diff options
| author | Gábor Hojtsy <gabor@hojtsy.hu> | 2007-06-28 00:29:05 +0000 |
|---|---|---|
| committer | Gábor Hojtsy <gabor@hojtsy.hu> | 2007-06-28 00:29:05 +0000 |
| commit | 2da0d41ac22ee8272fc48eff7c736b6a66c8da7a (patch) | |
| tree | 149aecdc89ca556ef220225f980af76a9b49267e /modules | |
| parent | 39e9548f8b5cc6d4e4596211adbdc2c6ea17c37d (diff) | |
| download | brdo-2da0d41ac22ee8272fc48eff7c736b6a66c8da7a.tar.gz brdo-2da0d41ac22ee8272fc48eff7c736b6a66c8da7a.tar.bz2 | |
#123577 by spatz4000 (originally by tostinni for Drupal 5): do not allow hidden profile fields to be browsed by non-admins
Diffstat (limited to 'modules')
| -rw-r--r-- | modules/profile/profile.module | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/modules/profile/profile.module b/modules/profile/profile.module index 87238db73..53ab13a72 100644 --- a/modules/profile/profile.module +++ b/modules/profile/profile.module @@ -462,8 +462,8 @@ function profile_browse() { drupal_not_found(); return; } - // Do not allow browsing of private fields by non-admins. - if (!user_access('administer users') && $field->visibility == PROFILE_PRIVATE) { + // Do not allow browsing of private and hidden fields by non-admins. + if (!user_access('administer users') && ($field->visibility == PROFILE_PRIVATE || $field->visibility == PROFILE_HIDDEN)) { drupal_access_denied(); return; } |