From 638cb105df33546d1e530de16c5b51ae40b03040 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@users.sourceforge.net>
Date: Fri, 18 Feb 2011 10:45:38 +0000
Subject: [PATCH] Fix: HTML tags must be escaped

---
 htdocs/adherents/liste.php              |  5 ++--
 htdocs/adherents/type.php               |  5 ++--
 htdocs/admin/tools/listevents.php       |  2 +-
 htdocs/admin/tools/listsessions.php     | 33 -------------------------
 htdocs/comm/clients.php                 |  4 +--
 htdocs/comm/contact.php                 |  2 +-
 htdocs/comm/mailing/cibles.php          |  5 ++--
 htdocs/comm/mailing/fiche.php           |  1 -
 htdocs/comm/mailing/liste.php           |  2 +-
 htdocs/comm/propal.php                  |  2 +-
 htdocs/comm/prospect/prospects.php      |  2 +-
 htdocs/commande/liste.php               |  2 +-
 htdocs/compta/bank/account.php          |  2 +-
 htdocs/compta/bank/search.php           |  2 +-
 htdocs/compta/clients.php               |  2 +-
 htdocs/compta/facture.php               |  2 +-
 htdocs/compta/facture/impayees.php      |  2 +-
 htdocs/compta/paiement/cheque/liste.php |  2 +-
 htdocs/compta/paiement/liste.php        |  2 +-
 htdocs/compta/param/comptes/liste.php   |  2 +-
 htdocs/compta/prelevement/bons.php      |  2 +-
 htdocs/compta/prelevement/demandes.php  |  2 +-
 htdocs/compta/prelevement/liste.php     |  2 +-
 htdocs/compta/propal.php                |  2 +-
 htdocs/compta/sociales/index.php        |  2 +-
 htdocs/compta/ventilation/lignes.php    |  2 +-
 htdocs/contact/index.php                |  5 ++--
 htdocs/contrat/liste.php                |  2 +-
 htdocs/contrat/services.php             |  2 +-
 htdocs/fichinter/index.php              |  2 +-
 htdocs/fourn/commande/liste.php         |  2 +-
 htdocs/fourn/facture/impayees.php       |  2 +-
 htdocs/fourn/facture/index.php          |  2 +-
 htdocs/fourn/liste.php                  |  2 +-
 htdocs/fourn/product/liste.php          |  5 ++--
 htdocs/product/liste.php                |  4 +--
 htdocs/product/stock/mouvement.php      |  8 +++---
 htdocs/projet/liste.php                 |  2 +-
 htdocs/societe/lien.php                 |  2 +-
 htdocs/societe/societe.php              |  4 +--
 40 files changed, 55 insertions(+), 82 deletions(-)

diff --git a/htdocs/adherents/liste.php b/htdocs/adherents/liste.php
index 5da5e4f4db2..4b221c6d40a 100644
--- a/htdocs/adherents/liste.php
+++ b/htdocs/adherents/liste.php
@@ -242,8 +242,9 @@ if ($resql)
 	print '<td class="liste_titre">&nbsp;</td>';
 
 	print '<td align="right" colspan="2" class="liste_titre">';
-	print '<input type="image" class="liste_titre" src="'.DOL_URL_ROOT.'/theme/'.$conf->theme.'/img/search.png" name="button_search" alt="'.$langs->trans("Search").'">';
-	print '&nbsp; <input type="image" value="button_removefilter" class="liste_titre" src="'.DOL_URL_ROOT.'/theme/'.$conf->theme.'/img/searchclear.png" name="button_removefilter" alt="'.$langs->trans("RemoveFilter").'">';
+	print '<input type="image" class="liste_titre" src="'.DOL_URL_ROOT.'/theme/'.$conf->theme.'/img/search.png" name="button_search" value="'.dol_escape_htmltag($langs->trans("Search")).'" title="'.dol_escape_htmltag($langs->trans("Search")).'">';
+	print '&nbsp; ';
+	print '<input type="image" class="liste_titre" src="'.DOL_URL_ROOT.'/theme/'.$conf->theme.'/img/searchclear.png" name="button_removefilter" value="'.dol_escape_htmltag($langs->trans("RemoveFilter")).'" title="'.dol_escape_htmltag($langs->trans("RemoveFilter")).'">';
 	print '</td>';
 
 	print "</tr>\n";
diff --git a/htdocs/adherents/type.php b/htdocs/adherents/type.php
index 98af9040d79..3f950dad3d6 100644
--- a/htdocs/adherents/type.php
+++ b/htdocs/adherents/type.php
@@ -460,8 +460,9 @@ if ($rowid > 0)
 			print '<td class="liste_titre">&nbsp;</td>';
 
 			print '<td align="right" colspan="2" class="liste_titre">';
-			print '<input type="image" class="liste_titre" src="'.DOL_URL_ROOT.'/theme/'.$conf->theme.'/img/search.png" name="button_search" alt="'.$langs->trans("Search").'">';
-		    print '&nbsp; <input type="image" value="button_removefilter" class="liste_titre" src="'.DOL_URL_ROOT.'/theme/'.$conf->theme.'/img/searchclear.png" name="button_removefilter" alt="'.$langs->trans("RemoveFilter").'">';
+			print '<input type="image" class="liste_titre" src="'.DOL_URL_ROOT.'/theme/'.$conf->theme.'/img/search.png" name="button_search" value="'.dol_escape_htmltag($langs->trans("Search")).'" title="'.dol_escape_htmltag($langs->trans("Search")).'">';
+		    print '&nbsp; ';
+		    print '<input type="image" class="liste_titre" src="'.DOL_URL_ROOT.'/theme/'.$conf->theme.'/img/searchclear.png" name="button_removefilter" value="'.dol_escape_htmltag($langs->trans("RemoveFilter")).'" title="'.dol_escape_htmltag($langs->trans("RemoveFilter")).'">';
 			print '</td>';
 
 			print "</tr>\n";
diff --git a/htdocs/admin/tools/listevents.php b/htdocs/admin/tools/listevents.php
index 3fb1e240e66..3355d8a4455 100644
--- a/htdocs/admin/tools/listevents.php
+++ b/htdocs/admin/tools/listevents.php
@@ -145,7 +145,7 @@ if ($result)
 	print '</td>';
 
 	print '<td align="right" class="liste_titre">';
-	print '<input type="image" class="liste_titre" src="'.DOL_URL_ROOT.'/theme/'.$conf->theme.'/img/search.png" name="button_search" alt="'.$langs->trans("Search").'">';
+	print '<input type="image" class="liste_titre" src="'.DOL_URL_ROOT.'/theme/'.$conf->theme.'/img/search.png" name="button_search" value="'.dol_escape_htmltag($langs->trans("Search")).'" title="'.dol_escape_htmltag($langs->trans("Search")).'">';
 	print '</td>';
 
 	print "</tr>\n";
diff --git a/htdocs/admin/tools/listsessions.php b/htdocs/admin/tools/listsessions.php
index 56287857188..2d48dd8c2d0 100644
--- a/htdocs/admin/tools/listsessions.php
+++ b/htdocs/admin/tools/listsessions.php
@@ -134,39 +134,6 @@ if ($savehandler == 'files')
 	print_liste_field_titre('','','');
 	print "</tr>\n";
 
-
-	// Lignes des champs de filtre
-	/*
-	print '<form method="GET" action="'.$_SERVER["PHP_SELF"].'">';
-
-	print '<tr class="liste_titre">';
-
-	print '<td class="liste_titre">&nbsp;</td>';
-
-	print '<td align="left" class="liste_titre">';
-	print '<input class="flat" type="text" size="10" name="search_code" value="'.$_GET["search_code"].'">';
-	print '</td>';
-
-	print '<td align="left" class="liste_titre">';
-	print '<input class="flat" type="text" size="10" name="search_ip" value="'.$_GET["search_ip"].'">';
-	print '</td>';
-
-	print '<td align="left" class="liste_titre">';
-	print '<input class="flat" type="text" size="10" name="search_user" value="'.$_GET["search_user"].'">';
-	print '</td>';
-
-	print '<td align="left" class="liste_titre">';
-	print '<input class="flat" type="text" size="10" name="search_desc" value="'.$_GET["search_desc"].'">';
-	print '</td>';
-
-	print '<td align="right" class="liste_titre">';
-	print '<input type="image" class="liste_titre" src="'.DOL_URL_ROOT.'/theme/'.$conf->theme.'/img/search.png" name="button_search" alt="'.$langs->trans("Search").'">';
-	print '</td>';
-
-	print "</tr>\n";
-	print '</form>';
-	*/
-
 	$var=True;
 
 	foreach ($listofsessions as $key => $sessionentry)
diff --git a/htdocs/comm/clients.php b/htdocs/comm/clients.php
index 4d79e0730af..5fe7da7608e 100644
--- a/htdocs/comm/clients.php
+++ b/htdocs/comm/clients.php
@@ -183,9 +183,9 @@ if ($result)
 	print '</td><td class="liste_titre">';
 	print '<input type="text" class="flat" name="search_code" value="'.$search_code.'" size="10">';
 	print '</td>';
-	print '<td class="liste_titre" align="right"><input class="liste_titre" type="image" src="'.DOL_URL_ROOT.'/theme/'.$conf->theme.'/img/search.png" alt="'.$langs->trans("Search").'">';
+	print '<td class="liste_titre" align="right"><input class="liste_titre" type="image" src="'.DOL_URL_ROOT.'/theme/'.$conf->theme.'/img/search.png" value="'.dol_escape_htmltag($langs->trans("Search")).'" title="'.dol_escape_htmltag($langs->trans("Search")).'">';
     print '&nbsp; ';
-    print '<input type="image" class="liste_titre" name="button_removefilter" src="'.DOL_URL_ROOT.'/theme/'.$conf->theme.'/img/searchclear.png" alt="'.$langs->trans("RemoveFilter").'">';
+    print '<input type="image" class="liste_titre" name="button_removefilter" src="'.DOL_URL_ROOT.'/theme/'.$conf->theme.'/img/searchclear.png" value="'.dol_escape_htmltag($langs->trans("RemoveFilter")).'" title="'.dol_escape_htmltag($langs->trans("RemoveFilter")).'">';
     print '</td>';
     print "</tr>\n";
 
diff --git a/htdocs/comm/contact.php b/htdocs/comm/contact.php
index f3a297d38f8..3776867b457 100644
--- a/htdocs/comm/contact.php
+++ b/htdocs/comm/contact.php
@@ -144,7 +144,7 @@ if ($resql)
   print '<td class="liste_titre"><input class="flat" name="search_prenom" size="12"  value="'.$_GET["search_prenom"].'"></td>';
   print '<td class="liste_titre"><input class="flat" name="search_societe" size="12"  value="'.$_GET["search_societe"].'"></td>';
   print '<td class="liste_titre">&nbsp;</td>';
-  print '<td class="liste_titre" align="right"><input type="image" class="liste_titre" src="'.DOL_URL_ROOT.'/theme/'.$conf->theme.'/img/search.png" alt='.$langs->trans("Search").'></td>';
+  print '<td class="liste_titre" align="right"><input type="image" class="liste_titre" src="'.DOL_URL_ROOT.'/theme/'.$conf->theme.'/img/search.png" value="'.dol_escape_htmltag($langs->trans("Search")).'" title="'.dol_escape_htmltag($langs->trans("Search")).'"></td>';
   print "</tr>\n";
   print '</form>';
 
diff --git a/htdocs/comm/mailing/cibles.php b/htdocs/comm/mailing/cibles.php
index 96b6e8b9f07..abf06b6e66f 100644
--- a/htdocs/comm/mailing/cibles.php
+++ b/htdocs/comm/mailing/cibles.php
@@ -419,8 +419,9 @@ if ($mil->fetch($_REQUEST["id"]) >= 0)
 		print '</td>';
 		// Source
 		print '<td class="liste_titre" align="right" colspan="3">';
-		print '<input type="image" value="button_search" class="liste_titre" src="'.DOL_URL_ROOT.'/theme/'.$conf->theme.'/img/search.png" name="button_search" alt="'.$langs->trans("Search").'">';
-		print '&nbsp; <input type="image" value="button_removefilter" class="liste_titre" src="'.DOL_URL_ROOT.'/theme/'.$conf->theme.'/img/searchclear.png" name="button_removefilter" alt="'.$langs->trans("RemoveFilter").'">';
+		print '<input type="image" class="liste_titre" src="'.DOL_URL_ROOT.'/theme/'.$conf->theme.'/img/search.png" name="button_search" value="'.dol_escape_htmltag($langs->trans("Search")).'" title="'.dol_escape_htmltag($langs->trans("Search")).'">';
+		print '&nbsp; ';
+		print '<input type="image" class="liste_titre" src="'.DOL_URL_ROOT.'/theme/'.$conf->theme.'/img/searchclear.png" name="button_removefilter" value="'.dol_escape_htmltag($langs->trans("RemoveFilter")).'" title="'.dol_escape_htmltag($langs->trans("RemoveFilter")).'">';
 		print '</td>';
 		print '</tr>';
 
diff --git a/htdocs/comm/mailing/fiche.php b/htdocs/comm/mailing/fiche.php
index 4ff84ea25ac..c27de12a53f 100644
--- a/htdocs/comm/mailing/fiche.php
+++ b/htdocs/comm/mailing/fiche.php
@@ -915,7 +915,6 @@ else
 					foreach($listofpaths as $key => $val)
 					{
 						print img_mime($listofpaths[$key]['name']).' '.$listofpaths[$key]['name'];
-						//print ' <input type="image" style="border: 0px;" src="'.DOL_URL_ROOT.'/theme/'.$conf->theme.'/img/delete.png" value="'.($key+1).'" name="removedfile">';
 						print '<br>';
 					}
 				}
diff --git a/htdocs/comm/mailing/liste.php b/htdocs/comm/mailing/liste.php
index 827d7e4a6eb..6183dafb72c 100644
--- a/htdocs/comm/mailing/liste.php
+++ b/htdocs/comm/mailing/liste.php
@@ -127,7 +127,7 @@ if ($result)
 	print '<td class="liste_titre">&nbsp;</td>';
 	if (! $filteremail) print '<td class="liste_titre">&nbsp;</td>';
 	print '<td class="liste_titre">&nbsp;</td>';
-	print '<td class="liste_titre" align="right"><input class="liste_titre" type="image" src="'.DOL_URL_ROOT.'/theme/'.$conf->theme.'/img/search.png" alt="'.$langs->trans("Search").'">';
+	print '<td class="liste_titre" align="right"><input class="liste_titre" type="image" src="'.DOL_URL_ROOT.'/theme/'.$conf->theme.'/img/search.png" value="'.dol_escape_htmltag($langs->trans("Search")).'" title="'.dol_escape_htmltag($langs->trans("Search")).'">';
 	print "</td>";
 	print "</tr>\n";
 	print '</form>';
diff --git a/htdocs/comm/propal.php b/htdocs/comm/propal.php
index 100b150630a..e1cbcd25717 100644
--- a/htdocs/comm/propal.php
+++ b/htdocs/comm/propal.php
@@ -1759,7 +1759,7 @@ else
 		print '<td class="liste_titre" align="right">';
 		$html->select_propal_statut($viewstatut);
 		print '</td>';
-		print '<td class="liste_titre" align="right"><input class="liste_titre" type="image" src="'.DOL_URL_ROOT.'/theme/'.$conf->theme.'/img/search.png" alt="'.$langs->trans("Search").'">';
+		print '<td class="liste_titre" align="right"><input class="liste_titre" type="image" src="'.DOL_URL_ROOT.'/theme/'.$conf->theme.'/img/search.png" value="'.dol_escape_htmltag($langs->trans("Search")).'" title="'.dol_escape_htmltag($langs->trans("Search")).'">';
 		print '</td>';
 		print "</tr>\n";
 		print '</form>';
diff --git a/htdocs/comm/prospect/prospects.php b/htdocs/comm/prospect/prospects.php
index 28f0b281712..f3d0d14210d 100644
--- a/htdocs/comm/prospect/prospects.php
+++ b/htdocs/comm/prospect/prospects.php
@@ -340,7 +340,7 @@ if ($resql)
 
  	// Print the search button
     print '<td colspan="3" class="liste_titre" align="right">';
-	print '<input class="liste_titre" type="image" src="'.DOL_URL_ROOT.'/theme/'.$conf->theme.'/img/search.png" alt="'.$langs->trans("Search").'">';
+	print '<input class="liste_titre" name="button_search" type="image" src="'.DOL_URL_ROOT.'/theme/'.$conf->theme.'/img/search.png" value="'.dol_escape_htmltag($langs->trans("Search")).'" title="'.dol_escape_htmltag($langs->trans("Search")).'">';
 	print '</td>';
 
 	print "</tr>\n";
diff --git a/htdocs/commande/liste.php b/htdocs/commande/liste.php
index 49bfe93747c..a5c100e4bf1 100644
--- a/htdocs/commande/liste.php
+++ b/htdocs/commande/liste.php
@@ -194,7 +194,7 @@ if ($resql)
 	print '</td><td class="liste_titre">&nbsp;';
 	print '</td><td class="liste_titre">&nbsp;';
 	print '</td><td align="right" class="liste_titre">';
-	print '<input type="image" class="liste_titre" name="button_search" src="'.DOL_URL_ROOT.'/theme/'.$conf->theme.'/img/search.png" alt="'.$langs->trans('Search').'">';
+	print '<input type="image" class="liste_titre" name="button_search" src="'.DOL_URL_ROOT.'/theme/'.$conf->theme.'/img/search.png"  value="'.dol_escape_htmltag($langs->trans("Search")).'" title="'.dol_escape_htmltag($langs->trans("Search")).'">';
 	print '</td></tr>';
 	print '</form>';
 	$var=True;
diff --git a/htdocs/compta/bank/account.php b/htdocs/compta/bank/account.php
index c8a2b7baf77..e68d8edc5f9 100644
--- a/htdocs/compta/bank/account.php
+++ b/htdocs/compta/bank/account.php
@@ -422,7 +422,7 @@ if ($account || $_GET["ref"])
     print '<td align="right"><input type="text" class="flat" name="req_debit" value="'.$_REQUEST["req_debit"].'" size="4"></td>';
     print '<td align="right"><input type="text" class="flat" name="req_credit" value="'.$_REQUEST["req_credit"].'" size="4"></td>';
     print '<td align="center">&nbsp;</td>';
-    print '<td align="center" width="40"><input type="image" class="liste_titre" src="'.DOL_URL_ROOT.'/theme/'.$conf->theme.'/img/search.png" alt="'.$langs->trans("Search").'"></td>';
+    print '<td align="center" width="40"><input type="image" class="liste_titre" src="'.DOL_URL_ROOT.'/theme/'.$conf->theme.'/img/search.png" value="'.dol_escape_htmltag($langs->trans("Search")).'" title="'.dol_escape_htmltag($langs->trans("Search")).'"></td>';
     print "</tr>\n";
     print "</form>\n";
 
diff --git a/htdocs/compta/bank/search.php b/htdocs/compta/bank/search.php
index 213007a89af..fe1c86b214e 100644
--- a/htdocs/compta/bank/search.php
+++ b/htdocs/compta/bank/search.php
@@ -170,7 +170,7 @@ if ($resql)
 	print '<td class="liste_titre" align="right">';
 	print '<input type="hidden" name="action" value="search">';
 	if (! empty($_REQUEST['bid'])) print '<input type="hidden" name="bid" value="'.$_REQUEST["bid"].'">';
-	print '<input type="image" class="liste_titre" name="submit" src="'.DOL_URL_ROOT.'/theme/'.$conf->theme.'/img/search.png" alt="'.$langs->trans("Search").'">';
+	print '<input type="image" class="liste_titre" name="submit" src="'.DOL_URL_ROOT.'/theme/'.$conf->theme.'/img/search.png" value="'.dol_escape_htmltag($langs->trans("Search")).'" title="'.dol_escape_htmltag($langs->trans("Search")).'">';
 	print '</td>';
 	print '</tr>';
 
diff --git a/htdocs/compta/clients.php b/htdocs/compta/clients.php
index 6a34816ccf9..1ee0afc4cfb 100644
--- a/htdocs/compta/clients.php
+++ b/htdocs/compta/clients.php
@@ -187,7 +187,7 @@ if ($resql)
 	print '</td>';
 
 	print '<td align="right" colspan="2" class="liste_titre">';
-	print '<input type="image" class="liste_titre" src="'.DOL_URL_ROOT.'/theme/'.$conf->theme.'/img/search.png" name="button_search" alt="'.$langs->trans("Search").'">';
+	print '<input type="image" class="liste_titre" src="'.DOL_URL_ROOT.'/theme/'.$conf->theme.'/img/search.png" name="button_search" value="'.dol_escape_htmltag($langs->trans("Search")).'" title="'.dol_escape_htmltag($langs->trans("Search")).'">';
 	print '</td>';
 	print "</tr>\n";
 
diff --git a/htdocs/compta/facture.php b/htdocs/compta/facture.php
index ccc19484906..f9e985d24c9 100644
--- a/htdocs/compta/facture.php
+++ b/htdocs/compta/facture.php
@@ -3045,7 +3045,7 @@ else
 			print '<td class="liste_titre" align="right">';
 			print '&nbsp;';
 			print '</td>';
-			print '<td class="liste_titre" align="right"><input type="image" class="liste_titre" name="button_search" src="'.DOL_URL_ROOT.'/theme/'.$conf->theme.'/img/search.png" alt="'.$langs->trans('Search').'">';
+			print '<td class="liste_titre" align="right"><input type="image" class="liste_titre" name="button_search" src="'.DOL_URL_ROOT.'/theme/'.$conf->theme.'/img/search.png" value="'.dol_escape_htmltag($langs->trans("Search")).'" title="'.dol_escape_htmltag($langs->trans("Search")).'">';
 			print "</td></tr>\n";
 
 			if ($num > 0)
diff --git a/htdocs/compta/facture/impayees.php b/htdocs/compta/facture/impayees.php
index 54b66763e99..c508e65182f 100644
--- a/htdocs/compta/facture/impayees.php
+++ b/htdocs/compta/facture/impayees.php
@@ -300,7 +300,7 @@ if ($result)
 	print '</td><td class="liste_titre" align="right">';
 	print '<input class="flat" type="text" size="10" name="search_montant_ttc" value="'.$_REQUEST["search_montant_ttc"].'">';
 	print '</td><td class="liste_titre" colspan="2" align="right">';
-	print '<input type="image" class="liste_titre" name="button_search" src="'.DOL_URL_ROOT.'/theme/'.$conf->theme.'/img/search.png" alt="'.$langs->trans("Search").'">';
+	print '<input type="image" class="liste_titre" name="button_search" src="'.DOL_URL_ROOT.'/theme/'.$conf->theme.'/img/search.png" value="'.dol_escape_htmltag($langs->trans("Search")).'" title="'.dol_escape_htmltag($langs->trans("Search")).'">';
 	print '</td>';
 	print '<td class="liste_titre" align="center">';
 	if ($conf->use_javascript_ajax) print '<a href="#" id="checkall">'.$langs->trans("All").'</a> / <a href="#" id="checknone">'.$langs->trans("None").'</a>';
diff --git a/htdocs/compta/paiement/cheque/liste.php b/htdocs/compta/paiement/cheque/liste.php
index c9fca7c773d..b5d75c25658 100644
--- a/htdocs/compta/paiement/cheque/liste.php
+++ b/htdocs/compta/paiement/cheque/liste.php
@@ -101,7 +101,7 @@ if ($resql)
 	print '<input class="fat" type="text" size="6" name="search_montant" value="'.$_GET["search_montant"].'">';
 	print '</td>';
 	print '<td class="liste_titre" align="right">';
-	print '<input type="image" class="liste_titre" name="button_search" src="'.DOL_URL_ROOT.'/theme/'.$conf->theme.'/img/search.png" alt="'.$langs->trans("Search").'">';
+	print '<input type="image" class="liste_titre" name="button_search" src="'.DOL_URL_ROOT.'/theme/'.$conf->theme.'/img/search.png" value="'.dol_escape_htmltag($langs->trans("Search")).'" title="'.dol_escape_htmltag($langs->trans("Search")).'">';
 	print '</td>';
 	print "</tr>\n";
 
diff --git a/htdocs/compta/paiement/liste.php b/htdocs/compta/paiement/liste.php
index 18954b60456..b560624867e 100644
--- a/htdocs/compta/paiement/liste.php
+++ b/htdocs/compta/paiement/liste.php
@@ -179,7 +179,7 @@ if ($resql)
     print '</td>';
     print '<td align="right">';
     print '<input class="fat" type="text" size="4" name="search_amount" value="'.$_REQUEST["search_amount"].'">';
-    print '<input type="image" class="liste_titre" name="button_search" src="'.DOL_URL_ROOT.'/theme/'.$conf->theme.'/img/search.png" alt="'.$langs->trans("Search").'">';
+    print '<input type="image" class="liste_titre" name="button_search" src="'.DOL_URL_ROOT.'/theme/'.$conf->theme.'/img/search.png" value="'.dol_escape_htmltag($langs->trans("Search")).'" title="'.dol_escape_htmltag($langs->trans("Search")).'">';
     print '</td>';
     if ($conf->global->BILL_ADD_PAYMENT_VALIDATION)
     {
diff --git a/htdocs/compta/param/comptes/liste.php b/htdocs/compta/param/comptes/liste.php
index 87c5bea61b0..ff3d646e241 100644
--- a/htdocs/compta/param/comptes/liste.php
+++ b/htdocs/compta/param/comptes/liste.php
@@ -92,7 +92,7 @@ if ($resql)
   print '<td><input type="text" name="search_numero" value="'.$_GET["search_numero"].'"></td>';
   print '<td><input type="text" name="search_intitule" value="'.$_GET["search_intitule"].'"></td>';
   print '<td align="right">';
-  print '<input type="image" class="liste_titre" name="button_search" src="'.DOL_URL_ROOT.'/theme/'.$conf->theme.'/img/search.png" alt="'.$langs->trans("Search").'">';
+  print '<input type="image" class="liste_titre" name="button_search" src="'.DOL_URL_ROOT.'/theme/'.$conf->theme.'/img/search.png" value="'.dol_escape_htmltag($langs->trans("Search")).'" title="'.dol_escape_htmltag($langs->trans("Search")).'">';
   print '</td>';
   print '</form>';
   print '</tr>';
diff --git a/htdocs/compta/prelevement/bons.php b/htdocs/compta/prelevement/bons.php
index 78ce041b684..62ef5030f4b 100644
--- a/htdocs/compta/prelevement/bons.php
+++ b/htdocs/compta/prelevement/bons.php
@@ -89,7 +89,7 @@ if ($result)
   print '<form action="bons.php" method="GET">';
   print '<td class="liste_titre"><input type="text" class="flat" name="search_ligne" value="'. $_GET["search_ligne"].'" size="10"></td>';
   print '<td class="liste_titre">&nbsp;</td>';
-  print '<td class="liste_titre" align="right"><input type="image" class="liste_titre" src="'.DOL_URL_ROOT.'/theme/'.$conf->theme.'/img/search.png" name="button_search" alt="'.$langs->trans("Search").'"></td>';
+  print '<td class="liste_titre" align="right"><input type="image" class="liste_titre" src="'.DOL_URL_ROOT.'/theme/'.$conf->theme.'/img/search.png" name="button_search" value="'.dol_escape_htmltag($langs->trans("Search")).'" title="'.dol_escape_htmltag($langs->trans("Search")).'"></td>';
   print '</form>';
   print '</tr>';
 
diff --git a/htdocs/compta/prelevement/demandes.php b/htdocs/compta/prelevement/demandes.php
index 3cdf32aee7a..6190a5edf5a 100644
--- a/htdocs/compta/prelevement/demandes.php
+++ b/htdocs/compta/prelevement/demandes.php
@@ -111,7 +111,7 @@ if ($resql)
 	print '<form action="'.$_SERVER["PHP_SELF"].'" method="GET">';
 	print '<td class="liste_titre"><input type="text" class="flat" name="search_facture" size="12" value="'.$GET["search_facture"].'"></td>';
 	print '<td class="liste_titre"><input type="text" class="flat" name="search_societe" size="18" value="'.$GET["search_societe"].'"></td>';
-	print '<td colspan="2" class="liste_titre" align="right"><input type="image" class="liste_titre" src="'.DOL_URL_ROOT.'/theme/'.$conf->theme.'/img/search.png" name="button_search" alt="'.$langs->trans("Search").'"></td>';
+	print '<td colspan="2" class="liste_titre" align="right"><input type="image" class="liste_titre" src="'.DOL_URL_ROOT.'/theme/'.$conf->theme.'/img/search.png" name="button_search" value="'.dol_escape_htmltag($langs->trans("Search")).'" title="'.dol_escape_htmltag($langs->trans("Search")).'"></td>';
 	print '</tr>';
 	print '</form>';
 
diff --git a/htdocs/compta/prelevement/liste.php b/htdocs/compta/prelevement/liste.php
index 32956d52d0c..a08809a7b62 100644
--- a/htdocs/compta/prelevement/liste.php
+++ b/htdocs/compta/prelevement/liste.php
@@ -123,7 +123,7 @@ if ($result)
     print '<td class="liste_titre" align="center"><input type="text" class="flat" name="search_code" value="'. $_GET["search_code"].'" size="8"></td>';
     print '<td class="liste_titre">&nbsp;</td>';
     print '<td class="liste_titre">&nbsp;</td>';
-    print '<td class="liste_titre" align="right"><input type="image" class="liste_titre" src="'.DOL_URL_ROOT.'/theme/'.$conf->theme.'/img/search.png" name="button_search" alt="'.$langs->trans("Search").'"></td>';
+    print '<td class="liste_titre" align="right"><input type="image" class="liste_titre" src="'.DOL_URL_ROOT.'/theme/'.$conf->theme.'/img/search.png" name="button_search" value="'.dol_escape_htmltag($langs->trans("Search")).'" title="'.dol_escape_htmltag($langs->trans("Search")).'"></td>';
     print '</tr>';
     print '</form>';
 
diff --git a/htdocs/compta/propal.php b/htdocs/compta/propal.php
index a159d3cc523..c1414dae039 100644
--- a/htdocs/compta/propal.php
+++ b/htdocs/compta/propal.php
@@ -634,7 +634,7 @@ else
 		print '<td class="liste_titre" align="right">';
 		$html->select_propal_statut($viewstatut);
 		print '</td>';
-		print '<td class="liste_titre" align="right"><input class="liste_titre" type="image" src="'.DOL_URL_ROOT.'/theme/'.$conf->theme.'/img/search.png" alt="'.$langs->trans("Search").'">';
+		print '<td class="liste_titre" align="right"><input class="liste_titre" type="image" src="'.DOL_URL_ROOT.'/theme/'.$conf->theme.'/img/search.png" value="'.dol_escape_htmltag($langs->trans("Search")).'" title="'.dol_escape_htmltag($langs->trans("Search")).'">';
 		print '</td>';
 		print "</tr>\n";
 		print '</form>';
diff --git a/htdocs/compta/sociales/index.php b/htdocs/compta/sociales/index.php
index fa3230f86b8..daafa781843 100644
--- a/htdocs/compta/sociales/index.php
+++ b/htdocs/compta/sociales/index.php
@@ -166,7 +166,7 @@ if ($resql)
 	    print '<td class="liste_titre">&nbsp;</td>';
 		print '<td class="liste_titre">&nbsp;</td>';
 		print '<td class="liste_titre" align="right">';
-		print '<input type="image" class="liste_titre" src="'.DOL_URL_ROOT.'/theme/'.$conf->theme.'/img/search.png" name="button_search" alt="'.$langs->trans("Search").'">';
+		print '<input type="image" class="liste_titre" src="'.DOL_URL_ROOT.'/theme/'.$conf->theme.'/img/search.png" name="button_search" value="'.dol_escape_htmltag($langs->trans("Search")).'" title="'.dol_escape_htmltag($langs->trans("Search")).'">';
 		print '</td>';
 		print "</tr>\n";
 
diff --git a/htdocs/compta/ventilation/lignes.php b/htdocs/compta/ventilation/lignes.php
index ba8721582a0..00e30b23623 100644
--- a/htdocs/compta/ventilation/lignes.php
+++ b/htdocs/compta/ventilation/lignes.php
@@ -92,7 +92,7 @@ if ($result)
 	print '<td align="right">&nbsp;</td>';
 	print '<td align="center">&nbsp;</td>';
 	print '<td align="right">';
-	print '<input type="image" class="liste_titre" name="button_search" src="'.DOL_URL_ROOT.'/theme/'.$conf->theme.'/img/search.png" alt="'.$langs->trans("Search").'">';
+	print '<input type="image" class="liste_titre" name="button_search" src="'.DOL_URL_ROOT.'/theme/'.$conf->theme.'/img/search.png" value="'.dol_escape_htmltag($langs->trans("Search")).'" title="'.dol_escape_htmltag($langs->trans("Search")).'">';
 	print '</td>';
 	print "</tr>\n";
 
diff --git a/htdocs/contact/index.php b/htdocs/contact/index.php
index 0317aa6f793..1015553c7b9 100644
--- a/htdocs/contact/index.php
+++ b/htdocs/contact/index.php
@@ -279,8 +279,9 @@ if ($result)
 	print $form->selectarray('search_priv',$selectarray,$search_priv,1);
 	print '</td>';
     print '<td class="liste_titre" align="right">';
-    print '<input type="image" value="button_search" class="liste_titre" src="'.DOL_URL_ROOT.'/theme/'.$conf->theme.'/img/search.png" name="button_search" alt="'.$langs->trans("Search").'">';
-    print '&nbsp; <input type="image" value="button_removefilter" class="liste_titre" src="'.DOL_URL_ROOT.'/theme/'.$conf->theme.'/img/searchclear.png" name="button_removefilter" alt="'.$langs->trans("RemoveFilter").'">';
+    print '<input type="image" value="button_search" class="liste_titre" src="'.DOL_URL_ROOT.'/theme/'.$conf->theme.'/img/search.png" name="button_search" value="'.dol_escape_htmltag($langs->trans("Search")).'" title="'.dol_escape_htmltag($langs->trans("Search")).'">';
+    print '&nbsp; ';
+    print '<input type="image" value="button_removefilter" class="liste_titre" src="'.DOL_URL_ROOT.'/theme/'.$conf->theme.'/img/searchclear.png" name="button_removefilter" value="'.dol_escape_htmltag($langs->trans("RemoveFilter")).'" title="'.dol_escape_htmltag($langs->trans("RemoveFilter")).'">';
     print '</td>';
     print '</tr>';
 
diff --git a/htdocs/contrat/liste.php b/htdocs/contrat/liste.php
index e03ecb75403..86f75354933 100644
--- a/htdocs/contrat/liste.php
+++ b/htdocs/contrat/liste.php
@@ -124,7 +124,7 @@ if ($resql)
     print '</td>';
     print '<td class="liste_titre">&nbsp;</td>';
     //print '<td class="liste_titre">&nbsp;</td>';
-    print '<td colspan="4" class="liste_titre" align="right"><input class="liste_titre" type="image" src="'.DOL_URL_ROOT.'/theme/'.$conf->theme.'/img/search.png" alt="'.$langs->trans("Search").'">';
+    print '<td colspan="4" class="liste_titre" align="right"><input class="liste_titre" type="image" src="'.DOL_URL_ROOT.'/theme/'.$conf->theme.'/img/search.png" value="'.dol_escape_htmltag($langs->trans("Search")).'" title="'.dol_escape_htmltag($langs->trans("Search")).'">';
     print "</td>";
     print "</tr>\n";
     print '</form>';
diff --git a/htdocs/contrat/services.php b/htdocs/contrat/services.php
index 4ca1c059c7d..11a57ae87ab 100644
--- a/htdocs/contrat/services.php
+++ b/htdocs/contrat/services.php
@@ -175,7 +175,7 @@ if ($resql)
 	$filter_date2=dol_mktime(0,0,0,$_REQUEST['op2month'],$_REQUEST['op2day'],$_REQUEST['op2year']);
 	print $form->select_date($filter_date2,'op2',0,0,1);
 	print '</td>';
-	print '<td class="liste_titre" align="right"><input class="liste_titre" type="image" src="'.DOL_URL_ROOT.'/theme/'.$conf->theme.'/img/search.png" alt="'.$langs->trans("Search").'">';
+	print '<td class="liste_titre" align="right"><input class="liste_titre" type="image" src="'.DOL_URL_ROOT.'/theme/'.$conf->theme.'/img/search.png" value="'.dol_escape_htmltag($langs->trans("Search")).'" title="'.dol_escape_htmltag($langs->trans("Search")).'">';
 	print "</td>";
 	print "</tr>\n";
 	print '</form>';
diff --git a/htdocs/fichinter/index.php b/htdocs/fichinter/index.php
index aca2231cc76..c3eba98e937 100644
--- a/htdocs/fichinter/index.php
+++ b/htdocs/fichinter/index.php
@@ -121,7 +121,7 @@ if ($result)
 	print '</td>';
 	print '<td class="liste_titre">&nbsp;</td>';
 	print '<td class="liste_titre">&nbsp;</td>';
-	print '<td class="liste_titre" align="right"><input class="liste_titre" type="image" src="'.DOL_URL_ROOT.'/theme/'.$conf->theme.'/img/search.png" alt="'.$langs->trans("Search").'"></td>';
+	print '<td class="liste_titre" align="right"><input class="liste_titre" type="image" src="'.DOL_URL_ROOT.'/theme/'.$conf->theme.'/img/search.png" value="'.dol_escape_htmltag($langs->trans("Search")).'" title="'.dol_escape_htmltag($langs->trans("Search")).'"></td>';
 	print "</tr>\n";
 
 	$companystatic=new Societe($db);
diff --git a/htdocs/fourn/commande/liste.php b/htdocs/fourn/commande/liste.php
index 452968a06da..2865c71d2bb 100644
--- a/htdocs/fourn/commande/liste.php
+++ b/htdocs/fourn/commande/liste.php
@@ -141,7 +141,7 @@ if ($resql)
 	print '<td class="liste_titre"><input type="text" class="flat" name="search_user" value="'.$suser.'"></td>';
 	print '<td class="liste_titre"><input type="text" class="flat" name="search_ttc" value="'.$sttc.'"></td>';
 	print '<td colspan="2" class="liste_titre" align="right">';
-	print '<input type="image" class="liste_titre" name="button_search" src="'.DOL_URL_ROOT.'/theme/'.$conf->theme.'/img/search.png" alt="'.$langs->trans("Search").'">';
+	print '<input type="image" class="liste_titre" name="button_search" src="'.DOL_URL_ROOT.'/theme/'.$conf->theme.'/img/search.png" value="'.dol_escape_htmltag($langs->trans("Search")).'" title="'.dol_escape_htmltag($langs->trans("Search")).'">';
 	print '</td>';
 	print '</tr>';
 
diff --git a/htdocs/fourn/facture/impayees.php b/htdocs/fourn/facture/impayees.php
index 2effbbf87df..b0a4d8fdba1 100644
--- a/htdocs/fourn/facture/impayees.php
+++ b/htdocs/fourn/facture/impayees.php
@@ -183,7 +183,7 @@ if ($user->rights->fournisseur->facture->lire)
 		print '</td><td class="liste_titre" align="right">';
 		print '<input class="flat" type="text" size="8" name="search_montant_ttc" value="'.$_GET["search_montant_ttc"].'">';
 		print '</td><td class="liste_titre" colspan="2" align="right">';
-		print '<input type="image" class="liste_titre" name="button_search" src="'.DOL_URL_ROOT.'/theme/'.$conf->theme.'/img/search.png" alt="'.$langs->trans("Search").'">';
+		print '<input type="image" class="liste_titre" name="button_search" src="'.DOL_URL_ROOT.'/theme/'.$conf->theme.'/img/search.png" value="'.dol_escape_htmltag($langs->trans("Search")).'" title="'.dol_escape_htmltag($langs->trans("Search")).'">';
 		print '</td>';
 		print "</tr>\n";
 		print '</form>';
diff --git a/htdocs/fourn/facture/index.php b/htdocs/fourn/facture/index.php
index d6bfbc7ba1a..f5b5a816c82 100644
--- a/htdocs/fourn/facture/index.php
+++ b/htdocs/fourn/facture/index.php
@@ -219,7 +219,7 @@ if ($resql)
 	print '</td><td class="liste_titre" align="right">';
 	print '<input class="flat" type="text" size="8" name="search_montant_ttc" value="'.$_GET["search_montant_ttc"].'">';
 	print '</td><td class="liste_titre" colspan="2" align="center">';
-	print '<input type="image" class="liste_titre" align="right" name="button_search" src="'.DOL_URL_ROOT.'/theme/'.$conf->theme.'/img/search.png" alt="'.$langs->trans("Search").'">';
+	print '<input type="image" class="liste_titre" align="right" name="button_search" src="'.DOL_URL_ROOT.'/theme/'.$conf->theme.'/img/search.png" value="'.dol_escape_htmltag($langs->trans("Search")).'" title="'.dol_escape_htmltag($langs->trans("Search")).'">';
 	print '</td>';
 	print "</tr>\n";
 
diff --git a/htdocs/fourn/liste.php b/htdocs/fourn/liste.php
index 104000fe4a3..ce7882dfa7c 100644
--- a/htdocs/fourn/liste.php
+++ b/htdocs/fourn/liste.php
@@ -157,7 +157,7 @@ if ($resql)
 	print '<input class="flat" type="text" size="10" name="search_compta" value="'.$_GET["search_compta"].'">';
 	print '</td>';
 
-	print '<td class="liste_titre" colspan="2" align="right"><input class="liste_titre" type="image" src="'.DOL_URL_ROOT.'/theme/'.$conf->theme.'/img/search.png" alt="'.$langs->trans("Search").'"></td>';
+	print '<td class="liste_titre" colspan="2" align="right"><input class="liste_titre" type="image" src="'.DOL_URL_ROOT.'/theme/'.$conf->theme.'/img/search.png" value="'.dol_escape_htmltag($langs->trans("Search")).'" title="'.dol_escape_htmltag($langs->trans("Search")).'"></td>';
 
 	print '</tr>';
 
diff --git a/htdocs/fourn/product/liste.php b/htdocs/fourn/product/liste.php
index 5d90e5e9581..a77cdcdea03 100644
--- a/htdocs/fourn/product/liste.php
+++ b/htdocs/fourn/product/liste.php
@@ -207,8 +207,9 @@ if ($resql)
 	print '<input class="flat" type="text" name="snom" value="'.$snom.'">';
 	print '</td>';
 	print '<td class="liste_titre" colspan="4" align="right">';
-	print '<input type="image" class="liste_titre" value="button_search" name="button_search" src="'.DOL_URL_ROOT.'/theme/'.$conf->theme.'/img/search.png" alt="'.$langs->trans("Search").'">';
-	print '&nbsp; <input type="image" class="liste_titre" value="button_removefilter" name="button_removefilter" src="'.DOL_URL_ROOT.'/theme/'.$conf->theme.'/img/searchclear.png" alt="'.$langs->trans("RemoveFilter").'">';
+	print '<input type="image" class="liste_titre" value="button_search" name="button_search" src="'.DOL_URL_ROOT.'/theme/'.$conf->theme.'/img/search.png" value="'.dol_escape_htmltag($langs->trans("Search")).'" title="'.dol_escape_htmltag($langs->trans("Search")).'">';
+	print '&nbsp; ';
+	print '<input type="image" class="liste_titre" value="button_removefilter" name="button_removefilter" src="'.DOL_URL_ROOT.'/theme/'.$conf->theme.'/img/searchclear.png" value="'.dol_escape_htmltag($langs->trans("RemoveFilter")).'" title="'.dol_escape_htmltag($langs->trans("RemoveFilter")).'">';
 	print '</td>';
 	print '</tr>';
 	print '</form>';
diff --git a/htdocs/product/liste.php b/htdocs/product/liste.php
index d542e48d3ec..0a4dbfb0a0b 100644
--- a/htdocs/product/liste.php
+++ b/htdocs/product/liste.php
@@ -340,8 +340,8 @@ if ($resql)
         print '&nbsp;';
         print '</td>';
 		print '<td class="liste_titre" align="right">';
-		print '<input type="image" class="liste_titre" name="button_search" src="'.DOL_URL_ROOT.'/theme/'.$conf->theme.'/img/search.png" alt="'.$langs->trans("Search").'">';
-		print '<input type="image" class="liste_titre" name="button_removefilter" src="'.DOL_URL_ROOT.'/theme/'.$conf->theme.'/img/searchclear.png" alt="'.$langs->trans("RemoveFilter").'">';
+		print '<input type="image" class="liste_titre" name="button_search" src="'.DOL_URL_ROOT.'/theme/'.$conf->theme.'/img/search.png" value="'.dol_escape_htmltag($langs->trans("Search")).'" title="'.dol_escape_htmltag($langs->trans("Search")).'">';
+		print '<input type="image" class="liste_titre" name="button_removefilter" src="'.DOL_URL_ROOT.'/theme/'.$conf->theme.'/img/searchclear.png" value="'.dol_escape_htmltag($langs->trans("Search")).'" title="'.dol_escape_htmltag($langs->trans("Search")).'">';
 		print '</td>';
 		print '</tr>';
 
diff --git a/htdocs/product/stock/mouvement.php b/htdocs/product/stock/mouvement.php
index be79c6e419c..01bf675e822 100644
--- a/htdocs/product/stock/mouvement.php
+++ b/htdocs/product/stock/mouvement.php
@@ -53,7 +53,7 @@ $offset = $conf->liste_limit * $page;
 if (! $sortfield) $sortfield="m.datem";
 if (! $sortorder) $sortorder="DESC";
 
-if ($_REQUEST["button_removefilter"])
+if (GETPOST("button_removefilter"))
 {
     $year='';
     $month='';
@@ -280,8 +280,10 @@ if ($resql)
 	print '<td class="liste_titre" align="left">';
 	print '<input class="flat" type="text" size="6" name="search_user" value="'.($search_user).'">';
 	print '</td>';
-	print '<td class="liste_titre" align="right"><input class="liste_titre" type="image" src="'.DOL_URL_ROOT.'/theme/'.$conf->theme.'/img/search.png" alt="'.$langs->trans("Search").'">';
-    print '&nbsp; <input type="image" value="button_removefilter" class="liste_titre" src="'.DOL_URL_ROOT.'/theme/'.$conf->theme.'/img/searchclear.png" name="button_removefilter" alt="'.$langs->trans("RemoveFilter").'">';
+	print '<td class="liste_titre" align="right">';
+	print '<input type="image" class="liste_titre" src="'.DOL_URL_ROOT.'/theme/'.$conf->theme.'/img/search.png" name="button_search" value="'.dol_escape_htmltag($langs->trans("Search")).'" title="'.dol_escape_htmltag($langs->trans("Search")).'">';
+    print '&nbsp; ';
+    print '<input type="image" class="liste_titre" src="'.DOL_URL_ROOT.'/theme/'.$conf->theme.'/img/searchclear.png" name="button_removefilter" value="'.dol_escape_htmltag($langs->trans("RemoveFilter")).'" title="'.dol_escape_htmltag($langs->trans("RemoveFilter")).'">';
 	print '</td>';
 	print "</tr>\n";
 	print '</form>';
diff --git a/htdocs/projet/liste.php b/htdocs/projet/liste.php
index 5f159ccb28b..b23eeec9eea 100644
--- a/htdocs/projet/liste.php
+++ b/htdocs/projet/liste.php
@@ -134,7 +134,7 @@ if ($resql)
 	print '<input type="text" class="flat" name="search_societe" value="'.$_GET["search_societe"].'">';
 	print '</td>';
 	print '<td class="liste_titre">&nbsp;</td>';
-	print '<td class="liste_titre" align="right"><input class="liste_titre" type="image" src="'.DOL_URL_ROOT.'/theme/'.$conf->theme.'/img/search.png" alt="'.$langs->trans("Search").'"></td>';
+	print '<td class="liste_titre" align="right"><input class="liste_titre" type="image" name="button_search" src="'.DOL_URL_ROOT.'/theme/'.$conf->theme.'/img/search.png" value="'.dol_escape_htmltag($langs->trans("Search")).'" title="'.dol_escape_htmltag($langs->trans("Search")).'"></td>';
 	print "</tr>\n";
 
 	while ($i < $num)
diff --git a/htdocs/societe/lien.php b/htdocs/societe/lien.php
index de5ce624aa5..466db0de1cd 100644
--- a/htdocs/societe/lien.php
+++ b/htdocs/societe/lien.php
@@ -233,7 +233,7 @@ if($_GET["socid"])
 				print '<td valign="right">';
 				print '<input type="text" name="search_nom" value="'.$_GET["search_nom"].'">';
 				print '</td><td colspan="5" align="right">';
-				print '<input type="image" class="liste_titre" src="'.DOL_URL_ROOT.'/theme/'.$conf->theme.'/img/search.png" alt="'.$langs->trans("Search").'">';
+				print '<input type="image" name="button_search" class="liste_titre" src="'.DOL_URL_ROOT.'/theme/'.$conf->theme.'/img/search.png" value="'.dol_escape_htmltag($langs->trans("Search")).'" title="'.dol_escape_htmltag($langs->trans("Search")).'">';
 				print '</td>';
 				print "</tr>\n";
 				print '</form>';
diff --git a/htdocs/societe/societe.php b/htdocs/societe/societe.php
index fb6973894fa..1140db8f343 100644
--- a/htdocs/societe/societe.php
+++ b/htdocs/societe/societe.php
@@ -364,9 +364,9 @@ if ($resql)
 	print '</td>';
 	// Type (customer/prospect/supplier)
 	print '<td class="liste_titre" align="right">';
-	print '<input type="image" class="liste_titre" name="button_search" src="'.DOL_URL_ROOT.'/theme/'.$conf->theme.'/img/search.png" alt="'.$langs->trans("Search").'">';
+	print '<input type="image" class="liste_titre" name="button_search" src="'.DOL_URL_ROOT.'/theme/'.$conf->theme.'/img/search.png" value="'.dol_escape_htmltag($langs->trans("Search")).'" title="'.dol_escape_htmltag($langs->trans("Search")).'">';
 	print '&nbsp; ';
-	print '<input type="image" class="liste_titre" name="button_removefilter" src="'.DOL_URL_ROOT.'/theme/'.$conf->theme.'/img/searchclear.png" alt="'.$langs->trans("RemoveFilter").'">';
+	print '<input type="image" class="liste_titre" name="button_removefilter" src="'.DOL_URL_ROOT.'/theme/'.$conf->theme.'/img/searchclear.png" value="'.dol_escape_htmltag($langs->trans("RemoveFilter")).'" title="'.dol_escape_htmltag($langs->trans("RemoveFilter")).'">';
 	print '</td>';
 	print "</tr>\n";