From dd79258999a90872061cb01db59a5e52aeb4c2db Mon Sep 17 00:00:00 2001
From: Prasath Mani <prasathmani@users.noreply.github.com>
Date: Thu, 13 Nov 2025 13:28:40 +0530
Subject: [PATCH] Advanced Search not working for read-only users #1325

---
 tinyfilemanager.php | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/tinyfilemanager.php b/tinyfilemanager.php
index 87fd373..642f073 100644
--- a/tinyfilemanager.php
+++ b/tinyfilemanager.php
@@ -459,7 +459,7 @@ unset($p, $use_auth, $iconv_input_encoding, $use_highlightjs, $highlightjs_style
 /*************************** ACTIONS ***************************/
 
 // Handle all AJAX Request
-if ((isset($_SESSION[FM_SESSION_ID]['logged'], $auth_users[$_SESSION[FM_SESSION_ID]['logged']]) || !FM_USE_AUTH) && isset($_POST['ajax'], $_POST['token']) && !FM_READONLY) {
+if ((isset($_SESSION[FM_SESSION_ID]['logged'], $auth_users[$_SESSION[FM_SESSION_ID]['logged']]) || !FM_USE_AUTH) && isset($_POST['ajax'], $_POST['token'])) {
     if (!verifyToken($_POST['token'])) {
         header('HTTP/1.0 401 Unauthorized');
         die("Invalid Token.");
@@ -473,6 +473,10 @@ if ((isset($_SESSION[FM_SESSION_ID]['logged'], $auth_users[$_SESSION[FM_SESSION_
         exit();
     }
 
+    if(FM_READONLY){
+        exit();
+    }
+
     // save editor file
     if (isset($_POST['type']) && $_POST['type'] == "save") {
         // get current path