Here is the code I see in views_menu() function:

  $items['admin/views/ajax/autocomplete/user'] = array(
    'page callback' => 'views_ajax_autocomplete_user',
    'theme callback' => 'ajax_base_page_theme',
    'access callback' => 'user_access',
    'access arguments' => array('access user profiles'),
    'type' => MENU_CALLBACK,
    'file' => 'includes/ajax.inc',
  );

And here is the code I see in this module:

/**
 * Implements hook_menu_alter().
 *
 * Disable the callback for the views module when users don't have access user
 * profiles permission.
 */
function username_enumeration_prevention_menu_alter(&$items) {
  if (module_exists('views')) {
    $items['admin/views/ajax/autocomplete/user']['access arguments'] = array('access user profiles');
  }
}

So this looks like obsolete code/feature to me.

Comments

sdelbosc created an issue. See original summary.

nicksanta’s picture

nicksanta commented
Assigned: Unassigned » nicksanta

Great observation - you are correct. Since #1069326: access arguments on admin/views/ajax/autocomplete/user ajax call was merged this code was redundant. Working on a fix now.

  • nicksanta authored 455ee6d on 7.x-1.x 
    Merge pull request #23 from nicksantamaria/2557791-obsolete-views-...
  • nicksanta committed 6740514 on 7.x-1.x
    [#2557791] Removed obsolete views autocomplete menu alter.
nicksanta’s picture

nicksanta commented
Status: Active » Fixed

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.