diff options
Diffstat (limited to 'lib/file')
| -rw-r--r-- | lib/file/delete.php | 2 | ||||
| -rw-r--r-- | lib/file/delfld.php | 2 |
2 files changed, 2 insertions, 2 deletions
diff --git a/lib/file/delete.php b/lib/file/delete.php index 1a65058..296b560 100644 --- a/lib/file/delete.php +++ b/lib/file/delete.php @@ -9,7 +9,7 @@ $id = intval($args[2]); $info = mysql_fetch_assoc(sql("SELECT * FROM files WHERE id = $id")); -if ($info["owner"] == $user["id"]) { +if ($info["owner"] == $user["id"] || $user['priv'] >= $priv_admin) { token_validate("Do you really want to delete this file ?", "file"); if (has_mini($info["extension"])) unlink($savedir . $id . "-min." . $info["extension"]); unlink($savedir . $id . "." . $info["extension"]); diff --git a/lib/file/delfld.php b/lib/file/delfld.php index c1cacf0..9a2bf1f 100644 --- a/lib/file/delfld.php +++ b/lib/file/delfld.php @@ -7,7 +7,7 @@ $fld = mysql_fetch_assoc(sql( "SELECT id, name, comment, public, owner ". "FROM folders WHERE id = $fldid" )); -assert_error($fld && $fld['owner'] == $user['id'], +assert_error($fld && ($fld['owner'] == $user['id'] || $user['priv'] >= $priv_admin), "This folder does not exist, or you are not allowed to edit it."); token_validate("Do you really want to delete this folder ?", "folder-file-$fldid"); |