projects / civicrm-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: c7d4e44) | patch
security/core#73 - Fix Contact.getquick API key exposure
authorPatrick Figel <pfigel@greenpeace.org>
Tue, 18 Feb 2020 20:54:05 +0000 (21:54 +0100)
committerSeamus Lee <seamuslee001@gmail.com>
Thu, 16 Apr 2020 01:03:21 +0000 (11:03 +1000)
commitd2cad5f0ae0da394942a80fd874f4a712d1d6e9e
tree161630e34bf5b6db002ae9858a62c4a2dfeed7a1tree | snapshot (zip tar.gz)
parentc7d4e44e2b4fa253412aca3a9e14d3e53118a8afcommit | diff
security/core#73 - Fix Contact.getquick API key exposure

This fixes an issue where API keys can be exposed via the field_name
parameter of the Contact.getquick API. Since there is no valid use-case
for requesting API keys via getquick, the fix simply triggers an API
error if the API key is requested.
api/v3/Contact.php diff | blob | blame | history
tests/phpunit/api/v3/ContactTest.php diff | blob | blame | history