From 50ccd29623becd216f313bbea292ed7c0dc56d5c Mon Sep 17 00:00:00 2001
From: Apichart F <zaniasoft@gmail.com>
Date: Fri, 27 May 2022 12:36:25 +0700
Subject: [PATCH] Fix advanced search issue for read-only user (#785)

$_POST['type']=="search" not reachable if FM_READONLY is true
---
 tinyfilemanager.php | 18 ++++++++++--------
 1 file changed, 10 insertions(+), 8 deletions(-)

diff --git a/tinyfilemanager.php b/tinyfilemanager.php
index e381652..1dbad3d 100644
--- a/tinyfilemanager.php
+++ b/tinyfilemanager.php
@@ -456,14 +456,6 @@ if (isset($_POST['ajax']) && !FM_READONLY) {
         die(true);
     }
 
-    //search : get list of files from the current folder
-    if(isset($_POST['type']) && $_POST['type']=="search") {
-        $dir = FM_ROOT_PATH;
-        $response = scan(fm_clean_path($_POST['path']), $_POST['content']);
-        echo json_encode($response);
-        exit();
-    }
-
     // backup files
     if (isset($_POST['type']) && $_POST['type'] == "backup" && !empty($_POST['file'])) {
         $fileName = $_POST['file'];
@@ -632,6 +624,16 @@ if (isset($_POST['ajax']) && !FM_READONLY) {
     exit();
 }
 
+if (isset($_POST['ajax'])) {
+    //search : get list of files from the current folder
+    if(isset($_POST['type']) && $_POST['type']=="search") {
+        $dir = FM_ROOT_PATH;
+        $response = scan(fm_clean_path($_POST['path']), $_POST['content']);
+        echo json_encode($response);
+        exit();
+    }
+}
+
 // Delete file / folder
 if (isset($_GET['del']) && !FM_READONLY) {
     $del = str_replace( '/', '', fm_clean_path( $_GET['del'] ) );