Commit Graph

8 Commits

Author SHA1 Message Date
Scott Taylor 02a1f35ac8 Fix some internal types that are passed to functions to avoid changing the acceptable types passed as arguments to those functions:
* In `WP_Importer->is_user_over_quota()`, the default value for the first argument for `upload_is_user_over_quota()` is `true`. Don't bother passing `1`.
* When calling `submit_button()` with no `$name`, pass empty string instead of `false`.
* The default value for the 2nd argument to `get_edit_post_link()` is `'display'`. Because PHP is PHP, passing `true` is the same as passing `'display'` or nothing. Don't bother passing `true`. 
* In `WP_User_Meta_Session_Tokens::drop_sessions()`, pass `0` instead of `false` to `delete_metadata()` as the value for `$object_id`, which expects an int. 

See #30799.

Built from https://develop.svn.wordpress.org/trunk@31220


git-svn-id: http://core.svn.wordpress.org/trunk@31201 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-16 22:51:21 +00:00
John Blackbourn c02845330e Introduce a button on the user profile screen which clears all other sessions, and on the user editing screen which clears all sessions. Only appears when there are applicable sessions which can be cleared.
See #30264.
Props jorbin, ocean90, johnbillion


Built from https://develop.svn.wordpress.org/trunk@30333


git-svn-id: http://core.svn.wordpress.org/trunk@30332 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-13 15:21:21 +00:00
Andrew Nacin 75ff6ae302 Add safeguards for when ext/hash is not compiled with PHP.
see #29518, for trunk.

Built from https://develop.svn.wordpress.org/trunk@29751


git-svn-id: http://core.svn.wordpress.org/trunk@29523 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-09-20 17:28:18 +00:00
Andrew Nacin 768136c6da Rename the public methods in the session tokens API.
Introduces a new get( $token ) method. get_token() would not have made sense and spurred the overall renaming. Public methods are now get, get_all, verify, create, update, destroy, destroy_others, and destroy_all.

The protected abstract methods designed for alternative implementations remain the same.

props mdawaffe.
see #20276.

Built from https://develop.svn.wordpress.org/trunk@29635


git-svn-id: http://core.svn.wordpress.org/trunk@29409 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-08-27 02:07:16 +00:00
Drew Jaynes 647b6d907b Clean up some missing `@access` tags and other tweaks for 4.0.0-functionality docs.
See #28885.

Built from https://develop.svn.wordpress.org/trunk@29455


git-svn-id: http://core.svn.wordpress.org/trunk@29233 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-08-09 19:32:16 +00:00
Andrew Nacin 84fb6743fe WP_Session_Tokens: Can't abstract a static method.
Implementations can choose to implement the drop_sessions() method on their own.

see #20276.

Built from https://develop.svn.wordpress.org/trunk@29224


git-svn-id: http://core.svn.wordpress.org/trunk@29008 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-07-18 19:16:15 +00:00
Sergey Biryukov d2e690ac2d Fix parse error in PHP 5.2.
props georgestephanis.
see #20276.
Built from https://develop.svn.wordpress.org/trunk@29222


git-svn-id: http://core.svn.wordpress.org/trunk@29006 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-07-18 17:34:15 +00:00
Andrew Nacin 654e46f03d Tie cookies and nonces to user sessions so they may be invalidated upon logout.
Sessions are stored in usermeta via WP_User_Meta_Session_Tokens, which extends the abstract WP_Session_Tokens class. Extending WP_Session_Tokens can allow for alternative storage, such as a separate table or Redis.

Introduces some simple APIs for session listing and destruction, such as wp_get_active_sessions() and wp_destroy_all_sessions().

This invalidates all existing authentication cookies, as a new segment (the session token) has been added to them.

props duck_, nacin, mdawaffe.
see #20276.

Built from https://develop.svn.wordpress.org/trunk@29221


git-svn-id: http://core.svn.wordpress.org/trunk@29005 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-07-18 09:13:15 +00:00