Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.Navigating to /relationships/xxx results in everyone's relationships and elaborations being shown to authenticated users
Assuming you have 1 relationship type set up then if you go to /relationships/1 it works fine showing your relationships of type "1" however if you pass any other value to the url eg "blah" /relationships/blah it will list every single relationship on the site for every user and show the elaboration comments that users have entered too.
Comments
Comment #1
victoria_b CreditAttribution: victoria_b commentedHappens on my site too.
Hope this will be fixed soon.
Comment #2
fossle CreditAttribution: fossle commentedsubscribing
Comment #3
Valc CreditAttribution: Valc commentedsubscribing
Still there in the newest release. Any invalid argument for * in the 'relationships/*' path will result in all relationships of all users beeing displayed to any registered user.
Comment #4
mrf CreditAttribution: mrf commentedClosed #1182844: Typing in relationships/(anything) shows alot of users as a duplicate of this issue.
Comment #5
mrf CreditAttribution: mrf commentedNote to read http://drupal.org/node/209056 and line 525 or therabouts of user_relationships_ui.module for the path to fixing this.
Comment #6
mrf CreditAttribution: mrf commentedPretty sure you can only see information you would already have access to with this method (plugging in a given users uid) but this still definitely needs a fix as something is seriously broken with these generated items.
Comment #7
mrf CreditAttribution: mrf commentedFix committed to 6.x-1.x-dev
Comment #8
mrf CreditAttribution: mrf commentedPretty sure all the menu stuff has changed but leaving this open as a reminder to check the status of this bug in 7.x.
Comment #9
mrf CreditAttribution: mrf commentedDropped completely from 7.