diff --git a/htdocs/install/fileconf.php b/htdocs/install/fileconf.php
index 369d2b93605..42ea5e423af 100644
--- a/htdocs/install/fileconf.php
+++ b/htdocs/install/fileconf.php
@@ -559,7 +559,7 @@ if (!empty($force_install_noedit)) {
 				   class="needroot text-security"
 				   value="<?php
 					// If $force_install_databaserootpass is on, we don't want to set password here, we just show '***'. Real value will be extracted from the forced install file at step1.
-                    $autofill = ((!empty($force_install_databaserootpass)) ? str_pad('', strlen($force_install_databaserootpass), '*') : (isset($db_pass_root) ? $db_pass_root : ''));
+					$autofill = ((!empty($force_install_databaserootpass)) ? str_pad('', strlen($force_install_databaserootpass), '*') : (isset($db_pass_root) ? $db_pass_root : ''));
 					if (!empty($dolibarr_main_prod)) {
 						$autofill = '';
 					}
diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php
index d4d53036b70..d0146383e38 100644
--- a/htdocs/main.inc.php
+++ b/htdocs/main.inc.php
@@ -461,7 +461,7 @@ if ((!defined('NOCSRFCHECK') && empty($dolibarr_nocsrfcheck) && !empty($conf->gl
 	// Array of action code where CSRFCHECK with token will be forced (so token must be provided on url request)
 	$arrayofactiontoforcetokencheck = array(
 	    'activate', 'add', 'addrights', 'addtimespent',
-	    'confirm_create_user', 'confirm_create_thirdparty', 'confirm_delete', 'confirm_deletedir', 'confirm_purge', 'confirm_reject_check',
+	    'confirm_create_user', 'confirm_create_thirdparty', 'confirm_delete', 'confirm_deletedir', 'confirm_deletefile', 'confirm_purge', 'confirm_reject_check',
 	    'delete', 'deletefilter', 'deleteoperation', 'deleteprof', 'deletepayment', 'delrights',
 	    'disable',
 	    'doprev', 'donext', 'dvprev', 'dvnext',
diff --git a/htdocs/user/class/user.class.php b/htdocs/user/class/user.class.php
index b1bc23463fb..816d3dc3e27 100644
--- a/htdocs/user/class/user.class.php
+++ b/htdocs/user/class/user.class.php
@@ -1281,9 +1281,9 @@ class User extends CommonObject
 			$this->error = $langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("Login"));
 			return -1;
 		} elseif (preg_match('/[,@<>"\']/', $this->login)) {
-            $langs->load("errors");
-            $this->error = $langs->trans("ErrorBadCharIntoLoginName");
-            return -1;
+			$langs->load("errors");
+			$this->error = $langs->trans("ErrorBadCharIntoLoginName");
+			return -1;
 		}
 
 		$this->datec = dol_now();
@@ -1674,9 +1674,9 @@ class User extends CommonObject
 			$this->error = $langs->trans("ErrorFieldRequired", 'Login');
 			return -1;
 		} elseif (preg_match('/[,@<>"\']/', $this->login)) {
-            $langs->load("errors");
-            $this->error = $langs->trans("ErrorBadCharIntoLoginName");
-            return -1;
+			$langs->load("errors");
+			$this->error = $langs->trans("ErrorBadCharIntoLoginName");
+			return -1;
 		}
 
 		$this->db->begin();