Ticket #19120: 19120.patch

wp-admin/admin-ajax.php

@@ -936 +936 @@
         $message = sprintf( __('Draft saved at %s.'), date_i18n( $draft_saved_date_format ) );
 
         $supplemental = array();
-        if ( isset($login_grace_period) )
-                $alert .= sprintf( __('Your login has expired. Please open a new browser window and <a href="%s" target="_blank">log in again</a>. '), add_query_arg( 'interim-login', 1, wp_login_url() ) );
+        if ( isset($login_expiration_warning) )
+                $alert .= _wp_login_expiration_message(false);
 
         $id = $revision_id = 0;
 

wp-admin/includes/misc.php

@@ -593 +593 @@
 }
 add_action('admin_head', '_ipad_meta');
 
+
+function wp_warn_login_expires($cookie_elements) {
+        global $login_expiration_warning;
+
+        if ( strpos( $_SERVER['REQUEST_URI'], 'wp-login.php' ) !== false )
+                return;
+
+        if ( $cookie_elements['expiration'] < time() + 7200 ) { // less than 2 hours untill expiration
+                if ( empty($_POST) && !defined('DOING_AJAX') ) {
+                        wp_redirect( add_query_arg( 'interim-login', 1, wp_login_url( $_SERVER['REQUEST_URI'], true ) ) );
+                        die;
+                }
+
+                $login_expiration_warning = true;
+                add_action('all_admin_notices', '_wp_login_expiration_message');
+        }
+}
+add_action('auth_cookie_valid', 'wp_warn_login_expires', 10, 1);
+
+function _wp_login_expiration_message($echo = true) {
+        $return = sprintf( __('Your login session will expire shortly. Please <a href="%s" target="_blank">log in again</a>. '), add_query_arg( 'interim-login', 2, wp_login_url('', true) ) );
+
+        if ( !$echo )
+                return $return;
+
+        echo $return;
+}
+

wp-includes/js/autosave.dev.js

@@ -109 +109 @@
                         delayed_autosave();
                 });
         }
+
+        // remove div#autosave-alert onclick
+        $('#wpcontent').delegate('#autosave-alert a', 'click', function(e){ $(e.target).closest('#autosave-alert').remove(); });
 });
 
 function autosave_parse_response(response) {

wp-includes/pluggable.php

@@ -542 +542 @@
                 return false;
         }
 
-        if ( $expiration < time() ) // AJAX/POST grace period set above
-                $GLOBALS['login_grace_period'] = 1;
+        if ( $expiration < (time() + 7200) ) // 2 hours before cookies expire
+                $GLOBALS['login_expiration_warning'] = 1;
 
         do_action('auth_cookie_valid', $cookie_elements, $user);
 

wp-login.php

@@ -118 +118 @@
  * @param string $input_id Which input to auto-focus
  */
 function login_footer($input_id = '') {
-        ?>
-        <p id="backtoblog"><a href="<?php bloginfo('url'); ?>/" title="<?php esc_attr_e('Are you lost?') ?>"><?php printf(__('&larr; Back to %s'), get_bloginfo('title', 'display' )); ?></a></p>
+        global $interim_login;
+
+        if ( empty($interim_login) ) { ?>
+                <p id="backtoblog"><a href="<?php bloginfo('url'); ?>/" title="<?php esc_attr_e('Are you lost?') ?>"><?php printf(__('&larr; Back to %s'), get_bloginfo('title', 'display' )); ?></a></p><?php
+        } ?>
         </div>
 
 <?php if ( !empty($input_id) ) : ?>
@@ -534 +537 @@
 case 'login' :
 default:
         $secure_cookie = '';
-        $interim_login = isset($_REQUEST['interim-login']);
+        $interim_login = isset($_REQUEST['interim-login']) ? (int) $_REQUEST['interim-login'] : 0; // 1 = show login message, 2 = no redir after login
 
         // If the user wants ssl but the session is not ssl, force a secure cookie.
         if ( !empty($_POST['log']) && !force_ssl_admin() ) {
@@ -568 +571 @@
 
         $redirect_to = apply_filters('login_redirect', $redirect_to, isset( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : '', $user);
 
+        if ( !is_wp_error($user) && 2 == $interim_login ) {
+                $message = '<p class="message">' . __('You have logged in successfully. Close this browser window or tab and return to writing.') . '</p>';
+                login_header( '', $message );
+                echo '</div></body></html>';
+                exit;
+        }
+
         if ( !is_wp_error($user) && !$reauth ) {
-                if ( $interim_login ) {
-                        $message = '<p class="message">' . __('You have logged in successfully.') . '</p>';
-                        login_header( '', $message ); ?>
-                        <script type="text/javascript">setTimeout( function(){window.close()}, 8000);</script>
-                        <p class="alignright">
-                        <input type="button" class="button-primary" value="<?php esc_attr_e('Close'); ?>" onclick="window.close()" /></p>
-                        </div></body></html>
-<?php           exit;
-                }
-
                 if ( ( empty( $redirect_to ) || $redirect_to == 'wp-admin/' || $redirect_to == admin_url() ) ) {
                         // If the user doesn't belong to a blog, send them to user admin. If the user can't edit posts, send them to their profile.
                         if ( is_multisite() && !get_active_blog_for_user($user->ID) && !is_super_admin( $user->ID ) )
@@ -612 +612 @@
                 $errors->add('newpass', __('Check your e-mail for your new password.'), 'message');
         elseif  ( isset($_GET['checkemail']) && 'registered' == $_GET['checkemail'] )
                 $errors->add('registered', __('Registration complete. Please check your e-mail.'), 'message');
-        elseif  ( $interim_login )
-                $errors->add('expired', __('Your session has expired. Please log-in again.'), 'message');
 
         // Clear any stale cookies.
-        if ( $reauth )
+        if ( $reauth ) {
                 wp_clear_auth_cookie();
 
+                if ( $interim_login )
+                        $errors->add('expired', __('Please log in again to extend your session.'), 'message');
+        }
+
         login_header(__('Log In'), '', $errors);
 
         if ( isset($_POST['log']) )
@@ -640 +642 @@
         <p class="submit">
                 <input type="submit" name="wp-submit" id="wp-submit" class="button-primary" value="<?php esc_attr_e('Log In'); ?>" tabindex="100" />
 <?php   if ( $interim_login ) { ?>
-                <input type="hidden" name="interim-login" value="1" />
-<?php   } else { ?>
+                <input type="hidden" name="interim-login" value="<?php echo (int) $interim_login; ?>" />
+<?php   } ?>
                 <input type="hidden" name="redirect_to" value="<?php echo esc_attr($redirect_to); ?>" />
-<?php   } ?>
                 <input type="hidden" name="testcookie" value="1" />
         </p>
 </form>