diff --git a/src/ninegate-1.0/src/Cadoles/CoreBundle/Controller/FileController.php b/src/ninegate-1.0/src/Cadoles/CoreBundle/Controller/FileController.php
index 225aa24c..a8c118ac 100644
--- a/src/ninegate-1.0/src/Cadoles/CoreBundle/Controller/FileController.php
+++ b/src/ninegate-1.0/src/Cadoles/CoreBundle/Controller/FileController.php
@@ -526,13 +526,15 @@ class FileController extends Controller
 
         $output=array();
         $directory=$request->request->get('directory');
+        
 
         // Récupération du répertoire source et le nom du fichier
         $racine=$this->get('kernel')->getRootDir()."/../uploads/file";
-        $dirsource  =$request->request->get('dirsource');
-        $namesource =$request->request->get('namesource');
-        $dirdestination  =$request->request->get('dirdestination');
-        $namedestination =$request->request->get('namedestination');
+        $directory = $request->request->get('directory');
+        $dirsource = $request->request->get('dirsource');
+        $namesource = $request->request->get('namesource');
+        $dirdestination = $request->request->get('dirdestination');
+        $namedestination = $request->request->get('namedestination');
 
 
         $canupdate =$this->getPermission($access,$directory);
@@ -541,8 +543,19 @@ class FileController extends Controller
         $fs = new Filesystem();
 
         // Déplacer le fichier
-        $urlsource=$racine."/".$dirsource."/".$namesource;
-        $urldestination=$racine."/".$dirdestination."/".$namedestination;
+        $urlsource=str_replace("//","/",$racine."/".$dirsource."/".$namesource);
+        $urldestination=str_replace("//","/",$racine."/".$dirdestination."/".$namedestination);
+
+        // Controle de cohérance du déplacement
+        $fgerror=false;
+        if(empty($racine)) $fgerror=true;
+        if(empty($dirsource)) $fgerror=true;
+        if(empty($directory)) $fgerror=true;
+        if($urlsource==$urldestination) $fgerror=true;
+        if(stripos($urldestination,$urlsource)!==false) $fgerror=true;
+        if($fgerror) return new JsonResponse(array('message' => 'Interdit'), 400);
+
+
         if($fs->exists($urlsource)) {
             if(is_dir($urlsource)) {
                 $fs->mirror($urlsource,$urldestination);
diff --git a/src/ninegate-1.0/src/Cadoles/CoreBundle/Resources/views/File/list.html.twig b/src/ninegate-1.0/src/Cadoles/CoreBundle/Resources/views/File/list.html.twig
index 18c51164..d3fae96d 100644
--- a/src/ninegate-1.0/src/Cadoles/CoreBundle/Resources/views/File/list.html.twig
+++ b/src/ninegate-1.0/src/Cadoles/CoreBundle/Resources/views/File/list.html.twig
@@ -291,6 +291,7 @@
         });
 
         
+        {% if canupdate and not fgtrash %}
         $('.file').on('dragstart', function (s) {
             dirsource=$(this).data("dir");
             namesource=$(this).data("name");
@@ -313,11 +314,17 @@
                 dirdestination=$(this).data("dir")+"/"+$(this).data("name");
                 namedestination=namesource;
                 
-                // Si la source est la meme que la destination on ne fait rien
-                if(dirdestination+"/"+namedestination==dirsource+"/"+namesource) return false;
+                urlsource=dirsource+"/"+namesource;
+                urlsource=urlsource.replace("//","/");
+                urldestination=dirdestination+"/"+namedestination;
+                urldestination=urldestination.replace("//","/");
+
+                // Si la source est la meme que la destination on ne fait rien
+                if(urlsource==urldestination) return false;
+
+                // Si la source est dans la destination on ne fait rien
+                //if(urldestination.includes(urlsource)) return false;
 
-                console.log(dirsource+"/"+namesource);
-                console.log(dirdestination+"/"+namedestination);
                 // On déplace l'element
                 $.ajax({
                     method: "POST",
@@ -336,11 +343,9 @@
                     }            
                 });  
 
-
-
                 return false;
         });
-
+        {% endif %}
                         
         
     });
@@ -366,6 +371,7 @@
         }
     }
 
+    {% if canupdate %}
     // Trasher un fichier 
     function trashFile(directory,subdirectory,filename) {
         var r = confirm("Confirmez-vous la mise à la poubelle de ce fichier ? Vous pourrez le récupèrer si besoin.");
@@ -422,6 +428,7 @@
             });        
         }
     }
+    {% endif %}
 
 
     // Affichage des frames associés aux items de bureau
diff --git a/src/ninegate-1.0/src/Cadoles/PortalBundle/Controller/PagewidgetController.php b/src/ninegate-1.0/src/Cadoles/PortalBundle/Controller/PagewidgetController.php
index dfb3b7c6..070709a0 100644
--- a/src/ninegate-1.0/src/Cadoles/PortalBundle/Controller/PagewidgetController.php
+++ b/src/ninegate-1.0/src/Cadoles/PortalBundle/Controller/PagewidgetController.php
@@ -651,7 +651,7 @@ class PagewidgetController extends Controller
             'items'         => $itemsordered,
             'bookmarks'     => $bookmarks,        
         ]);
-    } 
+    }  
 
     public function viewalertAction(Request $request,$id,$access="config") {
         // Récupération de la requete