From: Elin Waring <elin.waring@gmail.com>
Date: Sat, 25 Apr 2015 20:47:04 +0000 (-0400)
Subject: Check for api_key to make sure it is a REST request and not a guest.
X-Git-Url: https://vcs.fsf.org/?a=commitdiff_plain;h=906e5a456c763b36052eef0a462eb6b860f1eddd;p=civicrm-core.git

Check for api_key to make sure it is a REST request and not a guest.
---

diff --git a/CRM/Core/Permission/Joomla.php b/CRM/Core/Permission/Joomla.php
index 925e397f54..0a4f7e0a06 100644
--- a/CRM/Core/Permission/Joomla.php
+++ b/CRM/Core/Permission/Joomla.php
@@ -62,18 +62,14 @@ class CRM_Core_Permission_Joomla extends CRM_Core_Permission_Base {
     // not execute hooks if joomla is not loaded
     if (defined('_JEXEC')) {
       $user = JFactory::getUser();
+      $api_key    = CRM_Utils_Request::retrieve('api_key', 'String', $store, FALSE, NULL, 'REQUEST');
 
       // If we are coming from REST we don't have a user but we do have the api_key for a user.
-      if ($user->id === 0) {
+      if ($user->id === 0 && !is_null($api_key)) {
         // This is a codeblock copied from /Civicrm/Utils/REST
         $uid = NULL;
         if (!$uid) {
           $store      = NULL;
-          $api_key    = CRM_Utils_Request::retrieve('api_key', 'String', $store, FALSE, NULL, 'REQUEST');
-
-          if (empty($api_key)) {
-            return CRM_Utils_Rest::error("FATAL: mandatory param 'api_key' (user key) missing");
-          }
 
           $contact_id = CRM_Core_DAO::getFieldValue('CRM_Contact_DAO_Contact', $api_key, 'id', 'api_key');