vcs.fsf.org Git - civicrm-core.git/commit

author	Patrick Figel <pfigel@greenpeace.org>
	Tue, 18 Feb 2020 20:54:05 +0000 (21:54 +0100)
committer	Seamus Lee <seamuslee001@gmail.com>
	Sat, 11 Apr 2020 20:49:43 +0000 (06:49 +1000)
commit	7deeeda9ac6c1c96d3b121baa80242053294b5b9
tree	c619629d7268a0125126cb2788a62332e14479c0	tree \| snapshot (zip tar.gz)
parent	d03aa53bc04c2adf54bb2b30e7f4f007cda3dc6a	commit \| diff

security/core#73 - Fix Contact.getquick API key exposure

This fixes an issue where API keys can be exposed via the field_name
parameter of the Contact.getquick API. Since there is no valid use-case
for requesting API keys via getquick, the fix simply triggers an API
error if the API key is requested.

api/v3/Contact.php		diff \| blob \| blame \| history
tests/phpunit/api/v3/ContactTest.php		diff \| blob \| blame \| history

RSS Atom