Details
-
Type:
Improvement
-
Status: Done/Fixed
-
Priority:
Minor
-
Resolution: Fixed/Completed
-
Affects Version/s: 2.0, 2.1
-
Fix Version/s: 2.1
-
Component/s: Core CiviCRM
-
Labels:None
Description
Per the discussion on the forums about extending the REST API, I've created another patch that should allow the API to reach any functions in the API. This patch also makes 1 change to the API itself, I added a function civicrm_group_get that is simply a call to civicrm_groups_get. All the other API functions I tested, the middle phrase matched the file name in a predictable way, making it easy to calculate both the file name and the function name, this function was an exception to that rule. I would argue it should be changed in a future version of the API, but for now I've just added the alternatively named function.
Error checking on the inputs is included, although another person should review that functionality to make sure there aren't cases that I'm not thinking of; see lines 224-229 and 237 of the patched file. I'm not convinced that this is enough to prevent XSS attacks, but I wasn't able to think of a case that would slip through without error.