diff --git a/htdocs/core/db/mssql.class.php b/htdocs/core/db/mssql.class.php
index 87a6c71b188..b845e54cd93 100644
--- a/htdocs/core/db/mssql.class.php
+++ b/htdocs/core/db/mssql.class.php
@@ -561,7 +561,7 @@ class DoliDBMssql
 	 */
 	function idate($param)
 	{
-		return dol_print_date($param,"%Y-%m-%d %H:%M:%S",true);
+		return dol_print_date($param,"%Y-%m-%d %H:%M:%S");
 	}
 
 	/**
diff --git a/htdocs/core/db/mysql.class.php b/htdocs/core/db/mysql.class.php
index a4c6f85c26a..a76db78f8cd 100644
--- a/htdocs/core/db/mysql.class.php
+++ b/htdocs/core/db/mysql.class.php
@@ -542,7 +542,7 @@ class DoliDBMysql
 	 */
 	function idate($param)
 	{
-		return dol_print_date($param,"%Y%m%d%H%M%S",true);
+		return dol_print_date($param,"%Y%m%d%H%M%S");
 	}
 
 	/**
diff --git a/htdocs/core/db/mysqli.class.php b/htdocs/core/db/mysqli.class.php
index 63ca6341dab..1f48b583386 100644
--- a/htdocs/core/db/mysqli.class.php
+++ b/htdocs/core/db/mysqli.class.php
@@ -554,7 +554,7 @@ class DoliDBMysqli
      */
     function idate($param)
     {
-        return dol_print_date($param,"%Y%m%d%H%M%S",true);
+        return dol_print_date($param,"%Y%m%d%H%M%S");
     }
 
     /**
diff --git a/htdocs/core/db/pgsql.class.php b/htdocs/core/db/pgsql.class.php
index f4ece94f448..333a60783a0 100644
--- a/htdocs/core/db/pgsql.class.php
+++ b/htdocs/core/db/pgsql.class.php
@@ -698,7 +698,7 @@ class DoliDBPgsql
 	 */
 	function idate($param)
 	{
-		return dol_print_date($param,"%Y-%m-%d %H:%M:%S",true);
+		return dol_print_date($param,"%Y-%m-%d %H:%M:%S");
 	}
 
 	/**
diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php
index be0cd605343..e0ec1192f4f 100644
--- a/htdocs/core/lib/functions.lib.php
+++ b/htdocs/core/lib/functions.lib.php
@@ -804,13 +804,13 @@ function dol_print_date($time,$format='',$tzoutput='tzserver',$outputlangs='',$e
                 $to_gmt=false;
                 $offsettz=$offsetdst=0;
             }
-            if ($tzoutput == 'tzuser')
+            elseif ($tzoutput == 'tzuser')
             {
                 $to_gmt=true;
                 $offsettz=(empty($_SESSION['dol_tz'])?0:$_SESSION['dol_tz'])*60*60;
                 $offsetdst=(empty($_SESSION['dol_dst'])?0:$_SESSION['dol_dst'])*60*60;
             }
-            if ($tzoutput == 'tzcompany')
+            elseif ($tzoutput == 'tzcompany')
             {
                 $to_gmt=false;
                 $offsettz=$offsetdst=0;	// TODO Define this and use it later
diff --git a/htdocs/fourn/class/fournisseur.facture.class.php b/htdocs/fourn/class/fournisseur.facture.class.php
index 43cfa12ca22..ce7c2a48307 100644
--- a/htdocs/fourn/class/fournisseur.facture.class.php
+++ b/htdocs/fourn/class/fournisseur.facture.class.php
@@ -253,7 +253,7 @@ class FactureFournisseur extends Facture
     function fetch($id='',$ref='')
     {
         global $langs;
-        
+
         $sql = "SELECT";
         $sql.= " t.rowid,";
         $sql.= " t.facnumber,";
@@ -461,9 +461,9 @@ class FactureFournisseur extends Facture
         if (isset($this->tva)) $this->tva=trim($this->tva);
         if (isset($this->localtax1)) $this->localtax1=trim($this->localtax1);
         if (isset($this->localtax2)) $this->localtax2=trim($this->localtax2);
-        if (isset($this->total)) $this->total=trim($this->total);
-        if (isset($this->total_ht)) $this->total_ht=trim($this->total_ht);
-        if (isset($this->total_tva)) $this->total_tva=trim($this->total_tva);
+        if (empty($this->total)) $this->total=0;
+        if (empty($this->total_ht)) $this->total_ht=0;
+        if (empty($this->total_tva)) $this->total_tva=0;
         //	if (isset($this->total_localtax1)) $this->total_localtax1=trim($this->total_localtax1);
         //	if (isset($this->total_localtax2)) $this->total_localtax2=trim($this->total_localtax2);
         if (isset($this->total_ttc)) $this->total_ttc=trim($this->total_ttc);
diff --git a/htdocs/fourn/facture/index.php b/htdocs/fourn/facture/index.php
index 8059b2f75ea..ed084001ef6 100644
--- a/htdocs/fourn/facture/index.php
+++ b/htdocs/fourn/facture/index.php
@@ -29,27 +29,27 @@ require_once(DOL_DOCUMENT_ROOT."/fourn/class/fournisseur.class.php");
 require_once(DOL_DOCUMENT_ROOT."/core/class/html.formother.class.php");
 require_once(DOL_DOCUMENT_ROOT."/core/lib/date.lib.php");
 
-if (!$user->rights->fournisseur->facture->lire)
-accessforbidden();
+if (!$user->rights->fournisseur->facture->lire) accessforbidden();
 
 $langs->load("companies");
 $langs->load("bills");
 
-$socid = $_GET["socid"];
+$socid = GETPOST("socid");
 
 // Security check
 if ($user->societe_id > 0)
 {
-	$_GET["action"] = '';
+	$action='';
+    $_GET["action"] = '';
 	$socid = $user->societe_id;
 }
 
 $mode=GETPOST("mode");
 $modesearch=GETPOST("mode_search");
 
-$page=$_GET["page"];
-$sortorder = $_GET["sortorder"];
-$sortfield = $_GET["sortfield"];
+$page=GETPOST("page");
+$sortorder = GETPOST("sortorder");
+$sortfield = GETPOST("sortfield");
 
 if ($page == -1) { $page = 0 ; }
 $limit = $conf->liste_limit;
@@ -59,8 +59,8 @@ $pagenext = $page + 1;
 if (! $sortorder) $sortorder="DESC";
 if (! $sortfield) $sortfield="fac.datef";
 
-$month    =$_GET['month'];
-$year     =$_GET['year'];
+$month    = GETPOST('month','int');
+$year     = GETPOST('year','int');
 
 
 /*
@@ -122,13 +122,13 @@ if ($_GET["filtre"])
 	}
 }
 
-if ($_REQUEST["search_ref"])
+if (GETPOST("search_ref"))
 {
-	$sql .= " AND fac.rowid like '%".$db->escape($_REQUEST["search_ref"])."%'";
+	$sql .= " AND fac.rowid like '%".$db->escape(GETPOST("search_ref"))."%'";
 }
-if ($_REQUEST["search_ref_supplier"])
+if (GETPOST("search_ref_supplier"))
 {
-	$sql .= " AND fac.facnumber like '%".$db->escape($_REQUEST["search_ref_supplier"])."%'";
+	$sql .= " AND fac.facnumber like '%".$db->escape(GETPOST("search_ref_supplier"))."%'";
 }
 if ($month > 0)
 {
@@ -141,24 +141,24 @@ else if ($year > 0)
 {
 	$sql.= " AND fac.datef BETWEEN '".$db->idate(dol_get_first_day($year,1,false))."' AND '".$db->idate(dol_get_last_day($year,12,false))."'";
 }
-if ($_GET["search_libelle"])
+if (GETPOST("search_libelle"))
 {
-	$sql .= " AND fac.libelle like '%".$db->escape($_GET["search_libelle"])."%'";
+	$sql .= " AND fac.libelle like '%".$db->escape(GETPOST("search_libelle"))."%'";
 }
 
-if ($_GET["search_societe"])
+if (GETPOST("search_societe"))
 {
-	$sql .= " AND s.nom like '%".$db->escape($_GET["search_societe"])."%'";
+	$sql .= " AND s.nom like '%".$db->escape(GETPOST("search_societe"))."%'";
 }
 
-if ($_GET["search_montant_ht"])
+if (GETPOST("search_montant_ht"))
 {
-	$sql .= " AND fac.total_ht = '".$db->escape($_GET["search_montant_ht"])."'";
+	$sql .= " AND fac.total_ht = '".$db->escape(GETPOST("search_montant_ht"))."'";
 }
 
-if ($_GET["search_montant_ttc"])
+if (GETPOST("search_montant_ttc"))
 {
-	$sql .= " AND fac.total_ttc = '".$db->escape($_GET["search_montant_ttc"])."'";
+	$sql .= " AND fac.total_ttc = '".$db->escape(GETPOST("search_montant_ttc"))."'";
 }
 
 $sql.= $db->order($sortfield,$sortorder);
@@ -175,11 +175,15 @@ if ($resql)
 		$soc->fetch($socid);
 	}
 
-
 	$param='&socid='.$socid;
-	if ($month) $param.='&month='.$month;
-	if ($year)  $param.='&year=' .$year;
-
+	if ($month) $param.='&month='.urlencode($month);
+	if ($year)  $param.='&year=' .urlencode($year);
+	if (GETPOST("search_ref"))          $param.='&search_ref='.urlencode(GETPOST("search_ref"));
+	if (GETPOST("search_ref_supplier")) $param.='&search_ref_supplier'.urlencode(GETPOST("search_ref_supplier"));
+	if (GETPOST("search_libelle"))      $param.='&search_libelle='.urlencode(GETPOST("search_libelle"));
+	if (GETPOST("search_societe"))      $param.='&search_societe='.urlencode(GETPOST("search_societe"));
+	if (GETPOST("search_montant_ht"))   $param.='&search_montant_ht='.urlencode(GETPOST("search_montant_ht"));
+	if (GETPOST("search_montant_ttc"))  $param.='&search_montant_ttc='.urlencode(GETPOST("search_montant_ttc"));
 
 	print_barre_liste($langs->trans("BillsSuppliers").($socid?" $soc->nom":""),$page,"index.php",$param,$sortfield,$sortorder,'',$num);
 	print '<form method="GET" action="'.$_SERVER["PHP_SELF"].'">';
@@ -200,10 +204,10 @@ if ($resql)
 
 	print '<tr class="liste_titre">';
 	print '<td class="liste_titre" align="left">';
-	print '<input class="flat" size="6" type="text" name="search_ref" value="'.$_REQUEST["search_ref"].'">';
+	print '<input class="flat" size="6" type="text" name="search_ref" value="'.GETPOST("search_ref").'">';
 	print '</td>';
 	print '<td class="liste_titre" align="left">';
-	print '<input class="flat" size="6" type="text" name="search_ref_supplier" value="'.$_REQUEST["search_ref_supplier"].'">';
+	print '<input class="flat" size="6" type="text" name="search_ref_supplier" value="'.GETPOST("search_ref_supplier").'">';
 	print '</td>';
 	print '<td class="liste_titre" colspan="1" align="center">';
 	print '<input class="flat" type="text" size="1" maxlength="2" name="month" value="'.$month.'">';
@@ -214,14 +218,14 @@ if ($resql)
 	print '</td>';
 	print '<td class="liste_titre">&nbsp;</td>';
 	print '<td class="liste_titre" align="left">';
-	print '<input class="flat" size="16" type="text" name="search_libelle" value="'.$_GET["search_libelle"].'">';
+	print '<input class="flat" size="16" type="text" name="search_libelle" value="'.GETPOST("search_libelle").'">';
 	print '</td>';
 	print '<td class="liste_titre" align="left">';
-	print '<input class="flat" type="text" size="8" name="search_societe" value="'.$_GET["search_societe"].'">';
+	print '<input class="flat" type="text" size="8" name="search_societe" value="'.GETPOST("search_societe").'">';
 	print '</td><td class="liste_titre" align="right">';
-	print '<input class="flat" type="text" size="8" name="search_montant_ht" value="'.$_GET["search_montant_ht"].'">';
+	print '<input class="flat" type="text" size="8" name="search_montant_ht" value="'.GETPOST("search_montant_ht").'">';
 	print '</td><td class="liste_titre" align="right">';
-	print '<input class="flat" type="text" size="8" name="search_montant_ttc" value="'.$_GET["search_montant_ttc"].'">';
+	print '<input class="flat" type="text" size="8" name="search_montant_ttc" value="'.GETPOST("search_montant_ttc").'">';
 	print '</td><td class="liste_titre" colspan="2" align="center">';
 	print '<input type="image" class="liste_titre" align="right" name="button_search" src="'.DOL_URL_ROOT.'/theme/'.$conf->theme.'/img/search.png" value="'.dol_escape_htmltag($langs->trans("Search")).'" title="'.dol_escape_htmltag($langs->trans("Search")).'">';
 	print '</td>';
@@ -238,16 +242,16 @@ if ($resql)
 		$obj = $db->fetch_object($resql);
 		$var=!$var;
 
-		print "<tr $bc[$var]>";
-		print '<td nowrap>';
+		print "<tr ".$bc[$var].">";
+		print '<td nowrap="nowrap">';
 		$facturestatic->id=$obj->facid;
 		$facturestatic->ref=$obj->ref;
 		$facturestatic->ref_supplier=$obj->facnumber;
 		print $facturestatic->getNomUrl(1);
 		print "</td>\n";
-		print '<td nowrap>'.dol_trunc($obj->facnumber,10)."</td>";
-		print '<td align="center" nowrap="1">'.dol_print_date($db->jdate($obj->datef),'day').'</td>';
-		print '<td align="center" nowrap="1">'.dol_print_date($db->jdate($obj->date_echeance),'day');
+		print '<td nowrap="nowrap">'.dol_trunc($obj->facnumber,10)."</td>";
+		print '<td align="center" nowrap="nowrap">'.dol_print_date($db->jdate($obj->datef),'day').'</td>';
+		print '<td align="center" nowrap="nowrap">'.dol_print_date($db->jdate($obj->date_echeance),'day');
 		if (($obj->paye == 0) && ($obj->fk_statut > 0) && $db->jdate($obj->date_echeance) < ($now - $conf->facture->fournisseur->warning_delay)) print img_picto($langs->trans("Late"),"warning");
 		print '</td>';
 		print '<td>'.dol_trunc($obj->libelle,36).'</td>';