diff --git a/htdocs/core/filemanagerdol/browser/default/frmupload.php b/htdocs/core/filemanagerdol/browser/default/frmupload.php
index c82581cc51c..7ab5ee3bffa 100644
--- a/htdocs/core/filemanagerdol/browser/default/frmupload.php
+++ b/htdocs/core/filemanagerdol/browser/default/frmupload.php
@@ -65,6 +65,7 @@ function SetCurrentFolder( resourceType, folderPath )
 
 function OnSubmit()
 {
+	console.log("Click on OnSubmit");
 	if ( document.getElementById('NewFile').value.length == 0 )
 	{
 		alert( 'Please select a file from your computer' );
@@ -80,6 +81,8 @@ function OnSubmit()
 
 function OnUploadCompleted( errorNumber, data )
 {
+	console.log("errorNumber = "+errorNumber);
+
 	// Reset the Upload Worker Frame.
 	window.parent.frames['frmUploadWorker'].location = 'javascript:void(0)' ;
 
@@ -106,7 +109,7 @@ function OnUploadCompleted( errorNumber, data )
 			alert( 'A file with the same name is already available. The uploaded file has been renamed to "' + data + '"' );
 			break;
 		case 202:
-			alert( 'Invalid file' );
+			alert( 'Invalid file (Bad extension)' );
 			break;
 		default:
 			alert( 'Error on file upload. Error number: ' + errorNumber );
diff --git a/htdocs/core/filemanagerdol/connectors/php/commands.php b/htdocs/core/filemanagerdol/connectors/php/commands.php
index b4fb1224f4c..6db2c3c1b25 100644
--- a/htdocs/core/filemanagerdol/connectors/php/commands.php
+++ b/htdocs/core/filemanagerdol/connectors/php/commands.php
@@ -203,12 +203,17 @@ function FileUpload($resourceType, $currentFolder, $sCommand, $CKEcallback = '')
 
 		$oFile = isset($_FILES['NewFile']) ? $_FILES['NewFile'] : $_FILES['upload'];
 
+		// $resourceType should be 'Image';
+		$detectHtml = 0;
+
 		// Map the virtual path to the local server path.
 		$sServerDir = ServerMapFolder($resourceType, $currentFolder, $sCommand);
 
 		// Get the uploaded file name.
 		$sFileName = $oFile['name'];
-		$sFileName = SanitizeFileName($sFileName);
+
+		//$sFileName = SanitizeFileName($sFileName);
+		$sFileName = dol_sanitizeFileName($sFileName);
 
 		$sOriginalFileName = $sFileName;
 
@@ -216,6 +221,8 @@ function FileUpload($resourceType, $currentFolder, $sCommand, $CKEcallback = '')
 		$sExtension = substr($sFileName, (strrpos($sFileName, '.') + 1));
 		$sExtension = strtolower($sExtension);
 
+		//var_dump($Config);
+		/*
 		if (isset($Config['SecureImageUploads'])) {
 			if (($isImageValid = IsImageValid($oFile['tmp_name'], $sExtension)) === false) {
 				$sErrorNumber = '202';
@@ -228,6 +235,14 @@ function FileUpload($resourceType, $currentFolder, $sCommand, $CKEcallback = '')
 				$sErrorNumber = '202';
 			}
 		}
+		*/
+
+		include_once DOL_DOCUMENT_ROOT.'/core/lib/images.lib.php';
+		$isImageValid = image_format_supported($sFileName) > 0 ? true : false;
+		if (!$isImageValid) {
+			$sErrorNumber = '202';
+		}
+
 
 		// Check if it is an allowed extension.
 		if (!$sErrorNumber && IsAllowedExt($sExtension, $resourceType)) {
@@ -241,7 +256,8 @@ function FileUpload($resourceType, $currentFolder, $sCommand, $CKEcallback = '')
 					$sFileName = RemoveExtension($sOriginalFileName).'('.$iCounter.').'.$sExtension;
 					$sErrorNumber = '201';
 				} else {
-					move_uploaded_file($oFile['tmp_name'], $sFilePath);
+					include_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
+					dol_move_uploaded_file($oFile['tmp_name'], $sFilePath, 0, 0);
 
 					if (is_file($sFilePath)) {
 						if (isset($Config['ChmodOnUpload']) && !$Config['ChmodOnUpload']) {
diff --git a/htdocs/core/filemanagerdol/connectors/php/io.php b/htdocs/core/filemanagerdol/connectors/php/io.php
index c9fce179799..ba027727db3 100644
--- a/htdocs/core/filemanagerdol/connectors/php/io.php
+++ b/htdocs/core/filemanagerdol/connectors/php/io.php
@@ -408,7 +408,8 @@ EOF;
 	}
 
 	$rpl = array('\\' => '\\\\', '"' => '\\"');
-	echo 'window.parent.OnUploadCompleted('.$errorNumber.',"'.strtr($fileUrl, $rpl).'","'.strtr($fileName, $rpl).'", "'.strtr($customMsg, $rpl).'");';
+	echo 'console.log('.$errorNumber.');';
+	echo 'window.parent.OnUploadCompleted('.$errorNumber.', "'.strtr($fileUrl, $rpl).'", "'.strtr($fileName, $rpl).'", "'.strtr($customMsg, $rpl).'");';
 	echo '</script>';
 	exit;
 }
diff --git a/htdocs/core/filemanagerdol/connectors/php/upload.php b/htdocs/core/filemanagerdol/connectors/php/upload.php
index bd9b9218155..b9296d68bcf 100644
--- a/htdocs/core/filemanagerdol/connectors/php/upload.php
+++ b/htdocs/core/filemanagerdol/connectors/php/upload.php
@@ -22,11 +22,12 @@
  * This is the "File Uploader" for PHP.
  */
 
-require 'config.php';
+require 'config.php';	// This include the main.inc.php
 require 'util.php';
 require 'io.php';
 require 'commands.php';
 
+
 /**
  * SendError
  *
@@ -63,6 +64,7 @@ if (!IsAllowedType($sType)) {
 }
 
 
+
 // @CHANGE
 //FileUpload( $sType, $sCurrentFolder, $sCommand )