gnh1201/seeddms-code
1
0
Fork 0
mirror of https://git.code.sf.net/p/seeddms/code synced 2025-02-06 15:14:58 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

'movefolder' requires a formtoken

Browse Source
This commit is contained in:
Uwe Steinmann 2014-06-04 19:17:08 +02:00
parent c09e650c89
commit e0a49734f0
1 changed files with 20 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
op/op.Ajax.php
View File

@ -182,33 +182,38 @@ switch($command) {
case 'movefolder': /* {{{ */
if($user) {
$mfolder = $dms->getFolder($_REQUEST['folderid']);
if($mfolder) {
if ($mfolder->getAccessMode($user) >= M_READ) {
if($folder = $dms->getFolder($_REQUEST['targetfolderid'])) {
if($folder->getAccessMode($user) >= M_READWRITE) {
if($mfolder->setParent($folder)) {
header('Content-Type', 'application/json');
echo json_encode(array('success'=>true, 'message'=>'Folder moved', 'data'=>''));
if(!checkFormKey('movefolder', 'GET')) {
header('Content-Type', 'application/json');
echo json_encode(array('success'=>false, 'message'=>getMLText('invalid_request_token'), 'data'=>''));
} else {
$mfolder = $dms->getFolder($_REQUEST['folderid']);
if($mfolder) {
if ($mfolder->getAccessMode($user) >= M_READ) {
if($folder = $dms->getFolder($_REQUEST['targetfolderid'])) {
if($folder->getAccessMode($user) >= M_READWRITE) {
if($mfolder->setParent($folder)) {
header('Content-Type', 'application/json');
echo json_encode(array('success'=>true, 'message'=>'Folder moved', 'data'=>''));
} else {
header('Content-Type', 'application/json');
echo json_encode(array('success'=>false, 'message'=>'Error moving folder', 'data'=>''));
}
} else {
header('Content-Type', 'application/json');
echo json_encode(array('success'=>false, 'message'=>'Error moving folder', 'data'=>''));
echo json_encode(array('success'=>false, 'message'=>'No access on destination folder', 'data'=>''));
}
} else {
header('Content-Type', 'application/json');
echo json_encode(array('success'=>false, 'message'=>'No access on destination folder', 'data'=>''));
echo json_encode(array('success'=>false, 'message'=>'No destination folder', 'data'=>''));
}
} else {
header('Content-Type', 'application/json');
echo json_encode(array('success'=>false, 'message'=>'No destination folder', 'data'=>''));
echo json_encode(array('success'=>false, 'message'=>'No access', 'data'=>''));
}
} else {
header('Content-Type', 'application/json');
echo json_encode(array('success'=>false, 'message'=>'No access', 'data'=>''));
echo json_encode(array('success'=>false, 'message'=>'No folder', 'data'=>''));
}
} else {
header('Content-Type', 'application/json');
echo json_encode(array('success'=>false, 'message'=>'No folder', 'data'=>''));
}
}
break; /* }}} */