Index: trunk/admin/editor/cmseditor/editor/filemanager/browser/default/connectors/php/commands.php
===================================================================
diff -u -N -r7821 -r7855
--- trunk/admin/editor/cmseditor/editor/filemanager/browser/default/connectors/php/commands.php	(.../commands.php)	(revision 7821)
+++ trunk/admin/editor/cmseditor/editor/filemanager/browser/default/connectors/php/commands.php	(.../commands.php)	(revision 7855)
@@ -46,16 +46,11 @@
 	echo "</Folders>" ;
 }
 
-function ValidateSID()
+function ValidateAdminSid()
 {
-	global $Config;
-	if (isset($Config['K4Mode'])) {
-		return true;
-	}
-	else {
 		$conn = GetADODbConnection();
 		$session_time = GetConfigValue('ses_timeout')+0;
-		$sid = $_COOKIE['admin_sid'];
+			$sid = ($_COOKIE['admin_sid'])?$_COOKIE['admin_sid']:$_COOKIE['sid'];
 		$sql = "SELECT count( sd.sid )
 						FROM session_data AS sd
 						LEFT JOIN sessions AS s ON s.sid = sd.sid
@@ -65,9 +60,32 @@
 						AND s.expire + '".$session_time."' > unix_timestamp()";
 		if ($conn->GetOne($sql) > 0) {
 			return true;
-		} else {
-			echo "SESSION Validation FALSE";
+}
+function ValidateUserSid()
+{
+			$conn = GetADODbConnection();
+			$session_time = GetConfigValue('ses_timeout')+0;
+			$sid = $_COOKIE['sid'];
+			$sql = "SELECT count( sd.sid )
+							FROM sessions
+							sid = '".$sid."'
+							AND expire + '".$session_time."' > unix_timestamp()";
 		}
+		if ($conn->GetOne($sql) > 0)
+			return true;
+}
+function ValidateSID()
+{ global $Config;
+	if (isset($Config['K4Mode']))
+		return true;
+	else {
+		if ($Config['validate_type'] == 'user')
+			return ValidateUserSid();
+		elseif ($Config['validate_type'] == 'admin')
+			return ValidateAdminSid();
+		else
+			echo "SESSION Validation FALSE";
+
 	}
 	return false;
 }
@@ -94,14 +112,21 @@
 	if ($application->isModuleEnabled('Proj-CMS')) {
 		$lang = $application->GetVar('m_lang');
 
-		$query = 'SELECT CategoryId, NamedParentPath, l'.$lang.'_Title AS Title FROM '.TABLE_PREFIX.'Category ORDER By l'.$lang.'_Title';
-		$pages = $application->Conn->Query($query);
+		$st =& $application->recallObject('st.-dummy');
+		$st_options = $application->getUnitOption('st'.'.ParentId', 'Fields');
+		$pages = $st_options['options'];
+		$page_ids = array_keys($pages);
+		$tpls = $application->Conn->GetCol('SELECT NamedParentPath, CategoryId FROM '.TABLE_PREFIX.'Category WHERE CategoryId IN ('.join(',', $page_ids).')', 'CategoryId');
 
+//		$query = 'SELECT CategoryId, NamedParentPath, l'.$lang.'_Name AS Title FROM '.TABLE_PREFIX.'Category ORDER By l'.$lang.'_Title';
+//		$pages = $application->Conn->Query($query);
+
 		$res = '';
-		foreach ($pages as $page) {
-			$page_path = preg_replace('/^content\//', '', strtolower($page['NamedParentPath']).'.html');
-			$title = $page['Title'].' ('.$page_path.')';
-			$res .= '<CmsPage path="'.$page_path.'" title="'.$prefix.htmlspecialchars($title,ENT_QUOTES).'" st_id="'.$page['CategoryId'].'" serverpath="'.BASE_PATH.'/" />';
+		foreach ($pages as $id => $title) {
+			$page_path = preg_replace('/^content\//', '', strtolower($tpls[$id]).'.html');
+			$title = $title.' ('.$page_path.')';
+			$real_url = $application->HREF($tpls[$id], '', null, 'index.php');
+			$res .= '<CmsPage real_url="'.$real_url.'" path="@@'.$id.'@@" title="'.$prefix.htmlspecialchars($title,ENT_QUOTES).'" st_id="'.$id.'" serverpath="" />';
 		}
 	}
 	else {
@@ -129,7 +154,6 @@
 	if ($rs && !$rs->EOF)
 	{
 		$default_lang_prefix = $rs->fields['value'];
-		$lang_prefix = GetLangFromSid();
 	}
 	$query = "SELECT value FROM config WHERE name = 'cms_direct_mode'";
 	$rs = $conn->Execute($query);
@@ -162,11 +186,12 @@
 	if (!$system_tpl_ids)
 	    $system_tpl_ids = '0';
 	if ( $cms_mode == 1 ) {
+		//$lang_prefix = $this->Application->GetVar('lang_prefix');
 		$query = "
 			SELECT st.*,
-				IF(lb.".$lang_prefix."_content='' OR lb.".$lang_prefix."_content IS NULL,
+				IF(lb.".$default_lang_prefix."_content='' OR lb.".$default_lang_prefix."_content IS NULL,
 				st.st_path,
-				lb.".$lang_prefix."_content
+				lb.".$default_lang_prefix."_content
 				) AS page_title
 			FROM
 				structure_templates AS st
@@ -193,8 +218,7 @@
 				working_blocks AS wb
 			ON
 				(st.st_id = wb.template_id) AND (wb.block_type = 3)
-			WHERE
-					st.st_parent_id = ".$st_id."
+			WHERE		st.st_parent_id = ".$st_id."
 				AND st_id != ".$email_templates_folder_id."
 				AND st.st_id NOT IN ($system_tpl_ids)
 				AND st_path != '/cms%' " . $filter . "
@@ -254,7 +278,7 @@
 
 function GetFoldersAndFiles( $resourceType, $currentFolder, $aParams = array('name','asc'))
 {
-	global $Config;
+	global $Config ;
 	// Map the virtual path to the local server path.
 	if (isset($Config['K4Mode']))
 		$date_format = "m/d/Y h:i A";
@@ -436,7 +460,7 @@
 		{
 			$sErrorNumber = '204' ;
 		} else {
-			if ( ( count($arAllowed) == 0 || in_array( $sExtension, $arAllowed ) ) && ( count($arDenied) == 0 || !in_array( $sExtension, $arDenied ) ) )
+			if ( ( count($arAllowed) == 0 || in_array( strtolower($sExtension), $arAllowed ) ) && ( count($arDenied) == 0 || !in_array( strtoupper($sExtension), $arDenied ) ) )
 			{
 				if (rename($sServerDir.$aFilenames[0],$sServerDir.$aFilenames[1])) {
 					if (isset($Config['K4Mode'])) {
@@ -466,7 +490,7 @@
 		// Get the uploaded file name.
 		$sFileName = $oFile['name'] ;
 		$sOriginalFileName = $sFileName ;
-		$sExtension = substr( $sFileName, ( strrpos($sFileName, '.') + 1 ) ) ;
+		$sExtension = strtolower(substr( $sFileName, ( strrpos($sFileName, '.') + 1 ) ) );
 		global $Config ;
 		$arAllowed	= $Config['AllowedExtensions'][$resourceType] ;
 		$arDenied	= $Config['DeniedExtensions'][$resourceType] ;
@@ -574,7 +598,6 @@
 			echo '<Error number="100" originalDescription="" />' ;
 		}
 	}
-}
 
 
 function GetLangFromSid() {