gnh1201/seeddms-code
1
0
Fork 0
mirror of https://git.code.sf.net/p/seeddms/code synced 2025-05-13 21:21:27 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

'movefolder' requires a formtoken

Browse Source
This commit is contained in:
Uwe Steinmann 2014-06-04 19:17:08 +02:00
parent c09e650c89
commit e0a49734f0
1 changed files with 20 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
op/op.Ajax.php
View File

@ -182,33 +182,38 @@ switch($command) {
case 'movefolder': /* {{{ */ case 'movefolder': /* {{{ */
if($user) { if($user) {
$mfolder = $dms->getFolder($_REQUEST['folderid']); if(!checkFormKey('movefolder', 'GET')) {
if($mfolder) { header('Content-Type', 'application/json');
if ($mfolder->getAccessMode($user) >= M_READ) { echo json_encode(array('success'=>false, 'message'=>getMLText('invalid_request_token'), 'data'=>''));
if($folder = $dms->getFolder($_REQUEST['targetfolderid'])) { } else {
if($folder->getAccessMode($user) >= M_READWRITE) { $mfolder = $dms->getFolder($_REQUEST['folderid']);
if($mfolder->setParent($folder)) { if($mfolder) {
header('Content-Type', 'application/json'); if ($mfolder->getAccessMode($user) >= M_READ) {
echo json_encode(array('success'=>true, 'message'=>'Folder moved', 'data'=>'')); if($folder = $dms->getFolder($_REQUEST['targetfolderid'])) {
if($folder->getAccessMode($user) >= M_READWRITE) {
if($mfolder->setParent($folder)) {
header('Content-Type', 'application/json');
echo json_encode(array('success'=>true, 'message'=>'Folder moved', 'data'=>''));
} else {
header('Content-Type', 'application/json');
echo json_encode(array('success'=>false, 'message'=>'Error moving folder', 'data'=>''));
}
} else { } else {
header('Content-Type', 'application/json'); header('Content-Type', 'application/json');
echo json_encode(array('success'=>false, 'message'=>'Error moving folder', 'data'=>'')); echo json_encode(array('success'=>false, 'message'=>'No access on destination folder', 'data'=>''));
} }
} else { } else {
header('Content-Type', 'application/json'); header('Content-Type', 'application/json');
echo json_encode(array('success'=>false, 'message'=>'No access on destination folder', 'data'=>'')); echo json_encode(array('success'=>false, 'message'=>'No destination folder', 'data'=>''));
} }
} else { } else {
header('Content-Type', 'application/json'); header('Content-Type', 'application/json');
echo json_encode(array('success'=>false, 'message'=>'No destination folder', 'data'=>'')); echo json_encode(array('success'=>false, 'message'=>'No access', 'data'=>''));
} }
} else { } else {
header('Content-Type', 'application/json'); header('Content-Type', 'application/json');
echo json_encode(array('success'=>false, 'message'=>'No access', 'data'=>'')); echo json_encode(array('success'=>false, 'message'=>'No folder', 'data'=>''));
} }
} else {
header('Content-Type', 'application/json');
echo json_encode(array('success'=>false, 'message'=>'No folder', 'data'=>''));
} }
} }
break; /* }}} */ break; /* }}} */