diff --git a/src/app/contentManagement/controllers/JnlpController.php b/src/app/contentManagement/controllers/JnlpController.php
index a1b4dfdf720168a890f7133a1855fcbe05c30f7e..ca618a18b2ab0a3bb40f15167db227277005f80c 100755
--- a/src/app/contentManagement/controllers/JnlpController.php
+++ b/src/app/contentManagement/controllers/JnlpController.php
@@ -215,6 +215,16 @@ class JnlpController
                 $extension = $explodeFile[count($explodeFile) - 1];
                 $newFileOnTmp = "tmp_file_{$GLOBALS['id']}_{$args['jnlpUniqueId']}.{$extension}";
 
+                $customId = CoreConfigModel::getCustomId();
+                if (!empty($customId) && is_dir("custom/{$customId}/modules/templates/templates/styles/")) {
+                    $stylesPath = "custom/{$customId}/modules/templates/templates/styles/";
+                } else {
+                    $stylesPath = 'modules/templates/templates/styles/';
+                }
+                if (strpos($queryParams['objectId'], $stylesPath) !== 0 || substr_count($queryParams['objectId'], '.') != 1) {
+                    return $response->withStatus(400)->withJson(['errors' => 'Template path is not valid']);
+                }
+
                 $pathToCopy = $queryParams['objectId'];
             } elseif ($queryParams['objectType'] == 'templateModification') {
                 $docserver = DocserverModel::getCurrentDocserver(['typeId' => 'TEMPLATES', 'collId' => 'templates', 'select' => ['path_template']]);
diff --git a/src/app/contentManagement/controllers/OnlyOfficeController.php b/src/app/contentManagement/controllers/OnlyOfficeController.php
index c3c306be96ef9eb082b70b70ca497c18f6dd90d2..86292e602e585ba9a58399251d091c7b54d03fa9 100644
--- a/src/app/contentManagement/controllers/OnlyOfficeController.php
+++ b/src/app/contentManagement/controllers/OnlyOfficeController.php
@@ -59,6 +59,16 @@ class OnlyOfficeController
         }
 
         if ($body['objectType'] == 'templateCreation') {
+            $customId = CoreConfigModel::getCustomId();
+            if (!empty($customId) && is_dir("custom/{$customId}/modules/templates/templates/styles/")) {
+                $stylesPath = "custom/{$customId}/modules/templates/templates/styles/";
+            } else {
+                $stylesPath = 'modules/templates/templates/styles/';
+            }
+            if (strpos($body['objectId'], $stylesPath) !== 0 || substr_count($body['objectId'], '.') != 1) {
+                return $response->withStatus(400)->withJson(['errors' => 'Template path is not valid']);
+            }
+
             $path = $body['objectId'];
             $fileContent = file_get_contents($path);
         } elseif ($body['objectType'] == 'templateModification') {
diff --git a/src/app/convert/controllers/ConvertPdfController.php b/src/app/convert/controllers/ConvertPdfController.php
index cdcf932e6c2c3f82e682ccd2490925114f3a3f85..3384a9c0a819b3988738347e356bafdfc91ee3b4 100755
--- a/src/app/convert/controllers/ConvertPdfController.php
+++ b/src/app/convert/controllers/ConvertPdfController.php
@@ -166,7 +166,9 @@ class ConvertPdfController
             return ['errors' => '[ConvertPdf]  Conversion failed ! '. implode(" ", $convertedFile['output'])];
         }
 
-        unlink("{$tmpPath}{$tmpFilename}");
+        if (is_file("{$tmpPath}{$tmpFilename}.{$aArgs['extension']}")) {
+            unlink("{$tmpPath}{$tmpFilename}.{$aArgs['extension']}");
+        }
 
         $resource = file_get_contents("{$tmpPath}{$tmpFilename}.pdf");