From 01711696cb16bf4351206ac730890f0f3d7ffa59 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Juan=20Carlos=20Ra=C3=B1a?= <juancarlos@innovasoc.com>
Date: Thu, 26 Aug 2010 16:41:12 +0200
Subject: [PATCH] anonymous users can not copy files to upload personal area

---
 main/document/document.inc.php | 2 +-
 main/document/document.php     | 3 +--
 2 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/main/document/document.inc.php b/main/document/document.inc.php
index 81d422e854..a1b0a00d0f 100755
--- a/main/document/document.inc.php
+++ b/main/document/document.inc.php
@@ -175,7 +175,7 @@ function create_document_link($www, $title, $path, $filetype, $size, $visibility
 		}
 		
 		//copy files to users myfiles
-		if(api_get_setting('users_copy_files') == 'true'){
+		if(api_get_setting('users_copy_files') == 'true' && api_get_user_id() != 0){
 			$copy_myfiles_link = ($filetype == 'file') ? api_get_self().'?'.api_get_cidreq().'&curdirpath='.$_GET['curdirpath'].'&amp;action=copytomyfiles&amp;id='.$url_path.$req_gid :api_get_self().'?'.api_get_cidreq();
 			
 			if($filetype == 'file')
diff --git a/main/document/document.php b/main/document/document.php
index 0a03283ff1..d166fcb5c6 100755
--- a/main/document/document.php
+++ b/main/document/document.php
@@ -382,9 +382,8 @@ if (!empty($_SESSION['_gid'])) {
 	Display::display_introduction_section(TOOL_DOCUMENT);
 }
 
-
 // Copy a file to general my files user's
-if (isset($_GET['action']) && $_GET['action'] == 'copytomyfiles' && api_get_setting('users_copy_files') == 'true') {	
+if (isset($_GET['action']) && $_GET['action'] == 'copytomyfiles' && api_get_setting('users_copy_files') == 'true' && api_get_user_id() != 0) {	
 	
 	$clean_get_id = Security::remove_XSS($_GET['id']);
 	$user_folder  = api_get_path(SYS_CODE_PATH).'upload/users/'.api_get_user_id().'/my_files/';