Author nevertheless displayed in RSS feeds if disabled for privacy reasons

Moved this to node system and 8.x. Attached re-rolled patch from #4 with tests.

Just a couple of things:

+++ b/modules/node/node.test
@@ -814,6 +814,42 @@ class NodeRSSContentTestCase extends DrupalWebTestCase {
+   * Create a new node and ensure that the author's name appears when the post
+   * information is set to be displayed.

Minor nit-pick: All comments should wrap at 80 characters.

+++ b/modules/node/node.test
@@ -814,6 +814,42 @@ class NodeRSSContentTestCase extends DrupalWebTestCase {
+  function testNodeRSSNotPostInfo() {

Since these tests are both so closely related, I'd lump them under the same testX() function. There's a performance impact in that each of these testX() functions means a new reinstall of Drupal and that takes time.

This is why I shouldn't review issues and be on IRC at the same time. :) By "All comments should wrap at 80 characters." I meant "Function descriptions should be restricted to 80 characters. Anything longer than that ends up being on another "paragraph" below, e.g.:

/**
 * Foos the bar of bazzles.
 *
 * The foo is an integral part of the bazzle bars. Bizzley boo!
 */
function foo_bazzle_bar() {
}

Got it! Thanks for the review webchick. Here's another patch with the changes requested.

Re-rolled patch from #9 after #22336: Move all core Drupal files under a /core folder to improve usability and upgrades.

Looks like this needs reworked as it no longer applies to HEAD - probably does not fit in for 8.x either. :(

@@ -2477,10 +2477,13 @@ function node_feed($nids = FALSE, $channel = array()) {
diff --git a/core/modules/node/node.test b/core/modules/node/node.test

The test needs rebuilt: core/modules/node/node.test no longer exists.

Additionally, I was able to apply the first hunk but it doesn't seem to give the desired result and I'm still seeing the author in RSS feeds.

We should consider whether this issue actually still makes sense in Drupal, as rss.xml is a view now.

Rerolled. If you actually think this is a security bug, please file one appropriately.

That is a d7 issue. You'll notice I am using the getUsername method, and not label(). This is fine as is.

There is a separate issue covering this for search results. Please do not mix them together, as they have separate causes.
#70722: Search results should respect the content type's "Display author and date information." option

I reviewed the patch for version 7.x and it works fine for me

Thanks folks, we still need tests for the D8 patch here

Patch in #31 also worked for me in drupal 7

So now in D8 this is "Display author and date information". If this is unchecked do we think that the information should not be shown anywhere?

If this is the case it not be returned in JSON API and REST? correct? But this would break peoples APIs.

This seems the same as the RSS feed they are both machine readable formats. Removing this from the RSS feed just seems to give the site owner a false sense they actually implemented access control over the field values, which they have not.

Maybe we should instead just update the description in the UI to explain this is just for the display in the 1 context.

Adding tests to it.

@tedbow sorry that I didn't read your comment before I attached the patch... As no issue status was updated with your comment I could upload the patch with my page outdated.

Anyway your point makes sense and we should investigate the main reason why this option was created and where it must effect the author field display.

This current text, was committed in Nov 2009 to Drupal 7 in #614324: Node UI text improvements to author display settings. Here is the bit from that patch. This issue was created before the other one which changed the text was even created.

   $form['display']['node_submitted'] = array(
     '#type' => 'checkbox',
-    '#title' => t('Display post information'),
+    '#title' => t('Display author and date information.'),
     '#default_value' => variable_get('node_submitted_' . $type->type, TRUE),
-    '#description' => t('Enable the <em>submitted by Username on date</em> text.'),
+    '#description' => t('Author username and publish date will be displayed.'),
   );

The original text was not explicit in the description that action only applied to the display. Now it does make it clear that it is only for display and thus unlikely that someone would expect RSS or other output formats to be changed.

Anyone wanting to tweak the RSS feed output can do a search and find ways to do that using Views.

Therefor I think this can be closed as outdated.

@paulocs no problem about the patch

re

Anyway your point makes sense and we should investigate the main reason why this option was created and where it must effect the author field display.

I think it works as intended now but I think the intention is not great UX.

I think in general the author and date fields should be on Manage Display instead like other fields. There is an existing meta for this #2353867: [META] Expose Title and other base fields in Manage Display

@quietone I agree. closing as outdated

👍