diff --git a/htdocs/core/tpl/filemanager.tpl.php b/htdocs/core/tpl/filemanager.tpl.php
index 592c3283a1b..95ab58e4132 100644
--- a/htdocs/core/tpl/filemanager.tpl.php
+++ b/htdocs/core/tpl/filemanager.tpl.php
@@ -72,43 +72,55 @@ print '<div class="inline-block toolbarbutton centpercent">';
 // Toolbar
 if ($permtoadd) {
 	$websitekeyandpageid = (!empty($websitekey) ? '&website='.$websitekey : '').(!empty($pageid) ? '&pageid='.$pageid : '');
-	print '<a href="'.DOL_URL_ROOT.'/ecm/dir_add_card.php?action=create&module='.urlencode($module).$websitekeyandpageid.'&backtopage='.urlencode($_SERVER["PHP_SELF"].'?file_manager=1'.$websitekeyandpageid).'" class="inline-block valignmiddle toolbarbutton paddingtop" title="'.dol_escape_htmltag($langs->trans('ECMAddSection')).'">';
+	print '<a id="acreatedir" href="'.DOL_URL_ROOT.'/ecm/dir_add_card.php?action=create&module='.urlencode($module).$websitekeyandpageid.'&backtopage='.urlencode($_SERVER["PHP_SELF"].'?file_manager=1'.$websitekeyandpageid).'" class="inline-block valignmiddle toolbarbutton paddingtop" title="'.dol_escape_htmltag($langs->trans('ECMAddSection')).'">';
 	print img_picto('', 'folder-plus', '', false, 0, 0, '', 'size15x marginrightonly');
 	print '</a>';
 } else {
-	print '<a href="#" class="inline-block valignmiddle toolbarbutton paddingtop" title="'.$langs->trans("NotAllowed").'">';
+	print '<a id="acreatedir" href="#" class="inline-block valignmiddle toolbarbutton paddingtop" title="'.$langs->trans("NotAllowed").'">';
 	print img_picto('', 'folder-plus', 'disabled', false, 0, 0, '', 'size15x marginrightonly');
 	print '</a>';
 }
 if ($module == 'ecm') {
 	$tmpurl = ((!empty($conf->use_javascript_ajax) && empty($conf->global->MAIN_ECM_DISABLE_JS)) ? '#' : ($_SERVER["PHP_SELF"].'?action=refreshmanual'.($module ? '&amp;module='.$module : '').($section ? '&amp;section='.$section : '')));
-	print '<a href="'.$tmpurl.'" class="inline-block valignmiddle toolbarbutton paddingtop" title="'.dol_escape_htmltag($langs->trans('ReSyncListOfDir')).'">';
+	print '<a id="arefreshbutton" href="'.$tmpurl.'" class="inline-block valignmiddle toolbarbutton paddingtop" title="'.dol_escape_htmltag($langs->trans('ReSyncListOfDir')).'">';
 	print img_picto('', 'refresh', 'id="refreshbutton"', false, 0, 0, '', 'size15x marginrightonly');
 	print '</a>';
 }
 if ($permtoadd && GETPOSTISSET('website')) {	// If on file manager to manage medias of a web site
-	print '<a id="generateimgwebp" href="'.$_SERVER["PHP_SELF"].'?action=confirmconvertimgwebp&website='.$website->ref.'" class="inline-block valignmiddle toolbarbutton paddingtop" title="'.dol_escape_htmltag($langs->trans("GenerateImgWebp")).'">';
-	print img_picto('', 'images', '', false, 0, 0, '', 'size15x flip marginrightonly');
-	print '</a>';
-}
-if ($permtoadd && $module == 'ecm') {	// If on file manager medias in ecm
-	print '<a id="generateimgwebp" href="'.$_SERVER["PHP_SELF"].'?action=confirmconvertimgwebp" class="inline-block valignmiddle toolbarbutton paddingtop" title="'.dol_escape_htmltag($langs->trans("GenerateImgWebp")).'">';
+	print '<a id="agenerateimgwebp" href="'.$_SERVER["PHP_SELF"].'?action=confirmconvertimgwebp&website='.$website->ref.'" class="inline-block valignmiddle toolbarbutton paddingtop" title="'.dol_escape_htmltag($langs->trans("GenerateImgWebp")).'">';
+	print img_picto('', 'images', '', false, 0, 0, '', 'size15x flip marginrightonly');
+	print '</a>';
+} elseif ($permtoadd && $module == 'ecm') {	// If on file manager medias in ecm
+	print '<a id="agenerateimgwebp" href="'.$_SERVER["PHP_SELF"].'?action=confirmconvertimgwebp" class="inline-block valignmiddle toolbarbutton paddingtop" title="'.dol_escape_htmltag($langs->trans("GenerateImgWebp")).'">';
 	print img_picto('', 'images', '', false, 0, 0, '', 'size15x flip marginrightonly');
 	print '</a>';
 }
+
 print "<script>
-$(\"#generateimgwebp\").on(\"click\",function(){
+$('#acreatedir').on('click', function() {
 	try{
-		console.log(\"We click to generate webp image, we set current dir into hidden vars\");
-		section_dir = $(\".directory.expanded\")[$(\".directory.expanded\").length-1].children[0].rel
-		section=$(\".directory.expanded\")[$(\".directory.expanded\").length-1].children[0].id.split('_')[2]
-	}catch{
-		section_dir = '/'
-		section=0
+		section_dir = $('.directory.expanded')[$('.directory.expanded').length-1].children[0].rel;
+		section = $('.directory.expanded')[$('.directory.expanded').length-1].children[0].id.split('_')[2];
+	} catch{
+		section_dir = '/';
+		section = 0;
 	}
-	console.log(\"We add hiden vars in href of button to create webp \");
-	$(\"#generateimgwebp\").attr(\"href\",$(\"#generateimgwebp\").attr(\"href\")+'&section_dir='+section_dir+'&section='+section)
-  })
+	console.log('We click to create a new directory, we set current section_dir='+section_dir+' into href url of button acreatedir');
+	$('#acreatedir').attr('href', $('#acreatedir').attr('href')+'&section_dir='+encodeURI(section_dir)+'&section='+encodeURI(section));
+	console.log($('#acreatedir').attr('href'));
+});
+$('#agenerateimgwebp').on('click', function() {
+	try{
+		section_dir = $('.directory.expanded')[$('.directory.expanded').length-1].children[0].rel;
+		section = $('.directory.expanded')[$('.directory.expanded').length-1].children[0].id.split('_')[2];
+	} catch{
+		section_dir = '/';
+		section = 0;
+	}
+	console.log('We click to generate webp image, we set current section_dir='+section_dir+' into href url of button agenerateimgwebp');
+	$('#agenerateimgwebp').attr('href', $('#agenerateimgwebp').attr('href')+'&section_dir='+encodeURI(section_dir)+'&section='+encodeURI(section));
+	console.log($('#agenerateimgwebp').attr('href'));
+});
 </script>";
 
 // Start "Add new file" area
@@ -157,6 +169,7 @@ if ($action == 'delete_section') {
 }
 // End confirm
 
+// Ask confirmation to build webp images
 if ($action == 'confirmconvertimgwebp') {
 	$section_dir=GETPOST('section_dir', 'alpha');
 	$section=GETPOST('section', 'alpha');
@@ -170,9 +183,10 @@ if ($action == 'confirmconvertimgwebp') {
 	$action = 'file_manager';
 }
 
+// Duplicate images into .webp
 if ($action == 'convertimgwebp' && $permtoadd) {
 	if ($module == 'medias') {
-		$imagefolder = $conf->website->dir_output.'/'.$websitekey.'/medias/'.dol_sanitizeFileName(GETPOST('section_dir', 'alpha'));
+		$imagefolder = $conf->website->dir_output.'/'.$websitekey.'/medias/'.dol_sanitizePathName(GETPOST('section_dir', 'alpha'));
 	} else {
 		$imagefolder = $conf->ecm->dir_output.'/'.dol_sanitizePathName(GETPOST('section_dir', 'alpha'));
 	}
diff --git a/htdocs/ecm/dir_add_card.php b/htdocs/ecm/dir_add_card.php
index f5140cf296a..4cf557acde6 100644
--- a/htdocs/ecm/dir_add_card.php
+++ b/htdocs/ecm/dir_add_card.php
@@ -23,6 +23,8 @@
  *	\brief		Main page for ECM section area
  */
 
+if (! defined('DISABLE_JS_GRAHP')) define('DISABLE_JS_GRAPH', 1);
+
 require '../main.inc.php';
 require_once DOL_DOCUMENT_ROOT.'/core/class/html.formfile.class.php';
 require_once DOL_DOCUMENT_ROOT.'/ecm/class/htmlecm.form.class.php';
@@ -124,7 +126,7 @@ if ($action == 'add' && $permtoadd) {
 	}
 
 	$ref = (string) GETPOST("ref", 'alpha');
-	$label = (string) GETPOST("label", 'alpha');
+	$label = dol_sanitizeFileName(GETPOST("label", 'alpha'));
 	$desc = (string) GETPOST("desc", 'alpha');
 	$catParent = GETPOST("catParent", 'alpha'); // Can be an int (with ECM) or a string (with generic filemanager)
 	if ($catParent == '-1') {
@@ -153,8 +155,7 @@ if ($action == 'add' && $permtoadd) {
 				setEventMessages($ecmdir->error, $ecmdir->errors, 'errors');
 				$action = 'create';
 			}
-		} else // For example $module == 'medias'
-		{
+		} else { // For example $module == 'medias'
 			$dirfornewdir = '';
 			if ($module == 'medias') {
 				$dirfornewdir = $conf->medias->multidir_output[$conf->entity];
@@ -168,6 +169,7 @@ if ($action == 'add' && $permtoadd) {
 				$fullpathofdir = $dirfornewdir.'/'.($catParent ? $catParent.'/' : '').$label;
 				$result = dol_mkdir($fullpathofdir, DOL_DATA_ROOT);
 				if ($result < 0) {
+					$langs->load("errors");
 					setEventMessages($langs->trans('ErrorFailToCreateDir', $label), null, 'errors');
 					$error++;
 				} else {
diff --git a/htdocs/ecm/tpl/enablefiletreeajax.tpl.php b/htdocs/ecm/tpl/enablefiletreeajax.tpl.php
index b1be94524cf..17c185426c0 100644
--- a/htdocs/ecm/tpl/enablefiletreeajax.tpl.php
+++ b/htdocs/ecm/tpl/enablefiletreeajax.tpl.php
@@ -62,7 +62,7 @@ $(document).ready(function() {
 			id=elem.attr('id').substr(12);	// We get id that is 'fmdirlia_id_xxx' (id we want is xxx)
 			rel=elem.attr('rel')
 			console.log("We click on a dir, we call the ajaxdirtree.php with modulepart=<?php echo $module; ?>, param=<?php echo $paramwithoutsection; ?>");
-			console.log("We also save dir name or id into <?php echo $nameforformuserfile ?>_section_... with name section_... id="+id+" rel="+rel);
+			console.log("We also save id and dir name into <?php echo $nameforformuserfile ?>_section_id|dir (vars into form to attach new file in filemanager.tpl.php) with id="+id+" and rel="+rel);
 			jQuery("#<?php echo $nameforformuserfile ?>_section_dir").val(rel);
 			jQuery("#<?php echo $nameforformuserfile ?>_section_id").val(id);
 			jQuery("#section_dir").val(rel);
diff --git a/htdocs/langs/en_US/ecm.lang b/htdocs/langs/en_US/ecm.lang
index c4ea8018111..bc18bed4a29 100644
--- a/htdocs/langs/en_US/ecm.lang
+++ b/htdocs/langs/en_US/ecm.lang
@@ -42,6 +42,6 @@ ExtraFieldsEcmFiles=Extrafields Ecm Files
 ExtraFieldsEcmDirectories=Extrafields Ecm Directories
 ECMSetup=ECM Setup
 GenerateImgWebp=Duplicate all images with another version with .webp format
-ConfirmGenerateImgWebp=If you confirm, you will generate an image in .webp format for all images currently into this folder and its subfolder...
+ConfirmGenerateImgWebp=If you confirm, you will generate an image in .webp format for all images currently into this folder (subfolders are not included)...
 ConfirmImgWebpCreation=Confirm all images duplication
 SucessConvertImgWebp=Images successfully duplicated
diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php
index 0e13a072a39..4231160b64f 100644
--- a/htdocs/main.inc.php
+++ b/htdocs/main.inc.php
@@ -1579,7 +1579,7 @@ function top_htmlhead($head, $title = '', $disablejs = 0, $disablehead = 0, $arr
 				print '<script src="'.DOL_URL_ROOT.'/includes/jquery/plugins/jnotify/jquery.jnotify.min.js'.($ext ? '?'.$ext : '').'"></script>'."\n";
 			}
 			// Chart
-			if (empty($conf->global->MAIN_JS_GRAPH) || $conf->global->MAIN_JS_GRAPH == 'chart') {
+			if ((empty($conf->global->MAIN_JS_GRAPH) || $conf->global->MAIN_JS_GRAPH == 'chart') && !defined('DISABLE_JS_GRAPH')) {
 				print '<script src="'.DOL_URL_ROOT.'/includes/nnnick/chartjs/dist/Chart.min.js'.($ext ? '?'.$ext : '').'"></script>'."\n";
 			}
 
diff --git a/htdocs/website/index.php b/htdocs/website/index.php
index fe37cb68418..1a71a162cb6 100644
--- a/htdocs/website/index.php
+++ b/htdocs/website/index.php
@@ -26,6 +26,7 @@ define('NOSCANPOSTFORINJECTION', 1);
 define('NOSTYLECHECK', 1);
 define('USEDOLIBARREDITOR', 1);
 define('FORCE_CKEDITOR', 1); // We need CKEditor, even if module is off.
+if (!defined('DISABLE_JS_GRAHP')) define('DISABLE_JS_GRAPH', 1);
 
 //header('X-XSS-Protection:0');	// Disable XSS filtering protection of some browsers (note: use of Content-Security-Policy is more efficient). Disabled as deprecated.