From 2b3296539954c7b928aa0ad5ed7e881760e1f814 Mon Sep 17 00:00:00 2001 From: Jitendra Purohit Date: Mon, 4 Jun 2018 14:51:42 +0530 Subject: [PATCH] dev/core#162 - Use checksum to access user dashboard --- CRM/Contact/Page/View/UserDashBoard.php | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/CRM/Contact/Page/View/UserDashBoard.php b/CRM/Contact/Page/View/UserDashBoard.php index 585a481b45..9ecf6863b6 100644 --- a/CRM/Contact/Page/View/UserDashBoard.php +++ b/CRM/Contact/Page/View/UserDashBoard.php @@ -69,10 +69,16 @@ class CRM_Contact_Page_View_UserDashBoard extends CRM_Core_Page { $session = CRM_Core_Session::singleton(); $userID = $session->get('userID'); + $userChecksum = CRM_Utils_Request::retrieve('cs', 'String', $this); + $validUser = FALSE; + if (empty($userID) && $this->_contactId && $userChecksum) { + $validUser = CRM_Contact_BAO_Contact_Utils::validChecksum($this->_contactId, $userChecksum); + } + if (!$this->_contactId) { $this->_contactId = $userID; } - elseif ($this->_contactId != $userID) { + elseif ($this->_contactId != $userID && !$validUser) { if (!CRM_Contact_BAO_Contact_Permission::allow($this->_contactId, CRM_Core_Permission::VIEW)) { CRM_Core_Error::fatal(ts('You do not have permission to access this contact.')); } -- 2.25.1