All content shows in private zone too!
EgorfromMurmansk - February 26, 2008 - 19:21
| Project: | Usercontent |
| Version: | 5.x-1.x-dev |
| Component: | Code |
| Category: | bug report |
| Priority: | critical |
| Assigned: | Unassigned |
| Status: | active |
Jump to:
Description
Private content is also shown. How does it exclude?
#1
What is private content?
#2
Maybe is talking about some node types that should be excluded. It would be a nice feature to allow choosing the node types that are exposed.
introfini
#3
No - your query (at least in the version I'm playing around with) is not passed through db_rewrite_sql, meaning that any content that is protected by Drupal's node access using a module like TAC, TAC_LITE, Content/Forum Access etc will still be listed on user profiles. When a visitor who does not have access to view these nodes clicks on an item in the User Content listing, he/she will be presented with an Access Denied page.
I'd say this was a critical bug, as enabling this module on a site with content protected by ANY node access control module will expose listings of private content to anonymous and other non-privileged users.