diff options
| author | Gerhard Killesreiter <killes_www_drop_org@227.no-reply.drupal.org> | 2006-03-17 18:56:25 +0000 |
|---|---|---|
| committer | Gerhard Killesreiter <killes_www_drop_org@227.no-reply.drupal.org> | 2006-03-17 18:56:25 +0000 |
| commit | 4b84de9a0c5bc8a9a3cb781b423d9ce834ea089b (patch) | |
| tree | cd5b7cc5df2f5c7e73bd9428514b789589051e5c | |
| parent | 5db4a65da38b7c391bdbd35a841ca9f5272f57ea (diff) | |
| download | brdo-4b84de9a0c5bc8a9a3cb781b423d9ce834ea089b.tar.gz brdo-4b84de9a0c5bc8a9a3cb781b423d9ce834ea089b.tar.bz2 | |
#14591, User.module links for blocked/non-existant accounts + menu 403/404 issue, patch by Steven and merlinofchaos
| -rw-r--r-- | includes/common.inc | 8 | ||||
| -rw-r--r-- | modules/contact.module | 8 | ||||
| -rw-r--r-- | modules/contact/contact.module | 8 | ||||
| -rw-r--r-- | modules/tracker.module | 12 | ||||
| -rw-r--r-- | modules/tracker/tracker.module | 12 | ||||
| -rw-r--r-- | modules/user.module | 48 | ||||
| -rw-r--r-- | modules/user/user.module | 48 |
7 files changed, 92 insertions, 52 deletions
diff --git a/includes/common.inc b/includes/common.inc index c6fe6dd05..196fbab6f 100644 --- a/includes/common.inc +++ b/includes/common.inc @@ -260,6 +260,10 @@ function drupal_not_found() { menu_set_active_item($path); $return = menu_execute_active_handler(); } + else { + // Redirect to a non-existant menu item to make possible tabs disappear. + menu_set_active_item('#'); + } if (empty($return)) { drupal_set_title(t('Page not found')); @@ -279,6 +283,10 @@ function drupal_access_denied() { menu_set_active_item($path); $return = menu_execute_active_handler(); } + else { + // Redirect to a non-existant menu item to make possible tabs disappear. + menu_set_active_item('#'); + } if (empty($return)) { drupal_set_title(t('Access denied')); diff --git a/modules/contact.module b/modules/contact.module index ea1f116ab..eadeb2a8d 100644 --- a/modules/contact.module +++ b/modules/contact.module @@ -320,8 +320,12 @@ function contact_admin_settings_submit($form_id, $form_values) { function contact_mail_user() { global $user; - if ($account = user_load(array('uid' => arg(1), 'status' => 1))) { - if (!$account->contact && !user_access('administer users')) { + if ($account = user_load(array('uid' => arg(1)))) { + $admin_access = user_access('administer users'); + if (!$account->status && !$admin_access) { + drupal_access_denied(); + } + else if (!$account->contact && !$admin_access) { $output = t('%name is not accepting e-mails.', array('%name' => $account->name)); } else if (!$user->uid) { diff --git a/modules/contact/contact.module b/modules/contact/contact.module index ea1f116ab..eadeb2a8d 100644 --- a/modules/contact/contact.module +++ b/modules/contact/contact.module @@ -320,8 +320,12 @@ function contact_admin_settings_submit($form_id, $form_values) { function contact_mail_user() { global $user; - if ($account = user_load(array('uid' => arg(1), 'status' => 1))) { - if (!$account->contact && !user_access('administer users')) { + if ($account = user_load(array('uid' => arg(1)))) { + $admin_access = user_access('administer users'); + if (!$account->status && !$admin_access) { + drupal_access_denied(); + } + else if (!$account->contact && !$admin_access) { $output = t('%name is not accepting e-mails.', array('%name' => $account->name)); } else if (!$user->uid) { diff --git a/modules/tracker.module b/modules/tracker.module index 4f8e602f7..f82611ceb 100644 --- a/modules/tracker.module +++ b/modules/tracker.module @@ -65,8 +65,16 @@ function tracker_menu($may_cache) { */ function tracker_track_user() { if ($account = user_load(array('uid' => arg(1)))) { - drupal_set_title($account->name); - return tracker_page($account->uid); + if ($account->status || user_access('administer users')) { + drupal_set_title($account->name); + return tracker_page($account->uid); + } + else { + drupal_access_denied(); + } + } + else { + drupal_not_found(); } } diff --git a/modules/tracker/tracker.module b/modules/tracker/tracker.module index 4f8e602f7..f82611ceb 100644 --- a/modules/tracker/tracker.module +++ b/modules/tracker/tracker.module @@ -65,8 +65,16 @@ function tracker_menu($may_cache) { */ function tracker_track_user() { if ($account = user_load(array('uid' => arg(1)))) { - drupal_set_title($account->name); - return tracker_page($account->uid); + if ($account->status || user_access('administer users')) { + drupal_set_title($account->name); + return tracker_page($account->uid); + } + else { + drupal_access_denied(); + } + } + else { + drupal_not_found(); } } diff --git a/modules/user.module b/modules/user.module index 069786fa7..c04d0bcf1 100644 --- a/modules/user.module +++ b/modules/user.module @@ -686,8 +686,7 @@ function user_menu($may_cache) { $admin_access = user_access('administer users'); $access_access = user_access('administer access control'); - // Users should always be allowed to see their own user page - $view_access = (user_access('access user profiles') || ($user->uid == arg(1))); + $view_access = user_access('access user profiles'); if ($may_cache) { $items[] = array('path' => 'user', 'title' => t('user account'), @@ -769,15 +768,21 @@ function user_menu($may_cache) { } else { if (arg(0) == 'user' && is_numeric(arg(1))) { - $user_exists = user_load(array('uid' => arg(1), 'status' => 1)); + $account = user_load(array('uid' => arg(1))); - $items[] = array('path' => 'user/'. arg(1), 'title' => t('user'), - 'type' => MENU_CALLBACK, 'callback' => 'user_view', - 'callback arguments' => array(arg(1)), 'access' => $view_access); + if ($user !== FALSE) { + // Always let a user view their own account + $view_access |= $user->uid == arg(1); + // Only admins can view blocked accounts + $view_access &= $account->status || $admin_access; + + $items[] = array('path' => 'user/'. arg(1), 'title' => t('user'), + 'type' => MENU_CALLBACK, 'callback' => 'user_view', + 'callback arguments' => array(arg(1)), 'access' => $view_access); - if ($user_exists !== FALSE || $admin_access) { $items[] = array('path' => 'user/'. arg(1) .'/view', 'title' => t('view'), 'access' => $view_access, 'type' => MENU_DEFAULT_LOCAL_TASK, 'weight' => -10); + $items[] = array('path' => 'user/'. arg(1) .'/edit', 'title' => t('edit'), 'callback' => 'user_edit', 'access' => $admin_access || $user->uid == arg(1), 'type' => MENU_LOCAL_TASK); @@ -1406,25 +1411,24 @@ function user_edit_submit($form_id, $form_values) { function user_view($uid = 0) { global $user; - if ($account = user_load(array('uid' => $uid, 'status' => 1))) { - // Retrieve and merge all profile fields: - $fields = array(); - foreach (module_list() as $module) { - if ($data = module_invoke($module, 'user', 'view', '', $account)) { - foreach ($data as $category => $items) { - foreach ($items as $item) { - $item['class'] = "$module-". $item['class']; - $fields[$category][] = $item; - } + $account = user_load(array('uid' => $uid)); + if ($account === FALSE) { + return drupal_not_found(); + } + // Retrieve and merge all profile fields: + $fields = array(); + foreach (module_list() as $module) { + if ($data = module_invoke($module, 'user', 'view', '', $account)) { + foreach ($data as $category => $items) { + foreach ($items as $item) { + $item['class'] = "$module-". $item['class']; + $fields[$category][] = $item; } } } - drupal_set_title($account->name); - return theme('user_profile', $account, $fields); - } - else { - drupal_not_found(); } + drupal_set_title($account->name); + return theme('user_profile', $account, $fields); } /*** Administrative features ***********************************************/ diff --git a/modules/user/user.module b/modules/user/user.module index 069786fa7..c04d0bcf1 100644 --- a/modules/user/user.module +++ b/modules/user/user.module @@ -686,8 +686,7 @@ function user_menu($may_cache) { $admin_access = user_access('administer users'); $access_access = user_access('administer access control'); - // Users should always be allowed to see their own user page - $view_access = (user_access('access user profiles') || ($user->uid == arg(1))); + $view_access = user_access('access user profiles'); if ($may_cache) { $items[] = array('path' => 'user', 'title' => t('user account'), @@ -769,15 +768,21 @@ function user_menu($may_cache) { } else { if (arg(0) == 'user' && is_numeric(arg(1))) { - $user_exists = user_load(array('uid' => arg(1), 'status' => 1)); + $account = user_load(array('uid' => arg(1))); - $items[] = array('path' => 'user/'. arg(1), 'title' => t('user'), - 'type' => MENU_CALLBACK, 'callback' => 'user_view', - 'callback arguments' => array(arg(1)), 'access' => $view_access); + if ($user !== FALSE) { + // Always let a user view their own account + $view_access |= $user->uid == arg(1); + // Only admins can view blocked accounts + $view_access &= $account->status || $admin_access; + + $items[] = array('path' => 'user/'. arg(1), 'title' => t('user'), + 'type' => MENU_CALLBACK, 'callback' => 'user_view', + 'callback arguments' => array(arg(1)), 'access' => $view_access); - if ($user_exists !== FALSE || $admin_access) { $items[] = array('path' => 'user/'. arg(1) .'/view', 'title' => t('view'), 'access' => $view_access, 'type' => MENU_DEFAULT_LOCAL_TASK, 'weight' => -10); + $items[] = array('path' => 'user/'. arg(1) .'/edit', 'title' => t('edit'), 'callback' => 'user_edit', 'access' => $admin_access || $user->uid == arg(1), 'type' => MENU_LOCAL_TASK); @@ -1406,25 +1411,24 @@ function user_edit_submit($form_id, $form_values) { function user_view($uid = 0) { global $user; - if ($account = user_load(array('uid' => $uid, 'status' => 1))) { - // Retrieve and merge all profile fields: - $fields = array(); - foreach (module_list() as $module) { - if ($data = module_invoke($module, 'user', 'view', '', $account)) { - foreach ($data as $category => $items) { - foreach ($items as $item) { - $item['class'] = "$module-". $item['class']; - $fields[$category][] = $item; - } + $account = user_load(array('uid' => $uid)); + if ($account === FALSE) { + return drupal_not_found(); + } + // Retrieve and merge all profile fields: + $fields = array(); + foreach (module_list() as $module) { + if ($data = module_invoke($module, 'user', 'view', '', $account)) { + foreach ($data as $category => $items) { + foreach ($items as $item) { + $item['class'] = "$module-". $item['class']; + $fields[$category][] = $item; } } } - drupal_set_title($account->name); - return theme('user_profile', $account, $fields); - } - else { - drupal_not_found(); } + drupal_set_title($account->name); + return theme('user_profile', $account, $fields); } /*** Administrative features ***********************************************/ |