diff --git a/htdocs/compta/fiche.php b/htdocs/compta/fiche.php
index b80d2193c87..edfdd818f4d 100644
--- a/htdocs/compta/fiche.php
+++ b/htdocs/compta/fiche.php
@@ -37,13 +37,29 @@ if ($conf->facture->enabled) $langs->load("bills");
 if ($conf->projet->enabled) $langs->load("projects");
 
 // Sécurité accés client
-$socid = $_GET["socid"];
+$socid = isset($_GET["socid"])?$_GET["socid"]:'';
+
+if ($socid == '') accessforbidden();
+
 if ($user->societe_id > 0)
 {
     $action = '';
     $socid = $user->societe_id;
 }
 
+// Protection restriction commercial
+if (!$user->rights->commercial->client->voir && $socidp && !$user->societe_id > 0)
+{
+        $sql = "SELECT sc.fk_soc, s.client";
+        $sql .= " FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc, ".MAIN_DB_PREFIX."societe as s";
+        $sql .= " WHERE fk_soc = ".$socidp." AND fk_user = ".$user->id." AND s.client = 1";
+
+        if ( $db->query($sql) )
+        {
+          if ( $db->num_rows() == 0) accessforbidden();
+        }
+}
+
 $user->getrights('facture');
 
 
diff --git a/htdocs/docsoc.php b/htdocs/docsoc.php
index a15edfa1e20..74a74239469 100644
--- a/htdocs/docsoc.php
+++ b/htdocs/docsoc.php
@@ -34,7 +34,30 @@ $langs->load('other');
 
 
 $mesg = "";
-$socid=$_GET["socid"];
+
+// Sécurité accés client
+$socid = isset($_GET["socid"])?$_GET["socid"]:'';
+
+if ($socid == '') accessforbidden();
+
+if ($user->societe_id > 0)
+{
+    $action = '';
+    $socid = $user->societe_id;
+}
+
+// Protection restriction commercial
+if (!$user->rights->commercial->client->voir && $socidp && !$user->societe_id > 0)
+{
+        $sql = "SELECT sc.fk_soc, s.client";
+        $sql .= " FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc, ".MAIN_DB_PREFIX."societe as s";
+        $sql .= " WHERE fk_soc = ".$socidp." AND fk_user = ".$user->id." AND s.client = 1";
+
+        if ( $db->query($sql) )
+        {
+          if ( $db->num_rows() == 0) accessforbidden();
+        }
+}
 
 
 /*
diff --git a/htdocs/societe/info.php b/htdocs/societe/info.php
index a0a0552db14..01847cf3d46 100644
--- a/htdocs/societe/info.php
+++ b/htdocs/societe/info.php
@@ -32,6 +32,30 @@ require_once (DOL_DOCUMENT_ROOT."/societe.class.php");
 $langs->load("companies");
 $langs->load("other");
 
+// Sécurité accés client
+$socid = isset($_GET["socid"])?$_GET["socid"]:'';
+
+if ($socid == '') accessforbidden();
+
+if ($user->societe_id > 0)
+{
+    $action = '';
+    $socid = $user->societe_id;
+}
+
+// Protection restriction commercial
+if (!$user->rights->commercial->client->voir && $socidp && !$user->societe_id > 0)
+{
+        $sql = "SELECT sc.fk_soc, s.client";
+        $sql .= " FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc, ".MAIN_DB_PREFIX."societe as s";
+        $sql .= " WHERE fk_soc = ".$socidp." AND fk_user = ".$user->id." AND s.client = 1";
+
+        if ( $db->query($sql) )
+        {
+          if ( $db->num_rows() == 0) accessforbidden();
+        }
+}
+
 llxHeader();
 
 
diff --git a/htdocs/societe/notify/fiche.php b/htdocs/societe/notify/fiche.php
index ac47ca9dfef..0abdf470720 100644
--- a/htdocs/societe/notify/fiche.php
+++ b/htdocs/societe/notify/fiche.php
@@ -32,12 +32,29 @@ require("pre.inc.php");
 $langs->load("companies");
 
 // Sécurité accés client
-$socid = $_GET["socid"];
-if ($user->societe_id > 0) 
+$socid = isset($_GET["socid"])?$_GET["socid"]:'';
+
+if ($socid == '') accessforbidden();
+
+if ($user->societe_id > 0)
 {
+    $action = '';
     $socid = $user->societe_id;
 }
 
+// Protection restriction commercial
+if (!$user->rights->commercial->client->voir && $socidp && !$user->societe_id > 0)
+{
+        $sql = "SELECT sc.fk_soc, s.client";
+        $sql .= " FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc, ".MAIN_DB_PREFIX."societe as s";
+        $sql .= " WHERE fk_soc = ".$socidp." AND fk_user = ".$user->id." AND s.client = 1";
+
+        if ( $db->query($sql) )
+        {
+          if ( $db->num_rows() == 0) accessforbidden();
+        }
+}
+
 $sortorder=$_GET["sortorder"];
 $sortfield=$_GET["sortfield"];
 if (! $sortorder) $sortorder="ASC";
diff --git a/htdocs/socnote.php b/htdocs/socnote.php
index 543611671c5..4c891a71ba1 100644
--- a/htdocs/socnote.php
+++ b/htdocs/socnote.php
@@ -31,6 +31,29 @@ require("./pre.inc.php");
 
 $langs->load("companies");
 
+// Protection quand utilisateur externe
+$socidp = isset($_GET["socid"])?$_GET["socid"]:'';
+
+if ($socidp == '') accessforbidden();
+
+if ($user->societe_id > 0)
+{
+    $socidp = $user->societe_id;
+}
+
+// Protection restriction commercial
+if (!$user->rights->commercial->client->voir && $socidp && !$user->societe_id > 0)
+{
+        $sql = "SELECT sc.fk_soc, s.client";
+        $sql .= " FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc, ".MAIN_DB_PREFIX."societe as s";
+        $sql .= " WHERE fk_soc = ".$socidp." AND fk_user = ".$user->id." AND s.client = 1";
+
+        if ( $db->query($sql) )
+        {
+          if ( $db->num_rows() == 0) accessforbidden();
+        }
+}
+
 
 if ($_POST["action"] == 'add') {
   $sql = "UPDATE ".MAIN_DB_PREFIX."societe SET note='".addslashes($_POST["note"])."' WHERE idp=".$_POST["socid"];