diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php
index 2bd95197a2af3..d1423009c44a0 100644
--- a/htdocs/main.inc.php
+++ b/htdocs/main.inc.php
@@ -461,7 +461,7 @@ function analyseVarsForSqlAndScriptsInjection(&$var, $type)
 	// Array of action code where CSRFCHECK with token will be forced (so token must be provided on url request)
 	$arrayofactiontoforcetokencheck = array(
 	    'activate', 'add', 'addrights', 'addtimespent',
-	    'confirm_create_user', 'confirm_create_thirdparty', 'confirm_purge', 'confirm_reject_check', 'confirm_deletedir',
+	    'confirm_create_user', 'confirm_create_thirdparty', 'confirm_purge', 'confirm_reject_check', 'confirm_deletedir', 'confirm_deletefile',
 	    'delete', 'deletefilter', 'deleteoperation', 'deleteprof', 'deletepayment', 'delrights',
 	    'disable',
 	    'doprev', 'donext', 'dvprev', 'dvnext',