diff --git a/htdocs/comm/mailing/fiche.php b/htdocs/comm/mailing/fiche.php
index f1bb181601c..34ae1744fed 100644
--- a/htdocs/comm/mailing/fiche.php
+++ b/htdocs/comm/mailing/fiche.php
@@ -20,7 +20,7 @@
 /**
  *       \file       htdocs/comm/mailing/fiche.php
  *       \ingroup    mailing
- *       \brief      Fiche mailing, onglet g�n�ral
+ *       \brief      Fiche mailing, onglet general
  *       \version    $Id$
  */
 
@@ -527,21 +527,21 @@ else
 		// Confirmation de la validation du mailing
 		if ($_GET["action"] == 'valide')
 		{
-			$ret=$html->form_confirm("fiche.php?id=".$mil->id,$langs->trans("ValidMailing"),$langs->trans("ConfirmValidMailing"),"confirm_valide");
+			$ret=$html->form_confirm($_SERVER["PHP_SELF"]."?id=".$mil->id,$langs->trans("ValidMailing"),$langs->trans("ConfirmValidMailing"),"confirm_valide");
 			if ($ret == 'html') print '<br>';
 		}
 
 		// Confirm reset
 		if ($_GET["action"] == 'reset')
 		{
-			$ret=$html->form_confirm("fiche.php?id=".$mil->id,$langs->trans("ResetMailing"),$langs->trans("ConfirmResetMailing",$mil->ref),"confirm_reset");
+			$ret=$html->form_confirm($_SERVER["PHP_SELF"]."?id=".$mil->id,$langs->trans("ResetMailing"),$langs->trans("ConfirmResetMailing",$mil->ref),"confirm_reset");
 			if ($ret == 'html') print '<br>';
 		}
 
 		// Confirm delete
 		if ($_GET["action"] == 'delete')
 		{
-			$ret=$html->form_confirm("fiche.php?id=".$mil->id,$langs->trans("DeleteAMailing"),$langs->trans("ConfirmDeleteMailing"),"confirm_delete");
+			$ret=$html->form_confirm($_SERVER["PHP_SELF"]."?id=".$mil->id,$langs->trans("DeleteAMailing"),$langs->trans("ConfirmDeleteMailing"),"confirm_delete");
 			if ($ret == 'html') print '<br>';
 		}
 
diff --git a/htdocs/html.form.class.php b/htdocs/html.form.class.php
index f7c1dce51b3..eafc3652571 100644
--- a/htdocs/html.form.class.php
+++ b/htdocs/html.form.class.php
@@ -1619,7 +1619,7 @@ class Form
 		{
 			print '<form method="post" action="'.$page.'" class="notoptoleftroright">';
 			print '<input type="hidden" name="action" value="'.$action.'">';
-			print '<input type="hidden" name="token_level_2" value="'.$_SESSION['newtoken'].'">';
+			if (is_array($formquestion)) print '<input type="hidden" name="token_level_2" value="'.$_SESSION['newtoken'].'">';
 
 			print '<table width="100%" class="valid">';
 
diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php
index 65892ff3b1c..5df8a2669ca 100644
--- a/htdocs/main.inc.php
+++ b/htdocs/main.inc.php
@@ -183,8 +183,8 @@ if (isset($_POST['token_level_1']) && isset($_SESSION['token_level_1']))
 	//print 'session_token_level_1='.$_SESSION['token_level_1'].'<br>';
 	if ($_POST['token_level_1'] != $_SESSION['token_level_1'])
 	{
-		unset($_POST);
 		dol_syslog("Invalid token_level_1 in ".$_SERVER['HTTP_REFERER'].", action=".$_POST['action'].", _POST['token_level_1']=".$_POST['token_level_1'].", _SESSION['token_level_1']=".$_SESSION['token_level_1']);
+		unset($_POST);
 	}
 }
 else if (isset($_POST['token_level_2']) && isset($_SESSION['token_level_2']))
@@ -193,8 +193,8 @@ else if (isset($_POST['token_level_2']) && isset($_SESSION['token_level_2']))
 	//print 'session_token_level_2='.$_SESSION['token_level_2'].'<br>';
 	if ($_POST['token_level_2'] != $_SESSION['token_level_2'])
 	{
-		unset($_POST);
 		dol_syslog("Invalid token_level_2 in ".$_SERVER['HTTP_REFERER'].", action=".$_POST['action'].", _POST['token_level_2']=".$_POST['token_level_2'].", _SESSION['token_level_2']=".$_SESSION['token_level_2']);
+		unset($_POST);
 	}
 }