Changeset 30333
- Timestamp:
- 11/13/2014 03:20:42 PM (10 years ago)
- Location:
- trunk/src
- Files:
-
- 6 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/wp-admin/admin-ajax.php
r29178 r30333 62 62 'send-attachment-to-editor', 'save-attachment-order', 'heartbeat', 'get-revision-diffs', 63 63 'save-user-color-scheme', 'update-widget', 'query-themes', 'parse-embed', 'set-attachment-thumbnail', 64 'parse-media-shortcode' 64 'parse-media-shortcode', 'destroy-sessions' 65 65 ); 66 66 -
trunk/src/wp-admin/css/forms.css
r29690 r30333 612 612 } 613 613 614 table.form-table td .updated p { 615 font-size: 13px; 616 margin: 0.3em 0; 617 } 618 614 619 /*------------------------------------------------------------------------------ 615 620 18.0 - Users -
trunk/src/wp-admin/includes/ajax-actions.php
r30284 r30333 2771 2771 ) ); 2772 2772 } 2773 2774 /** 2775 * AJAX handler for destroying multiple open sessions for a user. 2776 * 2777 * @since 4.1.0 2778 * 2779 */ 2780 function wp_ajax_destroy_sessions() { 2781 2782 if ( empty( $_POST['user_id'] ) ) { 2783 $user = new WP_Error(); 2784 } else { 2785 $user = new WP_User( absint( $_POST['user_id'] ) ); 2786 2787 if ( ! $user->exists() ) { 2788 $user = new WP_Error(); 2789 } elseif ( ! current_user_can( 'edit_user', $user->ID ) ) { 2790 $user = new WP_Error(); 2791 } elseif ( ! check_ajax_referer( sprintf( 'destroy_sessions_%d', $user->ID ), false, false ) ) { 2792 $user = new WP_Error(); 2793 } 2794 } 2795 2796 if ( is_wp_error( $user ) ) { 2797 wp_send_json_error( array( 2798 'message' => __( 'Could not log out user sessions. Please try again.' ), 2799 ) ); 2800 } 2801 2802 if ( isset( $_POST['token'] ) ) { 2803 $keep = wp_unslash( $_POST['token'] ); 2804 } else { 2805 $keep = null; 2806 } 2807 2808 $sessions = WP_Session_Tokens::get_instance( $user->ID ); 2809 2810 if ( is_string( $keep ) ) { 2811 $sessions->destroy_others( $keep ); 2812 $message = __( 'You are now logged out everywhere else' ); 2813 } else { 2814 $sessions->destroy_all(); 2815 /* translators: 1: User's display name. */ 2816 $message = sprintf( __( '%s has been logged out' ), $user->display_name ); 2817 } 2818 2819 wp_send_json_success( array( 2820 'message' => $message 2821 ) ); 2822 2823 } -
trunk/src/wp-admin/js/user-profile.js
r27111 r30333 1 /* global ajaxurl, pwsL10n */1 /* global ajaxurl, pwsL10n, _wpSessionMangager */ 2 2 (function($){ 3 3 … … 125 125 }); 126 126 127 $('#destroy-sessions').on('click',function(e){ 128 129 var $this = $(this); 130 var data = { 131 action : 'destroy-sessions', 132 _ajax_nonce : _wpSessionMangager.nonce, 133 user_id : _wpSessionMangager.user_id, 134 token : $(this).data('token') 135 }; 136 137 $.post( ajaxurl, data, function( response ) { 138 139 if ( response.success ) { 140 $this.prop( 'disabled', true ); 141 $this.before( '<div class="updated inline"><p>' + response.data.message + '</p></div>' ); 142 } else { 143 $this.before( '<div class="error inline"><p>' + response.data.message + '</p></div>' ); 144 } 145 146 }, 'json' ); 147 148 e.preventDefault(); 149 150 }); 151 127 152 })(jQuery); -
trunk/src/wp-admin/user-edit.php
r30033 r30333 25 25 26 26 wp_enqueue_script('user-profile'); 27 28 wp_localize_script( 29 'user-profile', 30 '_wpSessionMangager', 31 array( 32 'user_id' => $user_id, 33 'nonce' => wp_create_nonce( sprintf( 'destroy_sessions_%d', $user_id ) ), 34 ) 35 ); 27 36 28 37 $title = IS_PROFILE_PAGE ? __('Profile') : __('Edit User'); … … 187 196 if ( !current_user_can('edit_user', $user_id) ) 188 197 wp_die(__('You do not have permission to edit this user.')); 198 199 $sessions = WP_Session_Tokens::get_instance( $profileuser->ID ); 189 200 190 201 include(ABSPATH . 'wp-admin/admin-header.php'); … … 290 301 do_action( 'personal_options', $profileuser ); 291 302 ?> 303 292 304 </table> 293 305 <?php … … 475 487 </tr> 476 488 <?php endif; ?> 489 490 <?php if ( IS_PROFILE_PAGE && ( count( $sessions->get_all() ) > 1 ) ) { ?> 491 <tr> 492 <th> </th> 493 <td> 494 <p><button class="button button-secondary hide-if-no-js" id="destroy-sessions" data-token="<?php echo esc_attr( wp_get_session_token() ); ?>"><?php _e( 'Log Out of All Other Sessions' ); ?></button></p> 495 <p class="description hide-if-no-js"> 496 <?php _e( 'Left your account logged in at a public computer? Lost your phone? This will log you out everywhere except your current browser.' ); ?> 497 </p> 498 </td> 499 </tr> 500 <?php } else if ( ! IS_PROFILE_PAGE && ( count( $sessions->get_all() ) > 0 ) ) { ?> 501 <tr> 502 <th> </th> 503 <td> 504 <p><button class="button button-secondary hide-if-no-js" id="destroy-sessions"><?php _e( 'Log Out of All Sessions' ); ?></button></p> 505 <p class="description hide-if-no-js"> 506 <?php printf( __( 'Log %s out of all sessions' ), $profileuser->display_name ); ?> 507 </p> 508 </td> 509 </tr> 510 <?php } ?> 511 477 512 </table> 478 513 -
trunk/src/wp-includes/session.php
r29751 r30333 132 132 $session['expiration'] = $expiration; 133 133 134 // IP address. 135 if ( !empty( $_SERVER['REMOTE_ADDR'] ) ) { 136 $session['ip'] = $_SERVER['REMOTE_ADDR']; 137 } 138 139 // User-agent. 140 if ( ! empty( $_SERVER['HTTP_USER_AGENT'] ) ) { 141 $session['ua'] = wp_unslash( $_SERVER['HTTP_USER_AGENT'] ); 142 } 143 144 // Timestamp 145 $session['login'] = time(); 146 134 147 $token = wp_generate_password( 43, false, false ); 135 148 … … 384 397 */ 385 398 protected function update_sessions( $sessions ) { 386 if ( ! has_filter( 'attach_session_information' ) ) {387 $sessions = wp_list_pluck( $sessions, 'expiration' );388 }389 390 399 if ( $sessions ) { 391 400 update_user_meta( $this->user_id, 'session_tokens', $sessions );
Note: See TracChangeset
for help on using the changeset viewer.