diff -ur drupal-5.10-patched/drupal-5.10/modules/profile/profile.module drupal-current/drupal-5.10/modules/profile/profile.module
--- drupal-5.10-patched/drupal-5.10/modules/profile/profile.module	2008-02-11 05:36:07.000000000 +0000
+++ drupal-current/drupal-5.10/modules/profile/profile.module	2008-08-20 21:29:57.000000000 +0000
@@ -27,6 +27,12 @@
 define('PROFILE_HIDDEN', 4);
 
 /**
+ * Friends only profile field, only accessible by users who have a user_relationship
+ * with the viewed user.
+ */
+define('PROFILE_FRIENDSONLY', 5);
+
+/**
  * Implementation of hook_help().
  */
 function profile_help($section) {
@@ -268,7 +274,7 @@
   $form['fields']['visibility'] = array('#type' => 'radios',
     '#title' => t('Visibility'),
     '#default_value' => isset($edit['visibility']) ? $edit['visibility'] : PROFILE_PUBLIC,
-    '#options' => array(PROFILE_HIDDEN => t('Hidden profile field, only accessible by administrators, modules and themes.'), PROFILE_PRIVATE => t('Private field, content only available to privileged users.'), PROFILE_PUBLIC => t('Public field, content shown on profile page but not used on member list pages.'), PROFILE_PUBLIC_LISTINGS => t('Public field, content shown on profile page and on member list pages.')),
+    '#options' => array(PROFILE_HIDDEN => t('Hidden profile field, only accessible by administrators, modules and themes.'), PROFILE_PRIVATE => t('Private field, content only available to privileged users.'), PROFILE_FRIENDSONLY => t('Friends only field, content only accessible by users we have a relationship with'), PROFILE_PUBLIC => t('Public field, content shown on profile page but not used on member list pages.'), PROFILE_PUBLIC_LISTINGS => t('Public field, content shown on profile page and on member list pages.')),
   );
   if ($type == 'selection' || $type == 'list' || $type == 'textfield') {
     $form['fields']['page'] = array('#type' => 'textfield',
@@ -591,6 +597,10 @@
   }
 }
 
+function have_relationship($this_user, $that_user) {
+  return user_relationships_load(array('between' => array($this_user->uid, $that_user->uid), 'approved' => 1), TRUE) > 0;
+}
+
 function profile_view_profile($user) {
 
   profile_load_profile($user);
@@ -598,9 +608,10 @@
   // Show private fields to administrators and people viewing their own account.
   if (user_access('administer users') || $GLOBALS['user']->uid == $user->uid) {
     $result = db_query('SELECT * FROM {profile_fields} WHERE visibility != %d ORDER BY category, weight', PROFILE_HIDDEN);
-  }
-  else {
+  } else if (have_relationship($GLOBALS['user'], $user)) {
     $result = db_query('SELECT * FROM {profile_fields} WHERE visibility != %d AND visibility != %d ORDER BY category, weight', PROFILE_PRIVATE, PROFILE_HIDDEN);
+  } else {
+    $result = db_query('SELECT * FROM {profile_fields} WHERE visibility != %d AND visibility != %d AND visibility != %d ORDER BY category, weight', PROFILE_PRIVATE, PROFILE_HIDDEN, PROFILE_FRIENDSONLY);
   }
 
   while ($field = db_fetch_object($result)) {