Index: masquerade.module
===================================================================
RCS file: /cvs/drupal-contrib/contributions/modules/masquerade/masquerade.module,v
retrieving revision 1.16.2.48
diff -u -p -r1.16.2.48 masquerade.module
--- masquerade.module	28 Oct 2010 18:20:42 -0000	1.16.2.48
+++ masquerade.module	30 Oct 2010 08:47:32 -0000
@@ -32,17 +32,19 @@ function masquerade_perm() {
  * Implementation of hook_init().
  */
 function masquerade_init() {
-  if (user_is_logged_in ()) {
-    // load from table uid + session id
-    $uid = db_result(db_query("SELECT uid_from FROM {masquerade} WHERE sid = '%s' AND uid_as = %d", session_id(), $GLOBALS['user']->uid));
-    // using if so that we get unset rather than false if not masqing
-    if ($uid) {
-      $_SESSION['masquerading'] = $uid;
-    }
-    // Don't initialize $_SESSION for anonymous users to keep Pressflow compatiblity
-    elseif (isset($_SESSION['masquerading'])) {
-      $_SESSION['masquerading'] = NULL;
-    }
+  global $user;
+
+  // Try to load masqing uid from masquerade table.
+  $uid = db_result(db_query("SELECT uid_from FROM {masquerade} WHERE sid = '%s' AND uid_as = %d", session_id(), $user->uid));
+
+  // We are using identical operator (===) instead of equal (==) because if
+  // $uid === 0 we want to store the session variable. If there's no record in
+  // masquerade table we clear the session variable.
+  if ($uid === FALSE) {
+    unset($_SESSION['masquerading']);
+  }
+  else {
+    $_SESSION['masquerading'] = $uid;
   }
 }
 
@@ -170,9 +172,9 @@ function masquerade_translated_menu_link
 function masquerade_access($type, $uid = NULL) {
   switch ($type) {
     case 'unswitch':
-      return !empty($_SESSION['masquerading']) || arg(2) == 'menu-customize' || arg(2) == 'menu';
+      return isset($_SESSION['masquerading']) || arg(2) == 'menu-customize' || arg(2) == 'menu';
     case 'autocomplete':
-      return !empty($_SESSION['masquerading']) || (user_access('masquerade as user') || user_access('masquerade as admin'));
+      return isset($_SESSION['masquerading']) || (user_access('masquerade as user') || user_access('masquerade as admin'));
       break;
     case 'user':
       global $user;
@@ -187,7 +189,7 @@ function masquerade_access($type, $uid =
         $account = user_load(array('uid' => $uid));
         $switch_to_account = db_result(db_query("SELECT TRUE FROM {masquerade_users} WHERE uid_from = %d AND uid_to = %d", $user->uid, $account->uid));
       }
-      return empty($_SESSION['masquerading']) && (user_access('masquerade as user') || user_access('masquerade as admin') || $switch_to_account);
+      return !isset($_SESSION['masquerading']) && (user_access('masquerade as user') || user_access('masquerade as admin') || $switch_to_account);
       break;
   }
 }
@@ -429,7 +431,7 @@ function masquerade_block($op = 'list', 
 function masquerade_block_1($record) {
   global $user;
   $markup_value = '';
-  if ($_SESSION['masquerading']) {
+  if (isset($_SESSION['masquerading'])) {
     $quick_switch_link[] = l(t('Switch back'), 'masquerade/unswitch', array('query' => array('token' => drupal_get_token('masquerade/unswitch'))));
     if ($user->uid > 0) {
       $markup_value = t('You are masquerading as <a href="@user-url">%masq_as</a>.', array('@user-url' => url('user/' . $user->uid), '%masq_as' => $user->name)) . theme('item_list', $quick_switch_link);
@@ -467,7 +469,7 @@ function masquerade_block_1($record) {
         '#prefix' => '<div class="container-inline">',
         '#type' => 'textfield',
         '#size' => '18',
-        '#default_value' => $_SESSION['masquerading'] ? t('Switch back to use') : '',
+        '#default_value' => '',
         '#autocomplete_path' => 'masquerade/autocomplete',
         '#required' => TRUE,
       );
@@ -501,7 +503,7 @@ function masquerade_block_1_validate($fo
   if ($name == variable_get('anonymous', t('Anonymous'))) {
     $name = '';
   }
-  if ($_SESSION['masquerading']) {
+  if (isset($_SESSION['masquerading'])) {
     form_set_error('masquerade_user_field', t('You are already masquerading. Please <a href="@unswitch">switch back</a> to your account to masquerade as another user.', array('@unswitch' => url('masquerade/unswitch', array('query' => array('token' => drupal_get_token('masquerade/unswitch')))))));
   }
   if (module_exists('alt_login')) {
@@ -648,7 +650,7 @@ function masquerade_switch_user($uid) {
     'masquerade as user';
 
   // Check to see if we need admin permission.
-  if (!user_access($perm) && !$_SESSION['masquerading'] && !db_result(db_query("SELECT TRUE FROM {masquerade_users} WHERE uid_from = %d AND uid_to = %d", $user->uid, $new_user->uid))) {
+  if (!user_access($perm) && !isset($_SESSION['masquerading']) && !db_result(db_query("SELECT TRUE FROM {masquerade_users} WHERE uid_from = %d AND uid_to = %d", $user->uid, $new_user->uid))) {
     watchdog('masquerade', 'This user requires administrative permissions to switch to the user %user.', array('%user' => $new_user->name), WATCHDOG_ERROR);
     return FALSE;
   }
@@ -705,4 +707,3 @@ function masquerade_switch_back() {
   $user = user_load(array('uid' => $uid));
   watchdog('masquerade', 'User %user no longer masquerading as %masq_as.', array('%user' => $user->name, '%masq_as' => $oldname), WATCHDOG_INFO);
 }
-