diff --git a/htdocs/product/class/product.class.php b/htdocs/product/class/product.class.php
index 4fa56c35a55..748388ff99c 100644
--- a/htdocs/product/class/product.class.php
+++ b/htdocs/product/class/product.class.php
@@ -2946,7 +2946,7 @@ class Product extends CommonObject
 					// Objet
 					$obj=array();
 					$obj['photo']=$photo;
-					if ($photo_vignette && dol_is_file($dirthumb.$photo_vignette)) $obj['photo_vignette']=$photo_vignette;
+					if ($photo_vignette && dol_is_file($dirthumb.$photo_vignette)) $obj['photo_vignette']=$dirthumb . $photo_vignette;
 					else $obj['photo_vignette']="";
 
 					$tabobj[$nbphoto-1]=$obj;
diff --git a/htdocs/societe/class/societe.class.php b/htdocs/societe/class/societe.class.php
index 89a9be049ed..ba48e3fb2df 100644
--- a/htdocs/societe/class/societe.class.php
+++ b/htdocs/societe/class/societe.class.php
@@ -297,6 +297,25 @@ class Societe extends CommonObject
         }
     }
 
+    function create_individual($user) {
+        require_once DOL_DOCUMENT_ROOT.'/contact/class/contact.class.php';
+        $contact=new Contact($this->db);
+
+        $contact->name              = $this->name_bis;
+        $contact->firstname         = $this->firstname;
+        $contact->socid             = $this->id;	// fk_soc
+        $contact->statut            = 1;
+        $contact->priv              = 0;
+        $result = $contact->create($user);
+        if ($result < 0) {
+            $this->error = $contact->error;
+            $this->errors = $contact->errors;
+            dol_syslog("Societe::create_individual ERROR:" . $this->error, LOG_ERR);
+        }
+
+        return $result;
+    }
+
     /**
      *    Check properties of third party are ok (like name, third party codes, ...)
      *
diff --git a/htdocs/societe/soc.php b/htdocs/societe/soc.php
index 881fce7b2b5..864b42b86a9 100644
--- a/htdocs/societe/soc.php
+++ b/htdocs/societe/soc.php
@@ -255,28 +255,10 @@ if (empty($reshook))
                     if ($object->particulier)
                     {
                         dol_syslog("This thirdparty is a personal people",LOG_DEBUG);
-                        $contact=new Contact($db);
-
-     					          $contact->civilite_id		= $object->civilite_id;
-                        $contact->name				= $object->name_bis;
-                        $contact->firstname			= $object->firstname;
-                        $contact->address			= $object->address;
-                        $contact->zip				= $object->zip;
-                        $contact->town				= $object->town;
-                        $contact->state_id      	= $object->state_id;
-                        $contact->country_id		= $object->country_id;
-                        $contact->socid				= $object->id;	// fk_soc
-                        $contact->statut			= 1;
-                        $contact->email				= $object->email;
-						            $contact->skype       = $object->skype;
-                        $contact->phone_pro			= $object->phone;
-						            $contact->fax				= $object->fax;
-                        $contact->priv				= 0;
-
-                        $result=$contact->create($user);
+                        $result=$object->create_individual($user);
                         if (! $result >= 0)
                         {
-                            $error=$contact->error; $errors=$contact->errors;
+                            $error=$object->error; $errors=$object->errors;
                         }
                     }
 
diff --git a/htdocs/webservices/server_order.php b/htdocs/webservices/server_order.php
index 8b3d4569dbf..f77af335e2e 100644
--- a/htdocs/webservices/server_order.php
+++ b/htdocs/webservices/server_order.php
@@ -637,7 +637,7 @@ function createOrder($authentication,$order)
 		$newobject->date_lim_reglement=dol_stringtotime($order['date_due'],'dayrfc');
 		$newobject->note_private=$order['note_private'];
 		$newobject->note_public=$order['note_public'];
-		$newobject->statut=$order['status'];
+		$newobject->statut=0;
 		$newobject->facturee=$order['facturee'];
 		$newobject->fk_project=$order['project_id'];
 		$newobject->cond_reglement_id=$order['cond_reglement_id'];
@@ -669,30 +669,36 @@ function createOrder($authentication,$order)
 
 
 		$db->begin();
-
-        $result=$newobject->create($fuser,0,0);
+		dol_syslog("Webservice server_order:: order creation start", LOG_DEBUG);
+		$result=$newobject->create($fuser);
+		dol_syslog('Webservice server_order:: order creation done with $result='.$result, LOG_DEBUG);
 		if ($result < 0)
 		{
+			dol_syslog("Webservice server_order:: order creation failed", LOG_ERR);
 			$error++;
 
 		}
 
-		if ($newobject->statut == 1)   // We want order validated
+		if ($order['status'] == 1)   // We want order validated
 		{
-			$result=$newobject->validate($fuser);
+			dol_syslog("Webservice server_order:: order validation start", LOG_DEBUG);
+			$result=$newobject->valid($fuser);
 			if ($result < 0)
 			{
+				dol_syslog("Webservice server_order:: order validation failed", LOG_ERR);
 				$error++;
 			}
 		}
 				
-		if (! $error)
+		if ($result >= 0)
 		{
+			dol_syslog("Webservice server_order:: order creation & validation succeeded, commit", LOG_DEBUG);
 			$db->commit();
 			$objectresp=array('result'=>array('result_code'=>'OK', 'result_label'=>''),'id'=>$newobject->id,'ref'=>$newobject->ref);
 		}
 		else
 		{
+			dol_syslog("Webservice server_order:: order creation or validation failed, rollback", LOG_ERR);
 			$db->rollback();
 			$error++;
 			$errorcode='KO';
diff --git a/htdocs/webservices/server_other.php b/htdocs/webservices/server_other.php
index 81a15e5b771..193e01de2f2 100644
--- a/htdocs/webservices/server_other.php
+++ b/htdocs/webservices/server_other.php
@@ -224,7 +224,7 @@ function getDocument($authentication, $modulepart, $file, $refname='')
 		if (empty($refname)) $refname=basename(dirname($original_file)."/");
 
 		// Security check
-		$check_access = dol_check_secure_access_document($modulepart,$original_file,$conf->entity,$refname,$fuser);
+		$check_access = dol_check_secure_access_document($modulepart,$original_file,$conf->entity,$fuser,$refname);
 		$accessallowed              = $check_access['accessallowed'];
 		$sqlprotectagainstexternals = $check_access['sqlprotectagainstexternals'];
 		$original_file              = $check_access['original_file'];
diff --git a/htdocs/webservices/server_thirdparty.php b/htdocs/webservices/server_thirdparty.php
index 152a28053fa..ccc05902dca 100644
--- a/htdocs/webservices/server_thirdparty.php
+++ b/htdocs/webservices/server_thirdparty.php
@@ -443,6 +443,7 @@ function createThirdParty($authentication,$thirdparty)
         $newobject->tva_intra=$thirdparty['vat_number'];
 
         $newobject->canvas=$thirdparty['canvas'];
+        $newobject->particulier=$thirdparty['individual'];
         
         //Retreive all extrafield for thirdsparty
         // fetch optionals attributes and labels
@@ -457,6 +458,11 @@ function createThirdParty($authentication,$thirdparty)
         $db->begin();
 
         $result=$newobject->create($fuser);
+        if ($newobject->particulier && $result > 0) {
+            $newobject->firstname = $thirdparty['firstname'];
+            $newobject->name_bis = $thirdparty['ref'];
+            $result = $newobject->create_individual($fuser);
+        }
         if ($result <= 0)
         {
             $error++;