From: Coleman Watts <coleman@civicrm.org>
Date: Fri, 2 May 2014 22:40:11 +0000 (-0700)
Subject: Contribution onBehalf form - Improve ajax callback
X-Git-Url: https://vcs.fsf.org/?a=commitdiff_plain;h=d6d56b6b6ee16be7506d5a93b46143ae0af7e862;p=civicrm-core.git

Contribution onBehalf form - Improve ajax callback
---

diff --git a/CRM/Core/Page/AJAX/Location.php b/CRM/Core/Page/AJAX/Location.php
index 0d0f944712..48de73257b 100644
--- a/CRM/Core/Page/AJAX/Location.php
+++ b/CRM/Core/Page/AJAX/Location.php
@@ -50,12 +50,9 @@ class CRM_Core_Page_AJAX_Location {
     $ufId = CRM_Utils_Request::retrieve('ufId', 'Integer', CRM_Core_DAO::$_nullObject, TRUE);
 
     // Verify user id
-    $user = CRM_Core_Session::singleton()->get('userID');
-    if (!$user) {
-      $user = CRM_Utils_Request::retrieve('uid', 'Integer', CRM_Core_DAO::$_nullObject, TRUE);
-      if (!CRM_Contact_BAO_Contact_Permission::validateOnlyChecksum($user, CRM_Core_DAO::$_nullObject)) {
-        CRM_Utils_System::civiExit();
-      }
+    $user = CRM_Utils_Request::retrieve('uid', 'Integer', CRM_Core_DAO::$_nullObject, FALSE, CRM_Core_Session::singleton()->get('userID'));
+    if (!$user || !CRM_Contact_BAO_Contact_Permission::validateChecksumContact($user, CRM_Core_DAO::$_nullObject, FALSE)) {
+      CRM_Utils_System::civiExit();
     }
 
     // Verify user permission on related contact