diff --git a/core/core.php b/core/core.php
index 9f2bdd68..32f8ad8f 100644
--- a/core/core.php
+++ b/core/core.php
@@ -2762,7 +2762,7 @@ class layout extends common {
$rightItems = '';
// if($this->getUser('group') >= self::GROUP_MODERATOR) {
if($this->getUser('group') >= self::GROUP_EDITOR) {
- $rightItems .= '
' . template::ico('folder') . '';
+ $rightItems .= '' . template::ico('folder') . '';
}
if($this->getUser('group') >= self::GROUP_ADMIN) {
$rightItems .= '' . template::ico('users') . '';
diff --git a/core/vendor/filemanager/config/config.php b/core/vendor/filemanager/config/config.php
index c17db810..22afda6d 100644
--- a/core/vendor/filemanager/config/config.php
+++ b/core/vendor/filemanager/config/config.php
@@ -13,14 +13,11 @@ ob_start('mb_output_handler');
date_default_timezone_set('Europe/Paris');
setlocale(LC_CTYPE, 'fr_FR'); //correct transliteration
-// Validation des actions (delete, rename) par lecture du groupe de l'utilisateur via cookie et user.json
-if( is_file('../../../site/data/user.json')){
- $json = file_get_contents('../../../site/data/user.json');
- $user = json_decode($json, true);
- $val = $user['user'][$_COOKIE["ZWII_USER_ID"]]['group'] >= 3 ? true : false;
-}
-else{
- $val = false;
+// Validation des actions (delete, rename) par lecture du groupe de l'utilisateur transmis par l'URL
+$access = false;
+if ( password_verify('4',$_GET['ext'])
+ OR password_verify('3',$_GET['ext']) ) {
+ $access = true;
}
@@ -347,18 +344,18 @@ $config = array(
//*************************
//Permissions configuration
//******************
- 'delete_files' => $val,
+ 'delete_files' => $access,
'create_folders' => true,
- 'delete_folders' => $val,
+ 'delete_folders' => $access,
'upload_files' => true,
- 'rename_files' => $val,
- 'rename_folders' => $val,
+ 'rename_files' => $access,
+ 'rename_folders' => $access,
'duplicate_files' => true,
'extract_files' => true,
- 'copy_cut_files' => $val, // for copy/cut files
- 'copy_cut_dirs' => $val, // for copy/cut directories
- 'chmod_files' => $val, // change file permissions
- 'chmod_dirs' => $val, // change folder permissions
+ 'copy_cut_files' => $access, // for copy/cut files
+ 'copy_cut_dirs' => $access, // for copy/cut directories
+ 'chmod_files' => $access, // change file permissions
+ 'chmod_dirs' => $access, // change folder permissions
'preview_text_files' => true, // eg.: txt, log etc.
'edit_text_files' => true, // eg.: txt, log etc.
'create_text_files' => true, // only create files with exts. defined in $config['editable_text_file_exts']