diff --git a/CHANGELOG b/CHANGELOG
index 220129333..7723361a7 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -347,6 +347,8 @@
 - add endpoints to rest api for setting comment and name of folder
 - initial support for installation from git
 - memcached support can be configured (still rarely used)
+- fix folder parameter passed to hook 'folderRowAction'
+- require unrestricted access on document/folder for deletion by rest api
 
 --------------------------------------------------------------------------------
                      Changes in version 5.1.41
diff --git a/composer-dist.json b/composer-dist.json
index eb0c5fc52..8d63f2f38 100644
--- a/composer-dist.json
+++ b/composer-dist.json
@@ -16,7 +16,7 @@
         }
     },
     "require": {
-        "pear/http_request2": "2.5.0",
+        "pear/http_request2": "^2",
         "robthree/twofactorauth": "^3.0",
         "php-mime-mail-parser/php-mime-mail-parser": "*",
         "slim/slim": "^4.0",
@@ -37,7 +37,7 @@
         "alecrabbit/php-console-colour": "*",
         "zf1/zend-search-lucene": "*",
         "symfony/http-foundation": "^5.4",
-        "php-di/php-di": "^6.4",
+        "php-di/php-di": "^7",
         "hfig/mapi": "*",
         "slim/psr7": "^1.7",
         "chillerlan/php-qrcode": "^5.0",
diff --git a/composer.json b/composer.json
index 697d4fc38..61d29fb83 100644
--- a/composer.json
+++ b/composer.json
@@ -22,7 +22,7 @@
     "require": {
         "php": ">=8.2.0",
         "phing/phing": "3.*",
-        "pear/http_request2": "2.5.0",
+        "pear/http_request2": "^2",
         "robthree/twofactorauth": "^3.0",
         "php-mime-mail-parser/php-mime-mail-parser": "*",
         "slim/slim": "^4.0",
@@ -43,7 +43,7 @@
         "alecrabbit/php-console-colour": "*",
         "zf1/zend-search-lucene": "*",
         "symfony/http-foundation": "^5.4",
-        "php-di/php-di": "^6.4",
+        "php-di/php-di": "^7",
         "hfig/mapi": "*",
         "slim/psr7": "^1.7",
         "chillerlan/php-qrcode": "^5.0",
@@ -56,12 +56,12 @@
     },
     "require-dev": {
         "composer/composer": "dev-main",
-        "behat/mink": "1.8.1",
-        "behat/mink-selenium2-driver": "1.4.0",
-        "dmore/chrome-mink-driver": "2.8.0",
-        "friendsofphp/php-cs-fixer": "3.87.2",
+        "behat/mink": "^1",
+        "behat/mink-selenium2-driver": "^1",
+        "dmore/chrome-mink-driver": "^2",
+        "friendsofphp/php-cs-fixer": "^3",
         "phpunit/phpunit": "9.5.9",
-        "squizlabs/php_codesniffer": "3.6.0",
+        "squizlabs/php_codesniffer": "^4",
         "phpstan/phpstan": "^2.1",
         "pear/archive_tar": "*"
     },
@@ -102,6 +102,9 @@
             }
         }
     ],
+    "scripts": {
+        "phpcs": "phpcs -s"
+    },
     "extra": {
         "merge-plugin": {
             "include": [
diff --git a/doc/README.Install.md b/doc/README.Install.md
index 284f29571..7ba04f53c 100644
--- a/doc/README.Install.md
+++ b/doc/README.Install.md
@@ -241,6 +241,8 @@ in your current installation with new versions from the quickstart archive.
 3. copy the directory `pear` from the unpacked archive into your current
    installation, replacing the existing directory. Make a backup of `pear` before
    the replacement if you want to ensure to be able to go back to your old version.
+	 Since version 5.1.42 and 6.0.35 of SeeDMS the directory `pear` was replaced
+	 by `vendor`, which was previously a ѕubdirectory of `pear`.
 4. you may compare your `conf/settings.xml` file with the shipped version
    `conf/settings.xml.template` for new parameters. If you don't do it, the next
    time you save the configuration the default values will be used.
diff --git a/inc/inc.Utils.php b/inc/inc.Utils.php
index 2bd0af216..19ae0adeb 100644
--- a/inc/inc.Utils.php
+++ b/inc/inc.Utils.php
@@ -1318,6 +1318,20 @@ class SeedDMS_Utils { /* {{{ */
 		}
 	} /* }}} */
 
+	/**
+	 * Create a random string
+	 *
+	 * @param integer $n number of chars
+	 * @param string $alph alphabet used as source for chars
+	 * @return string random string
+	 */
+	static public function makeRandomString($n, $alph = "0123456789abcdefghijklmnopqrstuvwxyz") { /* {{{ */
+		$s = "";
+		for ($i = 0; $i != $n; ++$i)
+			$s .= $alph[mt_rand(0, 35)];
+		return $s;
+	} /* }}} */
+
 } /* }}} */
 
 /**
diff --git a/restapi/index.php b/restapi/index.php
index 832d2d8e3..514249486 100644
--- a/restapi/index.php
+++ b/restapi/index.php
@@ -646,7 +646,7 @@ final class SeedDMS_RestapiController { /* {{{ */
         }
         $mfolder = $dms->getFolder($args['id']);
         if($mfolder) {
-            if ($mfolder->getAccessMode($userobj, 'removeFolder') >= M_READWRITE) {
+            if ($mfolder->getAccessMode($userobj, 'removeFolder') > M_READWRITE) {
                 if($mfolder->remove()) {
                     return $this->renderer->json($response, array('success'=>true, 'message'=>'', 'data'=>''))->withStatus(200);
                 } else {
@@ -1224,7 +1224,7 @@ final class SeedDMS_RestapiController { /* {{{ */
 
         $document = $dms->getDocument($args['id']);
         if($document) {
-            if ($document->getAccessMode($userobj, 'deleteDocument') >= M_READWRITE) {
+            if ($document->getAccessMode($userobj, 'deleteDocument') > M_READWRITE) {
                 if($document->remove()) {
                     return $this->renderer->json($response, array('success'=>true, 'message'=>'', 'data'=>''))->withStatus(200);
                 } else {
diff --git a/views/bootstrap/class.Bootstrap.php b/views/bootstrap/class.Bootstrap.php
index 536f4b9b0..c81892672 100644
--- a/views/bootstrap/class.Bootstrap.php
+++ b/views/bootstrap/class.Bootstrap.php
@@ -3669,7 +3669,7 @@ $('body').on('click', '[id^=\"table-row-folder\"] td:nth-child(2)', function(ev)
 		$hookObjs = $this->getHookObjects();
 		foreach($hookObjs as $hookObj) {
 			if (method_exists($hookObj, 'folderRowAction')) {
-	      $actions = $hookObj->folderRowAction($this, $folder, $actions);
+	      $actions = $hookObj->folderRowAction($this, $subFolder, $actions);
 			}
 		}
 
diff --git a/views/bootstrap/class.ViewDocument.php b/views/bootstrap/class.ViewDocument.php
index ee7d59666..df832b818 100644
--- a/views/bootstrap/class.ViewDocument.php
+++ b/views/bootstrap/class.ViewDocument.php
@@ -626,6 +626,7 @@ $(document).ready( function() {
 					break;
 				case 'video/webm':
 				case 'video/mp4':
+				case 'video/mpeg':
 				case 'video/avi':
 				case 'video/msvideo':
 				case 'video/x-msvideo':
diff --git a/views/bootstrap4/class.Bootstrap4.php b/views/bootstrap4/class.Bootstrap4.php
index b398a277e..bc793c811 100644
--- a/views/bootstrap4/class.Bootstrap4.php
+++ b/views/bootstrap4/class.Bootstrap4.php
@@ -3695,7 +3695,7 @@ $('body').on('click', '[id^=\"table-row-folder\"] td:nth-child(2)', function(ev)
 		$hookObjs = $this->getHookObjects();
 		foreach($hookObjs as $hookObj) {
 			if (method_exists($hookObj, 'folderRowAction')) {
-	      $actions = $hookObj->folderRowAction($this, $folder, $actions);
+	      $actions = $hookObj->folderRowAction($this, $subFolder, $actions);
 			}
 		}
 
diff --git a/views/bootstrap4/styles/application.js b/views/bootstrap4/styles/application.js
index 408254a8c..39d229062 100644
--- a/views/bootstrap4/styles/application.js
+++ b/views/bootstrap4/styles/application.js
@@ -1718,7 +1718,7 @@ $(document).ready(function() { /* {{{ */
 
 $(document).ready(function() { /* {{{ */
 	$('body').on('click.modal.data-api', '[data-toggle="modal"]', function(){
-		if($(this).attr("href"))
+		if($(this).attr('href'))
 			$($(this).data("target")+' .modal-body').load($(this).attr('href'));
 	});
 }); /* }}} */
diff --git a/www/index.php b/www/index.php
index 9c0106cbe..23f2951da 100644
--- a/www/index.php
+++ b/www/index.php
@@ -34,7 +34,7 @@ require "inc/inc.Settings.php";
 use DI\ContainerBuilder;
 use Slim\Factory\AppFactory;
 
-if(true) {
+if (true) {
 	require_once("inc/inc.Utils.php");
 	require_once("inc/inc.LogInit.php");
 	require_once("inc/inc.Language.php");
@@ -60,18 +60,18 @@ if(true) {
 	$container->set('notifier', $notifier);
 	$container->set('authenticator', $authenticator);
 
-	if(isset($GLOBALS['SEEDDMS_HOOKS']['initDMS'])) {
-			foreach($GLOBALS['SEEDDMS_HOOKS']['initDMS'] as $hookObj) {
-					if (method_exists($hookObj, 'addMiddleware')) {
-							$hookObj->addMiddleware($app);
-					}
+	if (isset($GLOBALS['SEEDDMS_HOOKS']['initDMS'])) {
+		foreach ($GLOBALS['SEEDDMS_HOOKS']['initDMS'] as $hookObj) {
+			if (method_exists($hookObj, 'addMiddleware')) {
+				$hookObj->addMiddleware($app);
 			}
+		}
 	}
 
 	$app->addErrorMiddleware(false, true, true);
 
-	if(isset($GLOBALS['SEEDDMS_HOOKS']['initDMS'])) {
-		foreach($GLOBALS['SEEDDMS_HOOKS']['initDMS'] as $hookObj) {
+	if (isset($GLOBALS['SEEDDMS_HOOKS']['initDMS'])) {
+		foreach ($GLOBALS['SEEDDMS_HOOKS']['initDMS'] as $hookObj) {
 			if (method_exists($hookObj, 'addRoute')) {
 				// FIXME: pass $app only just like initRestAPI. $app has a container
 				// which contains all other objects
@@ -81,16 +81,14 @@ if(true) {
 	}
 
 	/* Catch all route */
-	$app->get('/{path:.*}', function($request, $response) use ($settings) {
+	$app->get('/{path:.*}', function ($request, $response) use ($settings) {
 		return $response
 			->withHeader('Location', $settings->_httpRoot.'out/out.ViewFolder.php')
 			->withStatus(302);
-
 	});
 
 	$app->run();
 } else {
-
 	header("Location: ". (isset($settings->_siteDefaultPage) && strlen($settings->_siteDefaultPage)>0 ? $settings->_siteDefaultPage : "out/out.ViewFolder.php"));
 ?>
 <html>