vhad/wordpress-develop
1
0
Fork 0
mirror of https://github.com/gosticks/wordpress-develop.git synced 2026-04-04 20:54:29 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Introduce a button on the user profile screen which clears all other sessions, and on the user editing screen which clears all sessions. Only appears when there are applicable sessions which can be cleared.

Browse Source 
See #30264.
Props jorbin, ocean90, johnbillion



git-svn-id: https://develop.svn.wordpress.org/trunk@30333 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
John Blackbourn
2014-11-13 15:20:42 +00:00
parent c55a06370b
commit d93bad3cd3
6 changed files with 131 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
src/wp-admin/user-edit.php
View File

@@ -25,6 +25,15 @@ elseif ( ! get_userdata( $user_id ) )
wp_enqueue_script('user-profile');
wp_localize_script(
'user-profile',
'_wpSessionMangager',
array(
'user_id' => $user_id,
'nonce' => wp_create_nonce( sprintf( 'destroy_sessions_%d', $user_id ) ),
)
);
$title = IS_PROFILE_PAGE ? __('Profile') : __('Edit User');
if ( current_user_can('edit_users') && !IS_PROFILE_PAGE )
$submenu_file = 'users.php';
@@ -187,6 +196,8 @@ $profileuser = get_user_to_edit($user_id);
if ( !current_user_can('edit_user', $user_id) )
wp_die(__('You do not have permission to edit this user.'));
$sessions = WP_Session_Tokens::get_instance( $profileuser->ID );
include(ABSPATH . 'wp-admin/admin-header.php');
?>
@@ -289,6 +300,7 @@ if ( !( IS_PROFILE_PAGE && !$user_can_edit ) ) : ?>
*/
do_action( 'personal_options', $profileuser );
?>
</table>
<?php
if ( IS_PROFILE_PAGE ) {
@@ -474,6 +486,29 @@ if ( $show_password_fields ) :
</td>
</tr>
<?php endif; ?>
<?php if ( IS_PROFILE_PAGE && ( count( $sessions->get_all() ) > 1 ) ) { ?>
<tr>
<th>&nbsp;</th>
<td>
<p><button class="button button-secondary hide-if-no-js" id="destroy-sessions" data-token="<?php echo esc_attr( wp_get_session_token() ); ?>"><?php _e( 'Log Out of All Other Sessions' ); ?></button></p>
<p class="description hide-if-no-js">
<?php _e( 'Left your account logged in at a public computer? Lost your phone? This will log you out everywhere except your current browser.' ); ?>
</p>
</td>
</tr>
<?php } else if ( ! IS_PROFILE_PAGE && ( count( $sessions->get_all() ) > 0 ) ) { ?>
<tr>
<th>&nbsp;</th>
<td>
<p><button class="button button-secondary hide-if-no-js" id="destroy-sessions"><?php _e( 'Log Out of All Sessions' ); ?></button></p>
<p class="description hide-if-no-js">
<?php printf( __( 'Log %s out of all sessions' ), $profileuser->display_name ); ?>
</p>
</td>
</tr>
<?php } ?>
</table>
<?php