diff --git a/htdocs/ecm/file_card.php b/htdocs/ecm/file_card.php
index 5ca1667ac9f..209b3dceff2 100644
--- a/htdocs/ecm/file_card.php
+++ b/htdocs/ecm/file_card.php
@@ -67,7 +67,7 @@ if (!$section) {
 	dol_print_error('', 'Error, section parameter missing');
 	exit;
 }
-$urlfile = (string) dol_sanitizePathName(GETPOST("urlfile"));
+$urlfile = (string) dol_sanitizePathName(GETPOST("urlfile"), '_', 0);
 if (!$urlfile) {
 	dol_print_error('', "ErrorParamNotDefined");
 	exit;
@@ -131,7 +131,7 @@ if ($action == 'update' && $permtoadd) {
 	$error = 0;
 
 	$oldlabel = GETPOST('urlfile', 'alpha');
-	$newlabel = dol_sanitizeFileName(GETPOST('label', 'alpha'));
+	$newlabel = dol_sanitizeFileName(GETPOST('label', 'alpha'), '_', 0);
 	$shareenabled = GETPOST('shareenabled', 'alpha');
 
 	//$db->begin();