From 2da0d41ac22ee8272fc48eff7c736b6a66c8da7a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?G=C3=A1bor=20Hojtsy?= <gabor@hojtsy.hu>
Date: Thu, 28 Jun 2007 00:29:05 +0000
Subject: #123577 by spatz4000 (originally by tostinni for Drupal 5): do not
 allow hidden profile fields to be browsed by non-admins

---
 modules/profile/profile.module | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'modules')

diff --git a/modules/profile/profile.module b/modules/profile/profile.module
index 87238db73..53ab13a72 100644
--- a/modules/profile/profile.module
+++ b/modules/profile/profile.module
@@ -462,8 +462,8 @@ function profile_browse() {
       drupal_not_found();
       return;
     }
-    // Do not allow browsing of private fields by non-admins.
-    if (!user_access('administer users') && $field->visibility == PROFILE_PRIVATE) {
+    // Do not allow browsing of private and hidden fields by non-admins.
+    if (!user_access('administer users') && ($field->visibility == PROFILE_PRIVATE || $field->visibility == PROFILE_HIDDEN)) {
        drupal_access_denied();
        return;
     }
-- 
cgit v1.2.3