From 8cba3c764a9e8f870f3b61bf3cce0f0bd4ce1f82 Mon Sep 17 00:00:00 2001
From: dmitrykurmanov <kurmanov.work@gmail.com>
Date: Mon, 30 Dec 2024 11:30:05 +0400
Subject: [PATCH] work for the
 https://github.com/surveyjs/private-tasks/issues/418

---
 src/trunk/ajax_handlers/delete_file.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/trunk/ajax_handlers/delete_file.php b/src/trunk/ajax_handlers/delete_file.php
index 37a3bf4..9bc8eea 100644
--- a/src/trunk/ajax_handlers/delete_file.php
+++ b/src/trunk/ajax_handlers/delete_file.php
@@ -15,7 +15,7 @@ function callback() {
         if($_SERVER['REQUEST_METHOD'] === 'GET') {
             $filename = $_GET["name"];
 
-            if (str_contains($filename, "/uploads/surveyjs")) {
+            if (str_contains($filename, "/uploads/surveyjs") && current_user_can( 'administrator' ) ) {
                 $uploadpath = substr($filename, strpos($filename, "/surveyjs"));
                 $upload_dir=wp_upload_dir();
                 $fullname = $upload_dir['basedir'] . $uploadpath;