diff --git a/htdocs/document.php b/htdocs/document.php
index 1c722e4cb55..ee8b9e9c096 100644
--- a/htdocs/document.php
+++ b/htdocs/document.php
@@ -81,7 +81,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
 
 $encoding = '';
 $action=GETPOST('action','alpha');
-$original_file=GETPOST('file','alpha');		// Do not use urldecode here ($_GET are already decoded by PHP).
+$original_file=GETPOST('file','alphanohtml');		// Do not use urldecode here ($_GET are already decoded by PHP).
 $hashp=GETPOST('hashp','aZ09');
 $modulepart=GETPOST('modulepart','alpha');
 $urlsource=GETPOST('urlsource','alpha');
diff --git a/htdocs/viewimage.php b/htdocs/viewimage.php
index 7493ef6bee9..1053cc530c9 100644
--- a/htdocs/viewimage.php
+++ b/htdocs/viewimage.php
@@ -62,7 +62,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
 
 
 $action=GETPOST('action','alpha');
-$original_file=GETPOST("file",'alpha');
+$original_file=GETPOST('file','alphanohtml');		// Do not use urldecode here ($_GET are already decoded by PHP).
 $modulepart=GETPOST('modulepart','alpha');
 $urlsource=GETPOST("urlsource",'alpha');
 $entity=GETPOST('entity','int')?GETPOST('entity','int'):$conf->entity;