Contrib.social

Error out when trying to masquerading as blocked user

Open on Drupal.org β†’
Created on 6 October 2010, about 14 years ago
Updated 11 May 2023, over 1 year ago

Session won't read if user is blocked.

Ends up logging out current user but with message saying now masquerading as.

πŸ› Bug report
Status

Needs review

Version

1.0

Component

Code

Created by

πŸ‡ΊπŸ‡ΈUnited States hefox

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

  • Open in Jenkins β†’ Open on Drupal.org β†’
    Core: 7.x + Environment: PHP 5.5 & MySQL 5.5
    last update over 1 year ago
    2 pass
  • Comment over 1 year ago β†’
    πŸ‡©πŸ‡ͺGermany gngn

    New patch applying to current 7.x-1.x-dev and 7.x-1.0-rc7

    Includes:

    • Require users.status = 1 in masquerade_autocomplete() and masquerade_autocomplete_multiple(), so you do not get any blocked users via autocomplete.
    • Validate user's status in masquerade_block_1_validate(), so you will get a form validation error if you entered a blocked user.
    • Check user's status in masquerade_switch_user().

    I do not think that we need to log to watchdog (above patches did).

    I have one question: the other patches checked user's status like:

    if (!empty($new_user->uid) && empty($new_user->status)) { ... }

    What's the purpose of !empty($new_user->uid) &&?
    My patch just checks empty($new_user->status).

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024