diff --git a/htdocs/comm/action/document.php b/htdocs/comm/action/document.php
index 067699f8709..97a33cbe3b0 100755
--- a/htdocs/comm/action/document.php
+++ b/htdocs/comm/action/document.php
@@ -21,9 +21,9 @@
  */
  
 /**
-        \file       htdocs/product/document.php
-        \ingroup    product
-        \brief      Page des documents joints sur les produits
+        \file       htdocs/comm/action/document.php
+        \ingroup    agenda
+        \brief      Page des documents joints sur les actions
         \version    $Id$
 */
 
@@ -40,7 +40,7 @@ $langs->load("other");
 $langs->load("bills");
 
 if (isset($_GET["error"])) $error=$_GET["error"];
-$upload_dir = $conf->actions->dir_output.'/'.$_GET['id'];
+$objectid = isset($_GET["id"])?$_GET["id"]:'';
 
 // Security check
 if ($user->societe_id > 0) 
@@ -71,11 +71,12 @@ if ( $_POST["sendit"] && $conf->upload )
     /*
      * Creation répertoire si n'existe pas
      */
-    if (! is_dir($upload_dir)) create_exdir($upload_dir);
+	$upload_dir = $conf->actions->dir_output.'/'.sanitize_string($objectid);
+	if (! is_dir($upload_dir)) create_exdir($upload_dir);
 
     if (is_dir($upload_dir))
     {
-        if (dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . $_FILES['userfile']['name'],0))
+        if (dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . $_FILES['userfile']['name'],0) > 0)
         {
             $mesg = '<div class="ok">'.$langs->trans("FileTransferComplete").'</div>';
             //print_r($_FILES);
@@ -94,6 +95,7 @@ if ( $_POST["sendit"] && $conf->upload )
  */
 if ($_GET["action"] == 'delete')
 {
+	$upload_dir = $conf->actions->dir_output.'/'.sanitize_string($objectid);
 	$file = $upload_dir . '/' . urldecode($_GET['urlfile']);
 	dol_delete_file($file);
 }
@@ -106,86 +108,93 @@ if ($_GET["action"] == 'delete')
 llxHeader();
 
 
-if ($_GET["id"] > 0)
+if ($objectid > 0)
 {
 	$act = new ActionComm($db);
-	$act->fetch($_GET["id"]);
-	$res=$act->societe->fetch($act->societe->id);
-	$res=$act->author->fetch();     // Le paramètre est le login, hors seul l'id est chargé.
-	$res=$act->contact->fetch($act->contact->id);
-
-	$h=0;
-
-	$head[$h][0] = DOL_URL_ROOT.'/comm/action/fiche.php?id='.$_GET["id"];
-	$head[$h][1] = $langs->trans("CardAction");
-	$hselected=$h;
-	$h++;
-
-	$head[$h][0] = DOL_URL_ROOT.'/comm/action/document.php?id='.$_GET["id"];
-	$head[$h][1] = $langs->trans('Documents');
-	$hselected=$h;
-	$h++;
-
-	$head[$h][0] = DOL_URL_ROOT.'/comm/action/info.php?id='.$_GET["id"];
-	$head[$h][1] = $langs->trans('Info');
-	$h++;
-	
-	dolibarr_fiche_head($head, $hselected, $langs->trans("Action"));
-
-	// Affichage fiche action en mode visu
-	print '<table class="border" width="100%"';
-
-	// Ref
-	print '<tr><td width="30%">'.$langs->trans("Ref").'</td><td colspan="3">'.$act->id.'</td></tr>';
-
-	// Type
-	print '<tr><td>'.$langs->trans("Type").'</td><td colspan="3">'.$act->type.'</td></tr>';
-
-	// Libelle
-	print '<tr><td>'.$langs->trans("Title").'</td><td colspan="3">'.$act->label.'</td></tr>';
-
-	// Societe - contact
-	print '<tr><td>'.$langs->trans("Company").'</td><td>'.$act->societe->getNomUrl(1).'</td>';
-	print '<td>'.$langs->trans("Contact").'</td>';
-	print '<td>';
-	if ($act->contact->id > 0)
+	if ($act->fetch($objectid))
 	{
-		print $act->contact->getNomUrl(1);
+		$upload_dir = $conf->actions->dir_output.'/'.sanitize_string($objectid);
+		
+		$res=$act->societe->fetch($act->societe->id);
+		$res=$act->author->fetch();     // Le paramètre est le login, hors seul l'id est chargé.
+		$res=$act->contact->fetch($act->contact->id);
+	
+		$h=0;
+	
+		$head[$h][0] = DOL_URL_ROOT.'/comm/action/fiche.php?id='.$objectid;
+		$head[$h][1] = $langs->trans("CardAction");
+		$hselected=$h;
+		$h++;
+	
+		$head[$h][0] = DOL_URL_ROOT.'/comm/action/document.php?id='.$objectid;
+		$head[$h][1] = $langs->trans('Documents');
+		$hselected=$h;
+		$h++;
+	
+		$head[$h][0] = DOL_URL_ROOT.'/comm/action/info.php?id='.$objectid;
+		$head[$h][1] = $langs->trans('Info');
+		$h++;
+		
+		dolibarr_fiche_head($head, $hselected, $langs->trans("Action"));
+	
+		// Affichage fiche action en mode visu
+		print '<table class="border" width="100%"';
+	
+		// Ref
+		print '<tr><td width="30%">'.$langs->trans("Ref").'</td><td colspan="3">'.$act->id.'</td></tr>';
+	
+		// Type
+		print '<tr><td>'.$langs->trans("Type").'</td><td colspan="3">'.$act->type.'</td></tr>';
+	
+		// Libelle
+		print '<tr><td>'.$langs->trans("Title").'</td><td colspan="3">'.$act->label.'</td></tr>';
+	
+		// Societe - contact
+		print '<tr><td>'.$langs->trans("Company").'</td><td>'.$act->societe->getNomUrl(1).'</td>';
+		print '<td>'.$langs->trans("Contact").'</td>';
+		print '<td>';
+		if ($act->contact->id > 0)
+		{
+			print $act->contact->getNomUrl(1);
+		}
+		else
+		{
+			print $langs->trans("None");
+		}
+		
+		print '</td></tr>';
+		
+		// Construit liste des fichiers
+		$filearray=dol_dir_list($upload_dir,"files",0,'','\.meta$',$sortfield,(strtolower($sortorder)=='desc'?SORT_ASC:SORT_DESC),1);
+		$totalsize=0;
+		foreach($filearray as $key => $file)
+		{
+			$totalsize+=$file['size'];
+		}
+		
+		
+		print '<tr><td>'.$langs->trans("NbOfAttachedFiles").'</td><td colspan="3">'.sizeof($filearray).'</td></tr>';
+		print '<tr><td>'.$langs->trans("TotalSizeOfAttachedFiles").'</td><td colspan="3">'.$totalsize.' '.$langs->trans("bytes").'</td></tr>';
+		print '</table>';
+	
+		print '</div>';
+	
+		if ($mesg) { print $mesg."<br>"; }
+	
+		
+		// Affiche formulaire upload
+	   	$formfile=new FormFile($db);
+		$formfile->form_attach_new_file(DOL_URL_ROOT.'/comm/action/document.php?id='.$act->id);
+		
+		
+		// List of document
+		$param='&id='.$act->id;
+		$formfile->list_of_documents($filearray,$act,'actions',$param);
 	}
 	else
 	{
-		print $langs->trans("None");
-	}
-	
-	print '</td></tr>';
-	
-	// Construit liste des fichiers
-	$filearray=dol_dir_list($upload_dir,"files",0,'','\.meta$',$sortfield,(strtolower($sortorder)=='desc'?SORT_ASC:SORT_DESC),1);
-	$totalsize=0;
-	foreach($filearray as $key => $file)
-	{
-		$totalsize+=$file['size'];
-	}
-	
-	
-	print '<tr><td>'.$langs->trans("NbOfAttachedFiles").'</td><td colspan="3">'.sizeof($filearray).'</td></tr>';
-	print '<tr><td>'.$langs->trans("TotalSizeOfAttachedFiles").'</td><td colspan="3">'.$totalsize.' '.$langs->trans("bytes").'</td></tr>';
-	print '</table>';
-
-	print '</div>';
-
-	if ($mesg) { print $mesg."<br>"; }
-
-	
-	// Affiche formulaire upload
-   	$formfile=new FormFile($db);
-	$formfile->form_attach_new_file(DOL_URL_ROOT.'/comm/action/document.php?id='.$act->id);
-	
-	
-	// List of document
-	$param='&id='.$act->id;
-	$formfile->list_of_documents($filearray,$act,'actions',$param);
-	
+		dolibarr_print_error($db);
+	}	
 }
 else
 {
diff --git a/htdocs/comm/propal/document.php b/htdocs/comm/propal/document.php
index ca9a18a3540..630cbedbf3b 100644
--- a/htdocs/comm/propal/document.php
+++ b/htdocs/comm/propal/document.php
@@ -72,12 +72,12 @@ if ($_POST["sendit"] && $conf->upload)
 
 	if ($propal->fetch($propalid))
     {
-        $upload_dir = $conf->propal->dir_output . "/" . $propal->ref;
+        $upload_dir = $conf->propal->dir_output . "/" . sanitize_string($propal->ref);
         if (! is_dir($upload_dir)) create_exdir($upload_dir);
     
         if (is_dir($upload_dir))
         {
-            if (dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . $_FILES['userfile']['name'],0))
+            if (dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . $_FILES['userfile']['name'],0) > 0)
             {
                 $mesg = '<div class="ok">'.$langs->trans("FileTransferComplete").'</div>';
                 //print_r($_FILES);
@@ -100,7 +100,7 @@ if ($action=='delete')
 	$propalid=$_GET["id"];
 	if ($propal->fetch($propalid))
     {
-        $upload_dir = $conf->propal->dir_output . "/" . $propal->ref;
+        $upload_dir = $conf->propal->dir_output . "/" . sanitize_string($propal->ref);
     	$file = $upload_dir . '/' . urldecode($_GET['urlfile']);
     	dol_delete_file($file);
         $mesg = '<div class="ok">'.$langs->trans("FileWasRemoved").'</div>';
@@ -117,12 +117,9 @@ llxHeader();
 if ($propalid > 0)
 {
 	$propal = new Propal($db);
-
 	if ($propal->fetch($propalid))
     {
-		$propref = sanitize_string($propal->ref);
-
-		$upload_dir = $conf->propal->dir_output.'/'.$propref;
+		$upload_dir = $conf->propal->dir_output.'/'.sanitize_string($propal->ref);
 
         $societe = new Societe($db);
         $societe->fetch($propal->socid);
diff --git a/htdocs/commande/document.php b/htdocs/commande/document.php
index 5041a8861c3..03e099dfec9 100644
--- a/htdocs/commande/document.php
+++ b/htdocs/commande/document.php
@@ -74,12 +74,12 @@ if (!$commande->fetch($id)) {
 // Envoi fichier
 if ($_POST["sendit"] && $conf->upload)
 {
-  $upload_dir = $conf->commande->dir_output . "/" . $commande->ref;
+  $upload_dir = $conf->commande->dir_output . "/" . sanitize_string($commande->ref);
   if (! is_dir($upload_dir)) create_exdir($upload_dir);
   
   if (is_dir($upload_dir))
     {
-      if (dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . $_FILES['userfile']['name'],0))
+      if (dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . $_FILES['userfile']['name'],0) > 0)
 	{
 	  $mesg = '<div class="ok">'.$langs->trans("FileTransferComplete").'</div>';
 	  //print_r($_FILES);
@@ -96,7 +96,7 @@ if ($_POST["sendit"] && $conf->upload)
 // Delete
 if ($action=='delete')
 {
-  $upload_dir = $conf->commande->dir_output . "/" . $commande->ref;
+  $upload_dir = $conf->commande->dir_output . "/" . sanitize_string($commande->ref);
   $file = $upload_dir . '/' . urldecode($_GET['urlfile']);
   dol_delete_file($file);
   $mesg = '<div class="ok">'.$langs->trans("FileWasRemoved").'</div>';
@@ -110,9 +110,7 @@ if ($id > 0)
 {
   llxHeader();
 
-  $commanderef = sanitize_string($commande->ref);
-
-  $upload_dir = $conf->commande->dir_output.'/'.$commanderef;
+  $upload_dir = $conf->commande->dir_output.'/'.sanitize_string($commande->ref);
   
   $societe = new Societe($db);
   $societe->fetch($commande->socid);
diff --git a/htdocs/compta/facture/document.php b/htdocs/compta/facture/document.php
index 5279c762982..f1efe458bbc 100644
--- a/htdocs/compta/facture/document.php
+++ b/htdocs/compta/facture/document.php
@@ -20,11 +20,11 @@
  */
 
 /**
-   \file       htdocs/compta/facture/document.php
-   \ingroup    facture
-   \brief      Page de gestion des documents attachées à une facture
-   \version    $Id$
-*/
+ \file       htdocs/compta/facture/document.php
+ \ingroup    facture
+ \brief      Page de gestion des documents attachées à une facture
+ \version    $Id$
+ */
 
 require('./pre.inc.php');
 require_once(DOL_DOCUMENT_ROOT."/facture.class.php");
@@ -37,16 +37,16 @@ $langs->load('compta');
 $langs->load('other');
 
 if (!$user->rights->facture->lire)
-  accessforbidden();
+accessforbidden();
 
 $facid=empty($_GET['facid']) ? 0 : intVal($_GET['facid']);
 $action=empty($_GET['action']) ? (empty($_POST['action']) ? '' : $_POST['action']) : $_GET['action'];
 
 // Security check
-if ($user->societe_id > 0) 
+if ($user->societe_id > 0)
 {
 	unset($_GET["action"]);
-	$action=''; 
+	$action='';
 	$socid = $user->societe_id;
 }
 
@@ -66,107 +66,103 @@ $pagenext = $page + 1;
 /*
  * Actions
  */
- 
+
 // Envoi fichier
 if ($_POST["sendit"] && $conf->upload)
 {
-  $facture = new Facture($db);
-	
-  if ($facture->fetch($facid))
-    {
-      $upload_dir = $conf->facture->dir_output . "/" . $facture->ref;
-      if (! is_dir($upload_dir)) create_exdir($upload_dir);
-      
-      if (is_dir($upload_dir))
-        {
-	  if (dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . $_FILES['userfile']['name'],0))
-            {
-	      $mesg = '<div class="ok">'.$langs->trans("FileTransferComplete").'</div>';
-	      //print_r($_FILES);
-            }
-	  else
-            {
-	      // Echec transfert (fichier dépassant la limite ?)
-	      $mesg = '<div class="error">'.$langs->trans("ErrorFileNotUploaded").'</div>';
-	      // print_r($_FILES);
-            }
-        }
-    }
+	$facture = new Facture($db);
+	if ($facture->fetch($facid))
+	{
+		$upload_dir = $conf->facture->dir_output . "/" . sanitize_string($facture->ref);
+		if (! is_dir($upload_dir)) create_exdir($upload_dir);
+
+		if (is_dir($upload_dir))
+		{
+			if (dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . $_FILES['userfile']['name'],0) > 0)
+			{
+		  		$mesg = '<div class="ok">'.$langs->trans("FileTransferComplete").'</div>';
+		  		//print_r($_FILES);
+			}
+			else
+			{
+		  		// Echec transfert (fichier dépassant la limite ?)
+		  		$mesg = '<div class="error">'.$langs->trans("ErrorFileNotUploaded").'</div>';
+		  		// print_r($_FILES);
+			}
+		}
+	}
 }
 
 // Delete
 if ($action=='delete')
 {
-  	$facture = new Facture($db);
-  
-   	$facid=$_GET["id"];
-  	if ($facture->fetch($facid))
-    {
-      $upload_dir = $conf->facture->dir_output . "/" . $facture->ref;
-      $file = $upload_dir . '/' . urldecode($_GET['urlfile']);
-      dol_delete_file($file);
-      $mesg = '<div class="ok">'.$langs->trans("FileWasRemoved").'</div>';
-    }
+	$facture = new Facture($db);
+
+	$facid=$_GET["id"];
+	if ($facture->fetch($facid))
+	{
+		$upload_dir = $conf->facture->dir_output . "/" . sanitize_string($facture->ref);
+		$file = $upload_dir . '/' . urldecode($_GET['urlfile']);
+		dol_delete_file($file);
+		$mesg = '<div class="ok">'.$langs->trans("FileWasRemoved").'</div>';
+	}
 }
 
 /*
  * Affichage
  */
- 
+
 llxHeader();
 
 if ($facid > 0)
 {
 	$facture = new Facture($db);
-
 	if ($facture->fetch($facid))
 	{
-		$facref = sanitize_string($facture->ref);
-		
-		$upload_dir = $conf->facture->dir_output.'/'.$facref;
-		
+		$upload_dir = $conf->facture->dir_output.'/'.sanitize_string($facture->ref);
+
 		$societe = new Societe($db);
 		$societe->fetch($facture->socid);
 
 		$head = facture_prepare_head($facture);
 		dolibarr_fiche_head($head, 'documents', $langs->trans('InvoiceCustomer'));
 
-		
-	// Construit liste des fichiers
-	$filearray=dol_dir_list($upload_dir,"files",0,'','\.meta$',$sortfield,(strtolower($sortorder)=='desc'?SORT_ASC:SORT_DESC),1);
-	$totalsize=0;
-	foreach($filearray as $key => $file)
-	{
-		$totalsize+=$file['size'];
-	}
-		
-		
-		
+
+		// Construit liste des fichiers
+		$filearray=dol_dir_list($upload_dir,"files",0,'','\.meta$',$sortfield,(strtolower($sortorder)=='desc'?SORT_ASC:SORT_DESC),1);
+		$totalsize=0;
+		foreach($filearray as $key => $file)
+		{
+			$totalsize+=$file['size'];
+		}
+
+
+
 		print '<table class="border"width="100%">';
-		
+
 		// Ref
 		print '<tr><td width="30%">'.$langs->trans('Ref').'</td><td colspan="3">'.$facture->ref.'</td></tr>';
-		
+
 		// Société
 		print '<tr><td>'.$langs->trans('Company').'</td><td colspan="3">'.$societe->getNomUrl(1).'</td></tr>';
-		
+
 		print '<tr><td>'.$langs->trans("NbOfAttachedFiles").'</td><td colspan="3">'.sizeof($filearray).'</td></tr>';
-		print '<tr><td>'.$langs->trans("TotalSizeOfAttachedFiles").'</td><td colspan="3">'.$totalsize.' '.$langs->trans("bytes").'</td></tr>';      
-		print "</table>\n";      
+		print '<tr><td>'.$langs->trans("TotalSizeOfAttachedFiles").'</td><td colspan="3">'.$totalsize.' '.$langs->trans("bytes").'</td></tr>';
+		print "</table>\n";
 		print "</div>\n";
-		
+
 		if ($mesg) { print $mesg."<br>"; }
 
-		
+
 		// Affiche formulaire upload
-       	$formfile=new FormFile($db);
+		$formfile=new FormFile($db);
 		$formfile->form_attach_new_file(DOL_URL_ROOT.'/compta/facture/document.php?facid='.$facture->id);
 
-		
+
 		// List of document
-		$param='&facid='.$facture->id;		
+		$param='&facid='.$facture->id;
 		$formfile->list_of_documents($filearray,$facture,'facture',$param);
-		
+
 	}
 	else
 	{
@@ -175,7 +171,7 @@ if ($facid > 0)
 }
 else
 {
-  print $langs->trans("UnkownError");
+	print $langs->trans("UnkownError");
 }
 
 $db->close();
diff --git a/htdocs/contrat/document.php b/htdocs/contrat/document.php
index db92f09453d..f22999ab408 100644
--- a/htdocs/contrat/document.php
+++ b/htdocs/contrat/document.php
@@ -63,8 +63,7 @@ $pagenext = $page + 1;
 $contrat = new Contrat($db);
 $contrat->fetch($_GET["id"]);
 
-$contratref = sanitize_string($contrat->ref);
-$upload_dir = $conf->contrat->dir_output.'/'.$contratref;
+$upload_dir = $conf->contrat->dir_output.'/'.sanitize_string($contrat->ref);
 $modulepart='contract';
 
 
@@ -80,7 +79,7 @@ if ($_POST["sendit"] && $conf->upload)
 
     if (is_dir($upload_dir))
     {
-        if (dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . $_FILES['userfile']['name'],0))
+        if (dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . $_FILES['userfile']['name'],0) > 0)
         {
             $mesg = '<div class="ok">'.$langs->trans("FileTransferComplete").'</div>';
             //print_r($_FILES);
diff --git a/htdocs/fourn/facture/document.php b/htdocs/fourn/facture/document.php
index 983f2b6b5ff..48c6ba415dc 100644
--- a/htdocs/fourn/facture/document.php
+++ b/htdocs/fourn/facture/document.php
@@ -73,16 +73,15 @@ $pagenext = $page + 1;
 if ($_POST['sendit'] && $conf->upload)
 {
 	$facture = new FactureFournisseur($db);
-
 	if ($facture->fetch($facid))
     {
-		$ref = sanitize_string($facture->ref);
         $upload_dir = $conf->fournisseur->facture->dir_output.'/'.get_exdir($facture->id,2).$facture->id;
+
         if (! is_dir($upload_dir)) create_exdir($upload_dir);
     
         if (is_dir($upload_dir))
         {
-            if (dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . '/' . $_FILES['userfile']['name'],0))
+            if (dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . '/' . $_FILES['userfile']['name'],0) > 0)
             {
                 $mesg = '<div class="ok">'.$langs->trans('FileTransferComplete').'</div>';
                 //print_r($_FILES);
@@ -100,14 +99,14 @@ if ($_POST['sendit'] && $conf->upload)
 // Delete
 if ($action=='delete')
 {
-	$facture = new FactureFournisseur($db);
-
    	$facid=$_GET["id"];
+
+   	$facture = new FactureFournisseur($db);
 	if ($facture->fetch($facid))
     {
-		$ref = sanitize_string($facture->ref);
         $upload_dir = $conf->fournisseur->facture->dir_output.'/'.get_exdir($facture->id,2).$facture->id;
-    	$file = $upload_dir . '/' . urldecode($_GET['urlfile']);
+
+        $file = $upload_dir . '/' . urldecode($_GET['urlfile']);
     	dol_delete_file($file);
         $mesg = '<div class="ok">'.$langs->trans('FileWasRemoved').'</div>';
     }
@@ -123,13 +122,12 @@ llxHeader();
 if ($facid > 0)
 {
 	$facture = new FactureFournisseur($db);
-
 	if ($facture->fetch($facid))
     {
         $facture->fetch_fournisseur();
 
-		$facref = sanitize_string($facture->ref);
 		$upload_dir = $conf->fournisseur->facture->dir_output.'/'.get_exdir($facture->id,2).$facture->id;
+
 		$head = facturefourn_prepare_head($facture);
 		dolibarr_fiche_head($head, 'documents', $langs->trans('SupplierInvoice'));
 
diff --git a/htdocs/product/document.php b/htdocs/product/document.php
index 96e4668e8a0..fc2e8376f0a 100755
--- a/htdocs/product/document.php
+++ b/htdocs/product/document.php
@@ -68,8 +68,7 @@ if ($_GET['id'] || $_GET["ref"])
     if ($_GET["ref"]) $result = $product->fetch('',$_GET["ref"]);
     if ($_GET["id"]) $result = $product->fetch($_GET["id"]);
 
-    $prodref = sanitize_string($product->ref);
-    $upload_dir = $conf->produit->dir_output.'/'.$prodref;
+    $upload_dir = $conf->produit->dir_output.'/'.sanitize_string($product->ref);
 }
 $modulepart='produit';
 
@@ -86,7 +85,7 @@ if ($_POST["sendit"] && $conf->upload)
 
     if (is_dir($upload_dir))
     {
-        if (dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . $_FILES['userfile']['name'],0))
+        if (dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . $_FILES['userfile']['name'],0) > 0)
         {
             $mesg = '<div class="ok">'.$langs->trans("FileTransferComplete").'</div>';
             //print_r($_FILES);
diff --git a/htdocs/societe/document.php b/htdocs/societe/document.php
index 0d52813d403..b403d283c48 100644
--- a/htdocs/societe/document.php
+++ b/htdocs/societe/document.php
@@ -62,12 +62,13 @@ $sortfield=$_GET["sortfield"];
 if (! $sortorder) $sortorder="ASC";
 if (! $sortfield) $sortfield="name";
 
+$upload_dir = $conf->societe->dir_output . "/" . $socid ;
+$courrier_dir = $conf->societe->dir_output . "/courrier/" . get_exdir($socid) ;
+
 
 /*
  * Actions
  */
-$upload_dir = $conf->societe->dir_output . "/" . $socid ;
-$courrier_dir = $conf->societe->dir_output . "/courrier/" . get_exdir($socid) ;
 
 // Envoie fichier
 if ( $_POST["sendit"] && $conf->upload != 0)

'.$langs->trans('Ref').'	'.$facture->ref.'
'.$langs->trans('Company').'	'.$societe->getNomUrl(1).'
'.$langs->trans("NbOfAttachedFiles").'	'.sizeof($filearray).'
'.$langs->trans("TotalSizeOfAttachedFiles").'	'.$totalsize.' '.$langs->trans("bytes").'