"Hidden profile field, only accessible by administrators, modules and themes." -- PROFILE_HIDDEN
"Private field, content only available to privileged users. " -- PROFILE_PRIVATE

The description for PROFILE_PRIVATE implies (by omission) that PRIVATE profile fields are _not_ accessible by modules and themes and would only be viewable by administrator and the user him/herself. However, looking at the code, I see no logic that enforces anything WRT modules/themes being able to access the profile data.

Recommend changing the description for "Private field" to "Content is private to the user, but can also be viewed by Administrators, modules and themes".

That, or we should put a hook in place that modules should use when accessing profile data that doesn't allow other modules/themes to access private fields.

Comments

craigmc’s picture

Addl' point:
As discovered by the test I posted in the patch at http://drupal.org/node/479220

If a Field is set to Hidden, it does not appear on the user/uid page when viewed by an administrator, only on the user/uid/edit page.

Not sure if this is a bug or a feature.