CRM-16403 - CiviCRM API - Allow GET requests to make a 'check' API call

author Jon goldberg <jon@palantetech.coop>

Tue, 28 Apr 2015 19:53:43 +0000 (13:53 -0600)

committer Jon goldberg <jon@palantetech.coop>

Tue, 28 Apr 2015 19:55:36 +0000 (13:55 -0600)
author Jon goldberg <jon@palantetech.coop>
Tue, 28 Apr 2015 19:53:43 +0000 (13:53 -0600)
committer Jon goldberg <jon@palantetech.coop>
Tue, 28 Apr 2015 19:55:36 +0000 (13:55 -0600)
diff --git a/CRM/Utils/REST.php b/CRM/Utils/REST.php

index 6bac6be8fdb73dacb03497399d9eda6e25204eef..ef1f5bf3197c9ad537725508170b4cd008e95dab 100644 (file)
--- a/CRM/Utils/REST.php
+++ b/CRM/Utils/REST.php
@@ -384,7 +384,9 @@ class CRM_Utils_REST {
        return $result;
      }
  
-    if ($_SERVER['REQUEST_METHOD'] == 'GET' && strtolower(substr($args[2], 0, 3)) != 'get') {
+    if ($_SERVER['REQUEST_METHOD'] == 'GET' &&
+       strtolower(substr($args[2], 0, 3)) != 'get' &&
+       strtolower($args[2] != 'check')) {
        // get only valid for non destructive methods
        require_once 'api/v3/utils.php';
        return civicrm_api3_create_error("SECURITY: All requests that modify the database must be http POST, not GET.",
author	Jon goldberg <jon@palantetech.coop>
	Tue, 28 Apr 2015 19:53:43 +0000 (13:53 -0600)
committer	Jon goldberg <jon@palantetech.coop>
	Tue, 28 Apr 2015 19:55:36 +0000 (13:55 -0600)