diff --git a/htdocs/adherents/card.php b/htdocs/adherents/card.php
index 90151eca32b..d7a05a1805e 100644
--- a/htdocs/adherents/card.php
+++ b/htdocs/adherents/card.php
@@ -82,7 +82,7 @@ if (!empty($canvas)) {
 }
 
 // Security check
-$result = restrictedArea($user, 'adherent', $id, '', '', 'socid', 'rowid', $objcanvas);
+$result = restrictedArea($user, 'adherent', $id, '', '', 'socid', 'rowid', 0);
 
 if ($id > 0) {
 	// Load member
diff --git a/htdocs/contact/agenda.php b/htdocs/contact/agenda.php
index 0ea0018632b..7ac512bd32f 100644
--- a/htdocs/contact/agenda.php
+++ b/htdocs/contact/agenda.php
@@ -83,7 +83,7 @@ $search_agenda_label = GETPOST('search_agenda_label');
 
 // Security check
 if ($user->socid) $socid = $user->socid;
-$result = restrictedArea($user, 'contact', $id, 'socpeople&societe', '', '', 'rowid', $objcanvas); // If we create a contact with no company (shared contacts), no check on write permission
+$result = restrictedArea($user, 'contact', $id, 'socpeople&societe', '', '', 'rowid', 0); // If we create a contact with no company (shared contacts), no check on write permission
 
 $limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit;
 $sortfield = GETPOST("sortfield", 'alpha');
diff --git a/htdocs/contact/card.php b/htdocs/contact/card.php
index 71657966e4e..dab7242b598 100644
--- a/htdocs/contact/card.php
+++ b/htdocs/contact/card.php
@@ -78,7 +78,7 @@ if (!empty($canvas))
 
 // Security check
 if ($user->socid) $socid = $user->socid;
-$result = restrictedArea($user, 'contact', $id, 'socpeople&societe', '', '', 'rowid', $objcanvas); // If we create a contact with no company (shared contacts), no check on write permission
+$result = restrictedArea($user, 'contact', $id, 'socpeople&societe', '', '', 'rowid', 0); // If we create a contact with no company (shared contacts), no check on write permission
 
 // Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context
 $hookmanager->initHooks(array('contactcard', 'globalcard'));
diff --git a/htdocs/contact/document.php b/htdocs/contact/document.php
index e21ee3e492b..f8498ddae9a 100644
--- a/htdocs/contact/document.php
+++ b/htdocs/contact/document.php
@@ -52,7 +52,7 @@ if (!empty($canvas))
 
 // Security check
 if ($user->socid) $socid = $user->socid;
-$result = restrictedArea($user, 'contact', $id, 'socpeople&societe', '', '', 'rowid', $objcanvas); // If we create a contact with no company (shared contacts), no check on write permission
+$result = restrictedArea($user, 'contact', $id, 'socpeople&societe', '', '', 'rowid', 0); // If we create a contact with no company (shared contacts), no check on write permission
 
 // Get parameters
 $limit = GETPOST('limit', 'int') ? GETPOST('limit', 'int') : $conf->liste_limit;
diff --git a/htdocs/core/ajax/contacts.php b/htdocs/core/ajax/contacts.php
index 104e57df592..b352cf7aa16 100644
--- a/htdocs/core/ajax/contacts.php
+++ b/htdocs/core/ajax/contacts.php
@@ -27,11 +27,15 @@ if (!defined('NOREQUIREAJAX'))  define('NOREQUIREAJAX', '1');
 
 require '../../main.inc.php';
 
-$id = GETPOST('id', 'int');
+$id = GETPOST('id', 'int');	// id of thirdparty
 $action = GETPOST('action', 'aZ09');
 $htmlname = GETPOST('htmlname', 'alpha');
 $showempty = GETPOST('showempty', 'int');
 
+// Security check
+$result = restrictedArea($user, 'societe', $id, '&societe', '', 'fk_soc', 'rowid', $objcanvas);
+
+
 /*
  * View
  */
diff --git a/htdocs/product/list.php b/htdocs/product/list.php
index 2217d85ccfc..50d59168342 100644
--- a/htdocs/product/list.php
+++ b/htdocs/product/list.php
@@ -127,9 +127,9 @@ if (!empty($canvas))
 }
 
 // Security check
-if ($search_type == '0') $result = restrictedArea($user, 'produit', '', '', '', '', '', $objcanvas);
-elseif ($search_type == '1') $result = restrictedArea($user, 'service', '', '', '', '', '', $objcanvas);
-else $result = restrictedArea($user, 'produit|service', '', '', '', '', '', $objcanvas);
+if ($search_type == '0') $result = restrictedArea($user, 'produit', '', '', '', '', '', 0);
+elseif ($search_type == '1') $result = restrictedArea($user, 'service', '', '', '', '', '', 0);
+else $result = restrictedArea($user, 'produit|service', '', '', '', '', '', 0);
 
 // Define virtualdiffersfromphysical
 $virtualdiffersfromphysical = 0;
diff --git a/htdocs/societe/card.php b/htdocs/societe/card.php
index f8500d49068..b19c3bc814a 100644
--- a/htdocs/societe/card.php
+++ b/htdocs/societe/card.php
@@ -85,7 +85,6 @@ if (!($object->id > 0) && $action == 'view')
 }
 
 // Get object canvas (By default, this is not defined, so standard usage of dolibarr)
-$object->getCanvas($socid);
 $canvas = $object->canvas ? $object->canvas : GETPOST("canvas");
 $objcanvas = null;
 if (!empty($canvas))
@@ -96,7 +95,7 @@ if (!empty($canvas))
 }
 
 // Security check
-$result = restrictedArea($user, 'societe', $socid, '&societe', '', 'fk_soc', 'rowid', $objcanvas);
+$result = restrictedArea($user, 'societe', $socid, '&societe', '', 'fk_soc', 'rowid', 0);
 
 $permissiontoread = $user->rights->societe->lire;
 $permissiontoadd = $user->rights->societe->creer; // Used by the include of actions_addupdatedelete.inc.php and actions_lineupdown.inc.php
diff --git a/htdocs/societe/contact.php b/htdocs/societe/contact.php
index 2b362268c4b..c1761c7f601 100644
--- a/htdocs/societe/contact.php
+++ b/htdocs/societe/contact.php
@@ -68,7 +68,7 @@ $extrafields->fetch_name_optionals_label($object->table_element);
 // Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context
 $hookmanager->initHooks(array('thirdpartycontact', 'globalcard'));
 
-if ($action == 'view' && $object->fetch($socid) <= 0)
+if ($object->fetch($socid) <= 0 && $action == 'view')
 {
 	$langs->load("errors");
 	print($langs->trans('ErrorRecordNotFound'));
@@ -76,7 +76,6 @@ if ($action == 'view' && $object->fetch($socid) <= 0)
 }
 
 // Get object canvas (By default, this is not defined, so standard usage of dolibarr)
-$object->getCanvas($socid);
 $canvas = $object->canvas ? $object->canvas : GETPOST("canvas");
 $objcanvas = null;
 if (!empty($canvas))
@@ -87,12 +86,10 @@ if (!empty($canvas))
 }
 
 // Security check
-$result = restrictedArea($user, 'societe', $socid, '&societe', '', 'fk_soc', 'rowid', $objcanvas);
+$result = restrictedArea($user, 'societe', $socid, '&societe', '', 'fk_soc', 'rowid', 0);
 if (empty($user->rights->societe->contact->lire)) accessforbidden();
 
 
-
-
 /*
  * Actions
  */