diff --git a/CHANGELOG.txt b/CHANGELOG.txt
index ce88513..2a9e36c 100644
--- a/CHANGELOG.txt
+++ b/CHANGELOG.txt
@@ -1,3 +1,15 @@
+jstool 7.x-1.6, 2012-08-10
+---------------------------------
+89c503b - drupwash, Redirect page after successfull submission
+
+jstool 7.x-1.5, 2012-08-10
+---------------------------------
+073a41c - drupwash, Added access callback to check additional permission
+
+jstool 7.x-1.4, 2012-08-08
+---------------------------------
+bd623e2 - drupwash, Resolved anonymous security risk
+
 jstool 7.x-1.3, 2012-08-07
 ---------------------------------
 91b4e2e - drupwash, Added Js Listing by category
diff --git a/jstool.install b/jstool.install
index ed1778f..d9482ef 100644
--- a/jstool.install
+++ b/jstool.install
@@ -1,7 +1,7 @@
 <?php
 /**
- * Clear menu cache rebuild it in time of update
+ * Clear old menu cache rebuild it in time of update
  */
 function jstool_update_7100() {
 	menu_rebuild();
-}
\ No newline at end of file
+}
diff --git a/jstool.module b/jstool.module
index 455f159..dd4f04f 100644
--- a/jstool.module
+++ b/jstool.module
@@ -32,8 +32,9 @@ function jstool_menu() {
     'title' => 'Jstool',
     'description' => 'It will help to list any javascript withi admin panel.',
     'page callback' => '_jstool_js',
-    'access arguments' => array('administer jstool'),
-    'type' => MENU_NORMAL_ITEM
+    'access callback' => '_jstool_jsfile_access_callback',
+    'access arguments' => array('administer jstool list'),
+    'type' => MENU_NORMAL_ITEM,
   );
   
   $items['admin/config/system/jstool/edit'] = array(
@@ -41,21 +42,44 @@ function jstool_menu() {
     'description' => 'It will help to edit any javascript withi admin panel.',
     'page callback' => 'drupal_get_form',
     'page arguments' => array('jstool_jsform'),
-    'access arguments' => array('administer jstool'),
-    'type' => MENU_LOCAL_TASK
+    'access callback' => '_jstool_jsfile_access_callback',
+    'access arguments' => array('administer jstool edit'),
+    'type' => MENU_CALLBACK,
   );
   return $items;
 }
 
 /**
- * Implements page callback arguments
+ * Implements access callback
  */
-function jstool_jsform() {
-	if (!file_exists(@$_GET['file'])) {
-		drupal_set_message(t('You are trying to open an invalid js file'), 'error');
-		drupal_goto('admin/config/system/jstool');
+function _jstool_jsfile_access_callback($access) {
+	if (user_access($access)) {
+		$target_folders = file_scan_directory(DRUPAL_ROOT, "/(\.\.?|module)$/");
+		foreach ($target_folders as $target_file) {
+			$path = dirname($target_file->uri);
+			$files = file_scan_directory($path, "/(\.\.?|js)$/");
+			foreach ($files as $file) {
+				$jstool_file[] = $file->uri;
+			}
+		}
+		if ($access == 'administer jstool edit'){
+			if (in_array(@$_GET['file'], $jstool_file)) {
+				return TRUE;
+			}
+			else {
+				return FALSE;
+			}
+		}
+		else {
+			return TRUE;
+		}
 	}
-	$mylibaries = array();
+}
+
+/**
+ * Implements form api
+ */
+function jstool_jsform() {
 	$libraries = drupal_get_library('jstool','codemirror');
 	$mylibaries = array_merge(array_keys($libraries['js']), array_keys($libraries['css']));
 	foreach ($mylibaries as $file) {
@@ -72,29 +96,35 @@ function jstool_jsform() {
 	drupal_add_js(drupal_get_path('module', 'jstool') . '/js/jquery.jstool.js');
 	drupal_add_js(drupal_get_path('module', 'jstool') . '/js/editor.js');
 	drupal_add_css(drupal_get_path('module', 'jstool') . '/css/jstool.css');
-	$fp = fopen(@$_GET['file'], 'r');
+	$perm = substr(sprintf('%o', fileperms($_GET['file'])), -4);
+	$fp = fopen($_GET['file'], 'r');
 	$data = fread($fp, filesize($_GET['file']));
 	$form['jstool_textarea_js'] = array(
 		'#title' => $_GET['file'],
-		'#description' => t('Before changing anything be sure what you want to do else it will may break your site. It will better if you make a copy of js file before saving your content.'),
 		'#type' => 'text_format',
 		'#default_value' => $data,
 		'#value' => $data,
 		'#format' => 'full_html',
 		'#resizable' => false
 	);
-	$form['submit'] = array(
-		'#type' => 'submit',
-		'#value' => t('Save'),
-		'#prefix' => '<p>'
-	);
+	if ($perm == '0777') {
+		$form['jstool_textarea_js']['#description'] = t('Before changing anything be sure what you want to do else it will may break your site. It will better if you make a copy of js file before saving your content.');
+		$form['submit'] = array(
+			'#type' => 'submit',
+			'#value' => t('Save'),
+			'#prefix' => '<p>'
+		);
+	}
+	else {
+		drupal_set_message(t('File could not be saved because file does not have write permission.'), 'warning');
+	}
 	fclose($fp);
 	return $form;
 }
- /**
+
+/**
  * Implements menu hook_submit()
  */
- 
 function jstool_jsform_submit($form, &$form_state) {
 	$fp = fopen($_GET['file'], 'w+');
 	fwrite($fp, $form_state['input']['jstool_textarea_js']['value']);
@@ -104,22 +134,7 @@ function jstool_jsform_submit($form, &$form_state) {
 }
 
 /**
- * Implements form api
- */
-function jstool_content_myform() {
-	$form['jstool_list_field_group'] = array(
-		'#type' => 'fieldset',
-		'#title' => t('Welcome (new user created by administrator)'),
-		'#collapsible' => TRUE,
-		'#collapsed' => (variable_get('user_register', 1) != 0),
-		'#description' => t('Edit the welcome e-mail messages sent to new member accounts created by an administrator.'),
-		'#group' => 'email'
-	);
-	return $form;
-}
-
-/**
- * Implements form api
+ * Implements form api to show js file listing
  */
 function jstool_content_fieldgroup() {
   $modules = file_scan_directory(DRUPAL_ROOT, '/(\.\.?|module)$/');
@@ -130,19 +145,15 @@ function jstool_content_fieldgroup() {
 			'rows' => array(),
 			'attributes' => array('width' => '100%', 'id' => 'jstool_table'),
 		);
-		$path = str_replace('/' . $module->filename, '', $module->uri);
+		$path = dirname($module->uri);
 		$files = file_scan_directory($path, '/(\.\.?|js)$/');
 		foreach ($files as $js) {
-			$perm = substr(sprintf('%o', fileperms($js->uri)), -4);
 			$row = array();
 			$row[] = $i;
 			$row[] = $js->name;
 			$row[] = $js->filename;
 			$row[] = $js->uri;
-			if ($perm == '0777')
 			$row[] = l(t('Edit'),'admin/config/system/jstool/edit', array('query' => array('file' => $js->uri)));
-			else
-			$row[] = '<span style="color: red;">' . t('File not writable') . '</span>';
 			$table['rows'][] = $row;
 			$form[$module->filename] = array(
 				'#type' => 'fieldset',
@@ -156,7 +167,8 @@ function jstool_content_fieldgroup() {
 		}
 	}
 	return $form;
-} 
+}
+
 /**
  * Implements menu callback
  */
@@ -198,9 +210,15 @@ function jstool_library() {
  */
 function jstool_permission() {
 	return array(
-    'administer jstool' => array(
-      'title' => t('Administer jstool'), 
-      'description' => t('Perform administration tasks for jstool.'),
+    'administer jstool list' => array(
+      'title' => t('Administer jstool list'), 
+      'description' => t('Perform administration tasks for jstool listing.'),
+      'restrict access' => TRUE,
+    ),
+    'administer jstool edit' => array(
+      'title' => t('Administer jstool edit'), 
+      'description' => t('Perform administration tasks for jstool jsfile editing.'),
+      'restrict access' => TRUE,
     ),
   );
 }