[drupal-devel] [bug] Statistic information about node reads is
shown to unprivileged users
Robin Monks
drupal-devel at drupal.org
Fri May 27 11:19:39 UTC 2005
Issue status update for http://drupal.org/node/22565
Project: Drupal
Version: 4.6.0
Component: statistics.module
Category: bug reports
Priority: normal
-Assigned to: Anonymous
+Assigned to: Robin Monks
Reported by: massabob
Updated by: Robin Monks
-Status: active
+Status: patch
Attachment: http://drupal.org/files/issues/user.access.stats.patch (730 bytes)
And here that is in patch form.
Robin
Robin Monks
Previous comments:
------------------------------------------------------------------------
May 11, 2005 - 07:51 : massabob
Information about '%count reads' in node's footer is shown to
unprivileged users. I suggest that function statistics_link in
statistics.module should be corrected in this way:
// Original
function statistics_link($type, $node = 0, $main = 0) {
global $id;
$links = array();
if ($type != 'comment' && variable_get('statistics_display_counter',
0)) {
$statistics = statistics_get($node->nid);
if ($statistics) {
$links[] = format_plural($statistics['totalcount'], '1 read',
'%count reads');
}
}
return $links;
}
// Fixed
function statistics_link($type, $node = 0, $main = 0) {
global $id;
$links = array();
if ($type != 'comment' && variable_get('statistics_display_counter',
0) && user_access('display statistics')) {
$statistics = statistics_get($node->nid);
if ($statistics) {
$links[] = format_plural($statistics['totalcount'], '1 read',
'%count reads');
}
}
return $links;
}
The only change is in "&& user_access('display statistics')" on line
98.
------------------------------------------------------------------------
May 27, 2005 - 01:44 : rbarreca
Should read user_access('access statistics') not user_access('display
statistics').
More information about the drupal-devel
mailing list