Changeset 30595 for trunk/src/wp-admin/includes/ajax-actions.php

Timestamp:

11/28/2014 03:47:43 AM (11 years ago)

Author:

DrewAPicture

Message:

Improve inline documentation in wp_ajax_destroy_sessions().

If the token is set ($keep is a string), this means the user is viewing their own profile-editing screen and destroying their own sessions (except the current one). If it isn't set ($keep is null), the user is editing another user's profile and destroying all of their sessions with no exceptions.

See #30264, #30469

File:

• trunk/src/wp-admin/includes/ajax-actions.php (modified) (3 diffs)

trunk/src/wp-admin/includes/ajax-actions.php

@@ -2769 +2769 @@
  *
  * @since 4.1.0
- *
  */
 function wp_ajax_destroy_sessions() {
@@ -2793 +2792 @@
     }
 
+    // 'token' is only set if the initiating user is viewing their own profile-editing screen.
     if ( isset( $_POST['token'] ) ) {
         $keep = wp_unslash( $_POST['token'] );
@@ -2801 +2801 @@
     $sessions = WP_Session_Tokens::get_instance( $user->ID );
 
+    /*
+     * If $keep is a string, then the current user is destroying all of their own sessions
+     * except the current one. If $keep is not a string, the current user is destroying all
+     * of another user's sessions with no exceptions.
+     */
     if ( is_string( $keep ) ) {
         $sessions->destroy_others( $keep );