summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorps2018-12-08 04:36:06 (GMT)
committerDamien McKenna2018-12-08 04:36:06 (GMT)
commitbdb04c76c1696ae825a8d5dbbf57f28b69994af7 (patch)
treef5938a6f56c18452b4ffd6e25c38117ee9efb617
parent04f4fce709c9a774c9bef589a45e2d662e1820ee (diff)
Issue #2226015 by jweowu, yang_yi_cn, RoSk0: UI text for disable_sql_rewrite option is misleading.HEAD7.x-3.x
-rw-r--r--plugins/views_plugin_query_default.inc28
1 files changed, 19 insertions, 9 deletions
diff --git a/plugins/views_plugin_query_default.inc b/plugins/views_plugin_query_default.inc
index 2911a56..27ed30e 100644
--- a/plugins/views_plugin_query_default.inc
+++ b/plugins/views_plugin_query_default.inc
@@ -248,15 +248,25 @@ class views_plugin_query_default extends views_plugin_query {
public function options_form(&$form, &$form_state) {
parent::options_form($form, $form_state);
- $form['disable_sql_rewrite'] = array(
- '#title' => t('Disable SQL rewriting'),
- '#description' => t('Disabling SQL rewriting will disable node_access checks as well as other modules that implement hook_query_alter().'),
- '#type' => 'checkbox',
- '#default_value' => !empty($this->options['disable_sql_rewrite']),
- '#suffix' => '<div class="messages warning sql-rewrite-warning js-hide">'
- . t('WARNING: Disabling SQL rewriting means that node access security is disabled. This may allow users to see data they should not be able to see if your view is misconfigured. Please use this option only if you understand and accept this security risk.')
- . '</div>',
- );
+ // Establish which query tag will be affected by disable_sql_rewrite.
+ // This 'access query tag' is defined by hook_views_data() for the base table.
+ // e.g. node_views_data()
+ if (!empty($form_state['view']->base_table)) {
+ $base_table = $form_state['view']->base_table;
+ $base_table_data = views_fetch_data($base_table);
+ if (!empty($base_table_data['table']['base']['access query tag'])) {
+ $access_tag = $base_table_data['table']['base']['access query tag'];
+ $form['disable_sql_rewrite'] = array(
+ '#title' => t('Disable access checks'),
+ '#description' => t('Do not apply %access_tag checks to this query. Selecting this option omits that tag from the alterable query.', array('%access_tag' => $access_tag)),
+ '#type' => 'checkbox',
+ '#default_value' => !empty($this->options['disable_sql_rewrite']),
+ '#suffix' => '<div class="messages warning sql-rewrite-warning js-hide">'
+ . t('WARNING: Disabling access checks means that %access_tag security is disabled. This may allow users to see data they should not be able to see if your view is misconfigured. Please use this option only if you understand and accept this security risk.', array('%access_tag' => $access_tag))
+ . '</div>',
+ );
+ }
+ }
$form['distinct'] = array(
'#type' => 'checkbox',
'#title' => t('Distinct'),