X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;ds=sidebyside;f=CRM%2FUtils%2FWeight.php;h=47154d1f4d03fade0b25e3dbb0bbf3f4fd332397;hb=dfc8df7796ddd2a5ff4e221bf47710fb5a096da9;hp=6df6d5bddd40467b025262fdffffa1a64d95313d;hpb=8de7047a8762a15823f6bd10b94447d3d83937e2;p=civicrm-core.git

diff --git a/CRM/Utils/Weight.php b/CRM/Utils/Weight.php
index 6df6d5bddd..47154d1f4d 100644
--- a/CRM/Utils/Weight.php
+++ b/CRM/Utils/Weight.php
@@ -14,12 +14,13 @@
  */
 class CRM_Utils_Weight {
   /**
-   * @var array, list of GET fields which must be validated
+   * List of GET fields which must be validated
    *
    * To reduce the size of this patch, we only sign the exploitable fields
    * which make up "$baseURL" in addOrder() (eg 'filter' or 'dao').
    * Less-exploitable fields (eg 'dir') are left unsigned.
    * 'id','src','dst','dir'
+   * @var array
    */
   public static $SIGNABLE_FIELDS = ['reset', 'dao', 'idName', 'url', 'filter'];
 
@@ -418,13 +419,17 @@ class CRM_Utils_Weight {
     }
   }
 
+  /**
+   *
+   * @throws CRM_Core_Exception
+   */
   public static function fixOrder() {
     $signature = CRM_Utils_Request::retrieve('_sgn', 'String');
     $signer = new CRM_Utils_Signer(CRM_Core_Key::privateKey(), self::$SIGNABLE_FIELDS);
 
     // Validate $_GET values b/c subsequent code reads $_GET (via CRM_Utils_Request::retrieve)
     if (!$signer->validate($signature, $_GET)) {
-      CRM_Core_Error::fatal('Request signature is invalid');
+      throw new CRM_Core_Exception('Request signature is invalid');
     }
 
     // Note: Ensure this list matches self::$SIGNABLE_FIELDS