Contrib.social

Update 'username' theme template to use 'view label' operation.

Open on Drupal.org →
Created on 9 July 2010, over 14 years ago
Updated 30 January 2023, over 1 year ago

Problem/Motivation

Usernames are somewhat important, especially for brute force attacks. Although the Drupal security team does not consider exposure of usernames a weakness , we should still make a best effort to add a capability to hide them.

Proposed resolution

Base the ability to view usernames off the "view label" entity access operation introduced in New 'view label' entity access operation added .

See also #849602-59: Update 'username' theme template to use 'view label' operation.

Remaining tasks

-

Data model changes

Original report by greggles

Usernames are somewhat important, especially for brute force attacks.

There are a few callbacks in contributed modules that let people see usernames that I would like to change to "access user profiles". We need core to be consistent on this front first, though.

theme_username currently does some access checking to determine whether or not to link to the profile. I suggest we also check to see whether or not the user should be allowed to see the username.

Feature request
Status

Needs work

Version

10.1

Component
User module 

Last updated 3 days ago

Created by

🇺🇸United States greggles Denver, Colorado, USA

Live updates comments and jobs are added and updated live.
  • Needs tests

    The change is currently missing an automated test that fails when run with the original code, and succeeds when the bug has been fixed.

  • Security

    It is used for security vulnerabilities which do not need a security advisory. For example, security issues in projects which do not have security advisory coverage, or forward-porting a change already disclosed in a security advisory. See Drupal’s security advisory policy for details. Be careful publicly disclosing security vulnerabilities! Use the “Report a security vulnerability” link in the project page’s sidebar. See how to report a security issue for details.

Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

  • Comment over 1 year ago
    needs-review-queue-bot

    The Needs Review Queue Bot tested this issue. It either no longer applies to Drupal core, or fails the Drupal core commit checks. Therefore, this issue status is now "Needs work".

    Apart from a re-roll or rebase, this issue may need more work to address feedback in the issue or MR comments. To progress an issue, incorporate this feedback as part of the process of updating the issue. This helps other contributors to know what is outstanding.

    Consult the Drupal Contributor Guide to find step-by-step guides for working with issues.

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024