Changeset 30895
- Timestamp:
- 12/16/2014 12:52:52 PM (10 years ago)
- Location:
- branches/4.1
- Files:
-
- 6 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/4.1
-
branches/4.1/src/wp-admin/css/common.css
r30880 r30895 1266 1266 .notice p, 1267 1267 div.updated p, 1268 div.error p { 1268 div.error p, 1269 .form-table td .notice p { 1269 1270 margin: 0.5em 0; 1270 1271 padding: 2px; -
branches/4.1/src/wp-admin/includes/ajax-actions.php
r30596 r30895 2772 2772 function wp_ajax_destroy_sessions() { 2773 2773 2774 if ( empty( $_POST['user_id'] ) ) { 2775 $user = new WP_Error(); 2776 } else { 2777 $user = new WP_User( absint( $_POST['user_id'] ) ); 2778 2779 if ( ! $user->exists() ) { 2780 $user = new WP_Error(); 2781 } elseif ( ! current_user_can( 'edit_user', $user->ID ) ) { 2782 $user = new WP_Error(); 2783 } elseif ( ! check_ajax_referer( sprintf( 'destroy_sessions_%d', $user->ID ), false, false ) ) { 2784 $user = new WP_Error(); 2785 } 2786 } 2787 2788 if ( is_wp_error( $user ) ) { 2774 $user = get_userdata( (int) $_POST['user_id'] ); 2775 if ( $user ) { 2776 if ( ! current_user_can( 'edit_user', $user->ID ) ) { 2777 $user = false; 2778 } elseif ( ! wp_verify_nonce( $_POST['nonce'], 'update-user_' . $user->ID ) ) { 2779 $user = false; 2780 } 2781 } 2782 2783 if ( ! $user ) { 2789 2784 wp_send_json_error( array( 2790 2785 'message' => __( 'Could not log out user sessions. Please try again.' ), … … 2792 2787 } 2793 2788 2794 // 'token' is only set if the initiating user is viewing their own profile-editing screen.2795 if ( isset( $_POST['token'] ) ) {2796 $keep = wp_unslash( $_POST['token'] );2797 } else {2798 $keep = null;2799 }2800 2801 2789 $sessions = WP_Session_Tokens::get_instance( $user->ID ); 2802 2790 2803 /* 2804 * If $keep is a string, then the current user is destroying all of their own sessions 2805 * except the current one. If $keep is not a string, the current user is destroying all 2806 * of another user's sessions with no exceptions. 2807 */ 2808 if ( is_string( $keep ) ) { 2809 $sessions->destroy_others( $keep ); 2791 if ( $user->ID === get_current_user_id() ) { 2792 $sessions->destroy_others( wp_get_session_token() ); 2810 2793 $message = __( 'You are now logged out everywhere else.' ); 2811 2794 } else { … … 2815 2798 } 2816 2799 2817 wp_send_json_success( array( 2818 'message' => $message 2819 ) ); 2820 2821 } 2800 wp_send_json_success( array( 'message' => $message ) ); 2801 } -
branches/4.1/src/wp-admin/js/user-profile.js
r30334 r30895 1 /* global ajaxurl, pwsL10n , _wpSessionMangager*/1 /* global ajaxurl, pwsL10n */ 2 2 (function($){ 3 3 … … 126 126 127 127 $( '#destroy-sessions' ).on( 'click', function( e ) { 128 var $this = $(this); 128 129 129 var $this = $(this); 130 var data = { 131 action : 'destroy-sessions', 132 _ajax_nonce : _wpSessionMangager.nonce, 133 user_id : _wpSessionMangager.user_id, 134 token : $(this).data('token') 135 }; 136 137 $.post( ajaxurl, data, function( response ) { 138 139 if ( response.success ) { 140 $this.prop( 'disabled', true ); 141 $this.before( '<div class="updated inline"><p>' + response.data.message + '</p></div>' ); 142 } else { 143 $this.before( '<div class="error inline"><p>' + response.data.message + '</p></div>' ); 144 } 145 146 }, 'json' ); 130 wp.ajax.post( 'destroy-sessions', { 131 nonce: $( '#_wpnonce' ).val(), 132 user_id: $( '#user_id' ).val() 133 }).done( function( response ) { 134 $this.prop( 'disabled', true ); 135 $this.siblings( '.notice' ).remove(); 136 $this.before( '<div class="notice notice-success inline"><p>' + response.message + '</p></div>' ); 137 }).fail( function( response ) { 138 $this.siblings( '.notice' ).remove(); 139 $this.before( '<div class="notice notice-error inline"><p>' + response.message + '</p></div>' ); 140 }); 147 141 148 142 e.preventDefault(); -
branches/4.1/src/wp-admin/user-edit.php
r30754 r30895 25 25 26 26 wp_enqueue_script('user-profile'); 27 28 wp_localize_script(29 'user-profile',30 '_wpSessionMangager',31 array(32 'user_id' => $user_id,33 'nonce' => wp_create_nonce( sprintf( 'destroy_sessions_%d', $user_id ) ),34 )35 );36 27 37 28 $title = IS_PROFILE_PAGE ? __('Profile') : __('Edit User'); … … 494 485 <?php endif; ?> 495 486 496 <?php if ( IS_PROFILE_PAGE && ( count( $sessions->get_all() ) > 1 ) ) { ?> 487 <?php 488 if ( IS_PROFILE_PAGE && count( $sessions->get_all() ) === 1 ) : ?> 497 489 <tr class="user-sessions-wrap hide-if-no-js"> 498 490 <th> </th> 499 491 <td aria-live="assertive"> 500 <div class="destroy-sessions"><button class="button button-secondary" id="destroy-sessions" data-token="<?php echo esc_attr( wp_get_session_token() ); ?>"><?php _e( 'Log Out of All Other Sessions' ); ?></button></div> 492 <div class="destroy-sessions"><button disabled class="button button-secondary"><?php _e( 'Log Out of All Other Sessions' ); ?></button></div> 493 <p class="description"> 494 <?php _e( 'You are only logged in at this location.' ); ?> 495 </p> 496 </td> 497 </tr> 498 <?php elseif ( IS_PROFILE_PAGE && count( $sessions->get_all() ) > 1 ) : ?> 499 <tr class="user-sessions-wrap hide-if-no-js"> 500 <th> </th> 501 <td aria-live="assertive"> 502 <div class="destroy-sessions"><button class="button button-secondary" id="destroy-sessions"><?php _e( 'Log Out of All Other Sessions' ); ?></button></div> 501 503 <p class="description"> 502 504 <?php _e( 'Left your account logged in at a public computer? Lost your phone? This will log you out everywhere except your current browser.' ); ?> … … 504 506 </td> 505 507 </tr> 506 <?php } else if ( ! IS_PROFILE_PAGE && ( count( $sessions->get_all() ) > 0 ) ) {?>508 <?php elseif ( ! IS_PROFILE_PAGE && $sessions->get_all() ) : ?> 507 509 <tr class="user-sessions-wrap hide-if-no-js"> 508 510 <th> </th> … … 517 519 </td> 518 520 </tr> 519 <?php }?>521 <?php endif; ?> 520 522 521 523 </table> -
branches/4.1/src/wp-includes/script-loader.php
r30892 r30895 350 350 ) ); 351 351 352 $scripts->add( 'user-profile', "/wp-admin/js/user-profile$suffix.js", array( 'jquery', 'password-strength-meter' ), false, 1 );352 $scripts->add( 'user-profile', "/wp-admin/js/user-profile$suffix.js", array( 'jquery', 'password-strength-meter', 'wp-util' ), false, 1 ); 353 353 $scripts->add( 'language-chooser', "/wp-admin/js/language-chooser$suffix.js", array( 'jquery' ), false, 1 ); 354 354
Note: See TracChangeset
for help on using the changeset viewer.