diff --git a/htdocs/contact/note.php b/htdocs/contact/note.php
index 6ced85a5735..7c722d31211 100644
--- a/htdocs/contact/note.php
+++ b/htdocs/contact/note.php
@@ -34,18 +34,22 @@ $action = GETPOST('action', 'aZ09');
 // Load translation files required by the page
 $langs->load("companies");
 
-// Security check
 $id = GETPOST('id', 'int');
-//if ($user->socid) {
-//	$id = $user->socid;
-//}
-$result = restrictedArea($user, 'contact', $id, 'socpeople&societe');
 
 $object = new Contact($db);
 if ($id > 0) {
 	$object->fetch($id);
 }
 
+// Security check
+if ($user->socid > 0) {
+	if ($object->fk_soc > 0 && $object->fk_soc != $user->socid) {
+		accessforbidden();
+	}
+}
+$result = restrictedArea($user, 'contact', $id, 'socpeople&societe');
+
+
 $permissionnote = $user->rights->societe->creer; // Used by the include of actions_setnotes.inc.php
 
 // Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context