diff --git a/htdocs/admin/emailcollector_card.php b/htdocs/admin/emailcollector_card.php
index ae3a4232e18..5b037e70a73 100644
--- a/htdocs/admin/emailcollector_card.php
+++ b/htdocs/admin/emailcollector_card.php
@@ -135,12 +135,13 @@ if ($action == 'deletefilter')
 {
 	$emailcollectorfilter = new EmailCollectorFilter($db);
 	$emailcollectorfilter->fetch(GETPOST('filterid', 'int'));
-	$result = $emailcollectorfilter->delete($user);
-	if ($result > 0)
-	{
-		$object->fetchFilters();
-	} else {
-		setEventMessages($emailcollectorfilter->errors, $emailcollectorfilter->error, 'errors');
+	if ($emailcollectorfilter->id > 0) {
+		$result = $emailcollectorfilter->delete($user);
+		if ($result > 0) {
+			$object->fetchFilters();
+		} else {
+			setEventMessages($emailcollectorfilter->errors, $emailcollectorfilter->error, 'errors');
+		}
 	}
 }
 
@@ -204,12 +205,13 @@ if ($action == 'deleteoperation')
 {
 	$emailcollectoroperation = new EmailCollectorAction($db);
 	$emailcollectoroperation->fetch(GETPOST('operationid', 'int'));
-	$result = $emailcollectoroperation->delete($user);
-	if ($result > 0)
-	{
-		$object->fetchActions();
-	} else {
-		setEventMessages($emailcollectoroperation->errors, $emailcollectoroperation->error, 'errors');
+	if ($emailcollectoroperation->id > 0) {
+		$result = $emailcollectoroperation->delete($user);
+		if ($result > 0) {
+			$object->fetchActions();
+		} else {
+			setEventMessages($emailcollectoroperation->errors, $emailcollectoroperation->error, 'errors');
+		}
 	}
 }
 
diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php
index 82be9955e0f..14944619d6e 100644
--- a/htdocs/main.inc.php
+++ b/htdocs/main.inc.php
@@ -417,7 +417,7 @@ if ((!defined('NOCSRFCHECK') && empty($dolibarr_nocsrfcheck) && !empty($conf->gl
 	// Check all cases that need a token (all POST actions, all actions and mass actions on pages with CSRFCHECK_WITH_TOKEN set, all sensitive GET actions)
 	if ($_SERVER['REQUEST_METHOD'] == 'POST' ||
 		((GETPOSTISSET('action') || GETPOSTISSET('massaction')) && defined('CSRFCHECK_WITH_TOKEN')) ||
-		in_array(GETPOST('action', 'aZ09'), array('add', 'addtimespent', 'update', 'install', 'delete', 'deleteprof', 'deletepayment', 'confirm_create_user', 'confirm_create_thirdparty', 'confirm_reject_check')))
+		in_array(GETPOST('action', 'aZ09'), array('add', 'addtimespent', 'update', 'install', 'delete', 'deletefilter', 'deleteoperation', 'deleteprof', 'deletepayment', 'confirm_create_user', 'confirm_create_thirdparty', 'confirm_reject_check')))
 	{
 		if (!GETPOSTISSET('token')) {
 			if (GETPOST('uploadform', 'int')) {