diff --git a/htdocs/core/lib/files.lib.php b/htdocs/core/lib/files.lib.php
index 67b638fe9be5757516f6762d9e9bbf5a562fd778..96efcf9fdde194b039d6402e731b5c63ebd3044b 100644
--- a/htdocs/core/lib/files.lib.php
+++ b/htdocs/core/lib/files.lib.php
@@ -1233,13 +1233,15 @@ function dol_most_recent_file($dir,$regexfilter='',$excludefilter=array('\.meta$
  *
  * @param	string	$modulepart			Module of document
  * @param	string	$original_file		Relative path with filename
+ * @param	string	$entity				Restrict onto entity
  * @return	mixed						Array with access information : accessallowed & sqlprotectagainstexternals & original_file (as full path name)
  */
-function dol_check_secure_access_document($modulepart,$original_file)
+function dol_check_secure_access_document($modulepart,$original_file,$entity)
 {
 	global $user, $conf;
 
 	if (empty($modulepart)) return 'ErrorBadParameter';
+	if (empty($entity)) $entity=0;
 
 	// We define $accessallowed and $sqlprotectagainstexternals
 	$accessallowed=0;
diff --git a/htdocs/document.php b/htdocs/document.php
index 6802af456af854efc03e5844d8dce585189a7ed7..e5566b1aee6e1eb80617b83d8fd08c55ce83ee7e 100644
--- a/htdocs/document.php
+++ b/htdocs/document.php
@@ -96,7 +96,7 @@ $refname=basename(dirname($original_file)."/");
 
 // Security check
 if (empty($modulepart)) accessforbidden('Bad value for parameter modulepart');
-$check_access = dol_check_secure_access_document($modulepart,$original_file);
+$check_access = dol_check_secure_access_document($modulepart,$original_file,$entity);
 $accessallowed              = $check_access['accessallowed'];
 $sqlprotectagainstexternals = $check_access['sqlprotectagainstexternals'];
 $original_file              = $check_access['original_file'];
diff --git a/htdocs/viewimage.php b/htdocs/viewimage.php
index 3dda49f4fd71706063dbc4bda841b5adbbd43832..5d3290a259d35544bf642c376a86ca5a24b73816 100644
--- a/htdocs/viewimage.php
+++ b/htdocs/viewimage.php
@@ -100,7 +100,7 @@ $original_file = str_replace("../","/", $original_file);
 
 // Security check
 if (empty($modulepart)) accessforbidden('Bad value for parameter modulepart');
-$check_access = dol_check_secure_access_document($modulepart,$original_file);
+$check_access = dol_check_secure_access_document($modulepart,$original_file,$entity);
 $accessallowed              = $check_access['accessallowed'];
 $sqlprotectagainstexternals = $check_access['sqlprotectagainstexternals'];
 $original_file              = $check_access['original_file'];
diff --git a/htdocs/webservices/server_other.php b/htdocs/webservices/server_other.php
index 23c2280700273d52a3570b906902a2beddafcec2..bb296f567942c0346197b4deff7b6d768bfa7123 100644
--- a/htdocs/webservices/server_other.php
+++ b/htdocs/webservices/server_other.php
@@ -192,7 +192,7 @@ function getDocument($authentication, $modulepart, $file)
 	$error=0;
 
 	// Properties of doc
-	$original_file = $file;	
+	$original_file = $file;
 	$type=dol_mimetype($original_file);
 	$relativefilepath = $ref . "/";
 	$relativepath = $relativefilepath . $ref.'.pdf';
@@ -221,10 +221,10 @@ function getDocument($authentication, $modulepart, $file)
 		$refname=basename(dirname($original_file)."/");
 
 		// Security check
-		$accessallowed=0;
-		$check_access = dol_check_secure_access_document($modulepart,$original_file);
-		$accessallowed=$check_access['accessallowed'];
+		$check_access = dol_check_secure_access_document($modulepart,$original_file,$conf->entity);
+		$accessallowed              = $check_access['accessallowed'];
 		$sqlprotectagainstexternals = $check_access['sqlprotectagainstexternals'];
+		$original_file              = $check_access['original_file'];
 
 		// Basic protection (against external users only)
 		if ($fuser->societe_id > 0)
@@ -277,27 +277,27 @@ function getDocument($authentication, $modulepart, $file)
 			if(file_exists($original_file))
 			{
 				dol_syslog("Function: getDocument $original_file $filename content-type=$type");
-				
+
 				$file=$fileparams['fullname'];
 				$filename = basename($file);
-	
+
 				$f = fopen($original_file,'r');
 				$content_file = fread($f,filesize($original_file));
-	
+
 				$objectret = array(
 					'filename' => basename($original_file),
 					'mimetype' => dol_mimetype($original_file),
 					'content' => base64_encode($content_file),
 					'length' => filesize($original_file)
 				);
-			
+
 				// Create return object
 				$objectresp = array(
 					'result'=>array('result_code'=>'OK', 'result_label'=>''),
 					'document'=>$objectret
 				);
 			}
-			else 
+			else
 			{
 				dol_syslog("File doesn't exist ".$original_file);
 				$errorcode='NOT_FOUND';