CRM-15247 - CRM_Contact_Page_AJAX::getContactEmail - Validate inputs

author Tim Otten <totten@civicrm.org>

Sat, 6 Sep 2014 05:03:00 +0000 (22:03 -0700)

committer Tim Otten <totten@civicrm.org>

Sat, 6 Sep 2014 05:05:00 +0000 (22:05 -0700)
author Tim Otten <totten@civicrm.org>
Sat, 6 Sep 2014 05:03:00 +0000 (22:03 -0700)
committer Tim Otten <totten@civicrm.org>
Sat, 6 Sep 2014 05:05:00 +0000 (22:05 -0700)
diff --git a/CRM/Contact/Page/AJAX.php b/CRM/Contact/Page/AJAX.php

index 90fc183330e4eb72d32dc9b6a250c7c762d264b6..4dbb69d595da65b5b3066f1c5d42ec04b9d79dff 100644 (file)
--- a/CRM/Contact/Page/AJAX.php
+++ b/CRM/Contact/Page/AJAX.php
@@ -642,6 +642,9 @@ WHERE sort_name LIKE '%$name%'";
    static function getContactEmail() {
      if (CRM_Utils_Array::value('contact_id', $_REQUEST)) {
        $contactID = CRM_Utils_Type::escape($_REQUEST['contact_id'], 'Positive');
+      if (!CRM_Contact_BAO_Contact_Permission::allow($contactID, CRM_Core_Permission::EDIT)) {
+        return;
+      }
        list($displayName,
          $userEmail
        ) = CRM_Contact_BAO_Contact_Location::getEmailDetails($contactID);
author	Tim Otten <totten@civicrm.org>
	Sat, 6 Sep 2014 05:03:00 +0000 (22:03 -0700)
committer	Tim Otten <totten@civicrm.org>
	Sat, 6 Sep 2014 05:05:00 +0000 (22:05 -0700)