diff --git a/src/wp-admin/css/common.css b/src/wp-admin/css/common.css index 40332ce184..ac1f575f99 100644 --- a/src/wp-admin/css/common.css +++ b/src/wp-admin/css/common.css @@ -1265,7 +1265,8 @@ div.error { .notice p, div.updated p, -div.error p { +div.error p, +.form-table td .notice p { margin: 0.5em 0; padding: 2px; } diff --git a/src/wp-admin/includes/ajax-actions.php b/src/wp-admin/includes/ajax-actions.php index 5dcbd5ad67..9024a2c180 100644 --- a/src/wp-admin/includes/ajax-actions.php +++ b/src/wp-admin/includes/ajax-actions.php @@ -2771,42 +2771,25 @@ function wp_ajax_parse_media_shortcode() { */ function wp_ajax_destroy_sessions() { - if ( empty( $_POST['user_id'] ) ) { - $user = new WP_Error(); - } else { - $user = new WP_User( absint( $_POST['user_id'] ) ); - - if ( ! $user->exists() ) { - $user = new WP_Error(); - } elseif ( ! current_user_can( 'edit_user', $user->ID ) ) { - $user = new WP_Error(); - } elseif ( ! check_ajax_referer( sprintf( 'destroy_sessions_%d', $user->ID ), false, false ) ) { - $user = new WP_Error(); + $user = get_userdata( (int) $_POST['user_id'] ); + if ( $user ) { + if ( ! current_user_can( 'edit_user', $user->ID ) ) { + $user = false; + } elseif ( ! wp_verify_nonce( $_POST['nonce'], 'update-user_' . $user->ID ) ) { + $user = false; } } - if ( is_wp_error( $user ) ) { + if ( ! $user ) { wp_send_json_error( array( 'message' => __( 'Could not log out user sessions. Please try again.' ), ) ); } - // 'token' is only set if the initiating user is viewing their own profile-editing screen. - if ( isset( $_POST['token'] ) ) { - $keep = wp_unslash( $_POST['token'] ); - } else { - $keep = null; - } - $sessions = WP_Session_Tokens::get_instance( $user->ID ); - /* - * If $keep is a string, then the current user is destroying all of their own sessions - * except the current one. If $keep is not a string, the current user is destroying all - * of another user's sessions with no exceptions. - */ - if ( is_string( $keep ) ) { - $sessions->destroy_others( $keep ); + if ( $user->ID === get_current_user_id() ) { + $sessions->destroy_others( wp_get_session_token() ); $message = __( 'You are now logged out everywhere else.' ); } else { $sessions->destroy_all(); @@ -2814,8 +2797,5 @@ function wp_ajax_destroy_sessions() { $message = sprintf( __( '%s has been logged out.' ), $user->display_name ); } - wp_send_json_success( array( - 'message' => $message - ) ); - + wp_send_json_success( array( 'message' => $message ) ); } diff --git a/src/wp-admin/js/user-profile.js b/src/wp-admin/js/user-profile.js index 2dd6e2a69d..ae4b97ab89 100644 --- a/src/wp-admin/js/user-profile.js +++ b/src/wp-admin/js/user-profile.js @@ -1,4 +1,4 @@ -/* global ajaxurl, pwsL10n, _wpSessionMangager */ +/* global ajaxurl, pwsL10n */ (function($){ function check_pass_strength() { @@ -125,25 +125,19 @@ }); $( '#destroy-sessions' ).on( 'click', function( e ) { - var $this = $(this); - var data = { - action : 'destroy-sessions', - _ajax_nonce : _wpSessionMangager.nonce, - user_id : _wpSessionMangager.user_id, - token : $(this).data('token') - }; - $.post( ajaxurl, data, function( response ) { - - if ( response.success ) { - $this.prop( 'disabled', true ); - $this.before( '

' + response.data.message + '

' ); - } else { - $this.before( '

' + response.data.message + '

' ); - } - - }, 'json' ); + wp.ajax.post( 'destroy-sessions', { + nonce: $( '#_wpnonce' ).val(), + user_id: $( '#user_id' ).val() + }).done( function( response ) { + $this.prop( 'disabled', true ); + $this.siblings( '.notice' ).remove(); + $this.before( '

' + response.message + '

' ); + }).fail( function( response ) { + $this.siblings( '.notice' ).remove(); + $this.before( '

' + response.message + '

' ); + }); e.preventDefault(); }); diff --git a/src/wp-admin/user-edit.php b/src/wp-admin/user-edit.php index 491f89ab91..e97dfc5836 100644 --- a/src/wp-admin/user-edit.php +++ b/src/wp-admin/user-edit.php @@ -25,15 +25,6 @@ elseif ( ! get_userdata( $user_id ) ) wp_enqueue_script('user-profile'); -wp_localize_script( - 'user-profile', - '_wpSessionMangager', - array( - 'user_id' => $user_id, - 'nonce' => wp_create_nonce( sprintf( 'destroy_sessions_%d', $user_id ) ), - ) -); - $title = IS_PROFILE_PAGE ? __('Profile') : __('Edit User'); if ( current_user_can('edit_users') && !IS_PROFILE_PAGE ) $submenu_file = 'users.php'; @@ -493,17 +484,28 @@ if ( $show_password_fields ) : -get_all() ) > 1 ) ) { ?> +get_all() ) === 1 ) : ?>   -
+
+

+ +

+ + +get_all() ) > 1 ) : ?> + +   + +

-get_all() ) > 0 ) ) { ?> +get_all() ) : ?>   @@ -516,7 +518,7 @@ if ( $show_password_fields ) :

- + diff --git a/src/wp-includes/script-loader.php b/src/wp-includes/script-loader.php index 3eaa1c89c4..420dcb5148 100644 --- a/src/wp-includes/script-loader.php +++ b/src/wp-includes/script-loader.php @@ -349,7 +349,7 @@ function wp_default_scripts( &$scripts ) { 'mismatch' => __('Mismatch') ) ); - $scripts->add( 'user-profile', "/wp-admin/js/user-profile$suffix.js", array( 'jquery', 'password-strength-meter' ), false, 1 ); + $scripts->add( 'user-profile', "/wp-admin/js/user-profile$suffix.js", array( 'jquery', 'password-strength-meter', 'wp-util' ), false, 1 ); $scripts->add( 'language-chooser', "/wp-admin/js/language-chooser$suffix.js", array( 'jquery' ), false, 1 ); $scripts->add( 'user-suggest', "/wp-admin/js/user-suggest$suffix.js", array( 'jquery-ui-autocomplete' ), false, 1 );