From 88853939402efa9cae40dbe3a29d5c364985fe4c Mon Sep 17 00:00:00 2001
From: William Mead <william@m34d.com>
Date: Sun, 14 Dec 2025 11:54:09 +0100
Subject: [PATCH 1/5] Fixed document upload for third party

---
 htdocs/api/class/api_documents.class.php | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/htdocs/api/class/api_documents.class.php b/htdocs/api/class/api_documents.class.php
index 6f995b9917b..516294ce380 100644
--- a/htdocs/api/class/api_documents.class.php
+++ b/htdocs/api/class/api_documents.class.php
@@ -892,7 +892,7 @@ class Documents extends DolibarrApi
 				require_once DOL_DOCUMENT_ROOT.'/contact/class/contact.class.php';
 				$object = new Contact($this->db);
 				$fetchbyid = true;
-			} elseif ($modulepart == 'societe' || $modulepart == 'company') {
+			} elseif ($modulepart == 'societe' || $modulepart == 'company' || $modulepart == 'thirdparty') {
 				$modulepart = 'societe';
 				require_once DOL_DOCUMENT_ROOT.'/societe/class/societe.class.php';
 				$object = new Societe($this->db);
@@ -948,7 +948,11 @@ class Documents extends DolibarrApi
 
 			// Test on permissions
 			//if ($modulepart != 'ecm') {	// Here $modulepart is always != 'ecm'
-			$relativefile = $tmpreldir.dol_sanitizeFileName($object->ref);
+			if ($modulepart == 'societe' || $modulepart == 'company' || $modulepart == 'thirdparty') {
+				$relativefile = $tmpreldir.dol_sanitizeFileName($object->id);
+			} else {
+				$relativefile = $tmpreldir.dol_sanitizeFileName($object->ref);
+			}
 			$tmp = dol_check_secure_access_document($modulepart, $relativefile, $entity, DolibarrApiAccess::$user, $ref, 'write');
 			$upload_dir = $tmp['original_file']; // No dirname here, tmp['original_file'] is already the dir because dol_check_secure_access_document was called with param original_file that is only the dir
 			/*} else {

From 905040e5ab8818036350c9a3cabe75cf06ace9c3 Mon Sep 17 00:00:00 2001
From: William Mead <william@m34d.com>
Date: Sun, 14 Dec 2025 12:06:41 +0100
Subject: [PATCH 2/5] Updated PHPDoc

---
 htdocs/api/class/api_documents.class.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/htdocs/api/class/api_documents.class.php b/htdocs/api/class/api_documents.class.php
index 516294ce380..af08aa5ea07 100644
--- a/htdocs/api/class/api_documents.class.php
+++ b/htdocs/api/class/api_documents.class.php
@@ -768,7 +768,7 @@ class Documents extends DolibarrApi
 	 *
 	 * @param   string  $filename           	Name of file to create ('FA1705-0123.txt')
 	 * @param   string  $modulepart         	Name of module or area concerned by file upload ('product', 'service', 'invoice', 'proposal', 'project', 'project_task', 'supplier_invoice', 'expensereport', 'member', ...)
-	 * @param   string  $ref                	Reference of object (This will define subdir automatically and store submitted file into it)
+	 * @param   string  $ref                	Reference of object (This will define subdir automatically and store submitted file into it). For third party use object ID not name.
 	 * @param   string  $subdir       			Subdirectory (Only if $ref is not provided)
 	 * @param   string  $filecontent        	File content (string with file content. An empty file will be created if this parameter is not provided)
 	 * @param   string  $fileencoding       	File encoding (''=no encoding, 'base64'=Base 64)

From 96b8515b3dd9213a0f4157b04e13bbf7a8fe3591 Mon Sep 17 00:00:00 2001
From: William Mead <william@m34d.com>
Date: Sun, 14 Dec 2025 12:49:34 +0100
Subject: [PATCH 3/5] Fixed type

---
 htdocs/api/class/api_documents.class.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/htdocs/api/class/api_documents.class.php b/htdocs/api/class/api_documents.class.php
index af08aa5ea07..aa62b157309 100644
--- a/htdocs/api/class/api_documents.class.php
+++ b/htdocs/api/class/api_documents.class.php
@@ -949,7 +949,7 @@ class Documents extends DolibarrApi
 			// Test on permissions
 			//if ($modulepart != 'ecm') {	// Here $modulepart is always != 'ecm'
 			if ($modulepart == 'societe' || $modulepart == 'company' || $modulepart == 'thirdparty') {
-				$relativefile = $tmpreldir.dol_sanitizeFileName($object->id);
+				$relativefile = $tmpreldir.dol_sanitizeFileName((string) $object->id);
 			} else {
 				$relativefile = $tmpreldir.dol_sanitizeFileName($object->ref);
 			}

From fa6e85fbed87e848147cc196f182dcbab24784da Mon Sep 17 00:00:00 2001
From: William Mead <william@m34d.com>
Date: Sun, 14 Dec 2025 13:19:02 +0100
Subject: [PATCH 4/5] Cleaned code

---
 htdocs/api/class/api_documents.class.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/htdocs/api/class/api_documents.class.php b/htdocs/api/class/api_documents.class.php
index aa62b157309..b5cd6040a4f 100644
--- a/htdocs/api/class/api_documents.class.php
+++ b/htdocs/api/class/api_documents.class.php
@@ -892,7 +892,7 @@ class Documents extends DolibarrApi
 				require_once DOL_DOCUMENT_ROOT.'/contact/class/contact.class.php';
 				$object = new Contact($this->db);
 				$fetchbyid = true;
-			} elseif ($modulepart == 'societe' || $modulepart == 'company' || $modulepart == 'thirdparty') {
+			} elseif ($modulepart == 'societe' || $modulepart == 'company') {
 				$modulepart = 'societe';
 				require_once DOL_DOCUMENT_ROOT.'/societe/class/societe.class.php';
 				$object = new Societe($this->db);
@@ -948,7 +948,7 @@ class Documents extends DolibarrApi
 
 			// Test on permissions
 			//if ($modulepart != 'ecm') {	// Here $modulepart is always != 'ecm'
-			if ($modulepart == 'societe' || $modulepart == 'company' || $modulepart == 'thirdparty') {
+			if ($modulepart == 'societe' || $modulepart == 'company') {
 				$relativefile = $tmpreldir.dol_sanitizeFileName((string) $object->id);
 			} else {
 				$relativefile = $tmpreldir.dol_sanitizeFileName($object->ref);

From aa3f357064aada3ce4743c0c5883073057f87814 Mon Sep 17 00:00:00 2001
From: William Mead <william@m34d.com>
Date: Sun, 14 Dec 2025 13:47:53 +0100
Subject: [PATCH 5/5] Cleaned code

---
 htdocs/api/class/api_documents.class.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/htdocs/api/class/api_documents.class.php b/htdocs/api/class/api_documents.class.php
index b5cd6040a4f..5015ee91a74 100644
--- a/htdocs/api/class/api_documents.class.php
+++ b/htdocs/api/class/api_documents.class.php
@@ -948,7 +948,7 @@ class Documents extends DolibarrApi
 
 			// Test on permissions
 			//if ($modulepart != 'ecm') {	// Here $modulepart is always != 'ecm'
-			if ($modulepart == 'societe' || $modulepart == 'company') {
+			if ($modulepart == 'societe') {
 				$relativefile = $tmpreldir.dol_sanitizeFileName((string) $object->id);
 			} else {
 				$relativefile = $tmpreldir.dol_sanitizeFileName($object->ref);