From d6d56b6b6ee16be7506d5a93b46143ae0af7e862 Mon Sep 17 00:00:00 2001
From: Coleman Watts <coleman@civicrm.org>
Date: Fri, 2 May 2014 15:40:11 -0700
Subject: [PATCH] Contribution onBehalf form - Improve ajax callback

---
 CRM/Core/Page/AJAX/Location.php | 9 +++------
 1 file changed, 3 insertions(+), 6 deletions(-)

diff --git a/CRM/Core/Page/AJAX/Location.php b/CRM/Core/Page/AJAX/Location.php
index 0d0f944712..48de73257b 100644
--- a/CRM/Core/Page/AJAX/Location.php
+++ b/CRM/Core/Page/AJAX/Location.php
@@ -50,12 +50,9 @@ class CRM_Core_Page_AJAX_Location {
     $ufId = CRM_Utils_Request::retrieve('ufId', 'Integer', CRM_Core_DAO::$_nullObject, TRUE);
 
     // Verify user id
-    $user = CRM_Core_Session::singleton()->get('userID');
-    if (!$user) {
-      $user = CRM_Utils_Request::retrieve('uid', 'Integer', CRM_Core_DAO::$_nullObject, TRUE);
-      if (!CRM_Contact_BAO_Contact_Permission::validateOnlyChecksum($user, CRM_Core_DAO::$_nullObject)) {
-        CRM_Utils_System::civiExit();
-      }
+    $user = CRM_Utils_Request::retrieve('uid', 'Integer', CRM_Core_DAO::$_nullObject, FALSE, CRM_Core_Session::singleton()->get('userID'));
+    if (!$user || !CRM_Contact_BAO_Contact_Permission::validateChecksumContact($user, CRM_Core_DAO::$_nullObject, FALSE)) {
+      CRM_Utils_System::civiExit();
     }
 
     // Verify user permission on related contact
-- 
2.25.1