mirror/php-tinyfilemanager
1
0
Fork 0
mirror of https://github.com/prasathmani/tinyfilemanager.git synced 2025-07-09 11:26:25 +02:00
Code Issues Releases Wiki Activity

Fixes ajax ability to handle requests when auth disabled (#952)

Browse Source
This commit is contained in:
Dmitry Efremov
2023-01-24 18:53:45 -08:00
committed by GitHub
parent 9c4d30d7b5
commit dd1ba6795c
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
tinyfilemanager.php
View File

@ -423,7 +423,7 @@ unset($p, $use_auth, $iconv_input_encoding, $use_highlightjs, $highlightjs_style
/*************************** ACTIONS ***************************/
// Handle all AJAX Request
if (isset($_SESSION[FM_SESSION_ID]['logged'], $auth_users[$_SESSION[FM_SESSION_ID]['logged']]) && isset($_POST['ajax'], $_POST['token']) && !FM_READONLY) {
if ((isset($_SESSION[FM_SESSION_ID]['logged'], $auth_users[$_SESSION[FM_SESSION_ID]['logged']]) || !FM_USE_AUTH) && isset($_POST['ajax'], $_POST['token']) && !FM_READONLY) {
if(!verifyToken($_POST['token'])) {
header('HTTP/1.0 401 Unauthorized');
die("Invalid Token.");