1.0.6
- Do not allow staff users to hijack superusers
- Add setting to choose which user attributes can be used for hijacking a user
- Use a more liberal/naive approach to regex checking for an email
- Code cleanup
- Check staff status against logged in user instead the user being hijacked (bugfix)
- Only include 'disable-hijack-warning' url if HIJACK_NOTIFY_ADMIN is enabled