- Patch #791076 by Shellingfox, tobias: search displays user email address regardless of 'administer users' permission.

1 files changed, 11 insertions, 3 deletions

diff --git a/modules/user/user.module b/modules/user/user.module
index e8a0cd18d..e92ce8973 100644
--- a/modules/user/user.module
+++ b/modules/user/user.module
@@ -849,9 +849,10 @@ function user_search_execute($keys = NULL) {
   // Replace wildcards with MySQL/PostgreSQL wildcards.
   $keys = preg_replace('!\*+!', '%', $keys);
   $query = db_select('users')->extend('PagerDefault');
-  $query->fields('users', array('name', 'uid', 'mail'));
+  $query->fields('users', array('name', 'uid'));
   if (user_access('administer users')) {
     // Administrators can also search in the otherwise private email field.
+    $query->fields('users', array('mail'));
     $query->condition(db_or()->
       condition('name', '%' . db_like($keys) . '%', 'LIKE')->
       condition('mail', '%' . db_like($keys) . '%', 'LIKE'));
@@ -862,8 +863,15 @@ function user_search_execute($keys = NULL) {
   $result = $query
     ->limit(15)
     ->execute();
-  foreach ($result as $account) {
-    $find[] = array('title' => $account->name . ' (' . $account->mail . ')', 'link' => url('user/' . $account->uid, array('absolute' => TRUE)));
+  if (user_access('administer users')) {
+    foreach ($result as $account) {
+      $find[] = array('title' => $account->name . ' (' . $account->mail . ')', 'link' => url('user/' . $account->uid, array('absolute' => TRUE)));
+    }
+  }
+  else {
+    foreach ($result as $account) {
+      $find[] = array('title' => $account->name, 'link' => url('user/' . $account->uid, array('absolute' => TRUE)));
+    }
   }
   return $find;
 }