From 051c5f415e17ae0395be7258223c7405ef9e5514 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Fri, 22 Apr 2016 20:00:37 +0200
Subject: [PATCH] Fix API access protection check #5053

---
 htdocs/api/class/api_access.class.php | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/htdocs/api/class/api_access.class.php b/htdocs/api/class/api_access.class.php
index a8ceef4a232..9d29c60e26a 100644
--- a/htdocs/api/class/api_access.class.php
+++ b/htdocs/api/class/api_access.class.php
@@ -122,7 +122,10 @@ class DolibarrApiAccess implements iAuthenticate
 
         $userClass::setCacheIdentifier(static::$role);
         Resources::$accessControlFunction = 'DolibarrApiAccess::verifyAccess';
-        return in_array(static::$role, (array) static::$requires) || static::$role == 'admin';
+        
+        $requirefortest = static::$requires;
+        if (! is_array($requirefortest)) $requirefortest=explode(',',$requirefortest);
+        return in_array(static::$role, (array) static::$requirefortest) || static::$role == 'admin';
 	}
 
 	/**
-- 
GitLab