diff --git a/htdocs/core/ajax/objectonoff.php b/htdocs/core/ajax/objectonoff.php
index 9225e8dbb5e..ed670627a90 100644
--- a/htdocs/core/ajax/objectonoff.php
+++ b/htdocs/core/ajax/objectonoff.php
@@ -54,6 +54,9 @@ $format = 'int';
 
 // Load object according to $id and $element
 $object = fetchObjectByElement($id, $element);
+if (!is_object($object)) {
+	httponly_accessforbidden("Bad value for combination of parameters element/field: Object not found.");	// This includes the exit.
+}
 
 $object->fields[$field] = array('type' => $format, 'enabled' => 1);
 
@@ -81,7 +84,7 @@ if (preg_match('/status$/', $field)) {
 } elseif ($element == 'product' && in_array($field, array('tosell', 'tobuy', 'tobatch'))) {	// Special case for products
 	restrictedArea($user, 'produit|service', $object, 'product&product', '', '', 'rowid');
 } else {
-	httponly_accessforbidden("Bad value for combination of parameters element/field.");	// This includes the exit.
+	httponly_accessforbidden("Bad value for combination of parameters element/field: Field not supported.");	// This includes the exit.
 }
 
 
diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php
index a16cc34fd10..d275589885d 100644
--- a/htdocs/core/lib/functions.lib.php
+++ b/htdocs/core/lib/functions.lib.php
@@ -11357,6 +11357,12 @@ function getElementProperties($element_type)
 		$classname = 'Productlot';
 		$element = 'productlot';
 		$subelement = '';
+	} elseif ($element_type == 'websitepage') {
+		$classpath = 'website/class';
+		$classfile = 'websitepage';
+		$classname = 'Websitepage';
+		$module = 'website';
+		$subelement = 'websitepage';
 	}
 
 	if (empty($classfile)) {
@@ -11391,7 +11397,7 @@ function getElementProperties($element_type)
  */
 function fetchObjectByElement($element_id, $element_type, $element_ref = '')
 {
-	global $conf, $db;
+	global $db;
 
 	$ret = 0;
 
diff --git a/htdocs/core/lib/security.lib.php b/htdocs/core/lib/security.lib.php
index 2fe9460e822..710eab4d878 100644
--- a/htdocs/core/lib/security.lib.php
+++ b/htdocs/core/lib/security.lib.php
@@ -332,7 +332,7 @@ function dolGetLdapPasswordHash($password, $type = 'md5')
  *  This method check permission on module then call checkUserAccessToObject() for permission on object (according to entity and socid of user).
  *
  *	@param	User				$user      	  	User to check
- *	@param  string				$features	    Features to check (it must be module $object->element. Can be a 'or' check with 'levela|levelb'.
+ *	@param  string				$features	    Features to check (it must be module name or $object->element. Can be a 'or' check with 'levela|levelb'.
  *												Examples: 'societe', 'contact', 'produit&service', 'produit|service', ...)
  *												This is used to check permission $user->rights->features->...
  *	@param  int|string|object	$object      	Object or Object ID or list of Object ID if we want to check a particular record (optional) is linked to a owned thirdparty (optional).
@@ -364,7 +364,7 @@ function restrictedArea(User $user, $features, $object = 0, $tableandshare = '',
 	//dol_syslog("functions.lib:restrictedArea $feature, $objectid, $dbtablename, $feature2, $dbt_socfield, $dbt_select, $isdraft");
 	//print "user_id=".$user->id.", features=".$features.", feature2=".$feature2.", objectid=".$objectid;
 	//print ", dbtablename=".$tableandshare.", dbt_socfield=".$dbt_keyfield.", dbt_select=".$dbt_select;
-	//print ", perm: ".$features."->".$feature2."=".($user->rights->$features->$feature2->lire)."<br>";
+	//print ", perm: ".$features."->".$feature2."=".($user->hasRight($features, $feature2, 'lire'))."<br>";
 
 	$parentfortableentity = '';
 
@@ -388,9 +388,7 @@ function restrictedArea(User $user, $features, $object = 0, $tableandshare = '',
 		$features = 'adherent';
 		$feature2 = 'cotisation';
 	}
-	if ($features == 'websitepage') {
-		$features = 'website';
-		$tableandshare = 'website_page';
+	if ($features == 'website' && is_object($object) && $object->element == 'websitepage') {
 		$parentfortableentity = 'fk_website@website';
 	}
 	if ($features == 'project') {
diff --git a/htdocs/core/modules/modWebhook.class.php b/htdocs/core/modules/modWebhook.class.php
index c8ddea7dc06..e9f3e7f5baa 100644
--- a/htdocs/core/modules/modWebhook.class.php
+++ b/htdocs/core/modules/modWebhook.class.php
@@ -260,17 +260,17 @@ class modWebhook extends DolibarrModules
 		// Add here entries to declare new permissions
 		/* BEGIN MODULEBUILDER PERMISSIONS */
 		$this->rights[$r][0] = $this->numero . sprintf("%02d", $r + 1); // Permission id (must not be already used)
-		$this->rights[$r][1] = 'Read objects of Webhook'; // Permission label
+		$this->rights[$r][1] = 'Read Webhooks'; // Permission label
 		$this->rights[$r][4] = 'webhook_target';
 		$this->rights[$r][5] = 'read'; // In php code, permission will be checked by test if ($user->rights->webhook->webhook_target->read)
 		$r++;
 		$this->rights[$r][0] = $this->numero . sprintf("%02d", $r + 1); // Permission id (must not be already used)
-		$this->rights[$r][1] = 'Create/Update objects of Webhook'; // Permission label
+		$this->rights[$r][1] = 'Create/Update Webhooks'; // Permission label
 		$this->rights[$r][4] = 'webhook_target';
 		$this->rights[$r][5] = 'write'; // In php code, permission will be checked by test if ($user->rights->webhook->webhook_target->write)
 		$r++;
 		$this->rights[$r][0] = $this->numero . sprintf("%02d", $r + 1); // Permission id (must not be already used)
-		$this->rights[$r][1] = 'Delete objects of Webhook'; // Permission label
+		$this->rights[$r][1] = 'Delete Webhooks'; // Permission label
 		$this->rights[$r][4] = 'webhook_target';
 		$this->rights[$r][5] = 'delete'; // In php code, permission will be checked by test if ($user->rights->webhook->webhook_target->delete)
 		$r++;