diff --git a/htdocs/document.php b/htdocs/document.php
index 2b37792d69a..ccd404f7315 100644
--- a/htdocs/document.php
+++ b/htdocs/document.php
@@ -156,12 +156,13 @@ if (isset($_GET["attachment"])) $attachment = GETPOST("attachment", 'alpha')?tru
 if (! empty($conf->global->MAIN_DISABLE_FORCE_SAVEAS)) $attachment=false;
 
 // Define mime type
-$type = 'application/octet-stream';
+$type = 'application/octet-stream';	// By default
 if (GETPOST('type', 'alpha')) $type=GETPOST('type', 'alpha');
 else $type=dol_mimetype($original_file);
-// Security: Force to octet-stream if file is a dangerous file
-if (preg_match('/\.noexe$/i', $original_file)) $type = 'application/octet-stream';
-
+// Security: Force to octet-stream if file is a dangerous file. For example when it is a .noexe file
+if (!dolIsAllowedForPreview($original_file)) {
+	$type = 'application/octet-stream';
+}
 // Security: Delete string ../ into $original_file
 $original_file = str_replace("../", "/", $original_file);
 
diff --git a/htdocs/ecm/file_card.php b/htdocs/ecm/file_card.php
index d6e7b51912f..65049c48723 100644
--- a/htdocs/ecm/file_card.php
+++ b/htdocs/ecm/file_card.php
@@ -127,7 +127,7 @@ if ($action == 'update')
 
     $oldlabel=GETPOST('urlfile', 'alpha');
     $newlabel=GETPOST('label', 'alpha');
-	$shareenabled = dol_sanitizeFileName(GETPOST('label', 'alpha'));
+	$shareenabled = dol_sanitizeFileName(GETPOST('shareenabled', 'alpha'));
 
     //$db->begin();