projects / civicrm-core.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 6d72812)
CRM-16711 fix - Security breach of data: contact details accessible via relationships
authormonishdeb <monish.deb@webaccessglobal.com>
Thu, 9 Jul 2015 20:38:09 +0000 (02:08 +0530)
committermonishdeb <monish.deb@webaccessglobal.com>
Mon, 13 Jul 2015 10:11:35 +0000 (15:41 +0530)
https://issues.civicrm.org/jira/browse/CRM-16711

CRM/Contact/BAO/Relationship.php patch | blob | blame | history

diff --git a/CRM/Contact/BAO/Relationship.php b/CRM/Contact/BAO/Relationship.php
index 7c76f0ac6862bdaaf224d3c3fbef80b4e7fb04e1..d5f2f123b1a668eb8aa8759a66c892c811304364 100644 (file)
--- a/CRM/Contact/BAO/Relationship.php
+++ b/CRM/Contact/BAO/Relationship.php
@@ -1225,8 +1225,10 @@ LEFT JOIN  civicrm_country ON (civicrm_address.country_id = civicrm_country.id)
       while ($relationship->fetch()) {
         $rid = $relationship->civicrm_relationship_id;
         $cid = $relationship->civicrm_contact_id;
-        if (($permissionedContact) &&
-          (!CRM_Contact_BAO_Contact_Permission::relationship($cid, $contactId))
+        if (($permissionedContact &&
+            (!CRM_Contact_BAO_Contact_Permission::relationship($cid, $contactId))
+          ) ||
+          (!CRM_Contact_BAO_Contact_Permission::allow($cid))
         ) {
           continue;
         }