diff --git a/htdocs/core/class/html.formfile.class.php b/htdocs/core/class/html.formfile.class.php
index 53e19a560f0..4bb772865c3 100644
--- a/htdocs/core/class/html.formfile.class.php
+++ b/htdocs/core/class/html.formfile.class.php
@@ -1259,7 +1259,8 @@ class FormFile
 					}
 					else
 					{
-						print dol_trunc($file['name'], 200);
+						$filenametoshow = preg_replace('/\.noexe$/', '', $file['name']);
+						print dol_escape_htmltag(dol_trunc($filenametoshow, 200));
 						print '</a>';
 					}
 					// Preview link
diff --git a/htdocs/ecm/file_card.php b/htdocs/ecm/file_card.php
index 4eebb2d36b3..65049c48723 100644
--- a/htdocs/ecm/file_card.php
+++ b/htdocs/ecm/file_card.php
@@ -1,5 +1,5 @@
 <?php
-/* Copyright (C) 2008-2017 Laurent Destailleur  <eldy@users.sourceforge.net>
+/* Copyright (C) 2008-2020 Laurent Destailleur  <eldy@users.sourceforge.net>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -127,7 +127,7 @@ if ($action == 'update')
 
     $oldlabel=GETPOST('urlfile', 'alpha');
     $newlabel=GETPOST('label', 'alpha');
-	$shareenabled = GETPOST('shareenabled', 'alpha');
+	$shareenabled = dol_sanitizeFileName(GETPOST('shareenabled', 'alpha'));
 
     //$db->begin();