diff --git a/main/document/edit_document.php b/main/document/edit_document.php
index 891873f314..a697a70cbe 100755
--- a/main/document/edit_document.php
+++ b/main/document/edit_document.php
@@ -255,9 +255,9 @@ function change_name($base_work_dir, $source_file, $rename_to, $dir, $doc) {
 
 if (isset($_POST['newComment'])) {
 	// Fixing the path if it is wrong
-	$commentPath = str_replace('//', '/', Database::escape_string(Security::remove_XSS($_POST['commentPath'])));
-	$newComment = trim(Database::escape_string(Security::remove_XSS($_POST['newComment']))); // Remove spaces
-	$newTitle = trim(Database::escape_string(Security::remove_XSS($_POST['newTitle']))); // Remove spaces
+	$commentPath 	= str_replace('//', '/', Database::escape_string(Security::remove_XSS($_POST['commentPath'])));
+	$newComment 	= trim(Database::escape_string($_POST['newComment'])); // Remove spaces
+	$newTitle 		= trim(Database::escape_string($_POST['newTitle'])); // Remove spaces
 	// Check whether there is already a database record for this file
 	$result = Database::query ("SELECT * FROM $dbTable WHERE path LIKE BINARY '".$commentPath."'");
 	while ($row = Database::fetch_array($result, 'ASSOC')) {
@@ -267,9 +267,8 @@ if (isset($_POST['newComment'])) {
 	// Determine the correct query to the DB,
 	// new code always keeps document in database
 	$query = "UPDATE $dbTable
-		SET comment='".$newComment."', title='".$newTitle."'
-		WHERE path
-		LIKE BINARY '".$commentPath."'";
+				SET comment='".$newComment."', title='".$newTitle."'
+				WHERE path	LIKE BINARY '".$commentPath."'";
 	Database::query($query);
 	$oldComment = $newComment;
 	$oldTitle = $newTitle;
diff --git a/main/dropbox/dropbox_functions.inc.php b/main/dropbox/dropbox_functions.inc.php
index 43627f0c92..e6bddda23b 100755
--- a/main/dropbox/dropbox_functions.inc.php
+++ b/main/dropbox/dropbox_functions.inc.php
@@ -339,22 +339,22 @@ function store_addcategory() {
 	if (!$_POST['edit_id']) {
 		$session_id = api_get_session_id();
 		// step 3a, we check if the category doesn't already exist
-		$sql = "SELECT * FROM ".$dropbox_cnf['tbl_category']." WHERE user_id='".$_user['user_id']."' AND cat_name='".Database::escape_string(Security::remove_XSS($_POST['category_name']))."' AND received='".$received."' AND sent='$sent' AND session_id='$session_id'";
+		$sql = "SELECT * FROM ".$dropbox_cnf['tbl_category']." WHERE user_id='".$_user['user_id']."' AND cat_name='".Database::escape_string($_POST['category_name'])."' AND received='".$received."' AND sent='$sent' AND session_id='$session_id'";
 		$result = Database::query($sql);
 
 		// step 3b, we add the category if it does not exist yet.
 		if (Database::num_rows($result) == 0) {
 			$sql = "INSERT INTO ".$dropbox_cnf['tbl_category']." (cat_name, received, sent, user_id, session_id)
-					VALUES ('".Database::escape_string(Security::remove_XSS($_POST['category_name']))."', '".Database::escape_string($received)."', '".Database::escape_string($sent)."', '".Database::escape_string($_user['user_id'])."',$session_id)";
+					VALUES ('".Database::escape_string($_POST['category_name'])."', '".Database::escape_string($received)."', '".Database::escape_string($sent)."', '".Database::escape_string($_user['user_id'])."',$session_id)";
 			Database::query($sql);
 			return array('type' => 'confirmation', 'message' => get_lang('CategoryStored'));
 		} else {
 			return array('type' => 'error', 'message' => get_lang('CategoryAlreadyExistsEditIt'));
 		}
 	} else {
-		$sql = "UPDATE ".$dropbox_cnf['tbl_category']." SET cat_name='".Database::escape_string(Security::remove_XSS($_POST['category_name']))."', received='".Database::escape_string($received)."' , sent='".Database::escape_string($sent)."'
+		$sql = "UPDATE ".$dropbox_cnf['tbl_category']." SET cat_name='".Database::escape_string($_POST['category_name'])."', received='".Database::escape_string($received)."' , sent='".Database::escape_string($sent)."'
 				WHERE user_id='".Database::escape_string($_user['user_id'])."'
-				AND cat_id='".Database::escape_string(Security::remove_XSS($_POST['edit_id']))."'";
+				AND cat_id='".Database::escape_string($_POST['edit_id'])."'";
 		Database::query($sql);
 		return array('type' => 'confirmation', 'message' => get_lang('CategoryModified'));
 	}
diff --git a/main/exercice/exercice.php b/main/exercice/exercice.php
index 8e5c80ec37..d11edc7c5d 100755
--- a/main/exercice/exercice.php
+++ b/main/exercice/exercice.php
@@ -274,7 +274,7 @@ if ($show == 'result' && $_REQUEST['comments'] == 'update' && ($is_allowedToEdit
 	//search items
 	if (isset($_POST['my_exe_exo_id']) && isset($_POST['student_id'])) {
 		$sql_lp='SELECT li.id as lp_item_id,li.lp_id,li.item_type,li.path,liv.id AS lp_view_id,liv.user_id,max(liv.view_count) AS view_count FROM '.$TBL_LP_ITEM.' li
-		INNER JOIN '.$TBL_LP_VIEW.' liv ON li.lp_id=liv.lp_id WHERE li.path="'.Database::escape_string(Security::remove_XSS($_POST['my_exe_exo_id'])).'" AND li.item_type="quiz" AND user_id="'.Database::escape_string($_POST['student_id']).'" ';
+		INNER JOIN '.$TBL_LP_VIEW.' liv ON li.lp_id=liv.lp_id WHERE li.path="'.Database::escape_string($_POST['my_exe_exo_id']).'" AND li.item_type="quiz" AND user_id="'.Database::escape_string($_POST['student_id']).'" ';
 		$rs_lp=Database::query($sql_lp);
 		if (!($rs_lp===false)) {
 			$row_lp=Database::fetch_array($rs_lp);
diff --git a/main/exercice/exercise.class.php b/main/exercice/exercise.class.php
old mode 100644
new mode 100755
index 49602753d0..d0f59c7550
--- a/main/exercice/exercise.class.php
+++ b/main/exercice/exercise.class.php
@@ -571,10 +571,7 @@ class Exercise
         
 		// exercise already exists
 		if($id) {
-		/*
-		title='".Database::escape_string(Security::remove_XSS($exercise))."',
-		description='".Database::escape_string(Security::remove_XSS(api_html_entity_decode($description),COURSEMANAGERLOWSECURITY))."'";
-		*/
+
 			$sql="UPDATE $TBL_EXERCICES SET
 						title='".Database::escape_string($exercise)."',
 						description='".Database::escape_string($description)."'";
diff --git a/main/exercice/question.class.php b/main/exercice/question.class.php
index 0871e14583..5578431c6a 100755
--- a/main/exercice/question.class.php
+++ b/main/exercice/question.class.php
@@ -587,8 +587,8 @@ abstract class Question
 		// question already exists
 		if(!empty($id)) {
 			$sql="UPDATE $TBL_QUESTIONS SET
-					question 	='".Database::escape_string(Security::remove_XSS($question))."',
-					description	='".Database::escape_string(Security::remove_XSS(api_html_entity_decode($description),COURSEMANAGERLOWSECURITY))."',
+					question 	='".Database::escape_string($question)."',
+					description	='".Database::escape_string($description)."',
 					ponderation	='".Database::escape_string($weighting)."',
 					position	='".Database::escape_string($position)."',
 					type		='".Database::escape_string($type)."',
@@ -619,8 +619,8 @@ abstract class Question
 			$position = $this -> position;
 
 			$sql="INSERT INTO $TBL_QUESTIONS(question,description,ponderation,position,type,picture,level) VALUES(
-					'".Database::escape_string(Security::remove_XSS($question))."',
-					'".Database::escape_string(Security::remove_XSS(api_html_entity_decode($description),COURSEMANAGERLOWSECURITY))."',
+					'".Database::escape_string($question)."',
+					'".Database::escape_string($description)."',
 					'".Database::escape_string($weighting)."',
 					'".Database::escape_string($position)."',
 					'".Database::escape_string($type)."',
diff --git a/main/forum/forumfunction.inc.php b/main/forum/forumfunction.inc.php
index a359f2cb3e..1ea6eba45f 100755
--- a/main/forum/forumfunction.inc.php
+++ b/main/forum/forumfunction.inc.php
@@ -580,7 +580,7 @@ function store_forum($values) {
 		$sql="UPDATE ".$table_forums." SET
 				forum_title='".$clean_title."',
 				".$sql_image."
-				forum_comment='".Database::escape_string(Security::remove_XSS(stripslashes(api_html_entity_decode($values['forum_comment'])),COURSEMANAGERLOWSECURITY))."',
+				forum_comment='".Database::escape_string($values['forum_comment'])."',
 				forum_category='".Database::escape_string($values['forum_category'])."',
 				allow_anonymous='".Database::escape_string(isset($values['allow_anonymous_group']['allow_anonymous'])?$values['allow_anonymous_group']['allow_anonymous']:null)."',
 				allow_edit='".Database::escape_string($values['students_can_edit_group']['students_can_edit'])."',
diff --git a/main/inc/lib/notebook.lib.php b/main/inc/lib/notebook.lib.php
index db99f03d1d..10816a436c 100755
--- a/main/inc/lib/notebook.lib.php
+++ b/main/inc/lib/notebook.lib.php
@@ -109,8 +109,8 @@ class NotebookManager
 					user_id = '".Database::escape_string(api_get_user_id())."',
 					course = '".Database::escape_string(api_get_course_id())."',
 					session_id = '".Database::escape_string($_SESSION['id_session'])."',
-					title = '".Database::escape_string(Security::remove_XSS($values['note_title']))."',
-					description = '".Database::escape_string(Security::remove_XSS(stripslashes(api_html_entity_decode($values['note_comment'])),COURSEMANAGERLOWSECURITY))."',
+					title = '".Database::escape_string($values['note_title'])."',
+					description = '".Database::escape_string($values['note_comment'])."',
 					update_date = '".Database::escape_string(date('Y-m-d H:i:s'))."'
 				WHERE notebook_id = '".Database::escape_string($values['notebook_id'])."'";
 		$result = Database::query($sql);