From: monishdeb <monish.deb@webaccessglobal.com>
Date: Thu, 9 Jul 2015 20:38:09 +0000 (+0530)
Subject: CRM-16711 fix - Security breach of data: contact details accessible via relationships
X-Git-Url: https://vcs.fsf.org/?a=commitdiff_plain;h=df124d3aae6b97e9b08d11740d82f8303040eddd;p=civicrm-core.git

CRM-16711 fix - Security breach of data: contact details accessible via relationships

https://issues.civicrm.org/jira/browse/CRM-16711
---

diff --git a/CRM/Contact/BAO/Relationship.php b/CRM/Contact/BAO/Relationship.php
index 7c76f0ac68..d5f2f123b1 100644
--- a/CRM/Contact/BAO/Relationship.php
+++ b/CRM/Contact/BAO/Relationship.php
@@ -1225,8 +1225,10 @@ LEFT JOIN  civicrm_country ON (civicrm_address.country_id = civicrm_country.id)
       while ($relationship->fetch()) {
         $rid = $relationship->civicrm_relationship_id;
         $cid = $relationship->civicrm_contact_id;
-        if (($permissionedContact) &&
-          (!CRM_Contact_BAO_Contact_Permission::relationship($cid, $contactId))
+        if (($permissionedContact &&
+            (!CRM_Contact_BAO_Contact_Permission::relationship($cid, $contactId))
+          ) ||
+          (!CRM_Contact_BAO_Contact_Permission::allow($cid))
         ) {
           continue;
         }