diff --git a/htdocs/comm/action/peruser.php b/htdocs/comm/action/peruser.php
index 87def7240f5..ba631ba8c59 100644
--- a/htdocs/comm/action/peruser.php
+++ b/htdocs/comm/action/peruser.php
@@ -915,6 +915,10 @@ while ($currentdaytoshow < $lastdaytoshow) {
 		if ($usergroup > 0)	{
 			$sql .= " AND ug.fk_usergroup = ".((int) $usergroup);
 		}
+		if ($user->socid > 0) {
+			// External users should see only contacts of their company
+			$sql .= " AND u.fk_soc = ".((int) $user->socid);
+		}
 
 		//print $sql;
 		$resql = $db->query($sql);
diff --git a/htdocs/comm/index.php b/htdocs/comm/index.php
index a57c7232885..167005cf2f4 100644
--- a/htdocs/comm/index.php
+++ b/htdocs/comm/index.php
@@ -60,19 +60,11 @@ if (isset($user->socid) && $user->socid > 0) {
 	$socid = $user->socid;
 }
 
+restrictedArea($user, 'societe', $socid, '&societe', '', 'fk_soc', 'rowid', 0);
+
 $max = $conf->global->MAIN_SIZE_SHORTLIST_LIMIT;
 $now = dol_now();
 
-// Security check
-$socid = GETPOST("socid", 'int');
-if ($user->socid > 0) {
-	$action = '';
-	$id = $user->socid;
-} else {
-	$id = 0;
-}
-restrictedArea($user, 'societe', $id, '&societe', '', 'fk_soc', 'rowid', 0);
-
 $maxofloop = (empty($conf->global->MAIN_MAXLIST_OVERLOAD) ? 500 : $conf->global->MAIN_MAXLIST_OVERLOAD);