[drupal-devel] [bug] Statistic information about node reads is shown to unprivileged users

Robin Monks drupal-devel at drupal.org
Fri May 27 11:19:39 UTC 2005


Issue status update for http://drupal.org/node/22565

 Project:      Drupal
 Version:      4.6.0
 Component:    statistics.module
 Category:     bug reports
 Priority:     normal
-Assigned to:  Anonymous
+Assigned to:  Robin Monks
 Reported by:  massabob
 Updated by:   Robin Monks
-Status:       active
+Status:       patch
 Attachment:   http://drupal.org/files/issues/user.access.stats.patch (730 bytes)

And here that is in patch form.


Robin




Robin Monks



Previous comments:
------------------------------------------------------------------------

May 11, 2005 - 07:51 : massabob

Information about '%count reads' in node's footer is shown to
unprivileged users. I suggest that function statistics_link in
statistics.module should be corrected in this way:


// Original


function statistics_link($type, $node = 0, $main = 0) {
  global $id;


  $links = array();


  if ($type != 'comment' && variable_get('statistics_display_counter',
0)) {
    $statistics = statistics_get($node->nid);
    if ($statistics) {
      $links[] = format_plural($statistics['totalcount'], '1 read',
'%count reads');
    }
  }
  return $links;
}


// Fixed


function statistics_link($type, $node = 0, $main = 0) {
  global $id;


  $links = array();


  if ($type != 'comment' && variable_get('statistics_display_counter',
0) && user_access('display statistics')) {
    $statistics = statistics_get($node->nid);
    if ($statistics) {
      $links[] = format_plural($statistics['totalcount'], '1 read',
'%count reads');
    }
  }
  return $links;
}


The only change is in "&& user_access('display statistics')" on line
98.




------------------------------------------------------------------------

May 27, 2005 - 01:44 : rbarreca

Should read user_access('access statistics') not user_access('display
statistics').







More information about the drupal-devel mailing list