Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
I have disabled "Display post information" on all node types for not showing usernames to the public. Nevertheless it is disabled in nodes, it's shown in the RSS feeds. This isn't the intention of disabling the post information.
Usernames shouldn't be shown anywhere if disabled.
Comment | File | Size | Author |
---|---|---|---|
#41 | 421586-40.patch | 2.66 KB | paulocs |
#41 | 421586-TEST-ONLY-PATCH.patch | 1.43 KB | paulocs |
#31 | node-post-setting-421586-31.patch | 1.11 KB | Delphine Lepers |
#31 | node-post-setting-with-test-421586-31.patch | 2.07 KB | Delphine Lepers |
Comments
Comment #1
hass CreditAttribution: hass commentedComment #2
hass CreditAttribution: hass commentedThis patch removes the creator name from RSS feeds if author and date output has been disabled for a node type in the global theme settings at "admin/build/themes/settings". This patch therefore fixes an inconsistency bug between node and rss output.
This patch stops displaying internal usernames to the public world!
Comment #3
hass CreditAttribution: hass commentedThe D6 patch also fixes some trailing space bugs... if I should role this again, let me know, but my editor automatically removes them and this is why it's inside. The D7 file have many trailing space bugs too, but I've disabled the removal for patch generation.
Comment #4
hass CreditAttribution: hass commentedFor not holding things back, new D6 patch that keeps all trailing space bugs in D6 as is. I keep it up for the maintainer to decide.
Comment #6
drupal_was_my_past CreditAttribution: drupal_was_my_past commentedMoved this to node system and 8.x. Attached re-rolled patch from #4 with tests.
Comment #7
webchickJust a couple of things:
Minor nit-pick: All comments should wrap at 80 characters.
Since these tests are both so closely related, I'd lump them under the same testX() function. There's a performance impact in that each of these testX() functions means a new reinstall of Drupal and that takes time.
Comment #8
webchickThis is why I shouldn't review issues and be on IRC at the same time. :) By "All comments should wrap at 80 characters." I meant "Function descriptions should be restricted to 80 characters. Anything longer than that ends up being on another "paragraph" below, e.g.:
Comment #9
drupal_was_my_past CreditAttribution: drupal_was_my_past commentedGot it! Thanks for the review webchick. Here's another patch with the changes requested.
Comment #10
drupal_was_my_past CreditAttribution: drupal_was_my_past commentedRe-rolled patch from #9 after #22336: Move all core Drupal files under a /core folder to improve usability and upgrades.
Comment #11
drupal_was_my_past CreditAttribution: drupal_was_my_past commentedComment #12
saltednutLooks like this needs reworked as it no longer applies to HEAD - probably does not fit in for 8.x either. :(
The test needs rebuilt: core/modules/node/node.test no longer exists.
Additionally, I was able to apply the first hunk but it doesn't seem to give the desired result and I'm still seeing the author in RSS feeds.
Comment #13
dawehnerWe should consider whether this issue actually still makes sense in Drupal, as rss.xml is a view now.
Comment #14
hass CreditAttribution: hass commentedComment #15
hass CreditAttribution: hass commenteda
Comment #16
hass CreditAttribution: hass commentedComment #17
hass CreditAttribution: hass commentedComment #18
tim.plunkettRerolled. If you actually think this is a security bug, please file one appropriately.
Comment #19
hass CreditAttribution: hass commentedShould we combine these two issues?
Comment #20
hass CreditAttribution: hass commentedComment #21
tim.plunkettThat is a d7 issue. You'll notice I am using the getUsername method, and not label(). This is fine as is.
Comment #23
jhodgdonThere is a separate issue covering this for search results. Please do not mix them together, as they have separate causes.
#70722: Search results should respect the content type's "Display author and date information." option
Comment #30
Delphine Lepers CreditAttribution: Delphine Lepers at Arhs for European Commission and European Union Institutions, Agencies and Bodies commentedComment #31
Delphine Lepers CreditAttribution: Delphine Lepers at Arhs for European Commission and European Union Institutions, Agencies and Bodies commentedComment #32
Delphine Lepers CreditAttribution: Delphine Lepers at Arhs for European Commission and European Union Institutions, Agencies and Bodies commentedComment #33
marsigny CreditAttribution: marsigny commentedI reviewed the patch for version 7.x and it works fine for me
Comment #34
larowlanThanks folks, we still need tests for the D8 patch here
Comment #35
albapb CreditAttribution: albapb commentedPatch in #31 also worked for me in drupal 7
Comment #40
tedbowSo now in D8 this is "Display author and date information". If this is unchecked do we think that the information should not be shown anywhere?
If this is the case it not be returned in JSON API and REST? correct? But this would break peoples APIs.
This seems the same as the RSS feed they are both machine readable formats. Removing this from the RSS feed just seems to give the site owner a false sense they actually implemented access control over the field values, which they have not.
Maybe we should instead just update the description in the UI to explain this is just for the display in the 1 context.
Comment #41
paulocsAdding tests to it.
Comment #43
paulocs@tedbow sorry that I didn't read your comment before I attached the patch... As no issue status was updated with your comment I could upload the patch with my page outdated.
Anyway your point makes sense and we should investigate the main reason why this option was created and where it must effect the author field display.
Comment #44
quietone CreditAttribution: quietone as a volunteer commentedThis current text, was committed in Nov 2009 to Drupal 7 in #614324: Node UI text improvements to author display settings. Here is the bit from that patch. This issue was created before the other one which changed the text was even created.
The original text was not explicit in the description that action only applied to the display. Now it does make it clear that it is only for display and thus unlikely that someone would expect RSS or other output formats to be changed.
Anyone wanting to tweak the RSS feed output can do a search and find ways to do that using Views.
Therefor I think this can be closed as outdated.
Comment #45
tedbow@paulocs no problem about the patch
re
I think it works as intended now but I think the intention is not great UX.
I think in general the author and date fields should be on Manage Display instead like other fields. There is an existing meta for this #2353867: [META] Expose Title and other base fields in Manage Display
@quietone I agree. closing as outdated
Comment #46
paulocs👍