Ticket #30264: 30264.diff
File 30264.diff, 5.8 KB (added by , 10 years ago) |
---|
-
src/wp-admin/admin-ajax.php
61 61 'query-attachments', 'save-attachment', 'save-attachment-compat', 'send-link-to-editor', 62 62 'send-attachment-to-editor', 'save-attachment-order', 'heartbeat', 'get-revision-diffs', 63 63 'save-user-color-scheme', 'update-widget', 'query-themes', 'parse-embed', 'set-attachment-thumbnail', 64 'parse-media-shortcode' 64 'parse-media-shortcode', 'destroy-sessions' 65 65 ); 66 66 67 67 // Register core Ajax calls. -
src/wp-admin/includes/ajax-actions.php
2771 2771 'body' => ob_get_clean() 2772 2772 ) ); 2773 2773 } 2774 2775 /** 2776 * AJAX handler for destroying multiple open sessions for a user. 2777 * 2778 * @since 4.0 2779 * 2780 */ 2781 function wp_ajax_destroy_sessions() { 2782 2783 if ( empty( $_POST['user_id'] ) ) { 2784 $user = new WP_Error( 'no_user_id', __( 'No user ID specified', 'wpsm' ) ); 2785 } 2786 2787 $user = new WP_User( absint( $_POST['user_id'] ) ); 2788 2789 if ( !$user->exists() ) { 2790 $user = new WP_Error( 'invalid_user', __( 'The specified user does not exist', 'wpsm' ) ); 2791 } 2792 2793 if ( !current_user_can( 'edit_user', $user->ID ) ) { 2794 $user = new WP_Error( 'not_allowed', __( 'You do not have permission to edit this user', 'wpsm' ) ); 2795 } 2796 2797 if ( !check_ajax_referer( sprintf( 'destroy_multiple_sessions_%d', $user->ID ), false, false ) ) { 2798 $user = new WP_Error( 'invalid_nonce', __( 'Invalid nonce', 'wpsm' ) ); 2799 } 2800 2801 2802 if ( is_wp_error( $user ) ) { 2803 wp_send_json_error( array( 2804 'error' => $user->get_error_code(), 2805 'message' => '<div class="error inline">' . $user->get_error_message() . '</div>', 2806 ) ); 2807 } 2808 2809 if ( isset( $_POST['token'] ) ) { 2810 $keep = wp_unslash( $_POST['token'] ); 2811 } else { 2812 $keep = null; 2813 } 2814 2815 $sessions = WP_Session_Tokens::get_instance( $user->ID ); 2816 2817 if ( is_string( $keep ) ) { 2818 $sessions->destroy_others( $keep ); 2819 $message = __( 'You are now logged out everywhere else' ); 2820 } else { 2821 $sessions->destroy_all(); 2822 $message = __( printf ('%s has been logged out', $user->display_name) ); 2823 } 2824 2825 wp_send_json_success( array( 2826 'message' => "<div class='updated inline'>$message</div>" 2827 ) ); 2828 2829 } -
src/wp-admin/js/user-profile.js
1 /* global ajaxurl, pwsL10n */1 /* global ajaxurl, pwsL10n, sessionmanager */ 2 2 (function($){ 3 3 4 4 function check_pass_strength() { … … 124 124 }); 125 125 }); 126 126 127 $('.session-destroy-other, .session-destroy-all').on('click',function(e){ 128 129 var data = { 130 action : 'destroy-sessions', 131 _ajax_nonce : sessionmanager.nonce_multiple, 132 user_id : sessionmanager.user_id, 133 token : $(this).data('token') 134 }; 135 136 $.post( ajaxurl, data, function( response ) { 137 138 if ( response.success ) { 139 $('.session-destroy-other, .session-destroy-all').prop( 'disabled', true); 140 $('.session-destroy-other, .session-destroy-all').before( response.data.message ); 141 } else { 142 $('.session-destroy-other, .session-destroy-all').before( response.data.message ); 143 } 144 145 }, 'json' ); 146 147 e.preventDefault(); 148 149 }); 150 127 151 })(jQuery); -
src/wp-admin/user-edit.php
25 25 26 26 wp_enqueue_script('user-profile'); 27 27 28 wp_localize_script( 29 'user-profile', 30 'sessionmanager', 31 array( 32 'user_id' => $user_id, 33 'nonce_multiple' => wp_create_nonce( sprintf( 'destroy_multiple_sessions_%d', $user_id ) ), 34 ) 35 ); 36 28 37 $title = IS_PROFILE_PAGE ? __('Profile') : __('Edit User'); 29 38 if ( current_user_can('edit_users') && !IS_PROFILE_PAGE ) 30 39 $submenu_file = 'users.php'; … … 289 298 */ 290 299 do_action( 'personal_options', $profileuser ); 291 300 ?> 301 292 302 </table> 293 303 <?php 294 304 if ( IS_PROFILE_PAGE ) { … … 474 484 </td> 475 485 </tr> 476 486 <?php endif; ?> 487 <tr> 488 <th> </th> 489 <td> 490 <?php if ( IS_PROFILE_PAGE ) { 491 $token = wp_get_session_token(); 492 ?> 493 <p><button class="button button-secondary hide-if-no-js session-destroy-other" data-token="<?php echo esc_attr( $token ); ?>"><?php _e( 'Log Out of All Other Sessions', 'wpsm' ); ?></button></p> 494 <?php } else { ?> 495 <p><button class="button button-secondary hide-if-no-js session-destroy-all"><?php _e( 'Log Out of All Sessions', 'wpsm' ); ?></button></p> 496 <?php } ?> 497 <p class="description hide-if-no-js"> 498 499 <?php 500 if ( IS_PROFILE_PAGE ) { 501 _e( 'Leave your account logged in at a public computer? Lose your phone? This will log your account out everywhere except your current browser.' ); 502 } else { 503 _e( printf( 'Log $s out of all sessions', $profileuser->display_name ) ); 504 } 505 ?> 506 507 508 </p> 509 </td> 477 510 </table> 478 511 479 512 <?php -
src/wp-includes/session.php
131 131 $session = apply_filters( 'attach_session_information', array(), $this->user_id ); 132 132 $session['expiration'] = $expiration; 133 133 134 // IP address. 135 if ( !empty( $_SERVER['REMOTE_ADDR'] ) ) { 136 $session['ip'] = $_SERVER['REMOTE_ADDR']; 137 } 138 139 // User-agent. 140 if ( ! empty( $_SERVER['HTTP_USER_AGENT'] ) ) { 141 $session['ua'] = wp_unslash( $_SERVER['HTTP_USER_AGENT'] ); 142 } 143 144 // Timestamp 145 $session['login'] = time(); 146 134 147 $token = wp_generate_password( 43, false, false ); 135 148 136 149 $this->update( $token, $session );