Commit 4b84de9a authored by Gerhard Killesreiter's avatar Gerhard Killesreiter

#14591, User.module links for blocked/non-existant accounts + menu 403/404...

#14591, User.module links for blocked/non-existant accounts + menu 403/404 issue, patch by Steven and merlinofchaos
parent 5db4a65d
...@@ -260,6 +260,10 @@ function drupal_not_found() { ...@@ -260,6 +260,10 @@ function drupal_not_found() {
menu_set_active_item($path); menu_set_active_item($path);
$return = menu_execute_active_handler(); $return = menu_execute_active_handler();
} }
else {
// Redirect to a non-existant menu item to make possible tabs disappear.
menu_set_active_item('#');
}
if (empty($return)) { if (empty($return)) {
drupal_set_title(t('Page not found')); drupal_set_title(t('Page not found'));
...@@ -279,6 +283,10 @@ function drupal_access_denied() { ...@@ -279,6 +283,10 @@ function drupal_access_denied() {
menu_set_active_item($path); menu_set_active_item($path);
$return = menu_execute_active_handler(); $return = menu_execute_active_handler();
} }
else {
// Redirect to a non-existant menu item to make possible tabs disappear.
menu_set_active_item('#');
}
if (empty($return)) { if (empty($return)) {
drupal_set_title(t('Access denied')); drupal_set_title(t('Access denied'));
......
...@@ -320,8 +320,12 @@ function contact_admin_settings_submit($form_id, $form_values) { ...@@ -320,8 +320,12 @@ function contact_admin_settings_submit($form_id, $form_values) {
function contact_mail_user() { function contact_mail_user() {
global $user; global $user;
if ($account = user_load(array('uid' => arg(1), 'status' => 1))) { if ($account = user_load(array('uid' => arg(1)))) {
if (!$account->contact && !user_access('administer users')) { $admin_access = user_access('administer users');
if (!$account->status && !$admin_access) {
drupal_access_denied();
}
else if (!$account->contact && !$admin_access) {
$output = t('%name is not accepting e-mails.', array('%name' => $account->name)); $output = t('%name is not accepting e-mails.', array('%name' => $account->name));
} }
else if (!$user->uid) { else if (!$user->uid) {
......
...@@ -320,8 +320,12 @@ function contact_admin_settings_submit($form_id, $form_values) { ...@@ -320,8 +320,12 @@ function contact_admin_settings_submit($form_id, $form_values) {
function contact_mail_user() { function contact_mail_user() {
global $user; global $user;
if ($account = user_load(array('uid' => arg(1), 'status' => 1))) { if ($account = user_load(array('uid' => arg(1)))) {
if (!$account->contact && !user_access('administer users')) { $admin_access = user_access('administer users');
if (!$account->status && !$admin_access) {
drupal_access_denied();
}
else if (!$account->contact && !$admin_access) {
$output = t('%name is not accepting e-mails.', array('%name' => $account->name)); $output = t('%name is not accepting e-mails.', array('%name' => $account->name));
} }
else if (!$user->uid) { else if (!$user->uid) {
......
...@@ -65,8 +65,16 @@ function tracker_menu($may_cache) { ...@@ -65,8 +65,16 @@ function tracker_menu($may_cache) {
*/ */
function tracker_track_user() { function tracker_track_user() {
if ($account = user_load(array('uid' => arg(1)))) { if ($account = user_load(array('uid' => arg(1)))) {
drupal_set_title($account->name); if ($account->status || user_access('administer users')) {
return tracker_page($account->uid); drupal_set_title($account->name);
return tracker_page($account->uid);
}
else {
drupal_access_denied();
}
}
else {
drupal_not_found();
} }
} }
......
...@@ -65,8 +65,16 @@ function tracker_menu($may_cache) { ...@@ -65,8 +65,16 @@ function tracker_menu($may_cache) {
*/ */
function tracker_track_user() { function tracker_track_user() {
if ($account = user_load(array('uid' => arg(1)))) { if ($account = user_load(array('uid' => arg(1)))) {
drupal_set_title($account->name); if ($account->status || user_access('administer users')) {
return tracker_page($account->uid); drupal_set_title($account->name);
return tracker_page($account->uid);
}
else {
drupal_access_denied();
}
}
else {
drupal_not_found();
} }
} }
......
...@@ -686,8 +686,7 @@ function user_menu($may_cache) { ...@@ -686,8 +686,7 @@ function user_menu($may_cache) {
$admin_access = user_access('administer users'); $admin_access = user_access('administer users');
$access_access = user_access('administer access control'); $access_access = user_access('administer access control');
// Users should always be allowed to see their own user page $view_access = user_access('access user profiles');
$view_access = (user_access('access user profiles') || ($user->uid == arg(1)));
if ($may_cache) { if ($may_cache) {
$items[] = array('path' => 'user', 'title' => t('user account'), $items[] = array('path' => 'user', 'title' => t('user account'),
...@@ -769,15 +768,21 @@ function user_menu($may_cache) { ...@@ -769,15 +768,21 @@ function user_menu($may_cache) {
} }
else { else {
if (arg(0) == 'user' && is_numeric(arg(1))) { if (arg(0) == 'user' && is_numeric(arg(1))) {
$user_exists = user_load(array('uid' => arg(1), 'status' => 1)); $account = user_load(array('uid' => arg(1)));
$items[] = array('path' => 'user/'. arg(1), 'title' => t('user'), if ($user !== FALSE) {
'type' => MENU_CALLBACK, 'callback' => 'user_view', // Always let a user view their own account
'callback arguments' => array(arg(1)), 'access' => $view_access); $view_access |= $user->uid == arg(1);
// Only admins can view blocked accounts
$view_access &= $account->status || $admin_access;
$items[] = array('path' => 'user/'. arg(1), 'title' => t('user'),
'type' => MENU_CALLBACK, 'callback' => 'user_view',
'callback arguments' => array(arg(1)), 'access' => $view_access);
if ($user_exists !== FALSE || $admin_access) {
$items[] = array('path' => 'user/'. arg(1) .'/view', 'title' => t('view'), $items[] = array('path' => 'user/'. arg(1) .'/view', 'title' => t('view'),
'access' => $view_access, 'type' => MENU_DEFAULT_LOCAL_TASK, 'weight' => -10); 'access' => $view_access, 'type' => MENU_DEFAULT_LOCAL_TASK, 'weight' => -10);
$items[] = array('path' => 'user/'. arg(1) .'/edit', 'title' => t('edit'), $items[] = array('path' => 'user/'. arg(1) .'/edit', 'title' => t('edit'),
'callback' => 'user_edit', 'access' => $admin_access || $user->uid == arg(1), 'callback' => 'user_edit', 'access' => $admin_access || $user->uid == arg(1),
'type' => MENU_LOCAL_TASK); 'type' => MENU_LOCAL_TASK);
...@@ -1406,25 +1411,24 @@ function user_edit_submit($form_id, $form_values) { ...@@ -1406,25 +1411,24 @@ function user_edit_submit($form_id, $form_values) {
function user_view($uid = 0) { function user_view($uid = 0) {
global $user; global $user;
if ($account = user_load(array('uid' => $uid, 'status' => 1))) { $account = user_load(array('uid' => $uid));
// Retrieve and merge all profile fields: if ($account === FALSE) {
$fields = array(); return drupal_not_found();
foreach (module_list() as $module) { }
if ($data = module_invoke($module, 'user', 'view', '', $account)) { // Retrieve and merge all profile fields:
foreach ($data as $category => $items) { $fields = array();
foreach ($items as $item) { foreach (module_list() as $module) {
$item['class'] = "$module-". $item['class']; if ($data = module_invoke($module, 'user', 'view', '', $account)) {
$fields[$category][] = $item; foreach ($data as $category => $items) {
} foreach ($items as $item) {
$item['class'] = "$module-". $item['class'];
$fields[$category][] = $item;
} }
} }
} }
drupal_set_title($account->name);
return theme('user_profile', $account, $fields);
}
else {
drupal_not_found();
} }
drupal_set_title($account->name);
return theme('user_profile', $account, $fields);
} }
/*** Administrative features ***********************************************/ /*** Administrative features ***********************************************/
......
...@@ -686,8 +686,7 @@ function user_menu($may_cache) { ...@@ -686,8 +686,7 @@ function user_menu($may_cache) {
$admin_access = user_access('administer users'); $admin_access = user_access('administer users');
$access_access = user_access('administer access control'); $access_access = user_access('administer access control');
// Users should always be allowed to see their own user page $view_access = user_access('access user profiles');
$view_access = (user_access('access user profiles') || ($user->uid == arg(1)));
if ($may_cache) { if ($may_cache) {
$items[] = array('path' => 'user', 'title' => t('user account'), $items[] = array('path' => 'user', 'title' => t('user account'),
...@@ -769,15 +768,21 @@ function user_menu($may_cache) { ...@@ -769,15 +768,21 @@ function user_menu($may_cache) {
} }
else { else {
if (arg(0) == 'user' && is_numeric(arg(1))) { if (arg(0) == 'user' && is_numeric(arg(1))) {
$user_exists = user_load(array('uid' => arg(1), 'status' => 1)); $account = user_load(array('uid' => arg(1)));
$items[] = array('path' => 'user/'. arg(1), 'title' => t('user'), if ($user !== FALSE) {
'type' => MENU_CALLBACK, 'callback' => 'user_view', // Always let a user view their own account
'callback arguments' => array(arg(1)), 'access' => $view_access); $view_access |= $user->uid == arg(1);
// Only admins can view blocked accounts
$view_access &= $account->status || $admin_access;
$items[] = array('path' => 'user/'. arg(1), 'title' => t('user'),
'type' => MENU_CALLBACK, 'callback' => 'user_view',
'callback arguments' => array(arg(1)), 'access' => $view_access);
if ($user_exists !== FALSE || $admin_access) {
$items[] = array('path' => 'user/'. arg(1) .'/view', 'title' => t('view'), $items[] = array('path' => 'user/'. arg(1) .'/view', 'title' => t('view'),
'access' => $view_access, 'type' => MENU_DEFAULT_LOCAL_TASK, 'weight' => -10); 'access' => $view_access, 'type' => MENU_DEFAULT_LOCAL_TASK, 'weight' => -10);
$items[] = array('path' => 'user/'. arg(1) .'/edit', 'title' => t('edit'), $items[] = array('path' => 'user/'. arg(1) .'/edit', 'title' => t('edit'),
'callback' => 'user_edit', 'access' => $admin_access || $user->uid == arg(1), 'callback' => 'user_edit', 'access' => $admin_access || $user->uid == arg(1),
'type' => MENU_LOCAL_TASK); 'type' => MENU_LOCAL_TASK);
...@@ -1406,25 +1411,24 @@ function user_edit_submit($form_id, $form_values) { ...@@ -1406,25 +1411,24 @@ function user_edit_submit($form_id, $form_values) {
function user_view($uid = 0) { function user_view($uid = 0) {
global $user; global $user;
if ($account = user_load(array('uid' => $uid, 'status' => 1))) { $account = user_load(array('uid' => $uid));
// Retrieve and merge all profile fields: if ($account === FALSE) {
$fields = array(); return drupal_not_found();
foreach (module_list() as $module) { }
if ($data = module_invoke($module, 'user', 'view', '', $account)) { // Retrieve and merge all profile fields:
foreach ($data as $category => $items) { $fields = array();
foreach ($items as $item) { foreach (module_list() as $module) {
$item['class'] = "$module-". $item['class']; if ($data = module_invoke($module, 'user', 'view', '', $account)) {
$fields[$category][] = $item; foreach ($data as $category => $items) {
} foreach ($items as $item) {
$item['class'] = "$module-". $item['class'];
$fields[$category][] = $item;
} }
} }
} }
drupal_set_title($account->name);
return theme('user_profile', $account, $fields);
}
else {
drupal_not_found();
} }
drupal_set_title($account->name);
return theme('user_profile', $account, $fields);
} }
/*** Administrative features ***********************************************/ /*** Administrative features ***********************************************/
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment