Before 6.x-1.4 it was possible to easily construct masquerade links. The security fix broke the existing links.

That's fine by me (should have been mentioned in release notes), but how am I now supposed to construct masquerade links outside of menus, given that the token-inserting functionality is tied to menu_link_alter hooks? I suppose I can replicate the implementation in my code, but it would be nicer if some sort of API was provided that the module's user could rely on to create a secure masquerade/switch-back link.

Comments

deekayen’s picture

deekayen CreditAttribution: deekayen commented
Status: Active » Closed (works as designed)

The old way is what the security team identified as the security problem. Not sure there's anything to do about it.

deviantintegral’s picture

deviantintegral CreditAttribution: deviantintegral commented

I'm not totally against having a wrapper function to generate the link. However, I would think that there are menu API calls you could make to do it properly.