From e3a4cfad76692d5bad279c84b4d0ab2d4de53d9e Mon Sep 17 00:00:00 2001
From: Kijin Sung <kijin@kijinsung.com>
Date: Mon, 21 Nov 2016 11:11:36 +0900
Subject: [PATCH] Do not expose homepage and blog in member menu if they are
 not public

https://www.xetown.com/qna/264868#comment_427973
---
 modules/member/member.model.php | 35 +++++++++++++++++++++++++++++++--
 1 file changed, 33 insertions(+), 2 deletions(-)

diff --git a/modules/member/member.model.php b/modules/member/member.model.php
index 17c15191a..91fb434a9 100644
--- a/modules/member/member.model.php
+++ b/modules/member/member.model.php
@@ -142,6 +142,7 @@ class memberModel extends member
 			$url = getUrl('','mid',$mid,'act','dispMemberInfo','member_srl',$member_srl);
 			$oMemberController->addMemberPopupMenu($url,'cmd_view_member_info',$icon_path,'self');
 		}
+
 		// When click other's nickname
 		if($member_srl != $logged_info->member_srl && $logged_info->member_srl)
 		{
@@ -166,12 +167,42 @@ class memberModel extends member
 				}
 			}
 		}
+		
+		// Check if homepage and blog are public
+		$homepage_is_public = false;
+		$blog_is_public = false;
+		if ($logged_info->is_admin === 'Y' || ($logged_info->member_srl && $logged_info->member_srl == $member_srl))
+		{
+			$homepage_is_public = true;
+			$blog_is_public = true;
+		}
+		else
+		{
+			foreach ($this->module_config->signupForm as $field)
+			{
+				if ($field->name === 'homepage' && $field->isPublic === 'Y')
+				{
+					$homepage_is_public = true;
+				}
+				if ($field->name === 'blog' && $field->isPublic === 'Y')
+				{
+					$blog_is_public = true;
+				}
+			}
+		}
+		
 		// View homepage info
-		if($member_info->homepage)
+		if($member_info->homepage && $homepage_is_public)
+		{
 			$oMemberController->addMemberPopupMenu(htmlspecialchars($member_info->homepage, ENT_COMPAT | ENT_HTML401, 'UTF-8', false), 'homepage', '', 'blank');
+		}
+		
 		// View blog info
-		if($member_info->blog)
+		if($member_info->blog && $blog_is_public)
+		{
 			$oMemberController->addMemberPopupMenu(htmlspecialchars($member_info->blog, ENT_COMPAT | ENT_HTML401, 'UTF-8', false), 'blog', '', 'blank');
+		}
+		
 		// Call a trigger (after)
 		ModuleHandler::triggerCall('member.getMemberMenu', 'after', $null);
 		// Display a menu for editting member info to a top administrator