CRM-13806 - Only accept valid profile urls

author Donald A. Lobo <lobo@civicrm.org>

Thu, 21 Nov 2013 02:03:24 +0000 (18:03 -0800)

committer Donald A. Lobo <lobo@civicrm.org>

Thu, 21 Nov 2013 02:03:24 +0000 (18:03 -0800)
author Donald A. Lobo <lobo@civicrm.org>
Thu, 21 Nov 2013 02:03:24 +0000 (18:03 -0800)
committer Donald A. Lobo <lobo@civicrm.org>
Thu, 21 Nov 2013 02:03:24 +0000 (18:03 -0800)
diff --git a/CRM/Core/Invoke.php b/CRM/Core/Invoke.php

index 1dea4ae1e06cfba9174ecfa02518abd9f1af7443..221504f2101f2219bed378200553cc19ca0ae627 100644 (file)
--- a/CRM/Core/Invoke.php
+++ b/CRM/Core/Invoke.php
@@ -456,8 +456,13 @@ class CRM_Core_Invoke {
        }
      }
  
-    $page = new CRM_Profile_Page_Listings();
-    return $page->run();
+    if ($secondArg == 'view' || empty($secondArg)) {
+      $page = new CRM_Profile_Page_Listings();
+      return $page->run();
+    }
+
+    CRM_Utils_System::permissionDenied();
+    return;
    }
  
    /**
author	Donald A. Lobo <lobo@civicrm.org>
	Thu, 21 Nov 2013 02:03:24 +0000 (18:03 -0800)
committer	Donald A. Lobo <lobo@civicrm.org>
	Thu, 21 Nov 2013 02:03:24 +0000 (18:03 -0800)