Index: trunk/admin/editor/cmseditor/editor/filemanager/browser/default/connectors/php/commands.php
===================================================================
diff -u -N -r4961 -r4966
--- trunk/admin/editor/cmseditor/editor/filemanager/browser/default/connectors/php/commands.php	(.../commands.php)	(revision 4961)
+++ trunk/admin/editor/cmseditor/editor/filemanager/browser/default/connectors/php/commands.php	(.../commands.php)	(revision 4966)
@@ -45,29 +45,31 @@
 	// Close the "Folders" node.
 	echo "</Folders>" ;
 }
-/*
-function GetCmsTree()
-{
 
-	$conn = GetADODbConnection();
-	$query="SELECT st.* , wb.eng_content AS page_title
-			FROM structure_templates st
-			LEFT JOIN working_blocks AS wb
-			ON (st.st_id = wb.template_id) AND (wb.block_type = 3) WHERE st_id != '5' AND st_path != '/cms' GROUP BY st_id ORDER BY st_lastupdate desc";
-	$rs = $conn->Execute($query);
-	if ($rs && !$rs->EOF)
-	{
-		$ret = "<CmsPages>";
-		while($rs && !$rs->EOF) {
-			$ret.= '<CmsPage path="'.BASE_PATH.'/index.php?t='.$rs->fields['st_path'].'" title="'.$rs->fields['page_title'].'" />';
-			//echo $rs->fields['page_title']."<br>";
-			$rs->MoveNext();
+function ValidateSID()
+{
+	if (isset($Config['K4Mode']))
+		return true;
+	else {
+		$conn = GetADODbConnection();
+		$session_time = GetConfigValue('ses_timeout')+0;
+		$sid = $_COOKIE['admin_sid'];
+		$sql = "SELECT count( sd.sid )
+						FROM session_data AS sd
+						LEFT JOIN sessions AS s ON s.sid = sd.sid
+						WHERE sd.`name` = 'admin_mode'
+						AND sd.`value` = '1'
+						AND sd.sid = '".$sid."'
+						AND s.expire + '".$session_time."' > unix_timestamp()";
+		if ($conn->GetOne($sql) > 0) {
+			return true; 
+		} else {
+			echo "SESSION Validation FALSE";
 		}
-		$ret.= '</CmsPages>';
-		echo $ret;
 	}
-}
-*/
+	return false;
+}	
+
 function GetCmsTree()
 {
 	global $Config;
@@ -509,36 +511,38 @@
 		DeleteConfirmedFiles($resourceType, $currentFolder, $aFiles);
 		echo '<Error number="100" originalDescription="" />' ;
 	}
-	foreach ($aFiles AS $k=>$v) {
-		$add_sql = '';
-		if ($v == '')
-			continue;
-		$deleted_file = $Config['UserFilesPathNoBase'].$resourceType.$currentFolder.addslashes($v);
-		for($i=0; $i<count($aLangs); $i++)
-			$add_sql.= " lb1.".$aLangs[$i]."_content LIKE '%".$deleted_file."%' OR"; 
-
-		if (strlen($add_sql) > 0) { 
-			$add_sql = rtrim($add_sql," OR");
-			$sql = "SELECT lb1.template_id, lb2.".$def_lang_prefix."_content FROM live_blocks AS lb1
-							LEFT JOIN live_blocks AS lb2 ON lb2.template_id = lb1.template_id AND lb2.block_num = 20
-							WHERE".$add_sql;
-				$rs = $conn->Execute($sql);
-				while ($rs && !$rs->EOF) {
-					$used = 1;
-					$page = $rs->fields[$def_lang_prefix.'_content'];
-					$page = @html_entity_decode($page,ENT_NOQUOTES,'UTF-8');
-					$page = @htmlspecialchars($page);
-					$ret_xml.= '<Error number="' . $sErrorNumber . '" originalDescription="' . ConvertToXmlAttribute("File '".$v."'; Template: '".$page."'") . '" />' ;
-					$rs->MoveNext();	
-				}
+	if (!$confirm) {
+		foreach ($aFiles AS $k=>$v) {
+			$add_sql = '';
+			if ($v == '')
+				continue;
+			$deleted_file = $Config['UserFilesPathNoBase'].$resourceType.$currentFolder.addslashes($v);
+			for($i=0; $i<count($aLangs); $i++)
+				$add_sql.= " lb1.".$aLangs[$i]."_content LIKE '%".$deleted_file."%' OR"; 
+	
+			if (strlen($add_sql) > 0) { 
+				$add_sql = rtrim($add_sql," OR");
+				$sql = "SELECT lb1.template_id, lb2.".$def_lang_prefix."_content FROM live_blocks AS lb1
+								LEFT JOIN live_blocks AS lb2 ON lb2.template_id = lb1.template_id AND lb2.block_num = 20
+								WHERE".$add_sql;
+					$rs = $conn->Execute($sql);
+					while ($rs && !$rs->EOF) {
+						$used = 1;
+						$page = $rs->fields[$def_lang_prefix.'_content'];
+						$page = @html_entity_decode($page,ENT_NOQUOTES,'UTF-8');
+						$page = @htmlspecialchars($page);
+						$ret_xml.= '<Error number="' . $sErrorNumber . '" originalDescription="' . ConvertToXmlAttribute("File '".$v."'; Template: '".$page."'") . '" />' ;
+						$rs->MoveNext();	
+					}
+			}
 		}
+		if ($ret_xml && !$confirm)
+			echo $ret_xml;
+		if (!$ret_xml && !$confirm) {
+			DeleteConfirmedFiles($resourceType, $currentFolder, $aFiles);
+			echo '<Error number="100" originalDescription="" />' ;
+		}
 	}
-	if ($ret_xml && !$confirm)
-		echo $ret_xml;
-	if (!$ret_xml && !$confirm) {
-		DeleteConfirmedFiles($resourceType, $currentFolder, $aFiles);
-		echo '<Error number="100" originalDescription="" />' ;
-	}
 }
 
 ?>
Index: trunk/admin/editor/cmseditor/editor/filemanager/browser/default/connectors/php/connector.php
===================================================================
diff -u -N -r4961 -r4966
--- trunk/admin/editor/cmseditor/editor/filemanager/browser/default/connectors/php/connector.php	(.../connector.php)	(revision 4961)
+++ trunk/admin/editor/cmseditor/editor/filemanager/browser/default/connectors/php/connector.php	(.../connector.php)	(revision 4966)
@@ -42,7 +42,10 @@
 	}
 }
 //exit;
-DoResponse() ;
+if (ValidateSID())
+	DoResponse() ;
+
+	
 function DoResponse()
 {
 	if ($_GET['Command'] != 'GetCmsTree') {