Changeset 30888 for trunk/src/wp-admin/includes/ajax-actions.php
- Timestamp:
- 12/16/2014 09:15:01 AM (10 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/wp-admin/includes/ajax-actions.php
r30596 r30888 2772 2772 function wp_ajax_destroy_sessions() { 2773 2773 2774 if ( empty( $_POST['user_id'] ) ) { 2775 $user = new WP_Error(); 2776 } else { 2777 $user = new WP_User( absint( $_POST['user_id'] ) ); 2778 2779 if ( ! $user->exists() ) { 2780 $user = new WP_Error(); 2781 } elseif ( ! current_user_can( 'edit_user', $user->ID ) ) { 2782 $user = new WP_Error(); 2783 } elseif ( ! check_ajax_referer( sprintf( 'destroy_sessions_%d', $user->ID ), false, false ) ) { 2784 $user = new WP_Error(); 2785 } 2786 } 2787 2788 if ( is_wp_error( $user ) ) { 2774 $user = get_userdata( (int) $_POST['user_id'] ); 2775 if ( $user ) { 2776 if ( ! current_user_can( 'edit_user', $user->ID ) ) { 2777 $user = false; 2778 } elseif ( ! wp_verify_nonce( $_POST['nonce'], 'update-user_' . $user->ID ) ) { 2779 $user = false; 2780 } 2781 } 2782 2783 if ( ! $user ) { 2789 2784 wp_send_json_error( array( 2790 2785 'message' => __( 'Could not log out user sessions. Please try again.' ), … … 2792 2787 } 2793 2788 2794 // 'token' is only set if the initiating user is viewing their own profile-editing screen.2795 if ( isset( $_POST['token'] ) ) {2796 $keep = wp_unslash( $_POST['token'] );2797 } else {2798 $keep = null;2799 }2800 2801 2789 $sessions = WP_Session_Tokens::get_instance( $user->ID ); 2802 2790 2803 /* 2804 * If $keep is a string, then the current user is destroying all of their own sessions 2805 * except the current one. If $keep is not a string, the current user is destroying all 2806 * of another user's sessions with no exceptions. 2807 */ 2808 if ( is_string( $keep ) ) { 2809 $sessions->destroy_others( $keep ); 2791 if ( $user->ID === get_current_user_id() ) { 2792 $sessions->destroy_others( wp_get_session_token() ); 2810 2793 $message = __( 'You are now logged out everywhere else.' ); 2811 2794 } else { … … 2815 2798 } 2816 2799 2817 wp_send_json_success( array( 2818 'message' => $message 2819 ) ); 2820 2821 } 2800 wp_send_json_success( array( 'message' => $message ) ); 2801 }
Note: See TracChangeset
for help on using the changeset viewer.