Details
-
Type:
Bug
-
Status: Open
-
Priority:
Trivial
-
Resolution: Unresolved
-
Affects Version/s: 4.7
-
Fix Version/s: None
-
Component/s: None
-
Labels:None
-
Versioning Impact:Patch (backwards-compatible bug fixes)
-
Documentation Required?:None
-
Funding Source:Needs Funding
Description
It may be that not working is how this should behave, but reporting since the behaviour is unexpected.
If I use API to filter as eg "first_name LIKE 'a%'", I get results.
If I use API explorer similarly to query "api_key LIKE 'a%'", I get:
{
"error_code": "not-found",
"entity": "Contact",
"action": "get",
"is_error": 1,
"error_message": "Error in call to Key_get : API (Key, get) does not exist (join the API team and implement it!)"
}
IMO we probably don't want people to be able to query API keys via API anyway (until there are permissions around that sort of usage) so we should special case this.
Attachments
Activity
I have no idea. Maybe I did at the time. Sorry!
OK, I'm gonna publish it.
(If we can't see the security issue... and if there's some weird edge-casey reason that it is a security issue... then I doubt anyone else will recognize it... unless they're UberHacker, in which case we're already screwed.)
Chris Burgess, this feels more like a run-of-the-mill bug. Why is it flagged as "Security - Unpublished"?