IntenseWebs/WordPress
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Updates to the 'Log out everywhere' implementation.

Browse Source 
* Include a message and a disabled button when you're only logged in at one location.
 * Avoid leaking the session token in HTML.
 * Simplify, simplify, simplify.

see #30264.

Built from https://develop.svn.wordpress.org/trunk@30888


git-svn-id: http://core.svn.wordpress.org/trunk@30878 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
Andrew Nacin
2014-12-16 09:15:23 +00:00
parent 6abad25e05
commit 23f4b0f62f
9 changed files with 45 additions and 67 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
wp-admin/user-edit.php
View File

@@ -25,15 +25,6 @@ elseif ( ! get_userdata( $user_id ) )
wp_enqueue_script('user-profile');
wp_localize_script(
'user-profile',
'_wpSessionMangager',
array(
'user_id' => $user_id,
'nonce' => wp_create_nonce( sprintf( 'destroy_sessions_%d', $user_id ) ),
)
);
$title = IS_PROFILE_PAGE ? __('Profile') : __('Edit User');
if ( current_user_can('edit_users') && !IS_PROFILE_PAGE )
$submenu_file = 'users.php';
@@ -493,17 +484,28 @@ if ( $show_password_fields ) :
</tr>
<?php endif; ?>
<?php if ( IS_PROFILE_PAGE && ( count( $sessions->get_all() ) > 1 ) ) { ?>
<?php
if ( IS_PROFILE_PAGE && count( $sessions->get_all() ) === 1 ) : ?>
<tr class="user-sessions-wrap hide-if-no-js">
<th>&nbsp;</th>
<td aria-live="assertive">
<div class="destroy-sessions"><button class="button button-secondary" id="destroy-sessions" data-token="<?php echo esc_attr( wp_get_session_token() ); ?>"><?php _e( 'Log Out of All Other Sessions' ); ?></button></div>
<div class="destroy-sessions"><button disabled class="button button-secondary"><?php _e( 'Log Out of All Other Sessions' ); ?></button></div>
<p class="description">
<?php _e( 'You are only logged in at this location.' ); ?>
</p>
</td>
</tr>
<?php elseif ( IS_PROFILE_PAGE && count( $sessions->get_all() ) > 1 ) : ?>
<tr class="user-sessions-wrap hide-if-no-js">
<th>&nbsp;</th>
<td aria-live="assertive">
<div class="destroy-sessions"><button class="button button-secondary" id="destroy-sessions"><?php _e( 'Log Out of All Other Sessions' ); ?></button></div>
<p class="description">
<?php _e( 'Left your account logged in at a public computer? Lost your phone? This will log you out everywhere except your current browser.' ); ?>
</p>
</td>
</tr>
<?php } else if ( ! IS_PROFILE_PAGE && ( count( $sessions->get_all() ) > 0 ) ) { ?>
<?php elseif ( ! IS_PROFILE_PAGE && $sessions->get_all() ) : ?>
<tr class="user-sessions-wrap hide-if-no-js">
<th>&nbsp;</th>
<td>
@@ -516,7 +518,7 @@ if ( $show_password_fields ) :
</p>
</td>
</tr>
<?php } ?>
<?php endif; ?>
</table>