Ticket #30264: 30264.4.diff
File 30264.4.diff, 6.4 KB (added by , 10 years ago) |
---|
-
src/wp-admin/admin-ajax.php
61 61 'query-attachments', 'save-attachment', 'save-attachment-compat', 'send-link-to-editor', 62 62 'send-attachment-to-editor', 'save-attachment-order', 'heartbeat', 'get-revision-diffs', 63 63 'save-user-color-scheme', 'update-widget', 'query-themes', 'parse-embed', 'set-attachment-thumbnail', 64 'parse-media-shortcode' 64 'parse-media-shortcode', 'destroy-sessions' 65 65 ); 66 66 67 67 // Register core Ajax calls. -
src/wp-admin/css/forms.css
611 611 font-size: 13px; 612 612 } 613 613 614 table.form-table td .updated p { 615 font-size: 13px; 616 margin: 0.3em 0; 617 } 618 614 619 /*------------------------------------------------------------------------------ 615 620 18.0 - Users 616 621 ------------------------------------------------------------------------------*/ -
src/wp-admin/includes/ajax-actions.php
828 828 if ( ! $tax ) { 829 829 wp_die( 0 ); 830 830 } 831 831 832 832 if ( ! current_user_can( $tax->cap->assign_terms ) ) { 833 833 wp_die( -1 ); 834 834 } … … 2770 2770 'body' => ob_get_clean() 2771 2771 ) ); 2772 2772 } 2773 2774 /** 2775 * AJAX handler for destroying multiple open sessions for a user. 2776 * 2777 * @since 4.1.0 2778 */ 2779 function wp_ajax_destroy_sessions() { 2780 2781 if ( empty( $_POST['user_id'] ) ) { 2782 $user = new WP_Error( 'no_user_id', __( 'No user ID specified' ) ); 2783 } else { 2784 $user = new WP_User( absint( $_POST['user_id'] ) ); 2785 2786 if ( ! $user->exists() ) { 2787 $user = new WP_Error( 'invalid_user', __( 'The specified user does not exist' ) ); 2788 } elseif ( ! current_user_can( 'edit_user', $user->ID ) ) { 2789 $user = new WP_Error( 'not_allowed', __( 'You do not have permission to edit this user' ) ); 2790 } elseif ( ! check_ajax_referer( sprintf( 'destroy_multiple_sessions_%d', $user->ID ), false, false ) ) { 2791 $user = new WP_Error( 'invalid_nonce', __( 'Invalid nonce' ) ); 2792 } 2793 } 2794 2795 if ( is_wp_error( $user ) ) { 2796 wp_send_json_error( array( 2797 'error' => $user->get_error_code(), 2798 'message' => '<div class="error inline"><p>' . $user->get_error_message() . '</p></div>', 2799 ) ); 2800 } 2801 2802 if ( isset( $_POST['token'] ) ) { 2803 $token_to_keep = wp_unslash( $_POST['token'] ); 2804 } else { 2805 $token_to_keep = null; 2806 } 2807 2808 $sessions = WP_Session_Tokens::get_instance( $user->ID ); 2809 2810 if ( is_string( $token_to_keep ) ) { 2811 $sessions->destroy_others( $token_to_keep ); 2812 $message = __( 'You are now logged out everywhere else' ); 2813 } else { 2814 $sessions->destroy_all(); 2815 /* translators: 1: Users display name. */ 2816 $message = sprintf( __( '%s has been logged out' ), $user->display_name ); 2817 } 2818 2819 wp_send_json_success( array( 2820 'message' => '<div class="updated inline"><p>' . $message . '</p></div>' 2821 ) ); 2822 } -
src/wp-admin/js/user-profile.js
1 /* global ajaxurl, pwsL10n */1 /* global ajaxurl, pwsL10n, _wpSessionMangager */ 2 2 (function($){ 3 3 4 4 function check_pass_strength() { … … 124 124 }); 125 125 }); 126 126 127 $( '#destroy-sessions' ).on( 'click', function( event ) { 128 var $this = $(this), data; 129 130 data = { 131 action : 'destroy-sessions', 132 _ajax_nonce : _wpSessionMangager.nonce, 133 user_id : _wpSessionMangager.userId, 134 token : $this.data('token') 135 }; 136 137 $.post( ajaxurl, data, function( response ) { 138 139 if ( response.success ) { 140 $this.prop( 'disabled', true); 141 $this.before( response.data.message ); 142 } else { 143 $this.before( response.data.message ); 144 } 145 146 }, 'json' ); 147 148 event.preventDefault(); 149 }); 150 127 151 })(jQuery); -
src/wp-admin/user-edit.php
25 25 26 26 wp_enqueue_script('user-profile'); 27 27 28 wp_localize_script( 29 'user-profile', 30 '_wpSessionMangager', 31 array( 32 'userId' => $user_id, 33 'nonce' => wp_create_nonce( sprintf( 'destroy_multiple_sessions_%d', $user_id ) ), 34 ) 35 ); 36 28 37 $title = IS_PROFILE_PAGE ? __('Profile') : __('Edit User'); 29 38 if ( current_user_can('edit_users') && !IS_PROFILE_PAGE ) 30 39 $submenu_file = 'users.php'; … … 289 298 */ 290 299 do_action( 'personal_options', $profileuser ); 291 300 ?> 301 292 302 </table> 293 303 <?php 294 304 if ( IS_PROFILE_PAGE ) { … … 474 484 </td> 475 485 </tr> 476 486 <?php endif; ?> 487 <tr class="user-sessions-wrap hide-if-no-js"> 488 <th> </th> 489 <td> 490 <?php if ( IS_PROFILE_PAGE ) { 491 $token = wp_get_session_token(); 492 ?> 493 <p><button id="destroy-sessions" class="button button-secondary" data-token="<?php echo esc_attr( $token ); ?>"><?php _e( 'Log Out of All Other Sessions' ); ?></button></p> 494 <?php } else { ?> 495 <p><button id="destroy-sessions" class="button button-secondary"><?php _e( 'Log Out of All Sessions' ); ?></button></p> 496 <?php } ?> 497 <p class="description"> 498 <?php 499 if ( IS_PROFILE_PAGE ) { 500 _e( 'Leave your account logged in at a public computer? Lose your phone? This will log your account out everywhere except your current browser.' ); 501 } else { 502 /* translators: 1: Users display name. */ 503 printf( __( 'Log %s out of all sessions' ), $profileuser->display_name ); 504 } 505 ?> 506 </p> 507 </td> 477 508 </table> 478 509 479 510 <?php -
src/wp-includes/session.php
131 131 $session = apply_filters( 'attach_session_information', array(), $this->user_id ); 132 132 $session['expiration'] = $expiration; 133 133 134 // IP address. 135 if ( ! empty( $_SERVER['REMOTE_ADDR'] ) ) { 136 $session['ip'] = $_SERVER['REMOTE_ADDR']; 137 } 138 139 // User-agent. 140 if ( ! empty( $_SERVER['HTTP_USER_AGENT'] ) ) { 141 $session['ua'] = wp_unslash( $_SERVER['HTTP_USER_AGENT'] ); 142 } 143 144 // Timestamp 145 $session['login'] = time(); 146 134 147 $token = wp_generate_password( 43, false, false ); 135 148 136 149 $this->update( $token, $session );