diff --git a/htdocs/contrat/agenda.php b/htdocs/contrat/agenda.php
index d654ac38d9f..3e51e9a1de5 100644
--- a/htdocs/contrat/agenda.php
+++ b/htdocs/contrat/agenda.php
@@ -54,7 +54,11 @@ $ref		= GETPOST('ref', 'alpha');
 if ($user->socid) {
 	$socid = $user->socid;
 }
-$result = restrictedArea($user, 'contrat', $id, '');
+
+// Security check
+$fieldvalue = (!empty($id) ? $id : (!empty($ref) ? $ref : ''));
+$fieldtype = (!empty($id) ? 'rowid' : 'ref');
+$result = restrictedArea($user, 'contrat', $fieldvalue, '', '', '', $fieldtype);
 
 $limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit;
 $sortfield = GETPOST('sortfield', 'aZ09comma');
@@ -73,6 +77,13 @@ if (!$sortorder) {
 	$sortorder = 'DESC,DESC';
 }
 
+
+$object = new Contrat($db);
+
+if ($id > 0 || !empty($ref)) {
+	$result = $object->fetch($id, $ref);
+}
+
 // Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context
 $hookmanager->initHooks(array('agendacontract', 'globalcard'));
 
@@ -81,7 +92,7 @@ $hookmanager->initHooks(array('agendacontract', 'globalcard'));
  * Actions
  */
 
-$parameters = array('id'=>$id);
+$parameters = array('id' => $id, 'ref' => $ref);
 $reshook = $hookmanager->executeHooks('doActions', $parameters, $object, $action); // Note that $action and $object may have been modified by some hooks
 if ($reshook < 0) {
 	setEventMessages($hookmanager->error, $hookmanager->errors, 'errors');
@@ -102,8 +113,6 @@ if (empty($reshook)) {
 }
 
 
-
-
 /*
  * View
  */
@@ -114,7 +123,7 @@ if (!empty($conf->projet->enabled)) {
 	$formproject = new FormProjets($db);
 }
 
-if ($id > 0) {
+if ($object->id > 0) {
 	// Load object modContract
 	$module = (!empty($conf->global->CONTRACT_ADDON) ? $conf->global->CONTRACT_ADDON : 'mod_contract_serpis');
 	if (substr($module, 0, 13) == 'mod_contract_' && substr($module, -3) == 'php') {
@@ -128,8 +137,6 @@ if ($id > 0) {
 	require_once DOL_DOCUMENT_ROOT.'/core/lib/company.lib.php';
 	require_once DOL_DOCUMENT_ROOT.'/contrat/class/contrat.class.php';
 
-	$object = new Contrat($db);
-	$result = $object->fetch($id);
 	$object->fetch_thirdparty();
 
 	$title = $langs->trans("Agenda");
@@ -205,13 +212,13 @@ if ($id > 0) {
 	}
 	$morehtmlref .= '</div>';
 
-	dol_banner_tab($object, 'id', $linkback, 1, 'ref', 'none', $morehtmlref);
+	dol_banner_tab($object, 'ref', $linkback, 1, 'ref', 'none', $morehtmlref);
 
 	print '<div class="fichecenter">';
 
 	print '<div class="underbanner clearboth"></div>';
 
-	$object->info($id);
+	$object->info($object->id);
 	dol_print_object_info($object, 1);
 
 	print '</div>';
@@ -254,7 +261,7 @@ if ($id > 0) {
 	if (!empty($conf->agenda->enabled) && (!empty($user->rights->agenda->myactions->read) || !empty($user->rights->agenda->allactions->read))) {
 		print '<br>';
 
-		$param = '&id='.$id;
+		$param = '&id='.$object->id;
 		if (!empty($contextpage) && $contextpage != $_SERVER["PHP_SELF"]) {
 			$param .= '&contextpage='.$contextpage;
 		}