Merge commit '1ebbf8bfc16f4' into 4.5-missing-prs

[civicrm-core.git] / CRM / Contact / Page / AJAX.php

diff --git a/CRM/Contact/Page/AJAX.php b/CRM/Contact/Page/AJAX.php
index 242eb75c83902708c841284a853153466b2c1688..a1b4f10eb0537adc988554bb3a5b1801f4c92623 100644 (file)
--- a/CRM/Contact/Page/AJAX.php
+++ b/CRM/Contact/Page/AJAX.php
@@ -199,7 +199,7 @@ class CRM_Contact_Page_AJAX {
    * Function to fetch PCP ID by PCP Supporter sort_name, also displays PCP title and associated Contribution Page title
    */
   static function getPCPList() {
-    $name  = CRM_Utils_Array::value('s', $_GET);
+    $name  = CRM_Utils_Array::value('term', $_GET);
     $name  = CRM_Utils_Type::escape($name, 'String');
     $limit = '10';
 
@@ -1071,6 +1071,10 @@ LIMIT {$offset}, {$rowCount}
     $contactID = CRM_Utils_Type::escape($_GET['cid'], 'Integer');
     $context = CRM_Utils_Type::escape($_GET['context'], 'String');
 
+    if (!CRM_Contact_BAO_Contact_Permission::allow($contactID)) {
+      return CRM_Utils_System::permissionDenied();
+    }
+
     $sortMapper = array(
       0 => 'relation',
       1 => 'sort_name',