Ticket #30264: 30264.3.diff
File 30264.3.diff, 5.8 KB (added by , 10 years ago) |
---|
-
src/wp-admin/admin-ajax.php
61 61 'query-attachments', 'save-attachment', 'save-attachment-compat', 'send-link-to-editor', 62 62 'send-attachment-to-editor', 'save-attachment-order', 'heartbeat', 'get-revision-diffs', 63 63 'save-user-color-scheme', 'update-widget', 'query-themes', 'parse-embed', 'set-attachment-thumbnail', 64 'parse-media-shortcode' 64 'parse-media-shortcode', 'destroy-sessions' 65 65 ); 66 66 67 67 // Register core Ajax calls. -
src/wp-admin/includes/ajax-actions.php
2770 2770 'body' => ob_get_clean() 2771 2771 ) ); 2772 2772 } 2773 2774 /** 2775 * AJAX handler for destroying multiple open sessions for a user. 2776 * 2777 * @since 4.1.0 2778 * 2779 */ 2780 function wp_ajax_destroy_sessions() { 2781 2782 if ( empty( $_POST['user_id'] ) ) { 2783 $user = new WP_Error( 'no_user_id', __( 'No user ID specified' ) ); 2784 } else { 2785 $user = new WP_User( absint( $_POST['user_id'] ) ); 2786 2787 if ( ! $user->exists() ) { 2788 $user = new WP_Error( 'invalid_user', __( 'The specified user does not exist' ) ); 2789 } elseif ( ! current_user_can( 'edit_user', $user->ID ) ) { 2790 $user = new WP_Error( 'not_allowed', __( 'You do not have permission to edit this user' ) ); 2791 } elseif ( ! check_ajax_referer( sprintf( 'destroy_multiple_sessions_%d', $user->ID ), false, false ) ) { 2792 $user = new WP_Error( 'invalid_nonce', __( 'Invalid nonce' ) ); 2793 } 2794 } 2795 2796 2797 if ( is_wp_error( $user ) ) { 2798 wp_send_json_error( array( 2799 'error' => $user->get_error_code(), 2800 'message' => '<div class="error inline">' . $user->get_error_message() . '</div>', 2801 ) ); 2802 } 2803 2804 if ( isset( $_POST['token'] ) ) { 2805 $keep = wp_unslash( $_POST['token'] ); 2806 } else { 2807 $keep = null; 2808 } 2809 2810 $sessions = WP_Session_Tokens::get_instance( $user->ID ); 2811 2812 if ( is_string( $keep ) ) { 2813 $sessions->destroy_others( $keep ); 2814 $message = __( 'You are now logged out everywhere else' ); 2815 } else { 2816 $sessions->destroy_all(); 2817 $message = __( sprintf ('%s has been logged out', $user->display_name) ); 2818 } 2819 2820 wp_send_json_success( array( 2821 'message' => "<div class='updated inline'>$message</div>" 2822 ) ); 2823 2824 } 2825 -
src/wp-admin/js/user-profile.js
1 /* global ajaxurl, pwsL10n */1 /* global ajaxurl, pwsL10n, sessionmanager */ 2 2 (function($){ 3 3 4 4 function check_pass_strength() { … … 124 124 }); 125 125 }); 126 126 127 $('.session-destroy-other, .session-destroy-all').on('click',function(e){ 128 129 var data = { 130 action : 'destroy-sessions', 131 _ajax_nonce : sessionmanager.nonce_multiple, 132 user_id : sessionmanager.user_id, 133 token : $(this).data('token') 134 }; 135 136 $.post( ajaxurl, data, function( response ) { 137 138 if ( response.success ) { 139 $('.session-destroy-other, .session-destroy-all').prop( 'disabled', true); 140 $('.session-destroy-other, .session-destroy-all').before( response.data.message ); 141 } else { 142 $('.session-destroy-other, .session-destroy-all').before( response.data.message ); 143 } 144 145 }, 'json' ); 146 147 e.preventDefault(); 148 149 }); 150 127 151 })(jQuery); -
src/wp-admin/user-edit.php
25 25 26 26 wp_enqueue_script('user-profile'); 27 27 28 wp_localize_script( 29 'user-profile', 30 'sessionmanager', 31 array( 32 'user_id' => $user_id, 33 'nonce_multiple' => wp_create_nonce( sprintf( 'destroy_multiple_sessions_%d', $user_id ) ), 34 ) 35 ); 36 28 37 $title = IS_PROFILE_PAGE ? __('Profile') : __('Edit User'); 29 38 if ( current_user_can('edit_users') && !IS_PROFILE_PAGE ) 30 39 $submenu_file = 'users.php'; … … 289 298 */ 290 299 do_action( 'personal_options', $profileuser ); 291 300 ?> 301 292 302 </table> 293 303 <?php 294 304 if ( IS_PROFILE_PAGE ) { … … 474 484 </td> 475 485 </tr> 476 486 <?php endif; ?> 487 <tr> 488 <th> </th> 489 <td> 490 <?php if ( IS_PROFILE_PAGE ) { 491 $token = wp_get_session_token(); 492 ?> 493 <p><button class="button button-secondary hide-if-no-js session-destroy-other" data-token="<?php echo esc_attr( $token ); ?>"><?php _e( 'Log Out of All Other Sessions' ); ?></button></p> 494 <?php } else { ?> 495 <p><button class="button button-secondary hide-if-no-js session-destroy-all"><?php _e( 'Log Out of All Sessions' ); ?></button></p> 496 <?php } ?> 497 <p class="description hide-if-no-js"> 498 <?php 499 if ( IS_PROFILE_PAGE ) { 500 _e( 'Leave your account logged in at a public computer? Lose your phone? This will log your account out everywhere except your current browser.' ); 501 } else { 502 sprintf( __( 'Log $s out of all sessions' ), $profileuser->display_name ); 503 } 504 ?> 505 </p> 506 </td> 477 507 </table> 478 508 479 509 <?php -
src/wp-includes/session.php
131 131 $session = apply_filters( 'attach_session_information', array(), $this->user_id ); 132 132 $session['expiration'] = $expiration; 133 133 134 // IP address. 135 if ( !empty( $_SERVER['REMOTE_ADDR'] ) ) { 136 $session['ip'] = $_SERVER['REMOTE_ADDR']; 137 } 138 139 // User-agent. 140 if ( ! empty( $_SERVER['HTTP_USER_AGENT'] ) ) { 141 $session['ua'] = wp_unslash( $_SERVER['HTTP_USER_AGENT'] ); 142 } 143 144 // Timestamp 145 $session['login'] = time(); 146 134 147 $token = wp_generate_password( 43, false, false ); 135 148 136 149 $this->update( $token, $session );