* notice: Undefined index: masquerading in masquerade.module on line 125.
* notice: Undefined index: masquerading in masquerade.module on line 123.

function masquerade_access($type) {
  switch ($type) {
    case 'unswitch':
      return $GLOBALS['masquerading'] || arg(2) == 'menu-customize' || arg(2) == 'menu';
    case 'autocomplete':
      return $GLOBALS['masquerading'] || (user_access('masquerade as user') || user_access('masquerade as admin'));
      break;
    case 'switch':
      return empty($GLOBALS['masquerading']) && (user_access('masquerade as user') || user_access('masquerade as admin'));
      break;
  }
}


Comments

beginner’s picture

In case 'unswitch' and 'autocomplete', would the following be the intended behavior?

return !empty($GLOBALS['masquerading']) || ... etc.

Are you sure that the case 'unswitch' is secure enough?

deekayen’s picture

Status: Active » Fixed

I'm not sure what Gurpartap intends there, but I wrapped the globals with empty checks in 6--1.

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.