
                		return '--bad-login-validity--';
                	}
                    $login = $obj->login;
                }
            }
        } elseif ($openid->IsError() === true)
        {
            // ON THE WAY, WE GOT SOME ERROR
-            $error = $openid->GetError();
+        	$_SESSION["dol_loginmesg"] = $openid->GetError();
            return false;
        } else {
            // Signature Verification Failed
--- a/htdocs/core/menus/init_menu_auguria.sql
+++ b/htdocs/core/menus/init_menu_auguria.sql
@ -322,13 +322,20 @@ insert into llx_menu (module, enabled, menu_handler, type, rowid, mainmenu, left
 insert into llx_menu (module, enabled, menu_handler, type, rowid, mainmenu, leftmenu, fk_menu, url, titre, level, langs, perms, target, usertype, position, entity) values ('', 'empty($conf->global->BANK_DISABLE_CHECK_DEPOSIT) && ! empty($conf->banque->enabled) && (! empty($conf->facture->enabled) || ! empty($conf->global->MAIN_MENU_CHEQUE_DEPOSIT_ON))', __HANDLER__, 'left', 1711__+MAX_llx_menu__, 'accountancy', 'checks', 14__+MAX_llx_menu__, '/compta/paiement/cheque/index.php?mainmenu=bank&amp;leftmenu=checks', 'MenuChequeDeposits', 0, 'bills', '$user->rights->banque->lire', '', 2, 9, __ENTITY__);
 insert into llx_menu (module, enabled, menu_handler, type, rowid, mainmenu, leftmenu, fk_menu, url, titre, level, langs, perms, target, usertype, position, entity) values ('', 'empty($conf->global->BANK_DISABLE_CHECK_DEPOSIT) && ! empty($conf->banque->enabled) && (! empty($conf->facture->enabled) || ! empty($conf->global->MAIN_MENU_CHEQUE_DEPOSIT_ON))', __HANDLER__, 'left', 1712__+MAX_llx_menu__, 'accountancy', '', 1711__+MAX_llx_menu__, '/compta/paiement/cheque/card.php?mainmenu=bank&amp;leftmenu=checks&amp;action=new', 'NewCheckDeposit', 1, 'compta', '$user->rights->banque->lire', '', 2, 0, __ENTITY__);
 insert into llx_menu (module, enabled, menu_handler, type, rowid, mainmenu, leftmenu, fk_menu, url, titre, level, langs, perms, target, usertype, position, entity) values ('', 'empty($conf->global->BANK_DISABLE_CHECK_DEPOSIT) && ! empty($conf->banque->enabled) && (! empty($conf->facture->enabled) || ! empty($conf->global->MAIN_MENU_CHEQUE_DEPOSIT_ON))', __HANDLER__, 'left', 1713__+MAX_llx_menu__, 'accountancy', '', 1711__+MAX_llx_menu__, '/compta/paiement/cheque/list.php?mainmenu=bank&amp;leftmenu=checks', 'List', 1, 'bills', '$user->rights->banque->lire', '', 2, 1, __ENTITY__);
-- Withdrawal
+-- PaymentByDirectDebit
-insert into llx_menu (module, enabled, menu_handler, type, rowid, mainmenu, leftmenu, fk_menu, url, titre, level, langs, perms, target, usertype, position, entity) values ('', '$conf->prelevement->enabled', __HANDLER__, 'left', 2500__+MAX_llx_menu__, 'accountancy', 'withdraw', 14__+MAX_llx_menu__, '/compta/prelevement/index.php?mainmenu=bank&amp;leftmenu=withdraw', 'StandingOrders', 0, 'withdrawals', '$user->rights->prelevement->bons->lire', '', 2, 9, __ENTITY__);
+insert into llx_menu (module, enabled, menu_handler, type, rowid, mainmenu, leftmenu, fk_menu, url, titre, level, langs, perms, target, usertype, position, entity) values ('', '$conf->prelevement->enabled', __HANDLER__, 'left', 2500__+MAX_llx_menu__, 'accountancy', 'withdraw', 14__+MAX_llx_menu__, '/compta/prelevement/index.php?mainmenu=bank&amp;leftmenu=withdraw', 'PaymentByDirectDebit', 0, 'withdrawals', '$user->rights->prelevement->bons->lire', '', 2, 9, __ENTITY__);
 insert into llx_menu (module, enabled, menu_handler, type, rowid, mainmenu, leftmenu, fk_menu, url, titre, level, langs, perms, target, usertype, position, entity) values ('', '$conf->prelevement->enabled && $leftmenu=="withdraw"', __HANDLER__, 'left', 2502__+MAX_llx_menu__, 'accountancy', '', 2500__+MAX_llx_menu__, '/compta/prelevement/create.php?mainmenu=bank&amp;leftmenu=withdraw', 'NewStandingOrder', 1, 'withdrawals', '$user->rights->prelevement->bons->lire', '', 2, 0, __ENTITY__);
-insert into llx_menu (module, enabled, menu_handler, type, rowid, mainmenu, leftmenu, fk_menu, url, titre, level, langs, perms, target, usertype, position, entity) values ('', '$conf->prelevement->enabled && $leftmenu=="withdraw"', __HANDLER__, 'left', 2503__+MAX_llx_menu__, 'accountancy', '', 2500__+MAX_llx_menu__, '/compta/prelevement/bons.php?mainmenu=bank&amp;leftmenu=withdraw', 'WithdrawalsReceipts', 1, 'withdrawals', '$user->rights->prelevement->bons->lire', '', 2, 2, __ENTITY__);
+insert into llx_menu (module, enabled, menu_handler, type, rowid, mainmenu, leftmenu, fk_menu, url, titre, level, langs, perms, target, usertype, position, entity) values ('', '$conf->prelevement->enabled && $leftmenu=="withdraw"', __HANDLER__, 'left', 2503__+MAX_llx_menu__, 'accountancy', '', 2500__+MAX_llx_menu__, '/compta/prelevement/orders_list.php?mainmenu=bank&amp;leftmenu=withdraw', 'WithdrawalsReceipts', 1, 'withdrawals', '$user->rights->prelevement->bons->lire', '', 2, 2, __ENTITY__);
 insert into llx_menu (module, enabled, menu_handler, type, rowid, mainmenu, leftmenu, fk_menu, url, titre, level, langs, perms, target, usertype, position, entity) values ('', '$conf->prelevement->enabled && $leftmenu=="withdraw"', __HANDLER__, 'left', 2504__+MAX_llx_menu__, 'accountancy', '', 2500__+MAX_llx_menu__, '/compta/prelevement/list.php?mainmenu=bank&amp;leftmenu=withdraw', 'WithdrawalsLines', 1, 'withdrawals', '$user->rights->prelevement->bons->lire', '', 2, 3, __ENTITY__);
 insert into llx_menu (module, enabled, menu_handler, type, rowid, mainmenu, leftmenu, fk_menu, url, titre, level, langs, perms, target, usertype, position, entity) values ('', '$conf->prelevement->enabled && $leftmenu=="withdraw"', __HANDLER__, 'left', 2506__+MAX_llx_menu__, 'accountancy', '', 2500__+MAX_llx_menu__, '/compta/prelevement/rejets.php?mainmenu=bank&amp;leftmenu=withdraw', 'Rejects', 1, 'withdrawals', '$user->rights->prelevement->bons->lire', '', 2, 5, __ENTITY__);
 insert into llx_menu (module, enabled, menu_handler, type, rowid, mainmenu, leftmenu, fk_menu, url, titre, level, langs, perms, target, usertype, position, entity) values ('', '$conf->prelevement->enabled && $leftmenu=="withdraw"', __HANDLER__, 'left', 2507__+MAX_llx_menu__, 'accountancy', '', 2500__+MAX_llx_menu__, '/compta/prelevement/stats.php?mainmenu=bank&amp;leftmenu=withdraw', 'Statistics', 1, 'withdrawals', '$user->rights->prelevement->bons->lire', '', 2, 6, __ENTITY__);
 -- PaymentByCreditTransfer
 insert into llx_menu (module, enabled, menu_handler, type, rowid, mainmenu, leftmenu, fk_menu, url, titre, level, langs, perms, target, usertype, position, entity) values ('', '$conf->prelevement->enabled', __HANDLER__, 'left', 2510__+MAX_llx_menu__, 'accountancy', 'banktransfer', 14__+MAX_llx_menu__, '/compta/prelevement/index.php?mainmenu=bank&amp;leftmenu=banktransfer&amp;type=bank-transfer', 'PaymentByBankTransfer', 0, 'withdrawals', '$user->rights->prelevement->bons->lire', '', 2, 9, __ENTITY__);
 insert into llx_menu (module, enabled, menu_handler, type, rowid, mainmenu, leftmenu, fk_menu, url, titre, level, langs, perms, target, usertype, position, entity) values ('', '$conf->prelevement->enabled && $leftmenu=="banktransfer"', __HANDLER__, 'left', 2512__+MAX_llx_menu__, 'accountancy', '', 2510__+MAX_llx_menu__, '/compta/prelevement/create.php?mainmenu=bank&amp;leftmenu=banktransfer&amp;type=bank-transfer', 'NewStandingOrder', 1, 'withdrawals', '$user->rights->prelevement->bons->lire', '', 2, 0, __ENTITY__);
 insert into llx_menu (module, enabled, menu_handler, type, rowid, mainmenu, leftmenu, fk_menu, url, titre, level, langs, perms, target, usertype, position, entity) values ('', '$conf->prelevement->enabled && $leftmenu=="banktransfer"', __HANDLER__, 'left', 2513__+MAX_llx_menu__, 'accountancy', '', 2510__+MAX_llx_menu__, '/compta/prelevement/orders_list.php?mainmenu=bank&amp;leftmenu=banktransfer&amp;type=bank-transfer', 'WithdrawalsReceipts', 1, 'withdrawals', '$user->rights->prelevement->bons->lire', '', 2, 2, __ENTITY__);
 insert into llx_menu (module, enabled, menu_handler, type, rowid, mainmenu, leftmenu, fk_menu, url, titre, level, langs, perms, target, usertype, position, entity) values ('', '$conf->prelevement->enabled && $leftmenu=="banktransfer"', __HANDLER__, 'left', 2514__+MAX_llx_menu__, 'accountancy', '', 2510__+MAX_llx_menu__, '/compta/prelevement/list.php?mainmenu=bank&amp;leftmenu=banktransfer&amp;type=bank-transfer', 'WithdrawalsLines', 1, 'withdrawals', '$user->rights->prelevement->bons->lire', '', 2, 3, __ENTITY__);
 insert into llx_menu (module, enabled, menu_handler, type, rowid, mainmenu, leftmenu, fk_menu, url, titre, level, langs, perms, target, usertype, position, entity) values ('', '$conf->prelevement->enabled && $leftmenu=="banktransfer"', __HANDLER__, 'left', 2516__+MAX_llx_menu__, 'accountancy', '', 2510__+MAX_llx_menu__, '/compta/prelevement/rejets.php?mainmenu=bank&amp;leftmenu=banktransfer&amp;type=bank-transfer', 'Rejects', 1, 'withdrawals', '$user->rights->prelevement->bons->lire', '', 2, 5, __ENTITY__);
 insert into llx_menu (module, enabled, menu_handler, type, rowid, mainmenu, leftmenu, fk_menu, url, titre, level, langs, perms, target, usertype, position, entity) values ('', '$conf->prelevement->enabled && $leftmenu=="banktransfer"', __HANDLER__, 'left', 2517__+MAX_llx_menu__, 'accountancy', '', 2510__+MAX_llx_menu__, '/compta/prelevement/stats.php?mainmenu=bank&amp;leftmenu=banktransfer&amp;type=bank-transfer', 'Statistics', 1, 'withdrawals', '$user->rights->prelevement->bons->lire', '', 2, 6, __ENTITY__);
 -- Bank
 insert into llx_menu (module, enabled, menu_handler, type, rowid, mainmenu, leftmenu, fk_menu, url, titre, level, langs, perms, target, usertype, position, entity) values ('', '$conf->banque->enabled', __HANDLER__, 'left', 2600__+MAX_llx_menu__, 'accountancy', 'bank', 14__+MAX_llx_menu__, '/compta/bank/list.php?mainmenu=bank&amp;leftmenu=bank', 'MenuBankCash', 0, 'banks', '$user->rights->banque->lire', '', 0, 1, __ENTITY__);
 insert into llx_menu (module, enabled, menu_handler, type, rowid, mainmenu, leftmenu, fk_menu, url, titre, level, langs, perms, target, usertype, position, entity) values ('', '$conf->banque->enabled && ($leftmenu=="bank" || $leftmenu=="checks" || $leftmenu=="withdraw")', __HANDLER__, 'left', 2601__+MAX_llx_menu__, 'accountancy', '', 2600__+MAX_llx_menu__, '/compta/bank/card.php?mainmenu=bank&amp;action=create&amp;leftmenu=bank', 'MenuNewFinancialAccount', 1, 'banks', '$user->rights->banque->configurer', '', 0, 0, __ENTITY__);
@ -382,8 +389,9 @@ insert into llx_menu (module, enabled, menu_handler, type, rowid, mainmenu, left
 insert into llx_menu (module, enabled, menu_handler, type, rowid, mainmenu, leftmenu, fk_menu, url, titre, level, langs, perms, target, usertype, position, entity) values ('', '$conf->adherent->enabled', __HANDLER__, 'left', 4202__+MAX_llx_menu__, 'members', '', 4200__+MAX_llx_menu__, '/adherents/list.php', 'List', 1, 'members', '$user->rights->adherent->lire', '', 2, 1, __ENTITY__);
 insert into llx_menu (module, enabled, menu_handler, type, rowid, mainmenu, leftmenu, fk_menu, url, titre, level, langs, perms, target, usertype, position, entity) values ('', '$conf->adherent->enabled', __HANDLER__, 'left', 4203__+MAX_llx_menu__, 'members', '', 4202__+MAX_llx_menu__, '/adherents/list.php?mainmenu=members&amp;leftmenu=members&amp;statut=-1', 'MenuMembersToValidate', 2, 'members', '$user->rights->adherent->lire', '', 2, 2, __ENTITY__);
 insert into llx_menu (module, enabled, menu_handler, type, rowid, mainmenu, leftmenu, fk_menu, url, titre, level, langs, perms, target, usertype, position, entity) values ('', '$conf->adherent->enabled', __HANDLER__, 'left', 4204__+MAX_llx_menu__, 'members', '', 4202__+MAX_llx_menu__, '/adherents/list.php?mainmenu=members&amp;leftmenu=members&amp;statut=1', 'MenuMembersValidated', 2, 'members', '$user->rights->adherent->lire', '', 2, 3, __ENTITY__);
-insert into llx_menu (module, enabled, menu_handler, type, rowid, mainmenu, leftmenu, fk_menu, url, titre, level, langs, perms, target, usertype, position, entity) values ('', '$conf->adherent->enabled', __HANDLER__, 'left', 4205__+MAX_llx_menu__, 'members', '', 4202__+MAX_llx_menu__, '/adherents/list.php?mainmenu=members&amp;leftmenu=members&amp;statut=1&amp;filter=outofdate', 'MenuMembersNotUpToDate', 2, 'members', '$user->rights->adherent->lire', '', 2, 4, __ENTITY__);
+insert into llx_menu (module, enabled, menu_handler, type, rowid, mainmenu, leftmenu, fk_menu, url, titre, level, langs, perms, target, usertype, position, entity) values ('', '$conf->adherent->enabled', __HANDLER__, 'left', 4205__+MAX_llx_menu__, 'members', '', 4204__+MAX_llx_menu__, '/adherents/list.php?mainmenu=members&amp;leftmenu=members&amp;statut=1&amp;filter=withoutsubscription', 'WithoutSubscription', 2, 'members', '$user->rights->adherent->lire', '', 2, 4, __ENTITY__);
-insert into llx_menu (module, enabled, menu_handler, type, rowid, mainmenu, leftmenu, fk_menu, url, titre, level, langs, perms, target, usertype, position, entity) values ('', '$conf->adherent->enabled', __HANDLER__, 'left', 4206__+MAX_llx_menu__, 'members', '', 4202__+MAX_llx_menu__, '/adherents/list.php?mainmenu=members&amp;leftmenu=members&amp;statut=1&amp;filter=uptodate', 'MenuMembersUpToDate', 2, 'members', '$user->rights->adherent->lire', '', 2, 5, __ENTITY__);
+insert into llx_menu (module, enabled, menu_handler, type, rowid, mainmenu, leftmenu, fk_menu, url, titre, level, langs, perms, target, usertype, position, entity) values ('', '$conf->adherent->enabled', __HANDLER__, 'left', 4205__+MAX_llx_menu__, 'members', '', 4204__+MAX_llx_menu__, '/adherents/list.php?mainmenu=members&amp;leftmenu=members&amp;statut=1&amp;filter=outofdate', 'UpToDate', 2, 'members', '$user->rights->adherent->lire', '', 2, 4, __ENTITY__);
 insert into llx_menu (module, enabled, menu_handler, type, rowid, mainmenu, leftmenu, fk_menu, url, titre, level, langs, perms, target, usertype, position, entity) values ('', '$conf->adherent->enabled', __HANDLER__, 'left', 4206__+MAX_llx_menu__, 'members', '', 4204__+MAX_llx_menu__, '/adherents/list.php?mainmenu=members&amp;leftmenu=members&amp;statut=1&amp;filter=uptodate', 'OutOfDate', 2, 'members', '$user->rights->adherent->lire', '', 2, 5, __ENTITY__);
 insert into llx_menu (module, enabled, menu_handler, type, rowid, mainmenu, leftmenu, fk_menu, url, titre, level, langs, perms, target, usertype, position, entity) values ('', '$conf->adherent->enabled', __HANDLER__, 'left', 4207__+MAX_llx_menu__, 'members', '', 4202__+MAX_llx_menu__, '/adherents/list.php?mainmenu=members&amp;leftmenu=members&amp;statut=0', 'MenuMembersResiliated', 2, 'members', '$user->rights->adherent->lire', '', 2, 6, __ENTITY__);
 insert into llx_menu (module, enabled, menu_handler, type, rowid, mainmenu, leftmenu, fk_menu, url, titre, level, langs, perms, target, usertype, position, entity) values ('', '$conf->adherent->enabled', __HANDLER__, 'left', 4208__+MAX_llx_menu__, 'members', '', 4200__+MAX_llx_menu__, '/adherents/stats/geo.php?mainmenu=members&amp;leftmenu=members&amp;mode=memberbycountry', 'MenuMembersStats', 1, 'members', '$user->rights->adherent->lire', '', 2, 7, __ENTITY__);
 insert into llx_menu (module, enabled, menu_handler, type, rowid, mainmenu, leftmenu, fk_menu, url, titre, level, langs, perms, target, usertype, position, entity) values ('', '! empty($conf->global->MEMBER_LINK_TO_HTPASSWDFILE) && $conf->adherent->enabled', __HANDLER__, 'left', 4502__+MAX_llx_menu__, 'members', '', 4200__+MAX_llx_menu__, '/adherents/htpasswd.php?mainmenu=members&amp;leftmenu=export', 'Filehtpasswd', 1, 'members', '$user->rights->adherent->export', '', 2, 9, __ENTITY__);
--- a/htdocs/core/menus/standard/auguria_menu.php
+++ b/htdocs/core/menus/standard/auguria_menu.php
@ -68,14 +68,14 @@ class MenuManager
    	global $conf, $user, $langs;
   		// On sauve en session le menu principal choisi
-    	if (isset($_GET["mainmenu"])) $_SESSION["mainmenu"] = $_GET["mainmenu"];
+    	if (GETPOSTISSET("mainmenu")) $_SESSION["mainmenu"] = GETPOST("mainmenu", 'aZ09');
-    	if (isset($_GET["idmenu"]))   $_SESSION["idmenu"] = $_GET["idmenu"];
+    	if (GETPOSTISSET("idmenu"))   $_SESSION["idmenu"] = GETPOST("idmenu", 'int');
    	// Read mainmenu and leftmenu that define which menu to show
-    	if (isset($_GET["mainmenu"]))
+    	if (GETPOSTISSET("mainmenu"))
    	{
    		// On sauve en session le menu principal choisi
-    		$mainmenu = $_GET["mainmenu"];
+    		$mainmenu = GETPOST("mainmenu", 'aZ09');
    		$_SESSION["mainmenu"] = $mainmenu;
    		$_SESSION["leftmenuopened"] = "";
    	} else {
@ -84,10 +84,10 @@ class MenuManager
    	}
 		if (!empty($forcemainmenu)) $mainmenu = $forcemainmenu;
-    	if (isset($_GET["leftmenu"]))
+    	if (GETPOSTISSET("leftmenu"))
    	{
    		// On sauve en session le menu principal choisi
-    		$leftmenu = $_GET["leftmenu"];
+    		$leftmenu = GETPOST("leftmenu", 'aZ09');
    		$_SESSION["leftmenu"] = $leftmenu;
    		if ($_SESSION["leftmenuopened"] == $leftmenu)	// To collapse
--- a/htdocs/core/menus/standard/eldy.lib.php
+++ b/htdocs/core/menus/standard/eldy.lib.php
@ -447,6 +447,7 @@ function print_eldy_menu($db, $atarget, $type_user, &$tabMenu, &$menu, $noout =
 	// Show personalized menus
 	$menuArbo = new Menubase($db, 'eldy');
 	$newTabMenu = $menuArbo->menuTopCharger('', '', $type_user, 'eldy', $tabMenu); // Return tabMenu with only top entries
 	$num = count($newTabMenu);
@ -455,34 +456,39 @@ function print_eldy_menu($db, $atarget, $type_user, &$tabMenu, &$menu, $noout =
 		//var_dump($type_user.' '.$newTabMenu[$i]['url'].' '.$showmode.' '.$newTabMenu[$i]['perms']);
 		$idsel = (empty($newTabMenu[$i]['mainmenu']) ? 'none' : $newTabMenu[$i]['mainmenu']);
 		$newTabMenu[$i]['url'] = make_substitutions($newTabMenu[$i]['url'], $substitarray);
 		// url = url from host, shorturl = relative path into dolibarr sources
 		$url = $shorturl = $newTabMenu[$i]['url'];
 		if (!preg_match("/^(http:\/\/|https:\/\/)/i", $newTabMenu[$i]['url']))	// Do not change url content for external links
 		{
 			$tmp = explode('?', $newTabMenu[$i]['url'], 2);
 			$url = $shorturl = $tmp[0];
 			$param = (isset($tmp[1]) ? $tmp[1] : '');
 			if (!preg_match('/mainmenu/i', $param) || !preg_match('/leftmenu/i', $param)) $param .= ($param ? '&' : '').'mainmenu='.$newTabMenu[$i]['mainmenu'].'&amp;leftmenu=';
 			//$url.="idmenu=".$newTabMenu[$i]['rowid'];    // Already done by menuLoad
 			$url = dol_buildpath($url, 1).($param ? '?'.$param : '');
 			//$shorturl = $shorturl.($param?'?'.$param:'');
 			$shorturl = $url;
 			if (DOL_URL_ROOT) $shorturl = preg_replace('/^'.preg_quote(DOL_URL_ROOT, '/').'/', '', $shorturl);
 		}
 		$showmode = isVisibleToUserType($type_user, $newTabMenu[$i], $listofmodulesforexternal);
 		if ($showmode == 1)
 		{
 			$newTabMenu[$i]['url'] = make_substitutions($newTabMenu[$i]['url'], $substitarray);
 			// url = url from host, shorturl = relative path into dolibarr sources
 			$url = $shorturl = $newTabMenu[$i]['url'];
 			if (!preg_match("/^(http:\/\/|https:\/\/)/i", $newTabMenu[$i]['url']))	// Do not change url content for external links
 			{
 				$tmp = explode('?', $newTabMenu[$i]['url'], 2);
 				$url = $shorturl = $tmp[0];
 				$param = (isset($tmp[1]) ? $tmp[1] : '');
 				if (!preg_match('/mainmenu/i', $param) || !preg_match('/leftmenu/i', $param)) $param .= ($param ? '&' : '').'mainmenu='.$newTabMenu[$i]['mainmenu'].'&amp;leftmenu=';
 				//$url.="idmenu=".$newTabMenu[$i]['rowid'];    // Already done by menuLoad
 				$url = dol_buildpath($url, 1).($param ? '?'.$param : '');
 				//$shorturl = $shorturl.($param?'?'.$param:'');
 				$shorturl = $url;
 				if (DOL_URL_ROOT) $shorturl = preg_replace('/^'.preg_quote(DOL_URL_ROOT, '/').'/', '', $shorturl);
 			}
 			// Define the class (top menu selected or not)
 			if (!empty($_SESSION['idmenu']) && $newTabMenu[$i]['rowid'] == $_SESSION['idmenu']) $classname = 'class="tmenusel"';
 			elseif (!empty($_SESSION["mainmenu"]) && $newTabMenu[$i]['mainmenu'] == $_SESSION["mainmenu"]) $classname = 'class="tmenusel"';
 			else $classname = 'class="tmenu"';
-		} elseif ($showmode == 2) $classname = 'class="tmenu"';
+		} elseif ($showmode == 2) {
 			$classname = 'class="tmenu"';
 		}
-		$menu->add($shorturl, $newTabMenu[$i]['titre'], 0, $showmode, ($newTabMenu[$i]['target'] ? $newTabMenu[$i]['target'] : $atarget), ($newTabMenu[$i]['mainmenu'] ? $newTabMenu[$i]['mainmenu'] : $newTabMenu[$i]['rowid']), ($newTabMenu[$i]['leftmenu'] ? $newTabMenu[$i]['leftmenu'] : ''), $newTabMenu[$i]['position'], $id, $idsel, $classname);
+		$menu->add($shorturl, $newTabMenu[$i]['titre'], 0, $showmode, ($newTabMenu[$i]['target'] ? $newTabMenu[$i]['target'] : $atarget),
 			($newTabMenu[$i]['mainmenu'] ? $newTabMenu[$i]['mainmenu'] : $newTabMenu[$i]['rowid']),
 			($newTabMenu[$i]['leftmenu'] ? $newTabMenu[$i]['leftmenu'] : ''),
 			$newTabMenu[$i]['position'], $id, $idsel, $classname);
 	}
 	// Sort on position
@ -517,7 +523,6 @@ function print_eldy_menu($db, $atarget, $type_user, &$tabMenu, &$menu, $noout =
 		print "\n".'<!-- Show logo on menu -->'."\n";
 		print_start_menu_entry('companylogo', 'class="tmenu tmenucompanylogo nohover"', 1);
 		print '<div class="center '.$logoContainerAdditionalClass.' menulogocontainer"><img class="mycompany" title="'.dol_escape_htmltag($title).'" alt="" src="'.$urllogo.'" style="max-width: 100px"></div>'."\n";
 		print_end_menu_entry(4);
@ -1482,7 +1487,7 @@ function print_left_eldy_menu($db, $menu_array_before, $menu_array_after, &$tabM
 				if ($usemenuhider || empty($leftmenu) || $leftmenu == "withdraw") {
 					$newmenu->add("/compta/prelevement/create.php?mainmenu=bank", $langs->trans("NewStandingOrder"), 1, $user->rights->prelevement->bons->creer);
-					$newmenu->add("/compta/prelevement/bons.php?mainmenu=bank", $langs->trans("WithdrawalsReceipts"), 1, $user->rights->prelevement->bons->lire);
+					$newmenu->add("/compta/prelevement/orders_list.php?mainmenu=bank", $langs->trans("WithdrawalsReceipts"), 1, $user->rights->prelevement->bons->lire);
 					$newmenu->add("/compta/prelevement/list.php?mainmenu=bank", $langs->trans("WithdrawalsLines"), 1, $user->rights->prelevement->bons->lire);
 					$newmenu->add("/compta/prelevement/rejets.php?mainmenu=bank", $langs->trans("Rejects"), 1, $user->rights->prelevement->bons->lire);
 					$newmenu->add("/compta/prelevement/stats.php?mainmenu=bank", $langs->trans("Statistics"), 1, $user->rights->prelevement->bons->lire);
@ -1497,7 +1502,7 @@ function print_left_eldy_menu($db, $menu_array_before, $menu_array_after, &$tabM
 				if ($usemenuhider || empty($leftmenu) || $leftmenu == "banktransfer") {
 					$newmenu->add("/compta/prelevement/create.php?type=bank-transfer&mainmenu=bank", $langs->trans("NewPaymentByBankTransfer"), 1, $user->rights->paymentbybanktransfer->create);
-					$newmenu->add("/compta/prelevement/bons.php?type=bank-transfer&mainmenu=bank", $langs->trans("PaymentByBankTransferReceipts"), 1, $user->rights->paymentbybanktransfer->read);
+					$newmenu->add("/compta/prelevement/orders_list.php?type=bank-transfer&mainmenu=bank", $langs->trans("PaymentByBankTransferReceipts"), 1, $user->rights->paymentbybanktransfer->read);
 					$newmenu->add("/compta/prelevement/list.php?type=bank-transfer&mainmenu=bank", $langs->trans("PaymentByBankTransferLines"), 1, $user->rights->paymentbybanktransfer->read);
 					$newmenu->add("/compta/prelevement/rejets.php?type=bank-transfer&mainmenu=bank", $langs->trans("Rejects"), 1, $user->rights->paymentbybanktransfer->read);
 					$newmenu->add("/compta/prelevement/stats.php?type=bank-transfer&mainmenu=bank", $langs->trans("Statistics"), 1, $user->rights->paymentbybanktransfer->read);
@ -1874,8 +1879,9 @@ function print_left_eldy_menu($db, $menu_array_before, $menu_array_after, &$tabM
 				$newmenu->add("/adherents/list.php?leftmenu=members", $langs->trans("List"), 1, $user->rights->adherent->lire);
 				$newmenu->add("/adherents/list.php?leftmenu=members&amp;statut=-1", $langs->trans("MenuMembersToValidate"), 2, $user->rights->adherent->lire);
 				$newmenu->add("/adherents/list.php?leftmenu=members&amp;statut=1", $langs->trans("MenuMembersValidated"), 2, $user->rights->adherent->lire);
-				$newmenu->add("/adherents/list.php?leftmenu=members&amp;statut=1&amp;filter=uptodate", $langs->trans("MenuMembersUpToDate"), 2, $user->rights->adherent->lire);
+				$newmenu->add("/adherents/list.php?leftmenu=members&amp;statut=1&amp;filter=withoutsubscription", $langs->trans("WithoutSubscription"), 3, $user->rights->adherent->lire);
-				$newmenu->add("/adherents/list.php?leftmenu=members&amp;statut=1&amp;filter=outofdate", $langs->trans("MenuMembersNotUpToDate"), 2, $user->rights->adherent->lire);
+				$newmenu->add("/adherents/list.php?leftmenu=members&amp;statut=1&amp;filter=uptodate", $langs->trans("UpToDate"), 3, $user->rights->adherent->lire);
 				$newmenu->add("/adherents/list.php?leftmenu=members&amp;statut=1&amp;filter=outofdate", $langs->trans("OutOfDate"), 3, $user->rights->adherent->lire);
 				$newmenu->add("/adherents/list.php?leftmenu=members&amp;statut=0", $langs->trans("MenuMembersResiliated"), 2, $user->rights->adherent->lire);
 				$newmenu->add("/adherents/stats/index.php?leftmenu=members", $langs->trans("MenuMembersStats"), 1, $user->rights->adherent->lire);
--- a/htdocs/core/menus/standard/eldy_menu.php
+++ b/htdocs/core/menus/standard/eldy_menu.php
@ -66,15 +66,15 @@ class MenuManager
    {
    	global $conf, $user, $langs;
-		// On sauve en session le menu principal choisi
+		// We save into session the main menu selected
-		if (isset($_GET["mainmenu"])) $_SESSION["mainmenu"] = $_GET["mainmenu"];
+    	if (GETPOSTISSET("mainmenu")) $_SESSION["mainmenu"] = GETPOST("mainmenu", 'aZ09');
-		if (isset($_GET["idmenu"]))   $_SESSION["idmenu"] = $_GET["idmenu"];
+    	if (GETPOSTISSET("idmenu"))   $_SESSION["idmenu"] = GETPOST("idmenu", 'int');
-		// Read mainmenu and leftmenu that define which menu to show
+		// Read now mainmenu and leftmenu that define which menu to show
-        if (isset($_GET["mainmenu"]))
+    	if (GETPOSTISSET("mainmenu"))
        {
        	// On sauve en session le menu principal choisi
-        	$mainmenu = $_GET["mainmenu"];
+        	$mainmenu = GETPOST("mainmenu", 'aZ09');
        	$_SESSION["mainmenu"] = $mainmenu;
        	$_SESSION["leftmenuopened"] = "";
        } else {
@ -83,10 +83,10 @@ class MenuManager
        }
        if (!empty($forcemainmenu)) $mainmenu = $forcemainmenu;
-        if (isset($_GET["leftmenu"]))
+        if (GETPOSTISSET("leftmenu"))
        {
        	// On sauve en session le menu principal choisi
-        	$leftmenu = $_GET["leftmenu"];
+        	$leftmenu = GETPOST("leftmenu", 'aZ09');
        	$_SESSION["leftmenu"] = $leftmenu;
        	if ($_SESSION["leftmenuopened"] == $leftmenu)	// To collapse
@ -147,7 +147,6 @@ class MenuManager
        	if ($mode == 'top')  print_left_eldy_menu($this->db, $this->menu_array, $this->menu_array_after, $this->tabMenu, $this->menu, 0);
        	if ($mode == 'left') print_eldy_menu($this->db, $this->atarget, $this->type_user, $this->tabMenu, $this->menu, 0, $mode);
 		}
 		if ($mode == 'topnb')
 		{
 		    print_eldy_menu($this->db, $this->atarget, $this->type_user, $this->tabMenu, $this->menu, 1, $mode); // no output
--- a/htdocs/core/modules/modMultiCurrency.class.php
+++ b/htdocs/core/modules/modMultiCurrency.class.php
@ -175,6 +175,19 @@ class modMultiCurrency extends DolibarrModules
 		// Main menu entries
 		$this->menu = array(); // List of menus to add
 		$r = 0;
 		 $this->menu[$r]=array(	'fk_menu'=>'fk_mainmenu=tools',		    // '' if this is a top menu. For left menu, use 'fk_mainmenu=xxx' or 'fk_mainmenu=xxx,fk_leftmenu=yyy' where xxx is mainmenucode and yyy is a leftmenucode
 									'type'=>'left',			                // This is a Left menu entry
 									'titre'=>$langs->trans('MulticurrencyRateSetup'),
 									'mainmenu'=>'',
 									'leftmenu'=>'multicurrency',
 									'url'=>'/multicurrency/multicurrency_rates.php',
 									'langs'=>'multicurrency',	        // Lang file to use (without .lang) by module. File must be in langs/code_CODE/ directory.
 									'position'=>100,
 									'enabled'=>'$conf->multicurrency->enabled',  // Define condition to show or hide menu entry. Use '$conf->multicurrency->enabled' if entry must be visible if module is enabled. Use '$leftmenu==\'system\'' to show if leftmenu system is selected.
 									'perms'=>'1',			                // Use 'perms'=>'$user->rights->multicurrency->level1->level2' if you want your menu with a permission rules
 									'target'=>'',
 									'user'=>0);				                // 0=Menu for internal users, 1=external users, 2=both
 		 $r++;
 		// Add here entries to declare new menus
 		//
--- a/htdocs/core/modules/syslog/mod_syslog_syslog.php
+++ b/htdocs/core/modules/syslog/mod_syslog_syslog.php
@ -16,7 +16,7 @@ class mod_syslog_syslog extends LogHandler implements LogHandlerInterface
 	 */
 	public function getName()
 	{
-		return 'Syslog';
+		return 'Syslogd';
 	}
 	/**
--- a/htdocs/core/tpl/commonfields_view.tpl.php
+++ b/htdocs/core/tpl/commonfields_view.tpl.php
@ -59,6 +59,7 @@ foreach ($object->fields as $key => $val)
 	print '</td>';
 	print '<td class="valuefield fieldname_'.$key;
 	if ($val['type'] == 'text') print ' wordbreak';
 	if ($val['cssview']) print ' '.$val['cssview'];
 	print '">';
 	if (in_array($val['type'], array('text', 'html'))) print '<div class="longmessagecut">';
 	print $object->showOutputField($val, $key, $value, '', '', '', 0);
@ -105,7 +106,10 @@ foreach ($object->fields as $key => $val)
 	if (!empty($val['help'])) print $form->textwithpicto($langs->trans($val['label']), $langs->trans($val['help']));
 	else print $langs->trans($val['label']);
 	print '</td>';
-	print '<td>';
+	print '<td class="valuefield fieldname_'.$key;
 	if ($val['type'] == 'text') print ' wordbreak';
 	if ($val['cssview']) print ' '.$val['cssview'];
 	print '">';
 	if (in_array($val['type'], array('text', 'html'))) print '<div class="longmessagecut">';
 	print $object->showOutputField($val, $key, $value, '', '', '', 0);
 	//print dol_escape_htmltag($object->$key, 1, 1);
--- a/htdocs/core/tpl/objectline_edit.tpl.php
+++ b/htdocs/core/tpl/objectline_edit.tpl.php
@ -1,6 +1,6 @@
 <?php
 /* Copyright (C) 2010-2012	Regis Houssin		<regis.houssin@inodbox.com>
- * Copyright (C) 2010-2012	Laurent Destailleur	<eldy@users.sourceforge.net>
+ * Copyright (C) 2010-2020	Laurent Destailleur	<eldy@users.sourceforge.net>
 * Copyright (C) 2012		Christophe Battarel	<christophe.battarel@altairis.fr>
 * Copyright (C) 2012       Cédric Salvador     <csalvador@gpcsolutions.fr>
 * Copyright (C) 2012-2014  Raphaël Doursenaud  <rdoursenaud@gpcsolutions.fr>
@ -29,6 +29,7 @@
 * $forceall (0 by default, 1 for supplier invoices/orders)
 * $senderissupplier (0 by default, 1 for supplier invoices/orders)
 * $inputalsopricewithtax (0 by default, 1 to also show column with unit price including tax)
 * $canchangeproduct (0 by default, 1 to allow to change the product if it is a predefined product)
 */
 // Protection to avoid direct call of template
@ -42,12 +43,12 @@ if (empty($object) || !is_object($object))
 $usemargins = 0;
 if (!empty($conf->margin->enabled) && !empty($object->element) && in_array($object->element, array('facture', 'facturerec', 'propal', 'commande'))) $usemargins = 1;
-global $forceall, $senderissupplier, $inputalsopricewithtax;
+global $forceall, $senderissupplier, $inputalsopricewithtax, $canchangeproduct;
 if (empty($dateSelector)) $dateSelector = 0;
 if (empty($forceall)) $forceall = 0;
 if (empty($senderissupplier)) $senderissupplier = 0;
 if (empty($inputalsopricewithtax)) $inputalsopricewithtax = 0;
-
+if (empty($canchangeproduct)) $canchangeproduct = 0;
 // Define colspan for the button 'Add'
 $colspan = 3; // Col total ht + col edit + col delete
@ -71,27 +72,33 @@ $coldisplay++;
 	<input type="hidden" name="lineid" value="<?php echo $line->id; ?>">
 	<input type="hidden" id="product_type" name="type" value="<?php echo $line->product_type; ?>">
 	<input type="hidden" id="product_id" name="productid" value="<?php echo (!empty($line->fk_product) ? $line->fk_product : 0); ?>" />
 	<input type="hidden" id="special_code" name="special_code" value="<?php echo $line->special_code; ?>">
 	<input type="hidden" id="fk_parent_line" name="fk_parent_line" value="<?php echo $line->fk_parent_line; ?>">
 	<?php if ($line->fk_product > 0) { ?>
 		<?php
-		if ($line->fk_parent_line > 0) echo img_picto('', 'rightarrow');
+		if (empty($canchangeproduct)) {
 			if ($line->fk_parent_line > 0) echo img_picto('', 'rightarrow');
 			?>
 			<a href="<?php echo DOL_URL_ROOT.'/product/card.php?id='.$line->fk_product; ?>">
 			<?php
 			if ($line->product_type == 1) echo img_object($langs->trans('ShowService'), 'service');
 			else print img_object($langs->trans('ShowProduct'), 'product');
 			echo ' '.$line->ref;
 			?>
 			</a>
 			<?php
 			echo ' - '.nl2br($line->product_label);
 			print '<input type="hidden" id="product_id" name="productid" value="'.(!empty($line->fk_product) ? $line->fk_product : 0).'">';
 		} else {
 			if ($senderissupplier) {
 				print $form->select_produits_fournisseurs(!empty($line->fk_product) ? $line->fk_product : 0, 'productid');
 			} else {
 				print $form->select_produits(!empty($line->fk_product) ? $line->fk_product : 0, 'productid');
 			}
 		}
 		?>
 		<a href="<?php echo DOL_URL_ROOT.'/product/card.php?id='.$line->fk_product; ?>">
 		<?php
 		if ($line->product_type == 1) echo img_object($langs->trans('ShowService'), 'service');
 		else print img_object($langs->trans('ShowProduct'), 'product');
 		echo ' '.$line->ref;
 		?>
 		</a>
 		<?php
 		echo ' - '.nl2br($line->product_label);
 		?>
 		<br><br>
 	<?php }	?>
 	<?php
--- a/htdocs/core/tpl/onlinepaymentlinks.tpl.php
+++ b/htdocs/core/tpl/onlinepaymentlinks.tpl.php
@ -39,6 +39,8 @@ if (!empty($conf->commande->enabled))
 	{
 	    $langs->load("orders");
 	    print '<form action="'.$_SERVER["PHP_SELF"].'#order" method="POST">';
 	    print '<input type="hidden" name="token" value="'.newToken().'">';
 	    print $langs->trans("EnterRefToBuildUrl", $langs->transnoentitiesnoconv("Order")).': ';
        print '<input type="text class="flat" id="generate_order_ref" name="generate_order_ref" value="'.GETPOST('generate_order_ref', 'alpha').'" size="10">';
        print '<input type="submit" class="none button" value="'.$langs->trans("GetSecuredUrl").'">';
@ -62,6 +64,8 @@ if (!empty($conf->facture->enabled))
 	{
 	    $langs->load("bills");
 	    print '<form action="'.$_SERVER["PHP_SELF"].'#invoice" method="POST">';
 	    print '<input type="hidden" name="token" value="'.newToken().'">';
 	    print $langs->trans("EnterRefToBuildUrl", $langs->transnoentitiesnoconv("Invoice")).': ';
        print '<input type="text class="flat" id="generate_invoice_ref" name="generate_invoice_ref" value="'.GETPOST('generate_invoice_ref', 'alpha').'" size="10">';
        print '<input type="submit" class="none button" value="'.$langs->trans("GetSecuredUrl").'">';
@ -85,6 +89,8 @@ if (!empty($conf->contrat->enabled))
 	{
 	    $langs->load("contracts");
 	    print '<form action="'.$_SERVER["PHP_SELF"].'#contractline" method="POST">';
 	    print '<input type="hidden" name="token" value="'.newToken().'">';
 	    print $langs->trans("EnterRefToBuildUrl", $langs->transnoentitiesnoconv("ContractLine")).': ';
        print '<input type="text class="flat" id="generate_contract_ref" name="generate_contract_ref" value="'.GETPOST('generate_contract_ref', 'alpha').'" size="10">';
        print '<input type="submit" class="none button" value="'.$langs->trans("GetSecuredUrl").'">';
@ -108,6 +114,8 @@ if (!empty($conf->adherent->enabled))
 	{
 	    $langs->load("members");
 	    print '<form action="'.$_SERVER["PHP_SELF"].'#membersubscription" method="POST">';
 	    print '<input type="hidden" name="token" value="'.newToken().'">';
 	    print $langs->trans("EnterRefToBuildUrl", $langs->transnoentitiesnoconv("Member")).': ';
        print '<input type="text class="flat" id="generate_member_ref" name="generate_member_ref" value="'.GETPOST('generate_member_ref', 'alpha').'" size="10">';
        print '<input type="submit" class="none reposition button" value="'.$langs->trans("GetSecuredUrl").'">';
@ -131,6 +139,8 @@ if (!empty($conf->don->enabled))
 	{
 	    $langs->load("members");
 	    print '<form action="'.$_SERVER["PHP_SELF"].'#donation" method="POST">';
 	    print '<input type="hidden" name="token" value="'.newToken().'">';
 	    print $langs->trans("EnterRefToBuildUrl", $langs->transnoentitiesnoconv("Don")).': ';
        print '<input type="text class="flat" id="generate_donation_ref" name="generate_donation_ref" value="'.GETPOST('generate_donation_ref', 'alpha').'" size="10">';
        print '<input type="submit" class="none reposition button" value="'.$langs->trans("GetSecuredUrl").'">';
--- a/htdocs/cron/admin/cron.php
+++ b/htdocs/cron/admin/cron.php
@ -61,7 +61,8 @@ if (!empty($actionsave))
 *	View
 */
-llxHeader();
+$help_url = '';
 llxHeader('', '', $help_url);
 $linkback = '<a href="'.DOL_URL_ROOT.'/admin/modules.php?restore_lastsearch_values=1">'.$langs->trans("BackToModuleList").'</a>';
 print load_fiche_titre($langs->trans("CronSetup"), $linkback, 'title_setup');
@ -81,17 +82,17 @@ print '<table class="noborder centpercent">';
 print '<tr class="liste_titre">';
 print "<td>".$langs->trans("Parameter")."</td>";
 print "<td>".$langs->trans("Value")."</td>";
-print "<td>&nbsp;</td>";
+print "<td></td>";
 print "</tr>";
-print '<tr class="impair">';
+print '<tr class="oddeven">';
 print '<td class="fieldrequired">'.$langs->trans("KeyForCronAccess").'</td>';
 $disabled = '';
 if (!empty($conf->global->CRON_DISABLE_KEY_CHANGE)) $disabled = ' disabled="disabled"';
 print '<td>';
 if (empty($conf->global->CRON_DISABLE_KEY_CHANGE))
 {
-    print '<input type="text" class="flat minwidth200"'.$disabled.' id="CRON_KEY" name="CRON_KEY" value="'.(GETPOST('CRON_KEY') ?GETPOST('CRON_KEY') : (!empty($conf->global->CRON_KEY) ? $conf->global->CRON_KEY : '')).'">';
+    print '<input type="text" class="flat minwidth300"'.$disabled.' id="CRON_KEY" name="CRON_KEY" value="'.(GETPOST('CRON_KEY') ?GETPOST('CRON_KEY') : (!empty($conf->global->CRON_KEY) ? $conf->global->CRON_KEY : '')).'">';
    if (!empty($conf->use_javascript_ajax))
    	print '&nbsp;'.img_picto($langs->trans('Generate'), 'refresh', 'id="generate_token" class="linkobject"');
 } else {
--- a/htdocs/expedition/list.php
+++ b/htdocs/expedition/list.php
@ -359,11 +359,11 @@ if ($resql)
 	if (in_array($massaction, array('presend'))) $arrayofmassactions = array();
 	$massactionbutton = $form->selectMassAction('', $arrayofmassactions);
-	$newcardbutton = '';
+	// Currently: a sending can't create from sending list
-	if ($user->rights->expedition->creer)
+	// $url = DOL_URL_ROOT.'/expedition/card.php?action=create';
-	{
+	// if (!empty($socid)) $url .= '&socid='.$socid;
-		$newcardbutton .= dolGetButtonTitle($langs->trans('NewSending'), '', 'fa fa-plus-circle', DOL_URL_ROOT.'/expedition/card.php?action=create2');
+	// $newcardbutton = dolGetButtonTitle($langs->trans('NewSending'), '', 'fa fa-plus-circle', $url, '', $user->rights->expedition->creer);
-	}
+	$newcardbutton = dolGetButtonTitle($langs->trans('NewSending'), '', 'fa fa-plus-circle', DOL_URL_ROOT.'/expedition/card.php?action=create2', '', $user->rights->expedition->creer);
 	$i = 0;
 	print '<form method="POST" action="'.$_SERVER["PHP_SELF"].'">'."\n";
--- a/htdocs/expensereport/list.php
+++ b/htdocs/expensereport/list.php
@ -200,48 +200,6 @@ if (empty($reshook))
    $permissiontodelete = $user->rights->expensereport->supprimer;
    $uploaddir = $conf->expensereport->dir_output;
    include DOL_DOCUMENT_ROOT.'/core/actions_massactions.inc.php';
    if ($action == 'update' && !$cancel)
    {
    	require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
    	if ($canedituser)    // Case we can edit all field
    	{
    		$error = 0;
    		if (!$error)
    		{
    			$objectuser->fetch($id);
    			$objectuser->oldcopy = clone $objectuser;
    			$db->begin();
    			$objectuser->default_range = GETPOST('default_range');
    			$objectuser->default_c_exp_tax_cat = GETPOST('default_c_exp_tax_cat');
    			if (!$error) {
    				$ret = $objectuser->update($user);
    				if ($ret < 0) {
    					$error++;
    					if ($db->errno() == 'DB_ERROR_RECORD_ALREADY_EXISTS') {
    						$langs->load("errors");
    						setEventMessages($langs->trans("ErrorLoginAlreadyExists", $objectuser->login), null, 'errors');
    					} else {
    						setEventMessages($objectuser->error, $objectuser->errors, 'errors');
    					}
    				}
    			}
    			if (!$error && !count($objectuser->errors)) {
    				setEventMessages($langs->trans("UserModified"), null, 'mesgs');
    				$db->commit();
    			} else {
    				$db->rollback();
    			}
    		}
    	}
    }
 }
@ -387,71 +345,22 @@ if ($resql)
 		dol_banner_tab($fuser, 'id', $linkback, $user->rights->user->user->lire || $user->admin);
 		print '<div class="fichecenter">';
 		print '<div class="underbanner clearboth"></div>';
 		if (!empty($conf->global->MAIN_USE_EXPENSE_IK))
 		{
 			print '<table class="border centpercent">';
 			if ($action == 'edit')
 			{
 				print '<tr><td class="titlefield">'.$langs->trans("DefaultCategoryCar").'</td>';
 				print '<td>';
 				print $form->selectExpenseCategories($fuser->default_c_exp_tax_cat, 'default_c_exp_tax_cat', 1);
 				print '</td></tr>';
 				print '<tr><td>'.$langs->trans("DefaultRangeNumber").'</td>';
 				print '<td>';
 				$maxRangeNum = ExpenseReportIk::getMaxRangeNumber($fuser->default_c_exp_tax_cat);
 				print $form->selectarray('default_range', range(0, $maxRangeNum), $fuser->default_range);
 				print '</td></tr>';
 			} else {
 				print '<tr><td class="titlefield">'.$langs->trans("DefaultCategoryCar").'</td>';
 				print '<td class="fk_c_exp_tax_cat">';
 				print dol_getIdFromCode($db, $fuser->default_c_exp_tax_cat, 'c_exp_tax_cat', 'rowid', 'label');
 				print '</td></tr>';
 				print '<tr><td>'.$langs->trans("DefaultRangeNumber").'</td>';
 				print '<td>';
 				print $fuser->default_range;
 				print '</td></tr>';
 			}
 			print '</table>';
 		}
 		print '</div>';
 		/*if (empty($conf->global->HOLIDAY_HIDE_BALANCE))
 		{
 			print '<div class="underbanner clearboth"></div>';
 			print '<br>';
 			showMyBalance($holiday, $user_id);
 		}*/
 		dol_fiche_end();
 		if ($action != 'edit')
 		{
 			print '<div class="tabsAction">';
 			if (!empty($conf->global->MAIN_USE_EXPENSE_IK))
 			{
 				print '<a href="'.$_SERVER["PHP_SELF"].'?action=edit&id='.$user_id.'" class="butAction">'.$langs->trans("Modify").'</a>';
 			}
 			$childids = $user->getAllChildIds(1);
 			$canedit = ((in_array($user_id, $childids) && $user->rights->expensereport->creer)
 				|| ($conf->global->MAIN_USE_ADVANCED_PERMS && $user->rights->expensereport->writeall_advance));
 			// Buttons for actions
-			if ($canedit)
+			if ($canedit) {
 			{
 				print '<a href="'.DOL_URL_ROOT.'/expensereport/card.php?action=create&fk_user_author='.$fuser->id.'" class="butAction">'.$langs->trans("AddTrip").'</a>';
 			} else {
 				print '<a href="#" class="butActionRefused" title="'.$langs->trans("NotEnoughPermission").'">'.$langs->trans("AddTrip").'</a>';
 			}
 			print '</div>';
@ -463,11 +372,9 @@ if ($resql)
 	} else {
 		$title = $langs->trans("ListTripsAndExpenses");
-		$newcardbutton = '';
+		$url = DOL_URL_ROOT.'/expensereport/card.php?action=create';
-		if ($user->rights->expensereport->creer)
+		if (!empty($socid)) $url .= '&socid='.$socid;
-		{
+		$newcardbutton = dolGetButtonTitle($langs->trans('NewTrip'), '', 'fa fa-plus-circle', $url, '', $user->rights->expensereport->creer);
            $newcardbutton .= dolGetButtonTitle($langs->trans('NewTrip'), '', 'fa fa-plus-circle', DOL_URL_ROOT.'/expensereport/card.php?action=create');
 		}
 		print_barre_liste($title, $page, $_SERVER["PHP_SELF"], $param, $sortfield, $sortorder, $massactionbutton, $num, $nbtotalofrecords, 'trip', 0, $newcardbutton, '', $limit, 0, 0, 1);
 	}
--- a/htdocs/fichinter/card.php
+++ b/htdocs/fichinter/card.php
@ -173,7 +173,7 @@ if (empty($reshook))
 			header('Location: '.$_SERVER["PHP_SELF"].'?id='.$object->id);
 			exit;
 		} else {
-			$mesg = '<div class="error">'.$object->error.'</div>';
+			$mesg = $object->error;
 		}
 	} elseif ($action == 'confirm_modify' && $confirm == 'yes' && $user->rights->ficheinter->creer)
 	{
@ -198,7 +198,7 @@ if (empty($reshook))
 			header('Location: '.$_SERVER["PHP_SELF"].'?id='.$object->id);
 			exit;
 		} else {
-			$mesg = '<div class="error">'.$object->error.'</div>';
+			$mesg = $object->error;
 		}
 	} elseif ($action == 'add' && $user->rights->ficheinter->creer)
 	{
@ -372,11 +372,11 @@ if (empty($reshook))
 							}
 						}
 		            } else {
-		                $mesg = $srcobject->error;
+						$mesg = $srcobject->error;
 		                $error++;
 		            }
 		        } else {
-		            $mesg = $object->error;
+					$mesg = $object->error;
 		            $error++;
 		        }
 		    } else {
@ -406,7 +406,7 @@ if (empty($reshook))
 		    	}
 	        }
 	    } else {
-	    	$mesg = '<div class="error">'.$langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("ThirdParty")).'</div>';
+			$mesg = $langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("ThirdParty"));
 	        $action = 'create';
 	    }
 	} elseif ($action == 'update' && $user->rights->ficheinter->creer)
@ -456,17 +456,17 @@ if (empty($reshook))
 	{
 		if (!GETPOST('np_desc', 'restricthtml') && empty($conf->global->FICHINTER_EMPTY_LINE_DESC))
 		{
-			$mesg = '<div class="error">'.$langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("Description")).'</div>';
+			$mesg = $langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("Description"));
 			$error++;
 		}
 		if (empty($conf->global->FICHINTER_WITHOUT_DURATION) && !GETPOST('durationhour', 'int') && !GETPOST('durationmin', 'int'))
 		{
-			$mesg = '<div class="error">'.$langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("Duration")).'</div>';
+			$mesg = $langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("Duration"));
 			$error++;
 		}
 		if (empty($conf->global->FICHINTER_WITHOUT_DURATION) && GETPOST('durationhour', 'int') >= 24 && GETPOST('durationmin', 'int') > 0)
 		{
-			$mesg = '<div class="error">'.$langs->trans("ErrorValueTooHigh").'</div>';
+			$mesg = $langs->trans("ErrorValueTooHigh");
 			$error++;
 		}
 		if (!$error)
@ -538,7 +538,7 @@ if (empty($reshook))
 			header('Location: '.$_SERVER["PHP_SELF"].'?id='.$object->id);
 			exit;
 		} else {
-			$mesg = '<div class="error">'.$object->error.'</div>';
+			$mesg = $object->error;
 		}
 	}
@ -555,6 +555,20 @@ if (empty($reshook))
 	    }
 	}
 	// Reopen
 	elseif ($action == 'confirm_reopen' && $user->rights->ficheinter->creer)
 	{
 		$result = $object->setStatut(Fichinter::STATUS_VALIDATED);
 		if ($result > 0)
 		{
 			header('Location: '.$_SERVER["PHP_SELF"].'?id='.$object->id);
 			exit;
 		}
 		else {
 			$mesg = $object->error;
 		}
 	}
 	/*
 	 *  Mise a jour d'une ligne d'intervention
 	 */
@ -735,9 +749,9 @@ if (empty($reshook))
 				if ($object->error == 'DB_ERROR_RECORD_ALREADY_EXISTS')
 				{
 					$langs->load("errors");
-					$mesg = '<div class="error">'.$langs->trans("ErrorThisContactIsAlreadyDefinedAsThisType").'</div>';
+					$mesg = $langs->trans("ErrorThisContactIsAlreadyDefinedAsThisType");
 				} else {
-					$mesg = '<div class="error">'.$object->error.'</div>';
+					$mesg = $object->error;
 				}
 			}
 		}
@ -784,7 +798,11 @@ if ($action == 'create')
 	print load_fiche_titre($langs->trans("AddIntervention"), '', 'intervention');
-	dol_htmloutput_mesg($mesg);
+	if ($error > 0) {
 		dol_htmloutput_errors($mesg);
 	} else {
 		dol_htmloutput_mesg($mesg);
 	}
 	if ($socid) $res = $soc->fetch($socid);
@ -1058,7 +1076,11 @@ if ($action == 'create')
 	$soc = new Societe($db);
 	$soc->fetch($object->socid);
-	dol_htmloutput_mesg($mesg);
+	if ($error > 0) {
 		dol_htmloutput_errors($mesg);
 	} else {
 		dol_htmloutput_mesg($mesg);
 	}
 	$head = fichinter_prepare_head($object);
@ -1099,6 +1121,12 @@ if ($action == 'create')
 		$formconfirm = $form->formconfirm($_SERVER["PHP_SELF"].'?id='.$object->id, $langs->trans('ModifyIntervention'), $langs->trans('ConfirmModifyIntervention'), 'confirm_modify', '', 0, 1);
 	}
 	// Confirm back to open
 	if ($action == 'reopen')
 	{
 		$formconfirm = $form->formconfirm($_SERVER["PHP_SELF"].'?id='.$object->id, $langs->trans('Reopen'), $langs->trans('ConfirmReopenIntervention', $object->ref), 'confirm_reopen', '', 0, 1);
 	}
 	// Confirm deletion of line
 	if ($action == 'ask_deleteline')
 	{
@ -1331,8 +1359,13 @@ if ($action == 'create')
 			{
 				print '<br>';
 				print '<table class="noborder centpercent">';
 				print '<tr class="liste_titre">';
 				// No.
 				if (!empty($conf->global->MAIN_VIEW_LINE_NUMBER)) {
 					print '<td width="5" class="center linecolnum"></td>';
 				}
 				print '<td class="liste_titre">'.$langs->trans('Description').'</td>';
 				print '<td class="liste_titre center">'.$langs->trans('Date').'</td>';
 				print '<td class="liste_titre right">'.(empty($conf->global->FICHINTER_WITHOUT_DURATION) ? $langs->trans('Duration') : '').'</td>';
@ -1344,11 +1377,16 @@ if ($action == 'create')
 			{
 				$objp = $db->fetch_object($resql);
 				// Ligne en mode visu
 				if ($action != 'editline' || GETPOST('line_id', 'int') != $objp->rowid)
 				{
 					print '<tr class="oddeven">';
 					// No.
 					if (!empty($conf->global->MAIN_VIEW_LINE_NUMBER)) {
 						print '<td class="center linecolnum">'.($i + 1).'</td>';
 					}
 					print '<td>';
 					print '<a name="'.$objp->rowid.'"></a>'; // ancre pour retourner sur la ligne
 					print dol_htmlentitiesbr($objp->description);
@ -1409,6 +1447,12 @@ if ($action == 'create')
 				if ($object->statut == 0 && $action == 'editline' && $user->rights->ficheinter->creer && GETPOST('line_id', 'int') == $objp->rowid)
 				{
 					print '<tr class="oddeven nohover">';
 					// No.
 					if (!empty($conf->global->MAIN_VIEW_LINE_NUMBER)) {
 						print '<td class="center linecolnum">'.($i + 1).'</td>';
 					}
 					print '<td>';
 					print '<a name="'.$objp->rowid.'"></a>'; // ancre pour retourner sur la ligne
@ -1461,9 +1505,15 @@ if ($action == 'create')
 			{
 				if (!$num)
 				{
-				    print '<br><table class="noborder centpercent">';
+					print '<br>';
 					print '<table class="noborder centpercent">';
 					print '<tr class="liste_titre">';
 					// No.
 					if (!empty($conf->global->MAIN_VIEW_LINE_NUMBER)) {
 						print '<td width="5" class="center linecolnum"></td>';
 					}
    				print '<tr class="liste_titre">';
    				print '<td>';
    				print '<a name="add"></a>'; // ancre
    				print $langs->trans('Description').'</td>';
@ -1474,6 +1524,12 @@ if ($action == 'create')
 				}
 				print '<tr class="oddeven nohover">'."\n";
 				// No.
 				if (!empty($conf->global->MAIN_VIEW_LINE_NUMBER)) {
 					print '<td class="center linecolnum">'.($i + 1).'</td>';
 				}
                print '<td>';
                // editeur wysiwyg
                if (empty($conf->global->FICHINTER_EMPTY_LINE_DESC)) {
@ -1568,6 +1624,15 @@ if ($action == 'create')
 					print '</a></div>';
 				}
 				// Reopen
 				if ($object->statut > Fichinter::STATUS_CLOSED)
 				{
 					if ($user->rights->ficheinter->creer)
 					{
 						print '<div class="inline-block divButAction"><a class="butAction" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=reopen">'.$langs->trans('Reopen').'</a></div>';
 					} else print '<div class="inline-block divButAction"><a class="butActionRefused classfortooltip" href="#">'.$langs->trans('Reopen').'</a></div>';
 				}
 				// Send
 				if (empty($user->socid)) {
 					if ($object->statut > Fichinter::STATUS_DRAFT)
--- a/htdocs/fichinter/list.php
+++ b/htdocs/fichinter/list.php
@ -95,9 +95,10 @@ $fieldstosearchall = array(
 	's.nom'=>"ThirdParty",
 	'f.description'=>'Description',
 	'f.note_public'=>'NotePublic',
 	'fd.description'=>'DescriptionOfLine',
 );
 if (empty($user->socid)) $fieldstosearchall["f.note_private"] = "NotePrivate";
-if (!empty($conf->global->FICHINTER_DISABLE_DETAILS)) unset($fieldstosearchall['f.description']);
+if (!empty($conf->global->FICHINTER_DISABLE_DETAILS)) unset($fieldstosearchall['fd.description']);
 // Definition of fields for list
 $arrayfields = array(
@ -319,7 +320,10 @@ if ($resql)
 	$massactionbutton = $form->selectMassAction('', $arrayofmassactions);
 	$newcardbutton = '';
-	$morehtmlcenter .= dolGetButtonTitle($langs->trans('NewIntervention'), '', 'fa fa-plus-circle', DOL_URL_ROOT.'/fichinter/card.php?action=create', '', $user->rights->ficheinter->creer);
+
 	$url = DOL_URL_ROOT.'/fichinter/card.php?action=create';
 	if (!empty($socid)) $url .= '&socid='.$socid;
 	$newcardbutton = dolGetButtonTitle($langs->trans('NewIntervention'), '', 'fa fa-plus-circle', $url, '', $user->rights->ficheinter->creer);
 	// Lines of title fields
 	print '<form method="POST" id="searchFormList" action="'.$_SERVER["PHP_SELF"].'">'."\n";
--- a/htdocs/fourn/card.php
+++ b/htdocs/fourn/card.php
@ -366,7 +366,7 @@ if ($object->id > 0)
 	    $icon = 'bill';
 	    if ($link) $boxstat .= '<a href="'.$link.'" class="boxstatsindicator thumbstat nobold nounderline">';
 	    $boxstat .= '<div class="boxstats" title="'.dol_escape_htmltag($text).'">';
-	    $boxstat .= '<span class="boxstatstext">'.img_object("", $icon).' '.$text.'</span><br>';
+	    $boxstat .= '<span class="boxstatstext">'.img_object("", $icon).' <span>'.$text.'</span></span><br>';
 	    $boxstat .= '<span class="boxstatsindicator">'.price($outstandingTotal, 1, $langs, 1, -1, -1, $conf->currency).'</span>';
 	    $boxstat .= '</div>';
 	    if ($link) $boxstat .= '</a>';
@ -384,7 +384,7 @@ if ($object->id > 0)
 	    $icon = 'bill';
 	    if ($link) $boxstat .= '<a href="'.$link.'" class="boxstatsindicator thumbstat nobold nounderline">';
 	    $boxstat .= '<div class="boxstats" title="'.dol_escape_htmltag($text).'">';
-	    $boxstat .= '<span class="boxstatstext">'.img_object("", $icon).' '.$text.'</span><br>';
+	    $boxstat .= '<span class="boxstatstext">'.img_object("", $icon).' <span>'.$text.'</span></span><br>';
 	    $boxstat .= '<span class="boxstatsindicator">'.price($outstandingTotal, 1, $langs, 1, -1, -1, $conf->currency).'</span>';
 	    $boxstat .= '</div>';
 	    if ($link) $boxstat .= '</a>';
@ -402,7 +402,7 @@ if ($object->id > 0)
 	    $icon = 'bill';
 	    if ($link) $boxstat .= '<a href="'.$link.'" class="boxstatsindicator thumbstat nobold nounderline">';
 	    $boxstat .= '<div class="boxstats" title="'.dol_escape_htmltag($text).'">';
-	    $boxstat .= '<span class="boxstatstext">'.img_object("", $icon).' '.$text.'</span><br>';
+	    $boxstat .= '<span class="boxstatstext">'.img_object("", $icon).' <span>'.$text.'</span></span><br>';
 	    $boxstat .= '<span class="boxstatsindicator">'.price($outstandingTotal, 1, $langs, 1, -1, -1, $conf->currency).'</span>';
 	    $boxstat .= '</div>';
 	    if ($link) $boxstat .= '</a>';
@ -413,7 +413,7 @@ if ($object->id > 0)
 	    $icon = 'bill';
 	    if ($link) $boxstat .= '<a href="'.$link.'" class="boxstatsindicator thumbstat nobold nounderline">';
 	    $boxstat .= '<div class="boxstats" title="'.dol_escape_htmltag($text).'">';
-	    $boxstat .= '<span class="boxstatstext">'.img_object("", $icon).' '.$text.'</span><br>';
+	    $boxstat .= '<span class="boxstatstext">'.img_object("", $icon).' <span>'.$text.'</span></span><br>';
 	    $boxstat .= '<span class="boxstatsindicator'.($outstandingOpened > 0 ? ' amountremaintopay' : '').'">'.price($outstandingOpened, 1, $langs, 1, -1, -1, $conf->currency).$warn.'</span>';
 	    $boxstat .= '</div>';
 	    if ($link) $boxstat .= '</a>';
--- a/htdocs/fourn/commande/list.php
+++ b/htdocs/fourn/commande/list.php
@ -649,11 +649,9 @@ if ($resql)
 	if (in_array($massaction, array('presend', 'predelete', 'createbills'))) $arrayofmassactions = array();
 	$massactionbutton = $form->selectMassAction('', $arrayofmassactions);
-	$newcardbutton = '';
+	$url = DOL_URL_ROOT.'/fourn/commande/card.php?action=create';
-	if ($user->rights->fournisseur->commande->creer)
+	if (!empty($socid)) $url .= '&socid='.$socid;
-	{
+	$newcardbutton = dolGetButtonTitle($langs->trans('NewOrder'), '', 'fa fa-plus-circle', $url, '', $user->rights->fournisseur->commande->creer);
        $newcardbutton .= dolGetButtonTitle($langs->trans('NewOrder'), '', 'fa fa-plus-circle', DOL_URL_ROOT.'/fourn/commande/card.php?action=create');
    }
 	// Fields title search
 	print '<form method="POST" action="'.$_SERVER["PHP_SELF"].'">';
--- a/htdocs/fourn/facture/list.php
+++ b/htdocs/fourn/facture/list.php
@ -166,11 +166,11 @@ $arrayfields = array(
 	'country.code_iso'=>array('label'=>$langs->trans("Country"), 'checked'=>0),
 	'typent.code'=>array('label'=>$langs->trans("ThirdPartyType"), 'checked'=>$checkedtypetiers),
 	'f.fk_mode_reglement'=>array('label'=>$langs->trans("PaymentMode"), 'checked'=>1),
-	'f.total_ht'=>array('label'=>$langs->trans("AmountHT"), 'checked'=>1),
+	'f.total_ht'=>array('label'=>$langs->trans("AmountHT"), 'checked'=>1, 'position'=>105),
-	'f.total_vat'=>array('label'=>$langs->trans("AmountVAT"), 'checked'=>0),
+	'f.total_vat'=>array('label'=>$langs->trans("AmountVAT"), 'checked'=>0, 'position'=>110),
-	'f.total_localtax1'=>array('label'=>$langs->transcountry("AmountLT1", $mysoc->country_code), 'checked'=>0, 'enabled'=>$mysoc->localtax1_assuj == "1"),
+	'f.total_localtax1'=>array('label'=>$langs->transcountry("AmountLT1", $mysoc->country_code), 'checked'=>0, 'enabled'=>$mysoc->localtax1_assuj == "1", 'position'=>95),
-	'f.total_localtax2'=>array('label'=>$langs->transcountry("AmountLT2", $mysoc->country_code), 'checked'=>0, 'enabled'=>$mysoc->localtax2_assuj == "1"),
+	'f.total_localtax2'=>array('label'=>$langs->transcountry("AmountLT2", $mysoc->country_code), 'checked'=>0, 'enabled'=>$mysoc->localtax2_assuj == "1", 'position'=>100),
-	'f.total_ttc'=>array('label'=>$langs->trans("AmountTTC"), 'checked'=>0),
+	'f.total_ttc'=>array('label'=>$langs->trans("AmountTTC"), 'checked'=>0, 'position'=>115),
 	'u.login'=>array('label'=>"Author", 'checked'=>1),
 	'dynamount_payed'=>array('label'=>$langs->trans("Payed"), 'checked'=>0),
 	'rtp'=>array('label'=>$langs->trans("Rest"), 'checked'=>0),
@ -318,6 +318,7 @@ if (is_array($extrafields->attributes[$object->table_element]['label']) && count
 if (!$search_all) $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'paiementfourn_facturefourn as pf ON pf.fk_facturefourn = f.rowid';
 if ($search_all || $search_product_category > 0) $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'facture_fourn_det as pd ON f.rowid=pd.fk_facture_fourn';
 if ($search_product_category > 0) $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'categorie_product as cp ON cp.fk_product=pd.fk_product';
 $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'user AS u ON f.fk_user_author = u.rowid';
 $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."projet as p ON p.rowid = f.fk_projet";
 // We'll need this table joined to the select in order to filter by sale
 if ($search_sale > 0 || (!$user->rights->societe->client->voir && !$socid)) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
@ -326,7 +327,6 @@ if ($search_user > 0)
 	$sql .= ", ".MAIN_DB_PREFIX."element_contact as ec";
 	$sql .= ", ".MAIN_DB_PREFIX."c_type_contact as tc";
 }
 $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'user AS u ON f.fk_user_author = u.rowid';
 $sql .= ' WHERE f.fk_soc = s.rowid';
 $sql .= ' AND f.entity IN ('.getEntity('facture_fourn').')';
 if (!$user->rights->societe->client->voir && !$socid) $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
@ -508,11 +508,9 @@ if ($resql)
 	if (in_array($massaction, array('presend', 'predelete', 'createbills'))) $arrayofmassactions = array();
 	$massactionbutton = $form->selectMassAction('', $arrayofmassactions);
-	$newcardbutton = '';
+	$url = DOL_URL_ROOT.'/fourn/facture/card.php?action=create';
-	if ($user->rights->fournisseur->facture->creer)
+	if (!empty($socid)) $url .= '&socid='.$socid;
-	{
+	$newcardbutton = dolGetButtonTitle($langs->trans('NewBill'), '', 'fa fa-plus-circle', $url, '', $user->rights->fournisseur->facture->creer);
        $newcardbutton .= dolGetButtonTitle($langs->trans('NewBill'), '', 'fa fa-plus-circle', DOL_URL_ROOT.'/fourn/facture/card.php?action=create');
 	}
 	$i = 0;
 	print '<form method="POST" name="searchFormList" action="'.$_SERVER["PHP_SELF"].'">'."\n";
--- a/htdocs/holiday/list.php
+++ b/htdocs/holiday/list.php
@ -432,11 +432,7 @@ if ($resql)
 	} else {
 		$title = $langs->trans("ListeCP");
-		$newcardbutton = '';
+		$newcardbutton = dolGetButtonTitle($langs->trans('MenuAddCP'), '', 'fa fa-plus-circle', DOL_URL_ROOT.'/holiday/card.php?action=create', '', $user->rights->holiday->write);
 		if ($user->rights->holiday->write)
 		{
 			$newcardbutton .= dolGetButtonTitle($langs->trans('MenuAddCP'), '', 'fa fa-plus-circle', DOL_URL_ROOT.'/holiday/card.php?action=create');
 	    }
 		print_barre_liste($title, $page, $_SERVER["PHP_SELF"], $param, $sortfield, $sortorder, $massactionbutton, $num, $nbtotalofrecords, 'title_hrm', 0, $newcardbutton, '', $limit, 0, 0, 1);
 	}
--- a/htdocs/hrm/index.php
+++ b/htdocs/hrm/index.php
@ -53,8 +53,7 @@ if (empty($conf->global->MAIN_INFO_SOCIETE_NOM) || empty($conf->global->MAIN_INF
 $holiday = new Holiday($db);
 $holidaystatic = new Holiday($db);
-$max = 3;
+$max = $conf->global->MAIN_SIZE_SHORTLIST_LIMIT;
 /*
--- a/htdocs/includes/jquery/plugins/multiselect/jquery.multi-select.js
+++ b/htdocs/includes/jquery/plugins/multiselect/jquery.multi-select.js
@ -0,0 +1,360 @@
 // jquery.multi-select.js
 // by mySociety
 // https://github.com/mysociety/jquery-multi-select
 ;(function($) {
  "use strict";
  var pluginName = "multiSelect",
    defaults = {
      'containerHTML': '<div class="multi-select-container">',
      'menuHTML': '<div class="multi-select-menu">',
      'buttonHTML': '<span class="multi-select-button">',
      'menuItemsHTML': '<div class="multi-select-menuitems">',
      'menuItemHTML': '<label class="multi-select-menuitem">',
      'presetsHTML': '<div class="multi-select-presets">',
      'activeClass': 'multi-select-container--open',
      'noneText': '-- Select --',
      'allText': undefined,
      'presets': undefined,
      'positionedMenuClass': 'multi-select-container--positioned',
      'positionMenuWithin': undefined,
      'viewportBottomGutter': 20,
      'menuMinHeight': 200
    };
  /**
   * @constructor
   */
  function MultiSelect(element, options) {
    this.element = element;
    this.$element = $(element);
    this.settings = $.extend( {}, defaults, options );
    this._defaults = defaults;
    this._name = pluginName;
    this.init();
  }
  function arraysAreEqual(array1, array2) {
    if ( array1.length != array2.length ){
      return false;
    }
    array1.sort();
    array2.sort();
    for ( var i = 0; i < array1.length; i++ ){
      if ( array1[i] !== array2[i] ){
        return false;
      }
    }
    return true;
  }
  $.extend(MultiSelect.prototype, {
    init: function() {
      this.checkSuitableInput();
      this.findLabels();
      this.constructContainer();
      this.constructButton();
      this.constructMenu();
      this.setUpBodyClickListener();
      this.setUpLabelsClickListener();
      this.$element.hide();
    },
    checkSuitableInput: function(text) {
      if ( this.$element.is('select[multiple]') === false ) {
        throw new Error('$.multiSelect only works on <select multiple> elements');
      }
    },
    findLabels: function() {
      this.$labels = $('label[for="' + this.$element.attr('id') + '"]');
    },
    constructContainer: function() {
      this.$container = $(this.settings['containerHTML']);
      this.$element.data('multi-select-container', this.$container);
      this.$container.insertAfter(this.$element);
    },
    constructButton: function() {
      var _this = this;
      this.$button = $(this.settings['buttonHTML']);
      this.$button.attr({
        'role': 'button',
        'aria-haspopup': 'true',
        'tabindex': 0,
        'aria-label': this.$labels.eq(0).text()
      })
      .on('keydown.multiselect', function(e) {
        var key = e.which;
        var returnKey = 13;
        var spaceKey = 32;
        if ((key === returnKey) || (key === spaceKey)) {
          _this.$button.click();
        }
      }).on('click.multiselect', function(e) {
        _this.menuToggle();
      })
      .appendTo(this.$container);
      this.$element.on('change.multiselect', function() {
        _this.updateButtonContents();
      });
      this.updateButtonContents();
    },
    updateButtonContents: function() {
      var _this = this;
      var options = [];
      var selected = [];
      this.$element.children('option').each(function() {
        var text = /** @type string */ ($(this).text());
        options.push(text);
        if ($(this).is(':selected')) {
          selected.push( $.trim(text) );
        }
      });
      this.$button.empty();
      if (selected.length == 0) {
        this.$button.text( this.settings['noneText'] );
      } else if ( (selected.length === options.length) && this.settings['allText']) {
        this.$button.text( this.settings['allText'] );
      } else {
        this.$button.text( selected.join(', ') );
      }
    },
    constructMenu: function() {
      var _this = this;
      this.$menu = $(this.settings['menuHTML']);
      this.$menu.attr({
        'role': 'menu'
      }).on('keyup.multiselect', function(e){
        var key = e.which;
        var escapeKey = 27;
        if (key === escapeKey) {
          _this.menuHide();
        }
      })
      .appendTo(this.$container);
      this.constructMenuItems();
      if ( this.settings['presets'] ) {
        this.constructPresets();
      }
    },
    constructMenuItems: function() {
      var _this = this;
      this.$menuItems = $(this.settings['menuItemsHTML']);
      this.$menu.append(this.$menuItems);
      this.$element.on('change.multiselect', function(e, internal) {
        // Don't need to update the menu items if this
        // change event was fired by our tickbox handler.
        if(internal !== true){
          _this.updateMenuItems();
        }
      });
      this.updateMenuItems();
    },
    updateMenuItems: function() {
      var _this = this;
      this.$menuItems.empty();
      this.$element.children('option').each(function(option_index, option) {
        var $item = _this.constructMenuItem($(option), option_index);
        _this.$menuItems.append($item);
      });
    },
    constructPresets: function() {
      var _this = this;
      this.$presets = $(this.settings['presetsHTML']);
      this.$menu.prepend(this.$presets);
      $.each(this.settings['presets'], function(i, preset){
        var unique_id = _this.$element.attr('name') + '_preset_' + i;
        var $item = $(_this.settings['menuItemHTML'])
          .attr({
            'for': unique_id,
            'role': 'menuitem'
          })
          .text(' ' + preset.name)
          .appendTo(_this.$presets);
        var $input = $('<input>')
          .attr({
            'type': 'radio',
            'name': _this.$element.attr('name') + '_presets',
            'id': unique_id
          })
          .prependTo($item);
        $input.on('change.multiselect', function(){
          _this.$element.val(preset.options);
          _this.$element.trigger('change');
        });
      });
      this.$element.on('change.multiselect', function() {
        _this.updatePresets();
      });
      this.updatePresets();
    },
    updatePresets: function() {
      var _this = this;
      $.each(this.settings['presets'], function(i, preset){
        var unique_id = _this.$element.attr('name') + '_preset_' + i;
        var $input = _this.$presets.find('#' + unique_id);
        if ( arraysAreEqual(preset.options || [], _this.$element.val() || []) ){
          $input.prop('checked', true);
        } else {
          $input.prop('checked', false);
        }
      });
    },
    constructMenuItem: function($option, option_index) {
      var unique_id = this.$element.attr('name') + '_' + option_index;
      var $item = $(this.settings['menuItemHTML'])
        .attr({
          'for': unique_id,
          'role': 'menuitem'
        })
        .text(' ' + $option.text());
      var $input = $('<input>')
        .attr({
          'type': 'checkbox',
          'id': unique_id,
          'value': $option.val()
        })
        .prependTo($item);
      if ( $option.is(':disabled') ) {
        $input.attr('disabled', 'disabled');
      }
      if ( $option.is(':selected') ) {
        $input.prop('checked', 'checked');
      }
      $input.on('change.multiselect', function() {
        if ($(this).prop('checked')) {
          $option.prop('selected', true);
        } else {
          $option.prop('selected', false);
        }
        // .prop() on its own doesn't generate a change event.
        // Other plugins might want to do stuff onChange.
        $option.trigger('change', [true]);
      });
      return $item;
    },
    setUpBodyClickListener: function() {
      var _this = this;
      // Hide the $menu when you click outside of it.
      $('html').on('click.multiselect', function(){
        _this.menuHide();
      });
      // Stop click events from inside the $button or $menu from
      // bubbling up to the body and closing the menu!
      this.$container.on('click.multiselect', function(e){
        e.stopPropagation();
      });
    },
    setUpLabelsClickListener: function() {
      var _this = this;
      this.$labels.on('click.multiselect', function(e) {
        e.preventDefault();
        e.stopPropagation();
        _this.menuToggle();
      });
    },
    menuShow: function() {
      $('html').trigger('click.multiselect'); // Close any other open menus
      this.$container.addClass(this.settings['activeClass']);
      if ( this.settings['positionMenuWithin'] && this.settings['positionMenuWithin'] instanceof $ ) {
        var menuLeftEdge = this.$menu.offset().left + this.$menu.outerWidth();
        var withinLeftEdge = this.settings['positionMenuWithin'].offset().left +
          this.settings['positionMenuWithin'].outerWidth();
        if ( menuLeftEdge > withinLeftEdge ) {
          this.$menu.css( 'width', (withinLeftEdge - this.$menu.offset().left) );
          this.$container.addClass(this.settings['positionedMenuClass']);
        }
      }
      var menuBottom = this.$menu.offset().top + this.$menu.outerHeight();
      var viewportBottom = $(window).scrollTop() + $(window).height();
      if ( menuBottom > viewportBottom - this.settings['viewportBottomGutter'] ) {
        this.$menu.css({
          'maxHeight': Math.max(
            viewportBottom - this.settings['viewportBottomGutter'] - this.$menu.offset().top,
            this.settings['menuMinHeight']
          ),
          'overflow': 'scroll'
        });
      } else {
        this.$menu.css({
          'maxHeight': '',
          'overflow': ''
        });
      }
    },
    menuHide: function() {
      this.$container.removeClass(this.settings['activeClass']);
      this.$container.removeClass(this.settings['positionedMenuClass']);
      this.$menu.css('width', 'auto');
    },
    menuToggle: function() {
      if ( this.$container.hasClass(this.settings['activeClass']) ) {
        this.menuHide();
      } else {
        this.menuShow();
      }
    }
  });
  $.fn[ pluginName ] = function(options) {
    return this.each(function() {
      if ( !$.data(this, "plugin_" + pluginName) ) {
        $.data(this, "plugin_" + pluginName,
          new MultiSelect(this, options) );
      }
    });
  };
 })(jQuery);
--- a/htdocs/includes/jquery/plugins/multiselect/jquery.multi-select.min.js
+++ b/htdocs/includes/jquery/plugins/multiselect/jquery.multi-select.min.js
@ -0,0 +1,9 @@
 (function(c){function f(b,a){this.b=c(b);this.a=c.extend({},g,a);this.H()}var g={containerHTML:'<div class="multi-select-container">',menuHTML:'<div class="multi-select-menu">',buttonHTML:'<span class="multi-select-button">',menuItemsHTML:'<div class="multi-select-menuitems">',menuItemHTML:'<label class="multi-select-menuitem">',presetsHTML:'<div class="multi-select-presets">',activeClass:"multi-select-container--open",noneText:"-- Select --",allText:void 0,presets:void 0,positionedMenuClass:"multi-select-container--positioned",
 positionMenuWithin:void 0,viewportBottomGutter:20,menuMinHeight:200};c.extend(f.prototype,{H:function(){this.v();this.G();this.A();this.w();this.B();this.J();this.K();this.b.hide()},v:function(){if(!1===this.b.is("select[multiple]"))throw Error("$.multiSelect only works on <select multiple> elements");},G:function(){this.l=c('label[for="'+this.b.attr("id")+'"]')},A:function(){this.f=c(this.a.containerHTML);this.b.data("multi-select-container",this.f);this.f.insertAfter(this.b)},w:function(){var b=
 this;this.g=c(this.a.buttonHTML);this.g.attr({role:"button","aria-haspopup":"true",tabindex:0,"aria-label":this.l.eq(0).text()}).on("keydown.multiselect",function(a){a=a.which;13!==a&&32!==a||b.g.click()}).on("click.multiselect",function(){b.m()}).appendTo(this.f);this.b.on("change.multiselect",function(){b.o()});this.o()},o:function(){var b=[],a=[];this.b.children("option").each(function(){var d=c(this).text();b.push(d);c(this).is(":selected")&&a.push(c.trim(d))});this.g.empty();0==a.length?this.g.text(this.a.noneText):
 a.length===b.length&&this.a.allText?this.g.text(this.a.allText):this.g.text(a.join(", "))},B:function(){var b=this;this.c=c(this.a.menuHTML);this.c.attr({role:"menu"}).on("keyup.multiselect",function(a){27===a.which&&b.j()}).appendTo(this.f);this.D();this.a.presets&&this.F()},D:function(){var b=this;this.h=c(this.a.menuItemsHTML);this.c.append(this.h);this.b.on("change.multiselect",function(a,c){!0!==c&&b.s()});this.s()},s:function(){var b=this;this.h.empty();this.b.children("option").each(function(a,
 d){a=b.C(c(d),a);b.h.append(a)})},F:function(){var b=this;this.i=c(this.a.presetsHTML);this.c.prepend(this.i);c.each(this.a.presets,function(a,d){a=b.b.attr("name")+"_preset_"+a;var h=c(b.a.menuItemHTML).attr({"for":a,role:"menuitem"}).text(" "+d.name).appendTo(b.i);c("<input>").attr({type:"radio",name:b.b.attr("name")+"_presets",id:a}).prependTo(h).on("change.multiselect",function(){b.b.val(d.options);b.b.trigger("change")})});this.b.on("change.multiselect",function(){b.u()});this.u()},u:function(){var b=
 this;c.each(this.a.presets,function(a,c){a=b.b.attr("name")+"_preset_"+a;a=b.i.find("#"+a);a:{c=c.options||[];var d=b.b.val()||[];if(c.length!=d.length)c=!1;else{c.sort();d.sort();for(var e=0;e<c.length;e++)if(c[e]!==d[e]){c=!1;break a}c=!0}}c?a.prop("checked",!0):a.prop("checked",!1)})},C:function(b,a){var d=this.b.attr("name")+"_"+a;a=c(this.a.menuItemHTML).attr({"for":d,role:"menuitem"}).text(" "+b.text());d=c("<input>").attr({type:"checkbox",id:d,value:b.val()}).prependTo(a);b.is(":disabled")&&
 d.attr("disabled","disabled");b.is(":selected")&&d.prop("checked","checked");d.on("change.multiselect",function(){c(this).prop("checked")?b.prop("selected",!0):b.prop("selected",!1);b.trigger("change",[!0])});return a},J:function(){var b=this;c("html").on("click.multiselect",function(){b.j()});this.f.on("click.multiselect",function(a){a.stopPropagation()})},K:function(){var b=this;this.l.on("click.multiselect",function(a){a.preventDefault();a.stopPropagation();b.m()})},I:function(){c("html").trigger("click.multiselect");
 this.f.addClass(this.a.activeClass);if(this.a.positionMenuWithin&&this.a.positionMenuWithin instanceof c){var b=this.c.offset().left+this.c.outerWidth(),a=this.a.positionMenuWithin.offset().left+this.a.positionMenuWithin.outerWidth();b>a&&(this.c.css("width",a-this.c.offset().left),this.f.addClass(this.a.positionedMenuClass))}b=this.c.offset().top+this.c.outerHeight();a=c(window).scrollTop()+c(window).height();b>a-this.a.viewportBottomGutter?this.c.css({maxHeight:Math.max(a-this.a.viewportBottomGutter-
 this.c.offset().top,this.a.menuMinHeight),overflow:"scroll"}):this.c.css({maxHeight:"",overflow:""})},j:function(){this.f.removeClass(this.a.activeClass);this.f.removeClass(this.a.positionedMenuClass);this.c.css("width","auto")},m:function(){this.f.hasClass(this.a.activeClass)?this.j():this.I()}});c.fn.multiSelect=function(b){return this.each(function(){c.data(this,"plugin_multiSelect")||c.data(this,"plugin_multiSelect",new f(this,b))})}})(jQuery);
--- a/Show More
+++ b/Show More