diff --git a/htdocs/core/lib/security.lib.php b/htdocs/core/lib/security.lib.php
index 414d2c25709..54567b0bc66 100644
--- a/htdocs/core/lib/security.lib.php
+++ b/htdocs/core/lib/security.lib.php
@@ -90,7 +90,7 @@ function dol_hash($chain,$type=0)
  *	@param	User	$user      	  	User to check
  *	@param  string	$features	    Features to check (in most cases, it's module name. Examples: 'societe', 'contact', 'produit|service', ...)
  *	@param  int		$objectid      	Object ID if we want to check permission on a particular record (optionnal)
- *	@param  string	$dbtablename    Table name where object is stored. Not used if objectid is null (optionnal)
+ *	@param  string	$dbtablename    'TableName&SharedElement' with Tablename is table where object is stored, SharedElement is key to define where to check entity. Not used if objectid is null (optionnal)
  *	@param  string	$feature2		Feature to check, second level of permission (optionnal)
  *  @param  string	$dbt_keyfield   Field name for socid foreign key if not fk_soc (optionnal)
  *  @param  string	$dbt_select     Field name for select if not rowid (optionnal)
diff --git a/htdocs/user/clicktodial.php b/htdocs/user/clicktodial.php
index eef8a16bc7a..797a1950d86 100644
--- a/htdocs/user/clicktodial.php
+++ b/htdocs/user/clicktodial.php
@@ -34,11 +34,12 @@ $id=GETPOST('id','int');
 $socid=0;
 if ($user->societe_id > 0) $socid = $user->societe_id;
 $feature2 = (($socid && $user->rights->user->self->creer)?'':'user');
-if ($user->id == $_GET["id"])	// A user can always read its own card
+if ($user->id == $id)	// A user can always read its own card
 {
 	$feature2='';
 }
-$result = restrictedArea($user, 'user', $_GET["id"], '', $feature2);
+$result = restrictedArea($user, $feature, $id, '&user', $feature2);
+
 
 /*
  * Actions