Fixed missing permission validation
authorMarcel Werk <burntime@woltlab.com>
Mon, 9 Jun 2014 17:01:41 +0000 (19:01 +0200)
committerMarcel Werk <burntime@woltlab.com>
Mon, 9 Jun 2014 17:01:41 +0000 (19:01 +0200)
com.woltlab.wcf/templates/user.tpl
com.woltlab.wcf/templates/userInformationHeadline.tpl
wcfsetup/install/files/lib/data/user/UserProfile.class.php

index c9eb6a65920a00e68dd3cca9643c50dcc27f1b04..32e75d42f3307a4a32d4b6ee9f12334c06fd4535 100644 (file)
        <h1>{$user->username}{if MODULE_USER_RANK && $user->getUserTitle()} <span class="badge userTitleBadge{if $user->getRank() && $user->getRank()->cssClassName} {@$user->getRank()->cssClassName}{/if}">{$user->getUserTitle()}</span>{/if}</h1>
        
        <ul class="dataList">
-               {if $user->gender}<li>{lang}wcf.user.gender.{if $user->gender == 1}male{else}female{/if}{/lang}</li>{/if}
-               {if $user->getAge()}<li>{@$user->getAge()}</li>{/if}
-               {if $user->location}<li>{lang}wcf.user.membersList.location{/lang}</li>{/if}
+               {if $user->isVisibleOption('gender') && $user->gender}<li>{lang}wcf.user.gender.{if $user->gender == 1}male{else}female{/if}{/lang}</li>{/if}
+               {if $user->isVisibleOption('birthday') && $user->getAge()}<li>{@$user->getAge()}</li>{/if}
+               {if $user->isVisibleOption('location') && $user->location}<li>{lang}wcf.user.membersList.location{/lang}</li>{/if}
                {if $user->getOldUsername()}<li>{lang}wcf.user.profile.oldUsername{/lang}</li>{/if}
                <li>{lang}wcf.user.membersList.registrationDate{/lang}</li>
                {event name='userDataRow1'}
index 425d8eb0fde8615422ea6c9f5d6ebd41f5f161a0..72536d701d8e6800dee806e392305fe4934c8b0d 100644 (file)
@@ -3,9 +3,9 @@
 </div>
 <ul class="dataList userFacts">
        {if $user->isAccessible('canViewProfile')}
-               {if $user->gender}<li>{lang}wcf.user.gender.{if $user->gender == 1}male{else}female{/if}{/lang}</li>{/if}
-               {if $user->getAge()}<li>{@$user->getAge()}</li>{/if}
-               {if $user->location}<li>{lang}wcf.user.membersList.location{/lang}</li>{/if}
+               {if $user->isVisibleOption('gender') && $user->gender}<li>{lang}wcf.user.gender.{if $user->gender == 1}male{else}female{/if}{/lang}</li>{/if}
+               {if $user->isVisibleOption('birthday') && $user->getAge()}<li>{@$user->getAge()}</li>{/if}
+               {if $user->isVisibleOption('location') && $user->location}<li>{lang}wcf.user.membersList.location{/lang}</li>{/if}
        {/if}
        <li>{lang}wcf.user.membersList.registrationDate{/lang}</li>
        
index e728df0793596fa05fdf223a4288d78006da289a..f720cecd68d9160b734b425efe866865c00a0607 100644 (file)
@@ -774,6 +774,17 @@ class UserProfile extends DatabaseObjectDecorator implements IBreadcrumbProvider
                return $option->optionValue;
        }
        
+       /**
+        * Returns true, if the active user has access to the user option with the given name.
+        *
+        * @param       string          $name
+        * @return      boolean
+        */
+       public function isVisibleOption($name) {
+               $option = ViewableUserOption::getUserOption($name);
+               return $option->isVisible();
+       }
+       
        /**
         * Returns the formatted username.
         *