From a956b38c009f23db42bf6e389e2ae0e3a6683d93 Mon Sep 17 00:00:00 2001
From: Benjamin Sonntag <benjamin@sonntag.fr>
Date: Sun, 22 May 2016 20:14:26 +0200
Subject: [PATCH] =?UTF-8?q?[wip]=C2=A0adding=20missing=20ehe()=20and=20eue?=
 =?UTF-8?q?()=20for=20htmlentities=20or=20urlencode=20in=20form=20fields?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 bureau/admin/about.php                |   6 +-
 bureau/admin/adm_authip_whitelist.php |  14 ++--
 bureau/admin/adm_deactivate.php       |   2 +-
 bureau/admin/adm_defquotas.php        |   2 +-
 bureau/admin/adm_domstypeedit.php     |   8 +-
 bureau/admin/adm_list.php             |  24 +++---
 bureau/admin/adm_passpolicy.php       |   2 +-
 bureau/admin/adm_quotaedit.php        |   4 +-
 bureau/admin/adm_tld.php              |   6 +-
 bureau/admin/adm_tldedit.php          |   2 +-
 bureau/admin/adm_variables.php        |   4 +-
 bureau/admin/bro_editor.php           |   4 +-
 bureau/admin/bro_main.php             | 113 +++++++++++++-------------
 bureau/admin/browseforfolder2.php     |  12 +--
 bureau/admin/cron.php                 |   8 +-
 bureau/admin/dom_dodel.php            |   2 +-
 bureau/admin/dom_edit.inc.php         |  20 ++---
 bureau/admin/dom_edit.php             |   2 +-
 bureau/admin/dom_import.php           |   2 +-
 bureau/admin/dom_subdel.php           |   2 +-
 bureau/admin/ftp_del.php              |   2 +-
 bureau/admin/ftp_edit.php             |   8 +-
 bureau/admin/ftp_list.php             |  12 +--
 bureau/admin/hta_add.php              |   2 +-
 bureau/admin/hta_dodeluser.php        |   6 +-
 bureau/admin/hta_edit.php             |  14 ++--
 bureau/admin/hta_edituser.php         |   4 +-
 bureau/admin/hta_list.php             |   6 +-
 bureau/admin/index.php                |   2 +-
 bureau/admin/ip_main.php              |  20 ++---
 bureau/admin/logs_tail.php            |   8 +-
 bureau/admin/mail_del.php             |   4 +-
 bureau/admin/mail_edit.php            |   2 +-
 bureau/admin/mail_list.php            |  12 +--
 bureau/admin/mail_manage_catchall.php |   6 +-
 bureau/admin/mem_cm.php               |   2 +-
 bureau/admin/mem_param.php            |   8 +-
 bureau/admin/phpinfo.php              |   5 --
 bureau/admin/piwik_site_dodel.php     |   2 +-
 bureau/admin/piwik_user_dodel.php     |   2 +-
 bureau/admin/sql_bck.php              |   4 +-
 bureau/admin/sql_del.php              |   2 +-
 bureau/admin/sql_restore.php          |   2 +-
 bureau/admin/sql_users_del.php        |   2 +-
 bureau/admin/sql_users_password.php   |   2 +-
 bureau/admin/sql_users_rights.php     |   2 +-
 bureau/class/functions.php            |  20 +++++
 47 files changed, 208 insertions(+), 192 deletions(-)
 delete mode 100644 bureau/admin/phpinfo.php

diff --git a/bureau/admin/about.php b/bureau/admin/about.php
index a66fd26a..6966cdc1 100644
--- a/bureau/admin/about.php
+++ b/bureau/admin/about.php
@@ -44,9 +44,9 @@ __("AlternC is an automatic hosting software suite. It features a PHP-based admi
 
 <p>
   <ul>
-    <li><?php __("Official website: ");?> <a target=_blank href="http://alternc.com">http://alternc.com</a></li>
-    <li><?php __("Developer website: ");?> <a target=_blank href="https://alternc.org">https://alternc.org</a></li>
-    <li><?php __("Help: ");?> <a target=_blank href="http://aide-alternc.org">http://aide-alternc.org</a></li>
+    <li><?php __("Official website: ");?> <a target="_blank" href="https://alternc.com">http://alternc.com</a></li>
+    <li><?php __("Developer website: ");?> <a target="_blank" href="https://github.com/AlternC">https://github.com/AlternC</a></li>
+    <li><?php __("Help: ");?> <a target="_blank" href="https://aide-alternc.org">https://aide-alternc.org</a></li>
   </ul>
 </li>
 
diff --git a/bureau/admin/adm_authip_whitelist.php b/bureau/admin/adm_authip_whitelist.php
index c17698ea..27ce90e7 100755
--- a/bureau/admin/adm_authip_whitelist.php
+++ b/bureau/admin/adm_authip_whitelist.php
@@ -49,11 +49,11 @@ $list_ip = $authip->list_ip_whitelist();
           <input type="hidden" name="id" value="" id="edit_id" />
           <p>
             <?php __("Enter here the IP address you want. <br/> <i>IPv4, IPv6 and subnet allowed</i>"); ?> <br/>
-            <input type="text" size='20' maxlength='39' name="ipsub" id="edit_ip" />
+            <input type="text" size="20" maxlength="39" name="ipsub" id="edit_ip" />
           </p>
           <p>
             <?php __("Add a comment");?><br/>
-            <input type="text" size='25' maxlength='200' name="infos" id="edit_infos" />
+            <input type="text" size="25" maxlength="200" name="infos" id="edit_infos" />
           </p>
           <input type="submit" class="inb" value="<?php __("Save")?>" />
         </form>
@@ -61,8 +61,8 @@ $list_ip = $authip->list_ip_whitelist();
       </fieldset>
  
 <br/>
-      <table class='tlist'>
-      <tr><th><?php __("Type"); ?></th><th><?php __("IP"); ?></th><th><?php __("Informations"); ?></th><th colspan='2' /></tr>
+      <table class="tlist">
+      <tr><th><?php __("Type"); ?></th><th><?php __("IP"); ?></th><th><?php __("Informations"); ?></th><th colspan="2" /></tr>
       <?php 
       foreach($list_ip as $i) {
         if (checkip($i['ip'])) {
@@ -80,10 +80,10 @@ $list_ip = $authip->list_ip_whitelist();
         } else {
           $txt = "Unknow IP";
         }
-        echo "<tr class='lst'><td>$txt</td><td>{$i['ip_human']}</td><td>{$i['infos']}</td>";
+        echo "<tr class="lst"><td>$txt</td><td>{$i['ip_human']}</td><td>{$i['infos']}</td>";
         ?>
-        <td><div class="ina edit"><a href="javascript:edit_ip(<?php echo "'".htmlentities($i['id'])."','".htmlentities($i['ip_human'])."','".htmlentities($i['infos'])."'"; ?>);"><?php __("Edit"); ?></a></div></td>
-        <td><div class="ina delete"><a href="adm_authip_whitelist.php?delete_id=<?php echo urlencode($i["id"]) ?>"><?php __("Delete"); ?></a></div></td>
+        <td><div class="ina edit"><a href="javascript:edit_ip(<?php echo "'".urlencode($i['id'])."','".urlencode($i['ip_human'])."','".urlencode($i['infos'])."'"; ?>);"><?php __("Edit"); ?></a></div></td>
+        <td><div class="ina delete"><a href="adm_authip_whitelist.php?delete_id=<?php eue($i["id"]); ?>"><?php __("Delete"); ?></a></div></td>
         </tr>
 
       <?php } ?>
diff --git a/bureau/admin/adm_deactivate.php b/bureau/admin/adm_deactivate.php
index da1d9218..e678d522 100755
--- a/bureau/admin/adm_deactivate.php
+++ b/bureau/admin/adm_deactivate.php
@@ -70,7 +70,7 @@ if (! ($confirmed ) ) {
   ?>
   <form action="<?php echo $_SERVER['PHP_SELF'];?>" method="POST">
      <?php csrf_get(); ?>
-  <input type="hidden" name="uid" value="<?php echo $uid?>" />
+  <input type="hidden" name="uid" value="<?php ehe($uid); ?>" />
   <?php __("Redirection URL:") ?> <input type="text" name="redirect" class="int" value="http://example.com/" />
   <input type="submit" name="submit" class="inb" value="<?php __("Confirm")?>" />
   <input type="button" class="inb" name="cancel" value="<?php __("Cancel"); ?>" onclick="document.location='adm_list.php'"/>
diff --git a/bureau/admin/adm_defquotas.php b/bureau/admin/adm_defquotas.php
index eccc2461..71881db0 100755
--- a/bureau/admin/adm_defquotas.php
+++ b/bureau/admin/adm_defquotas.php
@@ -114,7 +114,7 @@ foreach($q as $name => $value) {
 
 <tr class="lst">
 <td><label for="<?php echo $key; ?>"><?php echo $qarray[$name] ; ?></label></td>
-<td><input type="text" class="int" size="16" maxlength="16" name="<?php echo $key; ?>" id="<?php echo $key;?>" value="<?php ehe($value); ?>" /></td></tr>
+<td><input type="text" class="int" size="16" maxlength="16" name="<?php ehe($key); ?>" id="<?php ehe($key); ?>" value="<?php ehe($value); ?>" /></td></tr>
 
 <?php
   } //foreach 
diff --git a/bureau/admin/adm_domstypeedit.php b/bureau/admin/adm_domstypeedit.php
index 7d5ec8cc..d55f0022 100755
--- a/bureau/admin/adm_domstypeedit.php
+++ b/bureau/admin/adm_domstypeedit.php
@@ -69,7 +69,7 @@ if (isset($error_edit) && $error_edit) {
 
 <form action="adm_domstypedoedit.php" method="post" name="main" id="main">
    <?php csrf_get(); ?>
-    <input type="hidden" name="name" value="<?php echo $d['name']; ?>" />
+    <input type="hidden" name="name" value="<?php ehe($d['name']); ?>" />
     <table class="tedit">
       <tr>
             <th><?php __("Name");?></th>
@@ -77,7 +77,7 @@ if (isset($error_edit) && $error_edit) {
       </tr>
       <tr>
             <th><?php __("Description");?></th>
-            <td><input name="description" type="text" size="30" value="<?php echo $d['description']; ?>" /></td>
+            <td><input name="description" type="text" size="30" value="<?php ehe($d['description']); ?>" /></td>
       </tr>
 	    <tr>
             <th><?php __("Target type");?></th>
@@ -91,11 +91,11 @@ if (isset($error_edit) && $error_edit) {
       </tr>
 	    <tr>
             <th><?php __("Entry");?></th>
-            <td><input name="entry" type="text" size="30" value="<?php echo $d['entry']; ?>" /></td>
+            <td><input name="entry" type="text" size="30" value="<?php ehe($d['entry']); ?>" /></td>
       </tr>
 	    <tr>
           	<th><?php __("Compatibility");?><br /><small><?php __("Enter comma-separated name of other types"); ?></small></th>
-            <td><input name="compatibility" type="text" size="15" value="<?php echo $d['compatibility']; ?>" /></td>
+            <td><input name="compatibility" type="text" size="15" value="<?php ehe($d['compatibility']); ?>" /></td>
       </tr>
 	    <tr>
             <th><?php __("Enabled");?></th>
diff --git a/bureau/admin/adm_list.php b/bureau/admin/adm_list.php
index 2b58bc9e..3ed696af 100755
--- a/bureau/admin/adm_list.php
+++ b/bureau/admin/adm_list.php
@@ -99,9 +99,9 @@ if ($mem->user["admlist"] == 0) { // Normal (large) mode
                 <input type="radio" name="pattern_type" value="domaine" id="pattern_type_domain" <?php if ($pattern_type === 'domaine') echo ' checked="checked" '; ?>/>
                 <?php __("Search for a Domain"); ?>
             </label>
-            <input type="text" id="pattern" name="pattern" value="<?php echo $pattern ?>"/>
+            <input type="text" id="pattern" name="pattern" value="<?php ehe($pattern); ?>"/>
             <input type="submit" class="inb filter" value="<?php __("submit"); ?>" />
-            <input type="hidden" name="show" value="<?php echo $show;?>" />
+            <input type="hidden" name="show" value="<?php ehe($show); ?>" />
 
         </p>
     </form>
@@ -186,17 +186,17 @@ if (!is_array($accountList) || empty($accountList)) {
                     <?php if ($val["su"]) { ?>
                         <td id="user_<?php echo $val["uid"]; ?>">&nbsp;</td>
                     <?php } else { ?>
-                        <td><input type="checkbox" class="inc" name="accountList[]" id="user_<?php echo $val["uid"]; ?>" value="<?php echo $val["uid"]; ?>" /></td>
+                        <td><input type="checkbox" class="inc" name="accountList[]" id="user_<?php ehe($val["uid"]); ?>" value="<?php ehe($val["uid"]); ?>" /></td>
                     <?php } // val['su']  ?>
-                    <td <?php if ($val["su"]) echo 'style="color: red"'; ?>><label for="user_<?php echo $val["uid"]; ?>"><b><?php echo $val["login"] ?></b></label></td>
-                    <td><a title="<?php __("Send an email"); ?>" href="mailto:<?php echo $val["mail"]; ?>"><?php echo $val["nom"] . " " . $val["prenom"] ?></a>&nbsp;</td>
-                    <td><?php echo $val["parentlogin"] ?></td>
-                    <td><?php echo format_date(_('%3$d-%2$d-%1$d'), $val["created"]); ?></td>
-                    <td><?php echo $val["type"] ?></td>
-                    <td><?php echo $val["lastlogin"] ?></td>
-                    <td><?php echo $val["lastip"] ?></td>
-                    <td><?php echo $val["lastfail"] ?></td>
-                    <td><div class="<?php echo 'exp' . $admin->renew_get_status($val['uid']) ?>"><?php echo $admin->renew_get_expiry($val['uid']) ?></div></td>
+                <td <?php if ($val["su"]) echo 'style="color: red"'; ?>><label for="user_<?php ehe($val["uid"]); ?>"><b><?php ehe($val["login"]); ?></b></label></td>
+                <td><a title="<?php __("Send an email"); ?>" href="mailto:<?php eue($val["mail"]); ?>"><?php ehe($val["nom"] . " " . $val["prenom"]); ?></a>&nbsp;</td>
+                    <td><?php ehe($val["parentlogin"]); ?></td>
+                <td><?php ehe(format_date(_('%3$d-%2$d-%1$d'), $val["created"])); ?></td>
+                    <td><?php ehe($val["type"]); ?></td>
+                    <td><?php ehe($val["lastlogin"]); ?></td>
+                    <td><?php ehe($val["lastip"]); ?></td>
+                    <td><?php ehe($val["lastfail"]); ?></td>
+                <td><div class="<?php echo 'exp' . $admin->renew_get_status($val['uid']) ?>"><?php ehe($admin->renew_get_expiry($val['uid'])); ?></div></td>
                 </tr>
 
                 <tr class="lst<?php echo $col; ?>" >
diff --git a/bureau/admin/adm_passpolicy.php b/bureau/admin/adm_passpolicy.php
index 8b679e0b..18e364ef 100755
--- a/bureau/admin/adm_passpolicy.php
+++ b/bureau/admin/adm_passpolicy.php
@@ -85,7 +85,7 @@ if (!empty($edit)) {
 
 <form method="post" action="adm_passpolicy.php">
  <?php csrf_get(); ?>
-<input type="hidden" name="doedit" value="<?php echo $edit; ?>"/> 
+<input type="hidden" name="doedit" value="<?php ehe($edit); ?>"/> 
 <table class="tlist">
 <tr>
   <th><?php __("Minimum Password Size:"); ?></th>
diff --git a/bureau/admin/adm_quotaedit.php b/bureau/admin/adm_quotaedit.php
index 57413e61..51cc345d 100755
--- a/bureau/admin/adm_quotaedit.php
+++ b/bureau/admin/adm_quotaedit.php
@@ -65,8 +65,8 @@ $mem->unsu();
 <form method="post" action="adm_quotadoedit.php">
   <?php csrf_get(); ?>
 <table class="tedit">
-<tr><th><input type="hidden" name="uid" value="<?php echo $uid ?>" />
-<?php __("Username"); ?></th><td colspan="3"><code><big><?php echo $us["login"]; ?></big></code>&nbsp;</td></tr>
+<tr><th><input type="hidden" name="uid" value="<?php ehe($uid); ?>" />
+<?php __("Username"); ?></th><td colspan="3"><code><big><?php ehe($us["login"]); ?></big></code>&nbsp;</td></tr>
 <tr><th><?php __("Quota"); ?></th><th style="text-align: right"><?php __("Total"); ?></th><th><?php __("Used"); ?></th></tr>
 <?php
 $ql=$quota->qlist();
diff --git a/bureau/admin/adm_tld.php b/bureau/admin/adm_tld.php
index d55e51e3..8e9115e9 100755
--- a/bureau/admin/adm_tld.php
+++ b/bureau/admin/adm_tld.php
@@ -77,9 +77,9 @@ for($i=0;$i<count($c);$i++) {
 ?>
 
 <tr class="lst">
-<td><input id="sel<?php echo $i; ?>" type="checkbox" name="sel[]" class="inc" value="<?php echo $c[$i]["tld"]; ?>" /></td>
-   <td><div class="ina edit"><a href="adm_tldedit.php?tld=<?php echo urlencode($c[$i]["tld"]); ?>"><?php __("Edit"); ?></a></div></td>
-<td><label for="sel<?php echo $i; ?>"><?php echo $c[$i]["tld"]; ?></label></td>
+<td><input id="sel<?php echo $i; ?>" type="checkbox" name="sel[]" class="inc" value="<?php ehe($c[$i]["tld"]); ?>" /></td>
+   <td><div class="ina edit"><a href="adm_tldedit.php?tld=<?php eue($c[$i]["tld"]); ?>"><?php __("Edit"); ?></a></div></td>
+    <td><label for="sel<?php echo $i; ?>"><?php ehe($c[$i]["tld"]); ?></label></td>
 <td><?php __($admin->tldmode[$c[$i]["mode"]]); ?></td></tr>
 
 <?php
diff --git a/bureau/admin/adm_tldedit.php b/bureau/admin/adm_tldedit.php
index b52cf168..e5bc3519 100755
--- a/bureau/admin/adm_tldedit.php
+++ b/bureau/admin/adm_tldedit.php
@@ -62,7 +62,7 @@ include_once("head.php");
 <form method="post" action="adm_tlddoedit.php">
   <?php csrf_get(); ?>
 <table id="main" class="tedit">
-<tr><th><label for="tld"><?php __("TLD"); ?></label></th><td><code><?php echo $tld; ?></code><input type="hidden" name="tld" id="tld" value="<?php echo $tld; ?>" /></td></tr>
+<tr><th><label for="tld"><?php __("TLD"); ?></label></th><td><code><?php echo $tld; ?></code><input type="hidden" name="tld" id="tld" value="<?php ehe($tld); ?>" /></td></tr>
 <tr><th><label for="mode"><?php __("Allowed Mode"); ?></label></th><td><select name="mode" class="inl" id="mode">
         <?php $admin->selecttldmode($mode); ?>
 </select></td></tr>
diff --git a/bureau/admin/adm_variables.php b/bureau/admin/adm_variables.php
index 047b2162..f4114d90 100755
--- a/bureau/admin/adm_variables.php
+++ b/bureau/admin/adm_variables.php
@@ -61,9 +61,9 @@ include_once ("head.php");
 foreach( variables_list() as $vars) {  ?>
 
  <tr class="lst">
- <td><?php echo $vars['name']; ?></td>
+    <td><?php ehe($vars['name']); ?></td>
  <td><input type="text" name="<?php ehe($vars['name']); ?>" value="<?php ehe($vars['value']); ?>" /></td>
- <td><?php echo $vars['comment']; ?></td>
+    <td><?php ehe($vars['comment']); ?></td>
  </tr>
 <?php } ?>
 </table>
diff --git a/bureau/admin/bro_editor.php b/bureau/admin/bro_editor.php
index 8d9959fb..ce0feb77 100755
--- a/bureau/admin/bro_editor.php
+++ b/bureau/admin/bro_editor.php
@@ -105,8 +105,8 @@ echo "<pre class='prettyprint' id='file_content_view' >$content</pre>";
 </div><!-- tabsfile -->
 <br/>
 <?php if (!empty($error)) echo "<p class=\"alert alert-danger\">".$error."</p>"; ?>
-	<input type="hidden" name="editfile" value="<?php echo str_replace("\"","&quot;",$editfile); ?>" />
-	<input type="hidden" name="R" value="<?php echo str_replace("\"","&quot;",$R); ?>" />
+	<input type="hidden" name="editfile" value="<?php ehe($editfile); ?>" />
+	<input type="hidden" name="R" value="<?php echo ehe($R); ?>" />
 
 	<input type="submit" class="inb" value="<?php __("Save"); ?>" name="save" />
 	<input type="submit" class="inb" value="<?php __("Save &amp; Quit"); ?>" name="saveret" />
diff --git a/bureau/admin/bro_main.php b/bureau/admin/bro_main.php
index 3156ba27..3ff32372 100755
--- a/bureau/admin/bro_main.php
+++ b/bureau/admin/bro_main.php
@@ -104,13 +104,13 @@ if (!empty($formu) && $formu) {
             <h2><?php echo $mem->user["login"].$R."/"; ?></h2>
             <ul>
             <?php foreach($d as $editfile){ ?>
-              <li> <?php echo stripslashes($editfile); ?></li>
-              <input type="hidden" name="d[]" value="<?php echo htmlentities(stripslashes($editfile)); ?>" />
+          <li> <?php ehe($editfile); ?></li>
+              <input type="hidden" name="d[]" value="<?php ehe($editfile)); ?>" />
             <?php } ?>
             </ul>
                 <blockquote>
                 <input type="submit" class="inb ok" name="del_confirm" value="<?php __("Yes, delete those files/folders"); ?>" />&nbsp;&nbsp;
-          <input type="submit" class="inb cancel" name="cancel" value="<?php __("No, don't delete those files/folders"); ?>" />
+          <input type="submit" class="inb cancel" name="cancel" value="<?php __("No, don't delete those files/folders");  ?>" />
             </blockquote>
             </form>
             <?php
@@ -186,7 +186,7 @@ if (isset($error) && $error) echo "<p class=\"alert alert-danger\">$error</p>";
 
 <form action="bro_main.php" enctype="multipart/form-data" method="post">
    <?php csrf_get(); ?>
-<input type="hidden" name="R" value="<?php echo $R; ?>" />
+<input type="hidden" name="R" value="<?php ehe($R); ?>" />
 <input type="hidden" name="formu" value="3" />
 
 <?php __("Send one file:"); ?><br />
@@ -203,7 +203,7 @@ if (isset($error) && $error) echo "<p class=\"alert alert-danger\">$error</p>";
 <?php __("New file or folder:"); ?><br />
 <form action="bro_main.php" method="post" name="nn" id="nn">
    <?php csrf_get(); ?>
-<input type="hidden" name="R" value="<?php echo $R; ?>" />
+<input type="hidden" name="R" value="<?php ehe($R); ?>" />
 <table><tr>
 <td><input type="text" class="int" name="nomfich" id="nomfich" size="22" maxlength="255" /></td>
 <td><input type="submit" class="ina" value="<?php __("Create"); ?>" /></td>
@@ -220,18 +220,19 @@ if (isset($error) && $error) echo "<p class=\"alert alert-danger\">$error</p>";
 <tr><td valign="top">
 
 <?php
-/* Renommer / Copier / D�placer les fichiers : */
+/* ' */
+/* Rename / Copy / Move files: */
 if (isset($formu) && $formu==2 && isset($actrename) && $actrename && count($d)) {
   echo "<table cellpadding=\"6\">\n";
   echo "<form action=\"bro_main.php\" method=\"post\">\n";
   csrf_get(); 
-  echo "<input type=\"hidden\" name=\"R\" value=\"$R\" />\n";
+  echo "<input type=\"hidden\" name=\"R\" value=\"".ehe($R,false)."\" />\n";
   echo "<input type=\"hidden\" name=\"formu\" value=\"4\" />\n";
   echo "<tr><th colspan=\"2\">"._("Rename")."</th></tr>";
   for ($i=0;$i<count($d);$i++) {
     $d[$i]=ssla($d[$i]);
-    echo "<tr><td><input type=\"hidden\" name=\"o[$i]\" value=\"".$d[$i]."\" />".$d[$i]."</td>";
-    echo "<td><input type=\"text\" class=\"int\" name=\"d[$i]\" value=\"".$d[$i]."\" /></td></tr>";
+    echo "<tr><td><input type=\"hidden\" name=\"o[$i]\" value=\"".ehe($d[$i],false)."\" />".ehe($d[$i],false)."</td>";
+    echo "<td><input type=\"text\" class=\"int\" name=\"d[$i]\" value=\"".ehe($d[$i],false)."\" /></td></tr>";
   }
   echo "<tr><td colspan=\"2\" align=\"center\"><input type=\"submit\" class=\"inb\" name=\"submit\" value=\""._("Rename")."\" /></td></tr>";
   echo "</table></form>\n";
@@ -242,7 +243,7 @@ if (isset($formu) && $formu==2 && isset($actrename) && $actrename && count($d))
 if ($formu==2 && ! (empty($actperms)) && count($d)) {
   echo "<form action=\"bro_main.php\" method=\"post\">\n";
   csrf_get();
-  echo "<input type=\"hidden\" name=\"R\" value=\"$R\" />\n";
+  echo "<input type=\"hidden\" name=\"R\" value=\"".ehe($R,false)."\" />\n";
   echo "<input type=\"hidden\" name=\"formu\" value=\"7\" />\n";
   echo "<p>"._("Permissions")."</p>";
 
@@ -259,11 +260,11 @@ if ($formu==2 && ! (empty($actperms)) && count($d)) {
     $modes = $stats[2];
 
     echo "<tr>";
-    echo "<td>".$d[$i]."</td>";
+    echo "<td>".ehe($d[$i],false)."</td>";
 
     // Owner
     echo "<td>";
-    echo "<input type=\"hidden\" name=\"d[$i]\" value=\"".$d[$i]."\" />";
+    echo "<input type=\"hidden\" name=\"d[$i]\" value=\"".ehe($d[$i],false)."\" />";
     echo "<label for=\"permw$i\">"._("write")."</label> <input type=\"checkbox\" id=\"permw$i\" name=\"perm[$i][w]\" value=\"1\" ". (($modes & 0000200) ? 'checked="checked"' : '') ." />";
     echo "</td>";
 
@@ -283,7 +284,7 @@ if (count($c)) {
   ?>
     <form action="bro_main.php" method="post" name="main" id="main">
    <?php csrf_get(); ?>
-    <input type="hidden" name="R" value="<?php echo $R; ?>" />
+    <input type="hidden" name="R" value="<?php ehe($R); ?>" />
     <input type="hidden" name="formu" value="2" />
 
     <br />
@@ -348,7 +349,7 @@ function actmoveto_not_empty() {
         for($i=0;$i<count($c);$i++) {
           echo "<tr class=\"lst\">\n";
           if ($c[$i]["type"]) {
-            echo "  <td width=\"28\"><input type=\"checkbox\" class=\"inc\" name=\"d[]\" value=\"".htmlentities($c[$i]["name"])."\" /></td>";
+              echo "  <td width=\"28\"><input type=\"checkbox\" class=\"inc\" name=\"d[]\" value=\"".ehe($c[$i]["name"],false)."\" /></td>";
             if ($p["showicons"]) {
               echo "<td style='text-align: center;' width=\"28\"><img src=\"icon/".$bro->icon($c[$i]["name"])."\" width=\"16\" height=\"16\" alt=\"\" /></td>";
             }
@@ -389,21 +390,21 @@ function actmoveto_not_empty() {
               echo "</a>";
               echo "<div id='rest_db_$i' style='display:none;'><fieldset><legend>"._("Restore SQL")."</legend>"._("In which database to you want to restore this dump?");
               echo "<br/>";
-              echo "<input type='hidden' name ='filename' value='".htmlentities($R."/".$c[$i]["name"])."' />";
+              echo "<input type='hidden' name ='filename' value='".ehe($R."/".$c[$i]["name"],false)."' />";
               $dbl=array(); foreach ($mysql->get_dblist() as $v) { $dbl[]=$v['db'];}
               echo "<select id='db_name_$i'>"; eoption($dbl,'',true); echo "</select>" ;
-              echo "<a href='javascript:;' onClick='window.location=\"sql_restore.php?filename=".urlencode($R."/".$c[$i]["name"])."&amp;id=\"+encodeURIComponent($(\"#db_name_$i\").val()) ;'>"._("Restore it")."</a>";
+              echo "<a href='javascript:;' onClick='window.location=\"sql_restore.php?filename=".eue($R."/".$c[$i]["name"],false)."&amp;id=\"+encodeURIComponent($(\"#db_name_$i\").val()) ;'>"._("Restore it")."</a>";
               echo "</fieldset></div>";
             }
 
             echo "</td>\n";
           } else {           // DOSSIER :
-            echo "  <td width=\"28\"><input type=\"checkbox\" class=\"inc\" name=\"d[]\" value=\"".htmlentities($c[$i]["name"])."\" /></td>";
+              echo "  <td width=\"28\"><input type=\"checkbox\" class=\"inc\" name=\"d[]\" value=\"".ehe($c[$i]["name"],false)."\" /></td>";
             if ($p["showicons"]) {
               echo "<td width=\"28\" style='text-align: center;'><img src=\"icon/folder.png\" width=\"16\" height=\"16\" alt=\"\" /></td>";
             }
             echo "<td><b><a href=\"";
-            echo "bro_main.php?R=".urlencode($R."/".$c[$i]["name"]);
+            echo "bro_main.php?R=".eue($R."/".$c[$i]["name"],false);
             echo "\">"; ehe($c[$i]["name"]); echo "/</a></b></td>\n";
             echo "  <td data-sort-value=\"".$c[$i]["size"]."\">".format_size($c[$i]["size"])."</td>";
             echo "<td data-sort-value=\"".$c[$i]["date"]."\">".format_date(_('%3$d-%2$d-%1$d %4$d:%5$d'),date("Y-m-d h:i:s",$c[$i]["date"]))."<br /></td>";
@@ -427,13 +428,13 @@ function actmoveto_not_empty() {
         for($i=0;$i<round(count($c)/2);$i++) {
           echo "<tr class=\"lst\">\n";
           if ($c[$i]["type"]) {
-            echo "  <td width=\"28\"><input type=\"checkbox\" class=\"inc\" name=\"d[]\" value=\"".$c[$i]["name"]."\" /></td>";
+              echo "  <td width=\"28\"><input type=\"checkbox\" class=\"inc\" name=\"d[]\" value=\"".ehe($c[$i]["name"],false)."\" /></td>";
             echo "<td><a href=\"";
             $canedit = $bro->can_edit($R,$c[$i]["name"]);
-            if ($canedit&&($c[$i]["size"]<$memory_limit)) {
-              echo "bro_editor.php?editfile=".urlencode($c[$i]["name"])."&amp;R=".urlencode($R);
+            if ($canedit && ($c[$i]["size"]<$memory_limit)) {
+                echo "bro_editor.php?editfile=".eue($c[$i]["name"],false)."&amp;R=".eue($R,false);
             } else {
-              echo "bro_downloadfile.php?dir=".urlencode($R)."&amp;file=".urlencode($c[$i]["name"]);
+                echo "bro_downloadfile.php?dir=".eue($R,false)."&amp;file=".eue($c[$i]["name"],false);
             }
             echo "\">"; ehe($c[$i]["name"]); 
             echo "</a></td>\n";
@@ -446,9 +447,9 @@ function actmoveto_not_empty() {
             }
             echo "</td>\n";
           } else {
-            echo "  <td width=\"28\"><input TYPE=checkbox class=\"inc\" name=\"d[]\" value=\"".$c[$i]["name"]."\"></td><td><b><a href=\"";
-            echo "bro_main.php?R=".urlencode($R."/".$c[$i]["name"]);
-            echo "\">".htmlentities($c[$i]["name"])."/</a></b></td>\n";
+              echo "  <td width=\"28\"><input type=\"checkbox\" class=\"inc\" name=\"d[]\" value=\"".ehe($c[$i]["name"],false)."\"></td><td><b><a href=\"";
+              echo "bro_main.php?R=".eue($R."/".$c[$i]["name"],false);
+              echo "\">".ehe($c[$i]["name"],false)."/</a></b></td>\n";
             echo "  <td>".format_size($c[$i]["size"])."</td><td>";
             echo "&nbsp;";
             echo "</td>\n";
@@ -462,9 +463,9 @@ function actmoveto_not_empty() {
         for($i=round(count($c)/2);$i<count($c);$i++) {
           echo "<tr class=\"lst\">\n";
           if ($c[$i]["type"]) {
-            echo "  <td width=\"28\"><input TYPE=checkbox class=\"inc\" name=\"d[]\" value=\"".$c[$i]["name"]."\"></td><td><a href=\"";
+              echo "  <td width=\"28\"><input type=\"checkbox\" class=\"inc\" name=\"d[]\" value=\"".ehe($c[$i]["name"],false)."\"></td><td><a href=\"";
             $canedit = $bro->can_edit($R,$c[$i]["name"]);
-            if ($canedit&&($c[$i]["size"]<$memory_limit)) {
+            if ($canedit && ($c[$i]["size"]<$memory_limit)) {
               echo "bro_editor.php?editfile=".urlencode($c[$i]["name"])."&amp;R=".urlencode($R);
             } else {
               echo "bro_downloadfile.php?dir=".urlencode($R)."&amp;file=".urlencode($c[$i]["name"]);
@@ -480,9 +481,9 @@ function actmoveto_not_empty() {
             }
             echo "</td>\n";
           } else {
-            echo "  <td width=\"28\"><input TYPE=checkbox class=\"inc\" name=\"d[]\" value=\"".$c[$i]["name"]."\"></td><td><b><a href=\"";
-            echo "bro_main.php?R=".urlencode($R."/".$c[$i]["name"]);
-            echo "\">".htmlentities($c[$i]["name"])."/</a></b></td>\n";
+              echo "  <td width=\"28\"><input type=\"checkbox\" class=\"inc\" name=\"d[]\" value=\"".ehe($c[$i]["name"],false)."\"></td><td><b><a href=\"";
+              echo "bro_main.php?R=".eue($R."/".$c[$i]["name"],false);
+            echo "\">".ehe($c[$i]["name"],false)."/</a></b></td>\n";
             echo "  <td>".format_size($c[$i]["size"])."</td><td>";
             echo "&nbsp;";
             echo "</td>\n";
@@ -503,14 +504,14 @@ function actmoveto_not_empty() {
         for($i=0;$i<round(count($c)/3);$i++) {
           echo "<tr class=\"lst\">\n";
           if ($c[$i]["type"]) {
-            echo "  <td width=\"28\"><input TYPE=checkbox class=\"inc\" name=\"d[]\" value=\"".$c[$i]["name"]."\"></td><td><a href=\"";
+              echo "  <td width=\"28\"><input type=\"checkbox\" class=\"inc\" name=\"d[]\" value=\"".ehe($c[$i]["name"],false)."\"></td><td><a href=\"";
             $canedit = $bro->can_edit($R,$c[$i]["name"]);
             if ($canedit&&($c[$i]["size"]<$memory_limit)) {
-              echo "bro_editor.php?editfile=".urlencode($c[$i]["name"])."&amp;R=".urlencode($R);
+              echo "bro_editor.php?editfile=".eue($c[$i]["name"],false)."&amp;R=".eue($R,false);
             } else {
-              echo "bro_downloadfile.php?dir=".urlencode($R)."&amp;file=".urlencode($c[$i]["name"]);
+              echo "bro_downloadfile.php?dir=".eue($R,false)."&amp;file=".eue($c[$i]["name"],false);
             }
-            echo "\">"; ehe($c[$i]["name"]); 
+            echo "\">"; ehe($c[$i]["name"],false); 
             echo "</a></td>\n";
             echo "  <td>".format_size($c[$i]["size"])."</td><td>";
             $vu=$bro->viewurl($R,$c[$i]["name"]);
@@ -521,9 +522,9 @@ function actmoveto_not_empty() {
             }
             echo "</td>\n";
           } else {
-            echo "  <td width=\"28\"><input TYPE=checkbox class=\"inc\" name=\"d[]\" value=\"".$c[$i]["name"]."\"></td><td><b><a href=\"";
-            echo "bro_main.php?R=".urlencode($R."/".$c[$i]["name"]);
-            echo "\">".htmlentities($c[$i]["name"])."/</a></b></td>\n";
+              echo "  <td width=\"28\"><input type=\"checkbox\" class=\"inc\" name=\"d[]\" value=\"".ehe($c[$i]["name"],false)."\"></td><td><b><a href=\"";
+            echo "bro_main.php?R=".eue($R."/".$c[$i]["name"],false);
+            echo "\">".ehe($c[$i]["name"],false)."/</a></b></td>\n";
             echo "  <td>".format_size($c[$i]["size"])."</td><td>";
             echo "&nbsp;";
             echo "</td>\n";
@@ -537,14 +538,14 @@ function actmoveto_not_empty() {
         for($i=round(count($c)/3);$i<round(2*count($c)/3);$i++) {
           echo "<tr class=\"lst\">\n";
           if ($c[$i]["type"]) {
-            echo "  <td width=\"28\"><input TYPE=checkbox class=\"inc\" name=\"d[]\" value=\"".$c[$i]["name"]."\"></td><td><a href=\"";
+              echo "  <td width=\"28\"><input type=\"checkbox\" class=\"inc\" name=\"d[]\" value=\"".ehe($c[$i]["name"],false)."\"></td><td><a href=\"";
             $canedit = $bro->can_edit($R,$c[$i]["name"]);
             if ($canedit&&($c[$i]["size"]<$memory_limit)) {
-              echo "bro_editor.php?editfile=".urlencode($c[$i]["name"])."&amp;R=".urlencode($R);
+              echo "bro_editor.php?editfile=".eue($c[$i]["name"],false)."&amp;R=".eue($R,false);
             } else {
-              echo "bro_downloadfile.php?dir=".urlencode($R)."&amp;file=".urlencode($c[$i]["name"]);
+              echo "bro_downloadfile.php?dir=".eue($R,false)."&amp;file=".eue($c[$i]["name"],false);
             }
-            echo "\">"; ehe($c[$i]["name"]); 
+            echo "\">"; ehe($c[$i]["name"],false); 
             echo "</a></td>\n";
             echo "  <td>".format_size($c[$i]["size"])."</td><td>";
             $vu=$bro->viewurl($R,$c[$i]["name"]);
@@ -556,9 +557,9 @@ function actmoveto_not_empty() {
 
             echo "</td>\n";
           } else {
-            echo "  <td width=\"28\"><input TYPE=checkbox class=\"inc\" name=\"d[]\" value=\"".$c[$i]["name"]."\"></td><td><b><a href=\"";
-            echo "bro_main.php?R=".urlencode($R."/".$c[$i]["name"]);
-            echo "\">".htmlentities($c[$i]["name"])."/</a></b></td>\n";
+              echo "  <td width=\"28\"><input type=\"checkbox\" class=\"inc\" name=\"d[]\" value=\"".ehe($c[$i]["name"],false)."\"></td><td><b><a href=\"";
+            echo "bro_main.php?R=".eue($R."/".$c[$i]["name"],false);
+            echo "\">".ehe($c[$i]["name"],false)."/</a></b></td>\n";
             echo "  <td>".format_size($c[$i]["size"])."</td><td>";
             echo "&nbsp;";
             echo "</td>\n";
@@ -572,14 +573,14 @@ function actmoveto_not_empty() {
         for($i=round(2*count($c)/3);$i<count($c);$i++) {
           echo "<tr class=\"lst\">\n";
           if ($c[$i]["type"]) {
-            echo "  <td width=\"28\"><input TYPE=checkbox class=\"inc\" name=\"d[]\" value=\"".$c[$i]["name"]."\"></td><td><a href=\"";
+              echo "  <td width=\"28\"><input type=\"checkbox\" class=\"inc\" name=\"d[]\" value=\"".ehe($c[$i]["name"],false)."\"></td><td><a href=\"";
             $canedit = $bro->can_edit($R,$c[$i]["name"]);
-            if ($canedit&&($c[$i]["size"]<$memory_limit)) {
-              echo "bro_editor.php?editfile=".urlencode($c[$i]["name"])."&amp;R=".urlencode($R);
+            if ($canedit && ($c[$i]["size"]<$memory_limit)) {
+              echo "bro_editor.php?editfile=".eue($c[$i]["name"],false)."&amp;R=".eue($R,false);
             } else {
-              echo "bro_downloadfile.php?dir=".urlencode($R)."&amp;file=".urlencode($c[$i]["name"]);
+              echo "bro_downloadfile.php?dir=".eue($R)."&amp;file=".eue($c[$i]["name"]);
             }
-            echo "\">"; ehe($c[$i]["name"]); 
+            echo "\">"; ehe($c[$i]["name"],false); 
             echo "</a></td>\n";
             echo "  <td>".format_size($c[$i]["size"])."</td><td>";
             $vu=$bro->viewurl($R,$c[$i]["name"]);
@@ -590,9 +591,9 @@ function actmoveto_not_empty() {
             }
             echo "</td>\n";
           } else {
-            echo "  <td width=\"28\"><input TYPE=checkbox class=\"inc\"  name=\"d[]\" value=\"".$c[$i]["name"]."\"></td><td><b><a href=\"";
-            echo "bro_main.php?R=".urlencode($R."/".$c[$i]["name"]);
-            echo "\">".htmlentities($c[$i]["name"])."/</a></b></td>\n";
+              echo "  <td width=\"28\"><input type=\"checkbox\" class=\"inc\"  name=\"d[]\" value=\"".ehe($c[$i]["name"],false)."\"></td><td><b><a href=\"";
+            echo "bro_main.php?R=".eue($R."/".$c[$i]["name"],false);
+            echo "\">".ehe($c[$i]["name"],false)."/</a></b></td>\n";
             echo "  <td>".format_size($c[$i]["size"])."</td><td>";
             echo "&nbsp;";
             echo "</td>\n";
@@ -620,19 +621,19 @@ else {
 <br/>
 
 <div class="showdirsize_button">
-<span class="ina"><a href="bro_main.php?R=<?php echo (($R)?$R:"/"); ?>&amp;showdirsize=1"><?php __("Show size of directories"); ?></a></span> <?php __("(slow)"); ?><br />&nbsp;<br />
+<span class="ina"><a href="bro_main.php?R=<?php eue(($R)?$R:"/",false); ?>&amp;showdirsize=1"><?php __("Show size of directories"); ?></a></span> <?php __("(slow)"); ?><br />&nbsp;<br />
 </div>
 <span class="ina"><?php
 if ($hta->is_protected($R)) {
-  echo "<a href=\"hta_edit.php?dir=".(($R)?$R:"/")."\">"._("Edit this folder's protection")."</a>";
+    echo "<a href=\"hta_edit.php?dir=".eue(($R)?$R:"/",false)."\">"._("Edit this folder's protection")."</a>";
 }
 else {
-  echo "<a href=\"hta_add.php?dir=".(($R)?$R:"/")."\">"._("Protect this folder")."</a>";
+    echo "<a href=\"hta_add.php?dir=".eue(($R)?$R:"/",false)."\">"._("Protect this folder")."</a>";
 }
 ?></span> <?php __("with a login and a password"); ?>
 </p><p>
 <span class="ina">
-<a href="bro_tgzdown.php?dir=<?php echo (($R)?$R:"/") ?>"><?php __("Download this folder"); ?></a>
+<a href="bro_tgzdown.php?dir=<?php eue(($R)?$R:"/"); ?>"><?php __("Download this folder"); ?></a>
 </span> &nbsp; 
 <?php printf(_("as a %s file"),$bro->l_tgz[$p["downfmt"]]); ?>
 </p>  
diff --git a/bureau/admin/browseforfolder2.php b/bureau/admin/browseforfolder2.php
index 3beb5cce..5db25788 100755
--- a/bureau/admin/browseforfolder2.php
+++ b/bureau/admin/browseforfolder2.php
@@ -141,14 +141,14 @@ if ($errbrowsefold) {
     <form method="post" id="main" name="main" action="browseforfolder2.php">
        <?php csrf_get(); ?>
     <p>
-    <input type="hidden" name="caller" value="<?php echo $caller; ?>" />
-    <input type="hidden" name="lastcurdir" value="<?php echo $curdir; ?>" />
-    <input type="hidden" name="bid" value="<?php echo $bid; ?>" />
+    <input type="hidden" name="caller" value="<?php echo ehe($caller); ?>" />
+    <input type="hidden" name="lastcurdir" value="<?php echo ehe($curdir); ?>" />
+    <input type="hidden" name="bid" value="<?php echo ehe($bid); ?>" />
 
     <input type="text" class="int" id="file" name="file" size="20" value="<?php ehe($file); ?>" /><br />
 
     <input type="button" name="select" value="<?php __("Select"); ?>" class="inb" onclick="retour();" />&nbsp;
-  <input type="button" name="cancel" value="<?php __("Cancel"); ?>" class="inb" onclick="window.parent.jQuery('#<?php echo $bid; ?>').dialog('close');" />&nbsp;
+  <input type="button" name="cancel" value="<?php __("Cancel"); ?>" class="inb" onclick="window.parent.jQuery('#<?php ehe($bid); ?>').dialog('close');" />&nbsp;
   </p>
     </form>
 
@@ -170,9 +170,9 @@ if ($errbrowsefold) {
       }
       echo "<td colspan=\"".($maxlevel-$val["level"]+1)."\">";
       if ($val["put"]!="") {
-        echo "<a href=\"browseforfolder2.php?caller=".urlencode($caller)."&amp;bid=".$bid."&amp;file=".urlencode($val["put"])."\">".$val["dir"]."</a>";
+          echo "<a href=\"browseforfolder2.php?caller=".eue($caller,false)."&amp;bid=".eue($bid,false)."&amp;file=".eue($val["put"],false)."\">".ehe($val["dir"],false)."</a>";
       } else {
-        echo "<b>".$val["dir"]."</b>";
+          echo "<b>".ehe($val["dir"],false)."</b>";
       }
       echo "</td>\n</tr>\n";
     }
diff --git a/bureau/admin/cron.php b/bureau/admin/cron.php
index 10f5b7fc..9422cd41 100755
--- a/bureau/admin/cron.php
+++ b/bureau/admin/cron.php
@@ -54,7 +54,7 @@ for ($i=0; $i < $max_cron ; $i++) {
       <a href="javascript:cleancron('<?php echo $i ?>');"><img src="images/delete.png" alt="<?php __("Delete");?>" title="<?php __("Delete");?>"/></a>
     </td>
     <td colspan='2'>
-      <label for="crup_url_<?php echo $i?>"><?php __("Called URL"); ?> :</label><br/><input type="text" id="crup_url_<?php echo $i?>" name="<?php echo "cronupdate[$i][url]";?>" size="40" maxlength="255" value="<?php if (isset($lst_cron[$i]['url'])) { echo htmlentities($lst_cron[$i]['url']);} ?>"/>
+      <label for="crup_url_<?php echo $i?>"><?php __("Called URL"); ?> :</label><br/><input type="text" id="crup_url_<?php echo $i; ?>" name="<?php echo "cronupdate[$i][url]";?>" size="40" maxlength="255" value="<?php if (isset($lst_cron[$i]['url'])) { ehe($lst_cron[$i]['url']); } ?>"/>
     </td>
     <td>
       <?php __("Period:");?> <select name='cronupdate[<?php echo $i; ?>][schedule]'>
@@ -72,9 +72,9 @@ foreach ($cron->schedule() as $cs) {
       <br/><?php if (isset($lst_cron[$i])) {__("Next execution: "); echo $lst_cron[$i]['next_execution'];}?>
     </td>
   </tr><tr class="<?php echo ($i%2)?"lst1":"lst2"; ?>">
-    <td><label for="crup_user_<?php echo $i?>"><?php __("HTTP user (optional)"); ?> :</label><br/><input type="text" id="crup_user_<?php echo $i?>" name="<?php echo "cronupdate[$i][user]";?>" size="20" maxlength="64" value="<?php if (isset($lst_cron[$i]['user'])) { echo htmlentities($lst_cron[$i]['user']);} ?>"/></td>
-    <td><label for="crup_pass_<?php echo $i?>"><?php __("HTTP password (optional)"); ?> :</label><br/><input type="text" id="crup_pass_<?php echo $i?>" name="<?php echo "cronupdate[$i][password]";?>" size="20" maxlength="64" value="<?php if (isset($lst_cron[$i]['password'])) { echo htmlentities($lst_cron[$i]['password']);} ?>"/></td>
-    <td><label for="crup_mail_<?php echo $i?>"><?php __("Mail address (optional)"); ?> :</label><br/><input type="text" id="crup_mail_<?php echo $i?>" name="<?php echo "cronupdate[$i][email]";?>" size="25" maxlength="64" value="<?php if (isset($lst_cron[$i]['email'])) { echo htmlentities($lst_cron[$i]['email']);} ?>"/></td>
+    <td><label for="crup_user_<?php echo $i?>"><?php __("HTTP user (optional)"); ?> :</label><br/><input type="text" id="crup_user_<?php echo $i?>" name="<?php echo "cronupdate[$i][user]";?>" size="20" maxlength="64" value="<?php if (isset($lst_cron[$i]['user'])) { ehe($lst_cron[$i]['user']);} ?>"/></td>
+    <td><label for="crup_pass_<?php echo $i?>"><?php __("HTTP password (optional)"); ?> :</label><br/><input type="text" id="crup_pass_<?php echo $i?>" name="<?php echo "cronupdate[$i][password]";?>" size="20" maxlength="64" value="<?php if (isset($lst_cron[$i]['password'])) { ehe($lst_cron[$i]['password']);} ?>"/></td>
+    <td><label for="crup_mail_<?php echo $i?>"><?php __("Mail address (optional)"); ?> :</label><br/><input type="text" id="crup_mail_<?php echo $i?>" name="<?php echo "cronupdate[$i][email]";?>" size="25" maxlength="64" value="<?php if (isset($lst_cron[$i]['email'])) { ehe($lst_cron[$i]['email']);} ?>"/></td>
   </tr>
 <?php } //foreach ?>
 </table>
diff --git a/bureau/admin/dom_dodel.php b/bureau/admin/dom_dodel.php
index b1217cb5..42cd9446 100755
--- a/bureau/admin/dom_dodel.php
+++ b/bureau/admin/dom_dodel.php
@@ -71,7 +71,7 @@ if ($del_confirm!="y") {
  <?php csrf_get(); ?>
 <p>
 <input type="hidden" name="del_confirm" value="y" />
-<input type="hidden" name="domain" value="<?php echo $domain ?>" />
+<input type="hidden" name="domain" value="<?php ehe($domain); ?>" />
  <input type="submit" class="inb ok" name="submit" value="<?php __("Yes, delete this domain name"); ?>" />
  <input type="button" class="inb cancel" name="non" value="<?php __("No, don't delete this domain name"); ?>" onclick="history.back()" />
 </form>
diff --git a/bureau/admin/dom_edit.inc.php b/bureau/admin/dom_edit.inc.php
index a1901c11..57a74c0e 100755
--- a/bureau/admin/dom_edit.inc.php
+++ b/bureau/admin/dom_edit.inc.php
@@ -34,7 +34,7 @@ $dom->unlock();
         <tr>
             <td>
             <input type="hidden" name="domain" value="<?php ehe($domain) ?>" />
-            <input type="hidden" name="sub_domain_id" value="<?php echo $sub_domain_id ?>" />
+            <input type="hidden" name="sub_domain_id" value="<?php ehe($sub_domain_id); ?>" />
             <input type="hidden" name="action" value="add" />
   <?php
    if ($isedit) {
@@ -43,7 +43,7 @@ $dom->unlock();
      __("Create a subdomain:"); 
    }
 ?></td><td>
-<input type="text" class="int" name="sub" style="text-align:right" value="<?php ehe($sub); ?>" size="22" id="sub" /><span class="int" id="newsubname">.<?php echo $domain; ?></span></td>
+   <input type="text" class="int" name="sub" style="text-align:right" value="<?php ehe($sub); ?>" size="22" id="sub" /><span class="int" id="newsubname">.<?php ehe($domain); ?></span></td>
         </tr>
     <?php 
       $first_advanced=true;
@@ -70,35 +70,35 @@ $dom->unlock();
     ?>
     <tr id="tr_<?php echo $dt['name']; ?>">
       <td>
-        <input type="radio" id="r_<?php echo $dt['name']?>" class="inc" name="type" value="<?php echo $dt['name']; ?>" <?php cbox(strtoupper($type)==strtoupper($dt['name'])); ?> OnClick="getElementById('t_<?php echo $dt['name']?>').focus();"/>
-        <label for="r_<?php echo $dt['name']?>"><?php __($dt['description']); ?></label>
+        <input type="radio" id="r_<?php ehe($dt['name']); ?>" class="inc" name="type" value="<?php ehe($dt['name']); ?>" <?php cbox(strtoupper($type)==strtoupper($dt['name'])); ?> OnClick="getElementById('t_<?php ehe($dt['name']); ?>').focus();"/>
+        <label for="r_<?php ehe($dt['name']); ?>"><?php __($dt['description']); ?></label>
       </td>
       <td>
         <?php 
 
         switch ($dt['target']) {
           case "DIRECTORY": ?>
-            <input type="text" class="int" name="t_<?php echo $dt['name']?>" id="t_<?php echo $dt['name']?>" value="<?php ehe($targval); ?>" size="28" onKeyPress="getElementById('r_<?php echo $dt['name']?>').checked=true;" />
+            <input type="text" class="int" name="t_<?php ehe($dt['name']); ?>" id="t_<?php ehe($dt['name']); ?>" value="<?php ehe($targval); ?>" size="28" onKeyPress="getElementById('r_<?php ehe($dt['name']); ?>').checked=true;" />
             <?php display_browser( $targval , "t_".$dt['name'] ); 
             break;
           case "URL": ?>
-              <input type="text" class="int" name="t_<?php echo $dt['name']?>" id="t_<?php echo $dt['name']?>" value="<?php ehe( (empty($targval)?'http://':$targval) ); ?>" size="50" onKeyPress="getElementById('r_<?php echo $dt['name']?>').checked=true;" />
+              <input type="text" class="int" name="t_<?php ehe($dt['name']); ?>" id="t_<?php ehe($dt['name']); ?>" value="<?php ehe( (empty($targval)?'http://':$targval) ); ?>" size="50" onKeyPress="getElementById('r_<?php ehe($dt['name']); ?>').checked=true;" />
               <small><?php __("(enter an URL here)"); ?></small><?php
               break;;
           case 'IP':?>
-              <input type="text" class="int" name="t_<?php echo $dt['name']?>" id="t_<?php echo $dt['name']?>"  value="<?php ehe($targval); ?>" size="16" onKeyPress="getElementById('r_<?php echo $dt['name']?>').checked=true;" />
+              <input type="text" class="int" name="t_<?php ehe($dt['name']); ?>" id="t_<?php ehe($dt['name']); ?>"  value="<?php ehe($targval); ?>" size="16" onKeyPress="getElementById('r_<?php ehe($dt['name']); ?>').checked=true;" />
             <small><?php __("(enter an IPv4 address, for example 192.168.1.2)"); ?></small><?php
               break;
           case 'IPV6':?>
-            <input type="text" class="int" name="t_<?php echo $dt['name']?>" id="t_<?php echo $dt['name']?>" value="<?php ehe($targval); ?>" size="32" onKeyPress="getElementById('r_<?php echo $dt['name']?>').checked=true;" /> 
+            <input type="text" class="int" name="t_<?php ehe($dt['name']); ?>" id="t_<?php ehe($dt['name']); ?>" value="<?php ehe($targval); ?>" size="32" onKeyPress="getElementById('r_<?php ehe($dt['name']); ?>').checked=true;" /> 
             <small><?php __("(enter an IPv6 address, for example 2001:0910::0)"); ?></small><?php
               break;
           case 'TXT':?>
-              <input type="text" class="int" name="t_<?php echo $dt['name']?>" id="t_<?php echo $dt['name']?>" value="<?php ehe($targval);?>" size="32" onKeyPress="getElementById('r_<?php echo $dt['name']?>').checked=true;" />
+              <input type="text" class="int" name="t_<?php ehe($dt['name']); ?>" id="t_<?php ehe($dt['name']); ?>" value="<?php ehe($targval);?>" size="32" onKeyPress="getElementById('r_<?php ehe($dt['name']); ?>').checked=true;" />
             <small><?php __("(enter a TXT content for this domain)"); ?></small><?php
               break;
           case 'DOMAIN':?>
-              <input type="text" class="int" name="t_<?php echo $dt['name']?>" id="t_<?php echo $dt['name']?>" value="<?php ehe($targval);?>" size="32" onKeyPress="getElementById('r_<?php echo $dt['name']?>').checked=true;" /> 
+              <input type="text" class="int" name="t_<?php ehe($dt['name']); ?>" id="t_<?php ehe($dt['name']); ?>" value="<?php ehe($targval);?>" size="32" onKeyPress="getElementById('r_<?php ehe($dt['name']); ?>').checked=true;" /> 
             <small><?php __("(enter a domain name or subdomain)"); ?></small><?php
               break;
           case "NONE":
diff --git a/bureau/admin/dom_edit.php b/bureau/admin/dom_edit.php
index ca7fb46f..883d124a 100755
--- a/bureau/admin/dom_edit.php
+++ b/bureau/admin/dom_edit.php
@@ -279,7 +279,7 @@ if (!$r['noerase']) {
 <tr>
   <td><?php __("Define TTL for the zone records"); ?>&nbsp;: </td>
   <td> 
-     <input type="text" id="ttldns" class="inc" name="ttl" size="6" value="<?php echo ($r["zonettl"]); ?>" /> <?php __("seconds"); ?> <small><i><?php __("Warning: a low TTL can be problematic. It is recommended not to use a lower TTL than 3600 seconds."); ?></i></small>
+     <input type="text" id="ttldns" class="inc" name="ttl" size="6" value="<?php ehe($r["zonettl"]); ?>" /> <?php __("seconds"); ?> <small><i><?php __("Warning: a low TTL can be problematic. It is recommended not to use a lower TTL than 3600 seconds."); ?></i></small>
   </td>
 </tr>
 </table>
diff --git a/bureau/admin/dom_import.php b/bureau/admin/dom_import.php
index 64c3d000..12436574 100755
--- a/bureau/admin/dom_import.php
+++ b/bureau/admin/dom_import.php
@@ -97,7 +97,7 @@ if ($save) {
         <label for="domain"><?php __("Enter the domain name you want to import") ; ?></label>
       </td>
       <td>
-        <input type="text" size="40" name="domain" value="<?php echo $domain; ?>" />
+        <input type="text" size="40" name="domain" value="<?php ehe($domain); ?>" />
       </td>
     </tr>
     <tr>
diff --git a/bureau/admin/dom_subdel.php b/bureau/admin/dom_subdel.php
index ab2116a2..21c30c72 100755
--- a/bureau/admin/dom_subdel.php
+++ b/bureau/admin/dom_subdel.php
@@ -61,7 +61,7 @@ if (isset($error) && $error) {
 <form action="dom_subdodel.php" method="post">
   <?php csrf_get(); ?>
   <p class="alert alert-warning">
-    <input type="hidden" name="sub_domain_id" value="<?php echo $sub_domain_id ?>" />
+    <input type="hidden" name="sub_domain_id" value="<?php ehe($sub_domain_id); ?>" />
     <?php __("WARNING : You are going to delete a sub-domain."); ?></p>
     <p><?php 
       __("Informations about the subdomain you're going to delete:");
diff --git a/bureau/admin/ftp_del.php b/bureau/admin/ftp_del.php
index c87c2cc8..7843791a 100755
--- a/bureau/admin/ftp_del.php
+++ b/bureau/admin/ftp_del.php
@@ -78,7 +78,7 @@ if(!empty($confirm_del)) {
   <form method="post" action="ftp_del.php" name="main" id="main">
       <?php csrf_get(); ?>
     <?php foreach($lst_todel as $t) {
-      echo "<input type='hidden' name='del_$t' value='$t' >\n";
+      echo '<input type="hidden" name="del_'.ehe($t,false).'" value="'.ehe($t,false).'" >'."\n";
     } ?>
     <input type="submit" class="inb" name="confirm_del" value="<?php __("Delete")?>" />
     <input type="button" class="inb" name="cancel" value="<?php __("Cancel"); ?>" onclick="document.location='ftp_list.php'" />
diff --git a/bureau/admin/ftp_edit.php b/bureau/admin/ftp_edit.php
index 144f637c..8925f45a 100755
--- a/bureau/admin/ftp_edit.php
+++ b/bureau/admin/ftp_edit.php
@@ -70,17 +70,17 @@ if (isset($error) && $error) {
 <input type="text" style="display: none" id="fakeUsername" name="fakeUsername" value="" />
 <input type="password" style="display: none" id="fakePassword" name="fakePassword" value="" />
 
-  <input type="hidden" name="id" value="<?php echo $id ?>" />
-  <input type="hidden" name="create" value="<?php echo $create ?>" />
+  <input type="hidden" name="id" value="<?php ehe($id); ?>" />
+  <input type="hidden" name="create" value="<?php ehe($create); ?>" />
   <table border="1" cellspacing="0" cellpadding="4" class="tedit">
     <tr>
       <th><label for="login"><?php __("Username"); ?></label></th>
-      <td><select class="inl" name="prefixe"><?php @$ftp->select_prefix_list($rr[0]["prefixe"]); ?></select>&nbsp;<b>_</b>&nbsp;<input type="text" class="int" name="login" id="login" value="<?php @ehe($rr[0]["login"]); ?>" size="20" maxlength="64" /></td>
+      <td><select class="inl" name="prefixe"><?php $ftp->select_prefix_list($rr[0]["prefixe"]); ?></select>&nbsp;<b>_</b>&nbsp;<input type="text" class="int" name="login" id="login" value="<?php ehe($rr[0]["login"]); ?>" size="20" maxlength="64" /></td>
     </tr>
     <tr>
       <th><label for="dir"><?php __("Folder"); ?></label></th>
       <td>
-        <input type="text" class="int" name="dir" id="dir" value="<?php empty($dir)?@ehe("/".$rr[0]["dir"]):@ehe($dir); ?>" size="20" maxlength="64" />
+        <input type="text" class="int" name="dir" id="dir" value="<?php empty($dir)?ehe("/".$rr[0]["dir"]):ehe($dir); ?>" size="20" maxlength="64" />
 				<?php display_browser( empty($dir)?("/".( isset($rr[0]["dir"])?$rr[0]["dir"]:'') ):$dir , "dir" ); ?>
 		<p><?php __("This is the root folder for this FTP user. i.e. this FTP user can access to this folder and all its sub-folders."); ?></p>
 		
diff --git a/bureau/admin/ftp_list.php b/bureau/admin/ftp_list.php
index 17214dd5..b950ce3d 100755
--- a/bureau/admin/ftp_list.php
+++ b/bureau/admin/ftp_list.php
@@ -77,10 +77,10 @@ if (isset($error) && $error && !$noftp) {
 reset($r);
 while (list($key,$val)=each($r)) { ?>
 	<tr class="lst">
-		<td align="center"><input type="checkbox" class="inc" id="del_<?php echo $val["id"]; ?>" name="del_<?php echo $val["id"]; ?>" value="<?php echo $val["id"]; ?>" /></td>
-<td><div class="ina edit"><a href="ftp_edit.php?id=<?php echo $val["id"] ?>"><?php __("Edit"); ?></a></div></td>
+		<td align="center"><input type="checkbox" class="inc" id="del_<?php ehe($val["id"]); ?>" name="del_<?php ehe($val["id"]); ?>" value="<?php ehe($val["id"]); ?>" /></td>
+<td><div class="ina edit"><a href="ftp_edit.php?id=<?php eue($val["id"]); ?>"><?php __("Edit"); ?></a></div></td>
 
-		<td><a href='ftp_switch_enable.php?id=<?php echo $val['id'].'&amp;status='.( ($val['enabled'])?'0':'1' ) ;?>' onClick='return confirm("<?php __("Are you sure you want to change his status?"); ?>");'><?php 
+		<td><a href='ftp_switch_enable.php?id=<?php eue($val['id'],false); echo '&amp;status='.( ($val['enabled'])?'0':'1' ) ;?>' onClick='return confirm("<?php __("Are you sure you want to change his status?"); ?>");'><?php 
 if ( $val['enabled']) {
   echo "<img src='images/check_ok.png' alt=\""._("Enabled")."\"/>";
   echo "<span style='display:none;'>ENABLED</span>"; // for tablesorter
@@ -90,11 +90,11 @@ if ( $val['enabled']) {
 }
 
 ?></a></td>
-		<td><label for="del_<?php echo $val["id"]; ?>"><?php echo $val["login"] ?></label>
-                  <input type='hidden' name='names[<?php echo $val['id'];?>]' value='<?php echo $val["login"] ?>' />
+    <td><label for="del_<?php ehe($val["id"]); ?>"><?php ehe($val["login"]); ?></label>
+                  <input type="hidden" name="names[<?php ehe($val['id']); ?>]" value="<?php ehe($val["login"]); ?>" />
                 </td>
 		<td>
-                  <a href="bro_main.php?R=<?php echo urlencode(str_replace(getuserpath(),'', $val["dir"])); ?>"><code><?php echo str_replace(getuserpath(),'', $val["dir"]) ?></code></a>
+<a href="bro_main.php?R=<?php eue(str_replace(getuserpath(),'', $val["dir"])); ?>"><code><?php ehe(substr($val["dir"],strlen(getuserpath()) )); ?></code></a>
                   <?php if ( ! file_exists($val['dir'])) { echo " <span class=\"alerte\">"._("Directory not found")."</span>"; } ?>
                 </td>
 	</tr>
diff --git a/bureau/admin/hta_add.php b/bureau/admin/hta_add.php
index 7266899f..27ceb961 100755
--- a/bureau/admin/hta_add.php
+++ b/bureau/admin/hta_add.php
@@ -56,7 +56,7 @@ if (isset($error) && $error) {
       <th><label for="dir"><?php __("Folder"); ?></label></th>
       <td>
         <input type="text" class="int" name="dir" id="dir" value="<?php (isset($dir)) ? : $dir="";ehe($dir); ?>" maxlength="255" />
-        <?php display_browser( ehe($dir,false) , "dir" ); ?>
+        <?php display_browser($dir, "dir" ); ?>
       </td>
     </tr>
   </table>
diff --git a/bureau/admin/hta_dodeluser.php b/bureau/admin/hta_dodeluser.php
index 62bb4798..08086925 100755
--- a/bureau/admin/hta_dodeluser.php
+++ b/bureau/admin/hta_dodeluser.php
@@ -52,15 +52,15 @@ include_once('head.php');
   <?php __("Do you really want to delete those users ?");?>
   <ul>
   <?php foreach($d as $t) {
-    echo "<li>$t</li>\n";
+    echo "<li>".ehe($t,false)."</li>\n";
   } ?>
   </ul>
 
   <form method="post" action="hta_dodeluser.php" name="main" id="main">
   <?php csrf_get(); ?>
-    <input type='hidden' name='dir' value='<?php echo $dir;?>' >
+    <input type="hidden" name="dir" value="<?php ehe($dir); ?>" >
     <?php foreach($d as $t) {
-      echo "<input type='hidden' name='d[$t]' value='$t' >\n";
+    echo '<input type="hidden" name="d['.ehe($t,false).']" value="'.ehe($t,false).'" >'."\n";
     } ?>
     <input type="submit" class="inb" name="confirm_del" value="<?php __("Delete")?>" />
     <input type="button" class="inb" name="cancel" value="<?php __("Cancel"); ?>" onclick="document.location='/hta_edit.php?dir=<?php echo urlencode($dir);?>'" />
diff --git a/bureau/admin/hta_edit.php b/bureau/admin/hta_edit.php
index 4ea1ec1c..2948fa7d 100755
--- a/bureau/admin/hta_edit.php
+++ b/bureau/admin/hta_edit.php
@@ -60,17 +60,17 @@ if (!$dir) {
    <?php csrf_get(); ?>
 <table cellspacing="0" cellpadding="4" class='tlist'>
   <tr>
-    <th colspan="2" ><input type="hidden" name="dir" value="<?php echo $dir?>"> </th>
+    <th colspan="2" ><input type="hidden" name="dir" value="<?php ehe($dir); ?>"> </th>
     <th><?php __("Username"); ?></th>
   </tr>
 <?php
 for($i=0;$i<count($r);$i++){ ?>
   <tr class="lst">
-    <td align="center"><input type="checkbox" class="inc" name="d[]" value="<?php echo $r[$i]?>" /></td>
+    <td align="center"><input type="checkbox" class="inc" name="d[]" value="<?php ehe($r[$i]); ?>" /></td>
     <td>
-      <div class="ina"><a href="hta_edituser.php?user=<?php echo urlencode($r[$i])?>&amp;dir=<?php echo urlencode($dir); ?>"><img src="icon/encrypted.png" alt="<?php __("Change this user's password"); ?>" /><?php __("Change this user's password"); ?></a></div>
+      <div class="ina"><a href="hta_edituser.php?user=<?php eue($r[$i]); ?>&amp;dir=<?php eue($dir); ?>"><img src="icon/encrypted.png" alt="<?php __("Change this user's password"); ?>" /><?php __("Change this user's password"); ?></a></div>
     </td>
-    <td><?php echo $r[$i]; ?></td>
+    <td><?php ehe($r[$i]); ?></td>
   </tr>
 <?php
 } // for $i
@@ -83,7 +83,7 @@ for($i=0;$i<count($r);$i++){ ?>
 
 <?php } // else !count $r ?>
 <p>
-<span class="inb"><a href="bro_main.php?R=<?php echo $dir ?>"><?php __("Show this folder's content in the File Browser"); ?></a></span>
+<span class="inb"><a href="bro_main.php?R=<?php eue($dir); ?>"><?php __("Show this folder's content in the File Browser"); ?></a></span>
 </p>
 
 <p>&nbsp;</p>
@@ -99,8 +99,8 @@ for($i=0;$i<count($r);$i++){ ?>
 
     <table class="tedit">
       <tr>
-        <th><input type="hidden" name="dir" value="<?php echo $dir ?>" /><?php __("Folder"); ?></th>
-        <td><?php echo '<a href="bro_main.php?R='.urlencode($dir).'">'.htmlspecialchars($dir).'</a>'; ?></td>
+        <th><input type="hidden" name="dir" value="<?php ehe($dir); ?>" /><?php __("Folder"); ?></th>
+        <td><?php echo '<a href="bro_main.php?R='.eue($dir,false).'">'.ehe($dir,false).'</a>'; ?></td>
       </tr>
       <tr>
         <th><label for="user"><?php __("Username"); ?></label></th>
diff --git a/bureau/admin/hta_edituser.php b/bureau/admin/hta_edituser.php
index 2faddef9..2819ca9e 100755
--- a/bureau/admin/hta_edituser.php
+++ b/bureau/admin/hta_edituser.php
@@ -50,8 +50,8 @@ getFields($fields);
 <input type="text" style="display: none" id="fakeUsername" name="fakeUsername" value="" />
 <input type="password" style="display: none" id="fakePassword" name="fakePassword" value="" />
 
-  <input type="hidden" name="dir" value="<?php echo $dir ?>">
-  <input type="hidden" name="user" value="<?php echo $user ?>">
+  <input type="hidden" name="dir" value="<?php ehe($dir); ?>">
+  <input type="hidden" name="user" value="<?php ehe($user); ?>">
   <table border="1" cellspacing="0" cellpadding="4" class='tedit'>
     <tr>
       <th><?php __("Folder"); ?></th>
diff --git a/bureau/admin/hta_list.php b/bureau/admin/hta_list.php
index f2a93cfc..3a603e35 100755
--- a/bureau/admin/hta_list.php
+++ b/bureau/admin/hta_list.php
@@ -73,11 +73,11 @@ $mem->show_help("hta_list2");
 for($i=0;$i<count($r);$i++){
 ?>
 	<tr  class="lst">
-		<td align="center"><input type="checkbox" class="inc" name="del_<?php echo $r[$i] ?>" value="<?php echo $r[$i] ?>" /></td>
+		<td align="center"><input type="checkbox" class="inc" name="del_<?php ehe($r[$i]); ?>" value="<?php ehe($r[$i]); ?>" /></td>
 		<td>
-<div class="ina lock"><a href="hta_edit.php?dir=<?php echo $r[$i]?>"><?php __("Edit login and passwords"); ?></a></div>
+<div class="ina lock"><a href="hta_edit.php?dir=<?php eue($r[$i]); ?>"><?php __("Edit login and passwords"); ?></a></div>
 </td>
-		<td><?php echo '<a href="bro_main.php?R='.urlencode($r[$i]).'">'.htmlspecialchars($r[$i]).'</a>'; ?></td>
+    <td><?php echo '<a href="bro_main.php?R='.ehe($r[$i],false).'">'.ehe($r[$i],false).'</a>'; ?></td>
 	</tr>
     <?php
 	}
diff --git a/bureau/admin/index.php b/bureau/admin/index.php
index 6b1e3193..0763c50d 100755
--- a/bureau/admin/index.php
+++ b/bureau/admin/index.php
@@ -98,7 +98,7 @@ if ( empty($logo) ||  ! $logo ) {
                 <div><label for="username"><?php echo _("Username"); ?></label></td><td><input type="text" class="int" name="username" id="username" value="" maxlength="128" autocapitalize="none" /></div>
                 <div><label for="password"><?php echo _("Password"); ?></label></td><td><input type="password" class="int" name="password" id="password" value="" maxlength="128" /></div>
                 <div class="submit"><input type="submit" class="inb" name="submit" onclick='return logmein();' value="<?php __("Enter"); ?>" /><input type="hidden" id="restrictip" name="restrictip" value="0" />
-                <input type="hidden" id="authip_token" name="authip_token" value="<?php echo htmlentities( (empty($authip_token)?'':$authip_token) ) ?>" /></div>
+                <input type="hidden" id="authip_token" name="authip_token" value="<?php ehe( (empty($authip_token)?'':$authip_token) ) ?>" /></div>
             </div>
           </form>
 	</div>
diff --git a/bureau/admin/ip_main.php b/bureau/admin/ip_main.php
index 57c4d34c..bc6656e7 100755
--- a/bureau/admin/ip_main.php
+++ b/bureau/admin/ip_main.php
@@ -97,19 +97,19 @@ $lac = $authip->list_affected();
     <td class="lst2">
       <?php foreach ($ac as $a) { ?>
         <p>
-        <input type="radio" name="s_protocol" id="s_protocol_<?php echo htmlentities($a['protocol']);?>" value="<?php echo htmlentities($a['protocol']);?>" />
-        <label for="s_protocol_<?php echo htmlentities($a['protocol']);?>"><?php echo htmlentities($a['name']); ?></label>
+        <input type="radio" name="s_protocol" id="s_protocol_<?php ehe($a['protocol']);?>" value="<?php ehe($a['protocol']);?>" />
+        <label for="s_protocol_<?php ehe($a['protocol']);?>"><?php ehe($a['name']); ?></label>
 
         <?php if ( sizeof($a['values']) > 1 ) { ?>
-           <select name="s_affect_<?php echo htmlentities($a['protocol']);?>" id="s_affect_<?php echo htmlentities($a['protocol']);?>">
+           <select name="s_affect_<?php ehe($a['protocol']);?>" id="s_affect_<?php ehe($a['protocol']);?>">
              <?php foreach ($a['values'] as $k => $v) { ?>
-               <option value="<?php echo htmlentities($k); ?>"><?php echo htmlentities($v); ?></option>
+               <option value="<?php ehe($k); ?>"><?php ehe($v); ?></option>
              <?php  } ?>
            </select>
         <?php } else { ?>
           <?php foreach ($a['values'] as $k => $v) { ?>
-            <label><b><?php echo htmlentities($v); ?></b></label> 
-            <input type=hidden name="s_affect_<?php echo htmlentities($a['protocol']);?>" id="s_affect_<?php echo htmlentities($a['protocol']);?>" value="<?php echo htmlentities($k); ?>" readonly />
+            <label><b><?php ehe($v); ?></b></label> 
+            <input type="hidden" name="s_affect_<?php ehe($a['protocol']);?>" id="s_affect_<?php ehe($a['protocol']);?>" value="<?php ehe($k); ?>" readonly="readonly" />
           <?php  } ?>
         <?php } ?>
         </p>
@@ -122,7 +122,7 @@ $lac = $authip->list_affected();
       <p>
       <select name="s_ipsub">
         <?php foreach ($list_ip as $li) { ?>
-          <option value="<?php echo $li['id']; ?>"><?php echo htmlentities($li['infos']); 
+          <option value="<?php echo $li['id']; ?>"><?php ehe($li['infos']); 
             //echo " - ".$li['ip'] ; if (!($li['subnet']==32 || $li['subnet'] == 128)) echo "/".$li['subnet'];
             ?></option>
         <?php } ?>
@@ -174,7 +174,7 @@ foreach($list_ip as $i) {
 <hr/>
 <h3><?php __("Add an IP or a networks");?></h3>
 
-<p><a href="javascript:edit_ip('','<?php echo htmlentities(get_remote_ip())."','Home IP'";?>);" ><?php echo __("Add my current IP"); ?></a></p>
+<p><a href="javascript:edit_ip('','<?php ehe(get_remote_ip())."','Home IP'";?>);" ><?php echo __("Add my current IP"); ?></a></p>
 <span id="form_add_ip">
 <form method="post" action="ip_main.php" name="main" >
    <?php csrf_get(); ?>
@@ -185,8 +185,8 @@ foreach($list_ip as $i) {
   <tr><th><?php __("Name"); ?></th><th><?php __("IP or network. <i>IPv4, IPv6 and subnet allowed</i>"); ?></th><th></th></tr>
   
   <tr class="lst2">
-    <td><input type="text" size='20' maxlength='39' name="ipsub" id="edit_ip" /></td>
-    <td><input type="text" size='25' maxlength='200' name="infos" id="edit_infos" /></td>
+    <td><input type="text" size="20" maxlength="39" name="ipsub" id="edit_ip" /></td>
+    <td><input type="text" size="25" maxlength="200" name="infos" id="edit_infos" /></td>
     <td><input type="submit" class="inb ok" value="<?php __("Save")?>" /></td>
   </tr>
   </table>
diff --git a/bureau/admin/logs_tail.php b/bureau/admin/logs_tail.php
index 0c0b12ac..b268ceb4 100644
--- a/bureau/admin/logs_tail.php
+++ b/bureau/admin/logs_tail.php
@@ -50,15 +50,15 @@ if (!$string) {
 <h3><?php __("Follow a recent log"); ?></h3>
 <p><?php printf(_("Please find below the last lines of file <b>%s</b>"),$file); ?></p>
 <form method="get" action="logs_tail.php" name="update" id="update">
-  <input type="hidden" name="file" value="<?php echo $file; ?>" />
-  <input type="hidden" name="autoreload" value="<?php echo $autoreload; ?>" />
+  <input type="hidden" name="file" value="<?php ehe($file); ?>" />
+  <input type="hidden" name="autoreload" value="<?php ehe($autoreload); ?>" />
 <?php if ($autoreload) {
 ?>
-<input type="button" class="inb" name="autoreload" value="<?php __("Stop Auto Reload"); ?>" onclick="document.location='logs_tail.php?file=<?php echo $file; ?>&autoreload=0&lines=<?php echo $lines; ?>'"/>
+<input type="button" class="inb" name="autoreload" value="<?php __("Stop Auto Reload"); ?>" onclick="document.location='logs_tail.php?file=<?php eue($file); ?>&autoreload=0&lines=<?php eue($lines); ?>'"/>
 <?php
 } else {
 ?>
-<input type="button" class="inb" name="autoreload" value="<?php __("Auto Reload"); ?>" onclick="document.location='logs_tail.php?file=<?php echo $file; ?>&autoreload=1&lines=<?php echo $lines; ?>'"/>
+<input type="button" class="inb" name="autoreload" value="<?php __("Auto Reload"); ?>" onclick="document.location='logs_tail.php?file=<?php eue($file); ?>&autoreload=1&lines=<?php eue($lines); ?>'"/>
 <?php
 } ?>
 <select id="lines" name="lines" onchange="document.forms['update'].submit()">
diff --git a/bureau/admin/mail_del.php b/bureau/admin/mail_del.php
index 2cfa10ae..c0365e56 100755
--- a/bureau/admin/mail_del.php
+++ b/bureau/admin/mail_del.php
@@ -59,13 +59,13 @@ if ($confirm=="y") {
   <?php csrf_get(); ?>
 <p>
 <input type="hidden" name="confirm" value="y" />
-<input type="hidden" name="domain_id" value="<?php echo $domain_id; ?>" />
+<input type="hidden" name="domain_id" value="<?php ehe($domain_id); ?>" />
 
 <?php
 
 while (list($key,$val)=each($d)) {
   $m=$mail->get_details($val);
-  echo "<input type=\"hidden\" name=\"d[]\" value=\"$val\" />";
+  echo "<input type=\"hidden\" name=\"d[]\" value=\"".ehe($val,false)."\" />";
   echo $m["address"]."@".$m["domain"]."<br />";
 }
 
diff --git a/bureau/admin/mail_edit.php b/bureau/admin/mail_edit.php
index 442a9f5e..5517cfd1 100755
--- a/bureau/admin/mail_edit.php
+++ b/bureau/admin/mail_edit.php
@@ -67,7 +67,7 @@ if (isset($error)) {
 <input type="text" style="display: none" id="fakeUsername" name="fakeUsername" value="" />
 <input type="password" style="display: none" id="fakePassword" name="fakePassword" value="" />
 
-<input type="hidden" name="mail_id" value="<?php echo $mail_id; ?>" />
+<input type="hidden" name="mail_id" value="<?php ehe($mail_id); ?>" />
 <table class="tedit">
   <tr><th colspan="2"><b><?php __("Is this email enabled?"); ?></b></th></tr>
 
diff --git a/bureau/admin/mail_list.php b/bureau/admin/mail_list.php
index e84140de..114bd5b0 100755
--- a/bureau/admin/mail_list.php
+++ b/bureau/admin/mail_list.php
@@ -79,7 +79,7 @@ if ($fatal) {
     <form method="post" action="mail_doadd.php" id="main" name="mail_create">
     <?php csrf_get(); ?>
       <input type="text" class="int intleft" style="text-align: right" name="mail_arg" value="<?php ehe($mail_arg); ?>" size="24" id="mail_arg" maxlength="255" /><span id="emaildom" class="int intright"><?php echo "@".$domain; ?></span>
-      <input type="hidden" name="domain_id"  value="<?php echo $domain_id;?>" />
+      <input type="hidden" name="domain_id"  value="<?php ehe($domain_id); ?>" />
       <input type="submit" name="submit" class="inb add" value="<?php __("Create this email address"); ?>"  onClick="return false_if_empty('mail_arg', '<?php echo addslashes(_("Can't have empty mail."));?>');" />
     </form>
 <?php } // $quota->cancreate("mail") ?>
@@ -104,19 +104,19 @@ if (empty($allmails_list) && empty($search)) {
 
 <table class="searchtable"><tr><td>
 <form method="get" name="formlist1" id="formlist1" action="mail_list.php">
-<input type="hidden" name="domain_id" value="<?php echo $domain_id; ?>" />
+<input type="hidden" name="domain_id" value="<?php ehe($domain_id); ?>" />
 <input type="hidden" name="offset" value="0" />
 <span class="int intleft"><img alt="<?php __("Search"); ?>" title="<?php __("Search"); ?>" src="/images/search.png" style="vertical-align: middle"/> </span><input type="text" name="search" value="<?php ehe($search); ?>" size="20" maxlength="64" class="int intright" />
 </td><td>
 <?php pager($offset,$count,$mail->total,"mail_list.php?domain_id=".$domain_id."&amp;count=".$count."&amp;search=".urlencode($search)."&amp;offset=%%offset%%"); ?>
 </td>
 <td style="text-align:center">
-  <input type="checkbox" id="show_systemmails" name="show_systemmails" <?php if($show_systemmails) {echo "checked";}?> value="1"onclick="document.getElementById('formlist1').submit();" /><label for="show_systemmails" ><?php __("Show system emails");?></label>
+  <input type="checkbox" id="show_systemmails" name="show_systemmails" <?php if($show_systemmails) { echo "checked"; } ?> value="1" onclick="document.getElementById('formlist1').submit();" /><label for="show_systemmails" ><?php __("Show system emails");?></label>
 </td>
 </form>
 <td style="text-align:right">
 <form method="get" name="formlist2" id="formlist2" action="mail_list.php">
- <input type="hidden" name="domain_id" value="<?php echo $domain_id; ?>" />
+ <input type="hidden" name="domain_id" value="<?php ehe($domain_id); ?>" />
  <input type="hidden" name="offset" value="0" />
  <?php __("Items per page:"); ?> <select name="count" class="inl" onchange="submit()"><?php eoption($counts,$count); ?></select>
 </form>
@@ -124,7 +124,7 @@ if (empty($allmails_list) && empty($search)) {
 
 <form method="post" action="mail_del.php">
    <?php csrf_get(); ?>
- <input type="hidden" name="domain_id" value="<?php echo $domain_id; ?>" />
+ <input type="hidden" name="domain_id" value="<?php ehe($domain_id); ?>" />
 <table class="tlist">
 <tr><th></th><th></th><th><?php __("Enabled");?></th><th style="text-align:right"><?php __("Address"); ?></th><th><?php __("Pop/Imap"); ?></th><th><?php __("Other recipients"); ?></th><th><?php __("Last login time"); ?></th></tr>
 <?php
@@ -148,7 +148,7 @@ if(!empty($mails_list)) {
 	    <td><img src="images/check_no.png" alt="<?php __("Disabled"); ?>" /></td>	  
 	  <?php } else if (!$val["type"]) { ?>
           <td align="center">
-	    <input class="inc" type="checkbox" id="del_<?php echo $i; ?>" name="d[]" value="<?php ehe($val["id"]); ?>" />
+	    <input class="inc" type="checkbox" id="del_<?php ehe($i); ?>" name="d[]" value="<?php ehe($val["id"]); ?>" />
 	</td>
 	<td class="<?php echo $grey; ?>">
 	  <div class="ina edit"><a href="mail_edit.php?mail_id=<?php echo $val["id"] ?>"><?php __("Edit"); ?></a></div></td>
diff --git a/bureau/admin/mail_manage_catchall.php b/bureau/admin/mail_manage_catchall.php
index bb180c89..4fc4667e 100644
--- a/bureau/admin/mail_manage_catchall.php
+++ b/bureau/admin/mail_manage_catchall.php
@@ -108,7 +108,7 @@ __("You can choose what to do with emails sent to unexisting address of this dom
     <td>
       <p>
 	<i><?php __("Enter the 'target' domain"); ?></i><br/>
-        <input type="text" id="target_domain" name="target_domain" value="<?php if($catch['type']=='domain') { echo substr($catch['target'],1); } ?>" placeholder="<?php __("example.tld");?>" />
+        <input type="text" id="target_domain" name="target_domain" value="<?php if($catch['type']=='domain') { ehe(substr($catch['target'],1)); } ?>" placeholder="<?php __("example.tld");?>" />
       </p>
 	<i><?php __("Or choose one of your own"); ?></i>
         <ul>
@@ -121,11 +121,11 @@ __("You can choose what to do with emails sent to unexisting address of this dom
     <th colspan="3"><b><?php __("Redirect to a specific email");?></b></th>
   </tr>
   <tr>
-    <td width="1px"><input type="radio" name="target_type" id='target_type_mail' value="mail" <?php if ($catch['type']=='mail') {echo 'checked="checked"';}?> /></td>
+    <td width="1px"><input type="radio" name="target_type" id='target_type_mail' value="mail" <?php if ($catch['type']=='mail') { echo 'checked="checked"'; } ?> /></td>
     <td style="width: 50%; text-align: justify"><label for='target_type_mail'><?php echo sprintf(_("Mails sent to an unexisting email on '@%s' will be redirect to user@example.tld."),$catch['domain']);?></label></td>
     <td>
       <p>
-        <input type="text" name="target_mail" size="30" value="<?php if($catch['type']=='mail') { echo $catch['target']; } ?>" placeholder="<?php __("john.doe@example.tld");?>" />
+        <input type="text" name="target_mail" size="30" value="<?php if($catch['type']=='mail') { ehe($catch['target']); } ?>" placeholder="<?php __("john.doe@example.tld");?>" />
       </p>
     </td>
   </tr>
diff --git a/bureau/admin/mem_cm.php b/bureau/admin/mem_cm.php
index c635289d..380cb33f 100644
--- a/bureau/admin/mem_cm.php
+++ b/bureau/admin/mem_cm.php
@@ -49,7 +49,7 @@ if (isset($error) && $error) {
 ?>
 <form method="post" action="mem_cm2.php">
 	<table border="1" cellspacing="0" cellpadding="4">
-		<tr><td colspan="2"><input type="hidden" name="usr" value="<?php echo $usr; ?>" /><input type="hidden" name="cookie" value="<?php echo $cookie; ?>" />
+		<tr><td colspan="2"><input type="hidden" name="usr" value="<?php ehe($usr); ?>" /><input type="hidden" name="cookie" value="<?php ehe($cookie); ?>" />
 <?php __("Change the email of the account"); ?><br />
 		<?php __("Enter the key you got when you requested the mailbox change, then click the OK button."); ?></td></tr>
 		<tr><th><label for="cle"><?php __("Key"); ?></label></th><td><input type="text" class="int" name="cle" id="cle" value="<?php ehe($cle); ?>" size="8" maxlength="8" /></td></tr>
diff --git a/bureau/admin/mem_param.php b/bureau/admin/mem_param.php
index ea6a9013..c6c20b5a 100755
--- a/bureau/admin/mem_param.php
+++ b/bureau/admin/mem_param.php
@@ -85,9 +85,9 @@ echo "<p>";
 <input type="password" style="display: none" id="fakePassword" name="fakePassword" value="" />
 
 <table border="1" cellspacing="0" cellpadding="4" class="tedit" >
-<tr><th><?php __("Old password"); ?></th><td><input type="password" class="int" name="oldpass" value="<?php isset($oldpass) ? : $oldpass=""; echo $oldpass; ?>" size="20" maxlength="128" /></td></tr>
-<tr><th><?php __("New password"); ?> (1)</th><td><input type="password" class="int" autocomplete="off" id="newpass" name="newpass" value="<?php isset($newpass) ? : $newpass=""; echo $newpass;  ?>" size="20" maxlength="60" /><?php display_div_generate_password(DEFAULT_PASS_SIZE,"#newpass","#newpass2"); ?></td></tr>
-<tr><th><?php __("New password"); ?> (2)</th><td><input type="password" class="int" autocomplete="off" id="newpass2" name="newpass2" value="<?php isset($newpass2) ? : $newpass2=""; echo $newpass2;?>" size="20" maxlength="61" /></td></tr>
+<tr><th><?php __("Old password"); ?></th><td><input type="password" class="int" name="oldpass" value="<?php isset($oldpass) ? : $oldpass=""; ehe($oldpass); ?>" size="20" maxlength="128" /></td></tr>
+<tr><th><?php __("New password"); ?> (1)</th><td><input type="password" class="int" autocomplete="off" id="newpass" name="newpass" value="<?php isset($newpass) ? : $newpass=""; ehe($newpass);  ?>" size="20" maxlength="60" /><?php display_div_generate_password(DEFAULT_PASS_SIZE,"#newpass","#newpass2"); ?></td></tr>
+<tr><th><?php __("New password"); ?> (2)</th><td><input type="password" class="int" autocomplete="off" id="newpass2" name="newpass2" value="<?php isset($newpass2) ? : $newpass2=""; ehe($newpass2);?>" size="20" maxlength="61" /></td></tr>
 <tr class="trbtn"><td colspan="3"><input type="submit" class="inb ok" name="submit" value="<?php __("Change my password"); ?>" /></td></tr>
 </table>
 </form>
@@ -101,7 +101,7 @@ echo "<p>";
 	<table border="1" cellspacing="0" cellpadding="4" class="tedit">
 		<tr><td colspan="2"><?php __("help_chg_mail"); ?></td></tr>
 		<tr><th><?php __("Current mailbox"); ?></th><td><big><code><?php echo $mem->user["mail"]; ?></code></big></td></tr>
-		<tr><th><?php __("New mailbox"); ?></th><td><input type="text" class="int" name="newmail" value="<?php   isset($newmail) ? : $newmail=""; echo $newmail;?>" size="40" maxlength="128" /></td></tr>
+		<tr><th><?php __("New mailbox"); ?></th><td><input type="text" class="int" name="newmail" value="<?php   isset($newmail) ? : $newmail=""; ehe($newmail);?>" size="40" maxlength="128" /></td></tr>
 		<tr class="trbtn"><td colspan="3"><input type="submit" class="inb ok" name="submit" value="<?php __("Change my email address"); ?>" /></td></tr>
 	</table>
 </form>
diff --git a/bureau/admin/phpinfo.php b/bureau/admin/phpinfo.php
deleted file mode 100644
index 9f016e1f..00000000
--- a/bureau/admin/phpinfo.php
+++ /dev/null
@@ -1,5 +0,0 @@
-<?php
-
-echo phpinfo();
-
-?>
diff --git a/bureau/admin/piwik_site_dodel.php b/bureau/admin/piwik_site_dodel.php
index 6cf1bba3..11b01385 100755
--- a/bureau/admin/piwik_site_dodel.php
+++ b/bureau/admin/piwik_site_dodel.php
@@ -67,7 +67,7 @@ include_once('head.php');
 
   <form method="post" action="piwik_site_dodel.php" name="main" id="main">
   <?php csrf_get(); ?>
-    <input type="hidden" name="siteid"  value="<?php echo $siteid;?>" />
+    <input type="hidden" name="siteid"  value="<?php ehe($siteid);?>" />
     <input type="submit" class="inb" name="confirm_del" value="<?php __("Delete")?>" />
     <input type="button" class="inb" name="cancel" value="<?php __("Cancel"); ?>" onclick="document.location='piwik_sitelist.php'" />
   </form>
diff --git a/bureau/admin/piwik_user_dodel.php b/bureau/admin/piwik_user_dodel.php
index 0c54a5e6..3fc42114 100755
--- a/bureau/admin/piwik_user_dodel.php
+++ b/bureau/admin/piwik_user_dodel.php
@@ -65,7 +65,7 @@ include_once('head.php');
 
   <form method="post" action="piwik_user_dodel.php" name="main" id="main">
   <?php csrf_get(); ?>
-    <input type="hidden" name="login"  value="<?php echo $login;?>" />
+    <input type="hidden" name="login"  value="<?php ehe($login);?>" />
     <input type="submit" class="inb" name="confirm_del" value="<?php __("Delete")?>" />
     <input type="button" class="inb" name="cancel" value="<?php __("Cancel"); ?>" onclick="document.location='piwik_userlist.php'" />
   </form>
diff --git a/bureau/admin/sql_bck.php b/bureau/admin/sql_bck.php
index 723f0792..07415296 100755
--- a/bureau/admin/sql_bck.php
+++ b/bureau/admin/sql_bck.php
@@ -70,7 +70,7 @@ if (is_array($r)) {
 <tr>
 	<th><label><?php __("Do MySQL backup?"); ?></label></th>
 	<td>
-        <input type="hidden" name="id" value="<?php echo $id; ?>" />
+        <input type="hidden" name="id" value="<?php ehe($id); ?>" />
         <input type="radio" class="inc" id="bck_mode0" name="bck_mode" value="0"<?php cbox($r["bck"]==0); ?>/><label for="bck_mode0"><?php __("No backup"); ?></label><br />
 	<input type="radio" class="inc" id="bck_mode1" name="bck_mode" value="1"<?php cbox($r["bck"]==1); ?>/><label for="bck_mode1"><?php __("Weekly backup"); ?></label><br />
 	<input type="radio" class="inc" id="bck_mode2" name="bck_mode" value="2"<?php cbox($r["bck"]==2); ?>/><label for="bck_mode2"><?php __("Daily backup"); ?></label><br />
@@ -99,7 +99,7 @@ if (is_array($r)) {
 </tr>
 <tr>
 	<th><label for="bck_dir"><?php __("In which folder do you want to store the backups?"); ?></label></th>
-	<td><input type="text" class="int" name="bck_dir" id="bck_dir" size="30" maxlength="255" value="<?php @ehe($r["dir"]); ?>" />
+	<td><input type="text" class="int" name="bck_dir" id="bck_dir" size="30" maxlength="255" value="<?php ehe($r["dir"]); ?>" />
 	<?php display_browser( isset($r["dir"])?$r["dir"]:"" , "bck_dir" ); ?>
 </td>
 </tr>
diff --git a/bureau/admin/sql_del.php b/bureau/admin/sql_del.php
index 893301d2..550e1050 100755
--- a/bureau/admin/sql_del.php
+++ b/bureau/admin/sql_del.php
@@ -82,7 +82,7 @@ if (!$found) {
 reset($_POST);
 while (list($key,$val)=each($_POST)) {
   if (substr($key,0,4)=="del_") {
-    echo "<input type=\"hidden\" name=\"$key\" value=\"$val\" />".$val."<br />\n";
+      echo "<input type=\"hidden\" name=\"".ehe($key,false)."\" value=\"".ehe($val,false)."\" />".ehe($val,false)."<br />\n";
   }
 }
 
diff --git a/bureau/admin/sql_restore.php b/bureau/admin/sql_restore.php
index cb515c41..80b0b744 100755
--- a/bureau/admin/sql_restore.php
+++ b/bureau/admin/sql_restore.php
@@ -63,7 +63,7 @@ echo "</p>";
 ?>
 <form action="sql_dorestore.php" method="post">
   <?php csrf_get(); ?>
-<input type="hidden" name="id" value="<?php echo $id ?>" />
+<input type="hidden" name="id" value="<?php ehe($id); ?>" />
 <p><label for="restfile"><?php __("Please enter the path and the filename containing SQL data to be restored."); ?></label></p>
 <p><input type="text" class="int" id="restfile" name="restfile" size="35" maxlength="255" value="<?php ehe($filename); ?>" /> <input class="inb" type="submit" name="submit" onClick='return restfilenotempty();' value="<?php __("Restore my database"); ?>" /><i><?php __("Tip: you can restore a file directly in the File Browser");?></i></p>
 </form>
diff --git a/bureau/admin/sql_users_del.php b/bureau/admin/sql_users_del.php
index d558984d..9e087def 100755
--- a/bureau/admin/sql_users_del.php
+++ b/bureau/admin/sql_users_del.php
@@ -69,7 +69,7 @@ include_once("head.php");
 reset($_POST);
 while (list($key,$val)=each($_POST)) {
   if (substr($key,0,4)=="del_") {
-    echo "<input type=\"hidden\" name=\"$key\" value=\"$val\" />".$val."<br />\n";
+      echo "<input type=\"hidden\" name=\"".ehe($key,false)."\" value=\"".ehe($val,false)."\" />".ehe($val,false)."<br />\n";
   }
 }
 
diff --git a/bureau/admin/sql_users_password.php b/bureau/admin/sql_users_password.php
index f9f41142..71592ede 100755
--- a/bureau/admin/sql_users_password.php
+++ b/bureau/admin/sql_users_password.php
@@ -54,7 +54,7 @@ if (! empty($error) ) {
 
 <form method="post" action="sql_users_dopassword.php" autocomplete="off">
   <?php csrf_get(); ?>
-<input type="hidden" name="id" value="<?php echo $id; ?>" />
+<input type="hidden" name="id" value="<?php ehe($id); ?>" />
 
 <!-- honeypot fields -->
 <input type="text" style="display: none" id="fakeUsername" name="fakeUsername" value="" />
diff --git a/bureau/admin/sql_users_rights.php b/bureau/admin/sql_users_rights.php
index b235d248..d7608bcc 100755
--- a/bureau/admin/sql_users_rights.php
+++ b/bureau/admin/sql_users_rights.php
@@ -55,7 +55,7 @@ if ($r) {
 
 <form method="post" action="sql_users_dorights.php">
     <?php csrf_get(); ?>
-<input type="hidden" name="id" value="<?php echo $id; ?>" />
+<input type="hidden" name="id" value="<?php ehe($id); ?>" />
 <table cellspacing="0" cellpadding="4" class="tlist ombrage">
    <tr class="petit">
      <th>&nbsp;</th>
diff --git a/bureau/class/functions.php b/bureau/class/functions.php
index 8c4808eb..e6e062c6 100755
--- a/bureau/class/functions.php
+++ b/bureau/class/functions.php
@@ -633,6 +633,26 @@ function ehe($str, $affiche = TRUE) {
     return $retour;
 }
 
+/**
+  /* Echo the URLENCODED version of a value.
+ * Must be called when pre-filling fields values in URLS such as : 
+ * document.location='logs_tail.php?file=<?php eue($file); ?>
+ * Use the charset of the current language for transcription
+ * 
+ * @global string $charset
+ * @param string $str
+ * @param boolean $affiche
+ * @return string
+ */
+function eue($str, $affiche = TRUE) {
+    global $charset;
+    $retour = urlencode($str);
+    if ($affiche) {
+        echo $retour;
+    }
+    return $retour;
+}
+
 /* Get the Fields of the posted form from $_REQUEST or POST or GET
  * and check their type
  */