From: Tim Otten <totten@civicrm.org>
Date: Mon, 9 Feb 2015 13:22:05 +0000 (-0800)
Subject: DynamicFKAuthorization - Security checks should not be case-sensitive.
X-Git-Url: https://vcs.fsf.org/?a=commitdiff_plain;h=f550233d3cfa2d2b619942cf5147cd307098b9eb;p=civicrm-core.git

DynamicFKAuthorization - Security checks should not be case-sensitive.
---

diff --git a/Civi/API/Subscriber/DynamicFKAuthorization.php b/Civi/API/Subscriber/DynamicFKAuthorization.php
index 3b7b83b239..4f94fb4ac6 100644
--- a/Civi/API/Subscriber/DynamicFKAuthorization.php
+++ b/Civi/API/Subscriber/DynamicFKAuthorization.php
@@ -123,7 +123,7 @@ class DynamicFKAuthorization implements EventSubscriberInterface {
    */
   public function onApiAuthorize(\Civi\API\Event\AuthorizeEvent $event) {
     $apiRequest = $event->getApiRequest();
-    if ($apiRequest['version'] == 3 && $apiRequest['entity'] == $this->entityName && in_array(strtolower($apiRequest['action']), $this->actions)) {
+    if ($apiRequest['version'] == 3 && strtolower($apiRequest['entity']) == strtolower($this->entityName) && in_array(strtolower($apiRequest['action']), $this->actions)) {
       if (/*!$isTrusted */
         empty($apiRequest['params']['id']) && empty($apiRequest['params']['entity_table'])
       ) {