diff --git a/htdocs/admin/multicurrency.php b/htdocs/admin/multicurrency.php
index be4de854099..3a479480812 100644
--- a/htdocs/admin/multicurrency.php
+++ b/htdocs/admin/multicurrency.php
@@ -33,7 +33,7 @@ require_once DOL_DOCUMENT_ROOT.'/multicurrency/class/multicurrency.class.php';
 $langs->loadLangs(array('admin', 'multicurrency'));
 
 // Access control
-if (!$user->admin) {
+if (!$user->admin || empty($conf->multicurrency->enabled)) {
 	accessforbidden();
 }
 
@@ -45,7 +45,7 @@ $action = GETPOST('action', 'aZ09');
  * Actions
  */
 
-
+$reg = array();
 if (preg_match('/set_([a-z0-9_\-]+)/i', $action, $reg)) {
 	$code = $reg[1];
 	$value = GETPOST($code, 'alpha');
diff --git a/htdocs/modulebuilder/admin/setup.php b/htdocs/modulebuilder/admin/setup.php
index e9e3ea752f5..62eccc5be18 100644
--- a/htdocs/modulebuilder/admin/setup.php
+++ b/htdocs/modulebuilder/admin/setup.php
@@ -33,9 +33,11 @@ if (!$user->admin || empty($conf->modulebuilder->enabled)) {
 $action = GETPOST('action', 'aZ09');
 $backtopage = GETPOST('backtopage', 'alpha');
 
+
 /*
  * Actions
  */
+
 if ($action == "update") {
 	$res1 = dolibarr_set_const($db, 'MODULEBUILDER_SPECIFIC_README', GETPOST('MODULEBUILDER_SPECIFIC_README', 'restricthtml'), 'chaine', 0, '', $conf->entity);
 	$res2 = dolibarr_set_const($db, 'MODULEBUILDER_ASCIIDOCTOR', GETPOST('MODULEBUILDER_ASCIIDOCTOR', 'nohtml'), 'chaine', 0, '', $conf->entity);
diff --git a/htdocs/multicurrency/multicurrency_rate.php b/htdocs/multicurrency/multicurrency_rate.php
index da7921fa7fe..8f5336450b8 100644
--- a/htdocs/multicurrency/multicurrency_rate.php
+++ b/htdocs/multicurrency/multicurrency_rate.php
@@ -102,11 +102,18 @@ $arrayfields = array(
 $object->fields = dol_sort_array($object->fields, 'position');
 $arrayfields = dol_sort_array($arrayfields, 'position');
 
+// Access control
+// TODO Open this page to a given permission so a sale representative can modify change rates. Permission should be added into module multicurrency.
+// One permission to read rates (history) and one to add/edit rates.
+if (!$user->admin || empty($conf->multicurrency->enabled)) {
+	accessforbidden();
+}
 
 
 /*
  * Actions
  */
+
 if ($action == "create") {
 	if (!empty($rateinput)) {
 		$currencyRate_static = new CurrencyRate($db);
@@ -225,6 +232,7 @@ if (empty($reshook)) {
 	include DOL_DOCUMENT_ROOT.'/core/actions_massactions.inc.php';
 }
 
+
 /*
  * View
  */
@@ -233,8 +241,9 @@ $htmlother = new FormOther($db);
 
 $title = $langs->trans("CurrencyRate");
 $page_name = "ListCurrencyRate";
+$help_url = '';
 
-llxHeader('', $title, $helpurl, '');
+llxHeader('', $title, $help_url, '');
 // Subheader
 $linkback = '<a href="'.DOL_URL_ROOT.'/admin/modules.php?restore_lastsearch_values=1">'.$langs->trans("BackToModuleList").'</a>';
 print load_fiche_titre($langs->trans($page_name), $linkback);