WordPress 4.1.4-scripts
[autoinstalls/wordpress.git] / wp-includes / session.php
index dca4d94e9a579231bdef0f6c952df1b5b5053923..9b93d41dc5a5ee67635a4ff8576879f94f9663e5 100644 (file)
@@ -61,7 +61,12 @@ abstract class WP_Session_Tokens {
         * @return string A hash of the session token (a verifier).
         */
        final private function hash_token( $token ) {
-               return hash( 'sha256', $token );
+               // If ext/hash is not present, use sha1() instead.
+               if ( function_exists( 'hash' ) ) {
+                       return hash( 'sha256', $token );
+               } else {
+                       return sha1( $token );
+               }
        }
 
        /**
@@ -126,6 +131,19 @@ abstract class WP_Session_Tokens {
                $session = apply_filters( 'attach_session_information', array(), $this->user_id );
                $session['expiration'] = $expiration;
 
+               // IP address.
+               if ( !empty( $_SERVER['REMOTE_ADDR'] ) ) {
+                       $session['ip'] = $_SERVER['REMOTE_ADDR'];
+               }
+
+               // User-agent.
+               if ( ! empty( $_SERVER['HTTP_USER_AGENT'] ) ) {
+                       $session['ua'] = wp_unslash( $_SERVER['HTTP_USER_AGENT'] );
+               }
+
+               // Timestamp
+               $session['login'] = time();
+
                $token = wp_generate_password( 43, false, false );
 
                $this->update( $token, $session );
@@ -378,10 +396,6 @@ class WP_User_Meta_Session_Tokens extends WP_Session_Tokens {
         * @param array $sessions Sessions.
         */
        protected function update_sessions( $sessions ) {
-               if ( ! has_filter( 'attach_session_information' ) ) {
-                       $sessions = wp_list_pluck( $sessions, 'expiration' );
-               }
-
                if ( $sessions ) {
                        update_user_meta( $this->user_id, 'session_tokens', $sessions );
                } else {