Hi,

I think the logic in the xmlsitemap_switch_user is not quite correct, resulting in the global $user object being overwritten. It occurs only if uid==0 and xmlsitemap_switch_user(0) is called, which is the case eg. on cron run in the xmlsitemap_menu submodule.

Patch attached.

CommentFileSizeAuthor
switch_user.patch452 bytesdigi24
Support from Acquia helps fund testing for Drupal Acquia logo

Comments

Dave Reid’s picture

Dave Reid
he/him
Primary language English
Location Nebraska USA
CreditAttribution: Dave Reid commented

Yes that definitely is a big problem, sorry about that. At least the proper user object is restored in the end and it doesn't affect the rest of the request. Guess I took the work done in #287292: Add functionality to impersonate a user for granted. Looked deeper into the function and saw a few more problems so I'm on this.

Dave Reid’s picture

Dave Reid
he/him
Primary language English
Location Nebraska USA
CreditAttribution: Dave Reid commented
Status: Needs review » Fixed

Committed the fix to the function logic and cleaned up the half-assed tests for that function so it's completely tested now. Thanks!
CVS commit and changes: http://drupal.org/cvs?commit=270628

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.