diff --git a/htdocs/core/ajax/fileupload.php b/htdocs/core/ajax/fileupload.php
index 4e05c7d8cb6..aba272d69a5 100644
--- a/htdocs/core/ajax/fileupload.php
+++ b/htdocs/core/ajax/fileupload.php
@@ -19,24 +19,28 @@
 /**
  *       \file       htdocs/core/ajax/fileupload.php
  *       \brief      File to return Ajax response on file upload
- *
- *       Option MAIN_USE_JQUERY_FILEUPLOAD must be enabled to have this feature working. Use is NOT secured !
  */
 
-if (!defined('NOTOKENRENEWAL')) {
-	define('NOTOKENRENEWAL', '1');
-}
 if (!defined('NOREQUIREMENU')) {
 	define('NOREQUIREMENU', '1'); // If there is no menu to show
 }
 if (!defined('NOREQUIREHTML')) {
 	define('NOREQUIREHTML', '1'); // If we don't need to load the html.form.class.php
 }
-
+if (!defined('NOREQUIREAJAX')) {
+	define('NOREQUIREAJAX', '1');
+}
+if (!defined('NOREQUIRESOC')) {
+	define('NOREQUIRESOC', '1');
+}
+/*if (!defined('NOREQUIRETRAN')) {
+	define('NOREQUIRETRAN', '1');
+}*/
 
 // Load Dolibarr environment
 require '../../main.inc.php';
 require_once DOL_DOCUMENT_ROOT.'/core/class/fileupload.class.php';
+require_once DOL_DOCUMENT_ROOT.'/core/class/genericobject.class.php';
 
 error_reporting(E_ALL | E_STRICT);
 
@@ -44,16 +48,56 @@ error_reporting(E_ALL | E_STRICT);
 //print_r($_GET);
 //print 'upload_dir='.GETPOST('upload_dir');
 
-$fk_element = GETPOST('fk_element', 'int');
-$element = GETPOST('element', 'alpha');
+$id = GETPOST('fk_element', 'int');
+$elementupload = GETPOST('element', 'alpha');
+$element = $elementupload;
 
-$upload_handler = new FileUpload(null, $fk_element, $element);
-
-// Feature not enabled. Warning feature not used and not secured so disabled.
-if (!getDolGlobalInt('MAIN_USE_JQUERY_FILEUPLOAD')) {
-	return;
+if ($element == "invoice_supplier") {
+	$element = "fournisseur";
 }
 
+$object = new GenericObject($db);
+$tmparray = explode('@', $element);
+
+if (empty($tmparray[1])) {
+	$subelement = '';
+
+	$object->module = $element;
+	$object->element = $element;
+	$object->table_element = $element;
+
+	// Special case for compatibility
+	if ($object->table_element == 'websitepage') {
+		$object->table_element = 'website_page';
+	}
+} else {
+	$element = $tmparray[0];
+	$subelement = $tmparray[1];
+
+	$object->module = $element;
+	$object->element = $subelement;
+	$object->table_element = $object->module.'_'.$object->element;
+}
+$object->id = $id;
+
+// Security check
+if (!empty($user->socid)) {
+	$socid = $user->socid;
+}
+
+$module = $object->module;
+$element = $object->element;
+$usesublevelpermission = ($module != $element ? $element : '');
+if ($usesublevelpermission && !isset($user->rights->$module->$element)) {	// There is no permission on object defined, we will check permission on module directly
+	$usesublevelpermission = '';
+}
+$result = restrictedArea($user, $object->module, $object, $object->table_element, $usesublevelpermission, 'fk_soc', 'rowid', 0, 1);
+if (!$result) {
+	header('HTTP/1.0 403 Forbidden');
+	exit;
+}
+$upload_handler = new FileUpload(null, $id, $elementupload);
+
 
 /*
  * View
diff --git a/htdocs/core/class/fileupload.class.php b/htdocs/core/class/fileupload.class.php
index 4a4394a7049..4dcfb55f781 100644
--- a/htdocs/core/class/fileupload.class.php
+++ b/htdocs/core/class/fileupload.class.php
@@ -19,8 +19,6 @@
 /**
  *       \file       htdocs/core/class/fileupload.class.php
  *       \brief      File to return Ajax response on file upload
- *
- *       Option MAIN_USE_JQUERY_FILEUPLOAD must be enabled to have feature working. Use is NOT secured !
  */
 
 require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
@@ -49,11 +47,6 @@ class FileUpload
 		global $object;
 		global $hookmanager;
 
-		// Feature not enabled. Warning feature not used and not secured so disabled.
-		if (!getDolGlobalInt('MAIN_USE_JQUERY_FILEUPLOAD')) {
-			return;
-		}
-
 		$hookmanager->initHooks(array('fileupload'));
 
 		$this->fk_element = $fk_element;
@@ -266,9 +259,6 @@ class FileUpload
 	 */
 	protected function getFileObject($file_name)
 	{
-		if (!getDolGlobalInt('MAIN_USE_JQUERY_FILEUPLOAD')) {
-			return null;
-		}
 
 		$file_path = $this->options['upload_dir'].$file_name;
 		if (is_file($file_path) && $file_name[0] !== '.') {
@@ -310,10 +300,6 @@ class FileUpload
 	{
 		global $maxwidthmini, $maxheightmini;
 
-		if (!getDolGlobalInt('MAIN_USE_JQUERY_FILEUPLOAD')) {
-			return false;
-		}
-
 		$file_path = $this->options['upload_dir'].$file_name;
 		$new_file_path = $options['upload_dir'].$file_name;
 
@@ -345,10 +331,6 @@ class FileUpload
 	 */
 	protected function validate($uploaded_file, $file, $error, $index)
 	{
-		if (!getDolGlobalInt('MAIN_USE_JQUERY_FILEUPLOAD')) {
-			return false;
-		}
-
 		if ($error) {
 			$file->error = $error;
 			return false;
@@ -464,10 +446,6 @@ class FileUpload
 	 */
 	protected function handleFileUpload($uploaded_file, $name, $size, $type, $error, $index)
 	{
-		if (!getDolGlobalInt('MAIN_USE_JQUERY_FILEUPLOAD')) {
-			return null;
-		}
-
 		$file = new stdClass();
 		$file->name = $this->trimFileName($name, $type, $index);
 		$file->mime = dol_mimetype($file->name, '', 2);
@@ -514,10 +492,6 @@ class FileUpload
 	 */
 	public function get()
 	{
-		if (!getDolGlobalInt('MAIN_USE_JQUERY_FILEUPLOAD')) {
-			return;
-		}
-
 		$file_name = isset($_REQUEST['file']) ?
 		basename(stripslashes($_REQUEST['file'])) : null;
 		if ($file_name) {
@@ -536,10 +510,6 @@ class FileUpload
 	 */
 	public function post()
 	{
-		if (!getDolGlobalInt('MAIN_USE_JQUERY_FILEUPLOAD')) {
-			return;
-		}
-
 		if (isset($_REQUEST['_method']) && $_REQUEST['_method'] === 'DELETE') {
 			return $this->delete();
 		}
@@ -595,10 +565,6 @@ class FileUpload
 	 */
 	public function delete()
 	{
-		if (!getDolGlobalInt('MAIN_USE_JQUERY_FILEUPLOAD')) {
-			return null;
-		}
-
 		$file_name = isset($_REQUEST['file']) ?
 		basename(stripslashes($_REQUEST['file'])) : null;
 		$file_path = $this->options['upload_dir'].$file_name;
diff --git a/htdocs/core/lib/files.lib.php b/htdocs/core/lib/files.lib.php
index 3c19ef11528..f17a1b1464d 100644
--- a/htdocs/core/lib/files.lib.php
+++ b/htdocs/core/lib/files.lib.php
@@ -3365,7 +3365,7 @@ function dragAndDropFileUpload($htmlname)
 				fd.append("fk_element","'.dol_escape_json($object->id).'");
 				fd.append("element","'.dol_escape_json($object->element).'");
 				fd.append("token","'.newToken().'");
-				fd.append("action","uploadfile");
+				fd.append("action","linkit");
 				var dataTransfer = e.originalEvent.dataTransfer;
 				if(dataTransfer.files && dataTransfer.files.length){
 					var droppedFiles = e.originalEvent.dataTransfer.files;
@@ -3383,11 +3383,14 @@ function dragAndDropFileUpload($htmlname)
 					data:fd,
 					success:function(){ 
 						console.log("Uploaded.",arguments);
-						window.location.href = "'.$_SERVER["PHP_SELF"].'?id='.dol_escape_json($object->id).'&seteventmessages=uploadFileDragDropSuccess:mesgs";
+						window.location.href = "'.$_SERVER["PHP_SELF"].'?id='.dol_escape_json($object->id).'&seteventmessages=UploadFileDragDropSuccess:mesgs";
 					},
 					error:function(){ 
 						console.log("Error Uploading.",arguments)
-						window.location.href = "'.$_SERVER["PHP_SELF"].'?id='.dol_escape_json($object->id).'&seteventmessages=uploadFileDragDropError:errors";
+						if (arguments[0].status == 403){
+							window.location.href = "'.$_SERVER["PHP_SELF"].'?id='.dol_escape_json($object->id).'&seteventmessages=ErrorUploadPermissionDenied:errors";
+						}
+						window.location.href = "'.$_SERVER["PHP_SELF"].'?id='.dol_escape_json($object->id).'&seteventmessages=ErrorUploadFileDragDropPermissionDenied:errors";
 					},
 				})
 			});
diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php
index f9e54a2f5d5..de0df790839 100644
--- a/htdocs/core/lib/functions.lib.php
+++ b/htdocs/core/lib/functions.lib.php
@@ -2061,7 +2061,7 @@ function dol_get_fiche_head($links = array(), $active = '', $title = '', $notab
 	if (!$notab || $notab == -1 || $notab == -2 || $notab == -3) {
 		$out .= "\n".'<div id="dragDropAreaTabBar" class="tabBar'.($notab == -1 ? '' : ($notab == -2 ? ' tabBarNoTop' : (($notab == -3 ? ' noborderbottom' : '')))).'">'."\n";
 	}
-	if (getDolGlobalString("MAIN_FEATURES_LEVEL") >= 2 && !empty($dragdropfile)) {
+	if (!empty($dragdropfile)) {
 		$out .= dragAndDropFileUpload("dragDropAreaTabBar");
 	}
 	$parameters = array('tabname' => $active, 'out' => $out);
diff --git a/htdocs/langs/en_US/errors.lang b/htdocs/langs/en_US/errors.lang
index 6e60f238911..6c07dc05e98 100644
--- a/htdocs/langs/en_US/errors.lang
+++ b/htdocs/langs/en_US/errors.lang
@@ -310,6 +310,8 @@ ErrorFieldExist=The value for <b>%s</b> already exist
 ErrorEqualModule=Module invalid in <b>%s</b>
 ErrorFieldValue=Value for <b>%s</b> is incorrect
 ErrorCoherenceMenu=<b>%s</b> is required when <b>%s</b> is 'left'
+ErrorUploadFileDragDrop=There was an error while the file(s) upload
+ErrorUploadFileDragDropPermissionDenied=There was an error while the file(s) upload : Permission denied 
 
 # Warnings
 WarningParamUploadMaxFileSizeHigherThanPostMaxSize=Your PHP parameter upload_max_filesize (%s) is higher than PHP parameter post_max_size (%s). This is not a consistent setup.
diff --git a/htdocs/langs/en_US/main.lang b/htdocs/langs/en_US/main.lang
index 83848261a39..09627d5a3b0 100644
--- a/htdocs/langs/en_US/main.lang
+++ b/htdocs/langs/en_US/main.lang
@@ -1230,5 +1230,4 @@ PublicVirtualCardUrl=Virtual business card page URL
 PublicVirtualCard=Virtual business card
 TreeView=Tree view
 DropFileToAddItToObject=Drop a file to add it to this object
-uploadFileDragDropSuccess=The file(s) have been uploaded successfully
-uploadFileDragDropError=There was an error while the file(s) upload
+UploadFileDragDropSuccess=The file(s) have been uploaded successfully