(haven't tested it to verify this, my dev environment doesn't have cron set up and not sure what is triggering the node_load, node_save, but this was reported as a major bug. )

Some automated scripts run by anonymous, non user/none privacy('view all privacy') (ie, cron, which when run by the server is run as anonymous) will cause the field to be made public when node_load,node_save is done.

Suggested change is : .

            if (in_array($field, $active_privacy_fields)) {
              unset($node->$field);
            }
            $fieldname = 'privacy_'. $field;
            $node->$fieldname = 1;

Comments

kwinters’s picture

This may just be a duplicate of #592194: Private fields are visibile on nodes owned by anonymous -- this module shouldn't actually change the node's uid, but if it is "created" by anon, there are currently consequences.