Make WordPress Core


Ignore:
Timestamp:
12/16/2014 09:15:01 AM (10 years ago)
Author:
nacin
Message:

Updates to the 'Log out everywhere' implementation.

  • Include a message and a disabled button when you're only logged in at one location.
  • Avoid leaking the session token in HTML.
  • Simplify, simplify, simplify.

see #30264.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/user-edit.php

    r30855 r30888  
    2525
    2626wp_enqueue_script('user-profile');
    27 
    28 wp_localize_script(
    29     'user-profile',
    30     '_wpSessionMangager',
    31     array(
    32         'user_id' => $user_id,
    33         'nonce'   => wp_create_nonce( sprintf( 'destroy_sessions_%d', $user_id ) ),
    34     )
    35 );
    3627
    3728$title = IS_PROFILE_PAGE ? __('Profile') : __('Edit User');
     
    494485<?php endif; ?>
    495486
    496 <?php if ( IS_PROFILE_PAGE && ( count( $sessions->get_all() ) > 1 ) ) { ?>
     487<?php
     488if ( IS_PROFILE_PAGE && count( $sessions->get_all() ) === 1 ) : ?>
    497489    <tr class="user-sessions-wrap hide-if-no-js">
    498490        <th>&nbsp;</th>
    499491        <td aria-live="assertive">
    500             <div class="destroy-sessions"><button class="button button-secondary" id="destroy-sessions" data-token="<?php echo esc_attr( wp_get_session_token() ); ?>"><?php _e( 'Log Out of All Other Sessions' ); ?></button></div>
     492            <div class="destroy-sessions"><button disabled class="button button-secondary"><?php _e( 'Log Out of All Other Sessions' ); ?></button></div>
     493            <p class="description">
     494                <?php _e( 'You are only logged in at this location.' ); ?>
     495            </p>
     496        </td>
     497    </tr>
     498<?php elseif ( IS_PROFILE_PAGE && count( $sessions->get_all() ) > 1 ) : ?>
     499    <tr class="user-sessions-wrap hide-if-no-js">
     500        <th>&nbsp;</th>
     501        <td aria-live="assertive">
     502            <div class="destroy-sessions"><button class="button button-secondary" id="destroy-sessions"><?php _e( 'Log Out of All Other Sessions' ); ?></button></div>
    501503            <p class="description">
    502504                <?php _e( 'Left your account logged in at a public computer? Lost your phone? This will log you out everywhere except your current browser.' ); ?>
     
    504506        </td>
    505507    </tr>
    506 <?php } else if ( ! IS_PROFILE_PAGE && ( count( $sessions->get_all() ) > 0 ) ) { ?>
     508<?php elseif ( ! IS_PROFILE_PAGE && $sessions->get_all() ) : ?>
    507509    <tr class="user-sessions-wrap hide-if-no-js">
    508510        <th>&nbsp;</th>
     
    517519        </td>
    518520    </tr>
    519 <?php } ?>
     521<?php endif; ?>
    520522
    521523</table>
Note: See TracChangeset for help on using the changeset viewer.