diff --git a/htdocs/categories/class/categorie.class.php b/htdocs/categories/class/categorie.class.php
index 77d6718ed17..75ab4cd8414 100644
--- a/htdocs/categories/class/categorie.class.php
+++ b/htdocs/categories/class/categorie.class.php
@@ -781,8 +781,8 @@ class Categorie extends CommonObject
 
 		$objs = array();
 
-		$tmpclass = $this->MAP_OBJ_CLASS[$type];
-		$obj = new $tmpclass($this->db);
+		$classnameforobj = $this->MAP_OBJ_CLASS[$type];
+		$obj = new $classnameforobj($this->db);
 
 		$sql = "SELECT c.fk_".$this->MAP_CAT_FK[$type];
 		$sql .= " FROM ".MAIN_DB_PREFIX."categorie_".$this->MAP_CAT_TABLE[$type]." as c";
@@ -810,8 +810,11 @@ class Categorie extends CommonObject
 			    }
 			    else
 			    {
-				    $obj = new $this->MAP_OBJ_CLASS[$type]($this->db);
-				    $obj->fetch($rec['fk_'.$this->MAP_CAT_FK[$type]]);
+			        $classnameforobj = $this->MAP_OBJ_CLASS[$type];
+
+			        $obj = new $classnameforobj($this->db);
+				    $obj->fetch($rec['fk_' . $this->MAP_CAT_FK[$type]]);
+
 				    $objs[] = $obj;
 			    }
 			}
diff --git a/htdocs/core/class/html.formfile.class.php b/htdocs/core/class/html.formfile.class.php
index 97a4bdf1948..6da413368dc 100644
--- a/htdocs/core/class/html.formfile.class.php
+++ b/htdocs/core/class/html.formfile.class.php
@@ -354,7 +354,7 @@ class FormFile
 
 		// Add entity in $param if not already exists
 		if (!preg_match('/entity\=[0-9]+/', $param)) {
-			$param .= 'entity='.(!empty($object->entity) ? $object->entity : $conf->entity);
+			$param .= ($param ? '&' : '').'entity='.(!empty($object->entity) ? $object->entity : $conf->entity);
 		}
 
 		$printer = 0;
diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php
index 69a31d73d31..b85ae3045c0 100644
--- a/htdocs/core/lib/functions.lib.php
+++ b/htdocs/core/lib/functions.lib.php
@@ -8507,7 +8507,7 @@ function dolGetButtonTitle($label, $helpText = '', $iconClass = 'fa fa-file', $u
         $attr['class'] .= ' classfortooltip';
     }
 
-    if (empty($id)) {
+    if (!empty($id)) {
         $attr['id'] = $id;
     }
 
diff --git a/htdocs/core/lib/security.lib.php b/htdocs/core/lib/security.lib.php
index 225dab1332c..afe5437b0d5 100644
--- a/htdocs/core/lib/security.lib.php
+++ b/htdocs/core/lib/security.lib.php
@@ -1,6 +1,7 @@
 <?php
 /* Copyright (C) 2008-2011 Laurent Destailleur  <eldy@users.sourceforge.net>
  * Copyright (C) 2008-2017 Regis Houssin        <regis.houssin@inodbox.com>
+ * Copyright (C) 2020	   Ferran Marcet        <fmarcet@2byte.es>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -575,6 +576,18 @@ function checkUserAccessToObject($user, $featuresarray, $objectid = 0, $tableand
 				$sql .= " WHERE dbt.".$dbt_select." IN (".$objectid.")";
 				$sql .= " AND dbt.entity IN (".getEntity($sharedelement, 1).")";
 			}
+
+			if ($feature == 'agenda')// Also check myactions rights
+			{
+				if ($objectid > 0 && empty($user->rights->agenda->allactions->read)) {
+					require_once DOL_DOCUMENT_ROOT . '/comm/action/class/actioncomm.class.php';
+					$action = new ActionComm($db);
+					$action->fetch($objectid);
+					if ($action->authorid != $user->id && $action->userownerid != $user->id && !(array_key_exists($user->id, $action->userassigned))) {
+						return false;
+					}
+				}
+			}
 		}
 		elseif (in_array($feature, $checkproject))
 		{