From 40198871043b845524c3d46d30b2d9174beb92b3 Mon Sep 17 00:00:00 2001 From: Dmitry Efremov Date: Tue, 24 Jan 2023 10:43:46 -0800 Subject: [PATCH] Fixes ajax ability to handle requests when auth disabled --- tinyfilemanager.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tinyfilemanager.php b/tinyfilemanager.php index 33c980c..b3f6734 100644 --- a/tinyfilemanager.php +++ b/tinyfilemanager.php @@ -423,7 +423,7 @@ unset($p, $use_auth, $iconv_input_encoding, $use_highlightjs, $highlightjs_style /*************************** ACTIONS ***************************/ // Handle all AJAX Request -if (isset($_SESSION[FM_SESSION_ID]['logged'], $auth_users[$_SESSION[FM_SESSION_ID]['logged']]) && isset($_POST['ajax'], $_POST['token']) && !FM_READONLY) { +if ((isset($_SESSION[FM_SESSION_ID]['logged'], $auth_users[$_SESSION[FM_SESSION_ID]['logged']]) || !FM_USE_AUTH) && isset($_POST['ajax'], $_POST['token']) && !FM_READONLY) { if(!verifyToken($_POST['token'])) { header('HTTP/1.0 401 Unauthorized'); die("Invalid Token.");