Fixes ajax ability to handle requests when auth disabled (#952)

prasathmani · Jan 25, 2023 · dd1ba67 · dd1ba67
1 parent 9c4d30d
commit dd1ba67
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/tinyfilemanager.php b/tinyfilemanager.php
@@ -423,7 +423,7 @@ function getClientIP() {
 /*************************** ACTIONS ***************************/
 
 // Handle all AJAX Request
-if (isset($_SESSION[FM_SESSION_ID]['logged'], $auth_users[$_SESSION[FM_SESSION_ID]['logged']]) && isset($_POST['ajax'], $_POST['token']) && !FM_READONLY) {
+if ((isset($_SESSION[FM_SESSION_ID]['logged'], $auth_users[$_SESSION[FM_SESSION_ID]['logged']]) || !FM_USE_AUTH) && isset($_POST['ajax'], $_POST['token']) && !FM_READONLY) {
     if(!verifyToken($_POST['token'])) {
         header('HTTP/1.0 401 Unauthorized');
         die("Invalid Token.");