{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 唯我独甜 的问题《Disabling /node view and other hidden views in Dru》','https://www.manongdao.com/q-586585.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
Many long nights spent on my site, and now I've started doing all sorts of security checks and stumbled upon the following:
www.mysite.com/node
That shows the latest x nodes that a user has access to. I DON't want this view visible to users. And I certainly don't want any other views similar to this available. So, my questions are:
- How do I disable this view?
- Are there other hidden views that I'm not aware of that an anonymous user can use to access several nodes at once?
One relatively simple way to do this that works is to turn on the Path module under core and alias
/nodeto something else like/node/1or whatever ..Not sure about other urls that get you things you don't wanna see... i would think this technique would work for any you come across
You want to use hook_menu_alter() in a custom module to reroute what happens when someone tries to load the page at
/node. There are two approaches.First, you could give an unequivocal access denied:
Second, you could reroute the page to one of your choice:
Other Listings
If you are worried about listings where users have access, the search results and tracker are the only other places that I can recall.
This comment provides the logic to unset whatever you want from the search results using a custom module.
Unfortunately the Tracker is not particularly customizable without direct hacks. Your best bet is to use one of the tracker replacements in contrib, or easier yet, modify the Tracker replacement that is packaged with the Views module.
EDIT: Clarification- you could also disable the Tracker module form the optional "core" modules. However, it is a very useful functionality so you might want to keep it around in some form.
Source: http://drupal.org/node/500296#comment-3532630
the "node" view is the default frontpage view. So it is usually the same tha appear on you're frontpage.
As for disabling paths you found, I'd second Graysides suggestion of using
hook_menu_alterto adjust the access callback.As for other 'hidden' views, this depends a lot on the modules you use, as many modules add some default 'views' (in the sense of overview pages, not necessarily views module views). So instead of trying to find them indirectly here, I'd suggest to take a look at the
menu_routertable of your Drupal database. There you'll find all paths currently used by your instance (internal paths, not aliases, but all aliases map to an internal one).