X-Git-Url: https://scripts.mit.edu/gitweb/autoinstalls/wordpress.git/blobdiff_plain/2329f698283944696a7076258cf816545970bb47..8d3bb1a5dcfdea9857d3c88c3751f09593e34dc8:/wp-includes/session.php diff --git a/wp-includes/session.php b/wp-includes/session.php index 2acaad31..63ab8fe5 100644 --- a/wp-includes/session.php +++ b/wp-includes/session.php @@ -40,7 +40,7 @@ abstract class WP_Session_Tokens { */ final public static function get_instance( $user_id ) { /** - * Filter the session token manager used. + * Filters the session token manager used. * * @since 4.0.0 * @@ -108,7 +108,7 @@ abstract class WP_Session_Tokens { * * This function generates a token and stores it with the associated * expiration time (and potentially other session information via the - * `attach_session_information` filter). + * {@see 'attach_session_information'} filter). * * @since 4.0.0 * @access public @@ -118,7 +118,7 @@ abstract class WP_Session_Tokens { */ final public function create( $expiration ) { /** - * Filter the information attached to the newly created session. + * Filters the information attached to the newly created session. * * Could be used in the future to attach information such as * IP address or user agent to a session. @@ -131,6 +131,19 @@ abstract class WP_Session_Tokens { $session = apply_filters( 'attach_session_information', array(), $this->user_id ); $session['expiration'] = $expiration; + // IP address. + if ( !empty( $_SERVER['REMOTE_ADDR'] ) ) { + $session['ip'] = $_SERVER['REMOTE_ADDR']; + } + + // User-agent. + if ( ! empty( $_SERVER['HTTP_USER_AGENT'] ) ) { + $session['ua'] = wp_unslash( $_SERVER['HTTP_USER_AGENT'] ); + } + + // Timestamp + $session['login'] = time(); + $token = wp_generate_password( 43, false, false ); $this->update( $token, $session ); @@ -262,6 +275,7 @@ abstract class WP_Session_Tokens { * @access protected * * @param string $verifier Verifier of the session to update. + * @param array $session Optional. Session. Omitting this argument destroys the session. */ abstract protected function update_session( $verifier, $session = null ); @@ -383,10 +397,6 @@ class WP_User_Meta_Session_Tokens extends WP_Session_Tokens { * @param array $sessions Sessions. */ protected function update_sessions( $sessions ) { - if ( ! has_filter( 'attach_session_information' ) ) { - $sessions = wp_list_pluck( $sessions, 'expiration' ); - } - if ( $sessions ) { update_user_meta( $this->user_id, 'session_tokens', $sessions ); } else { @@ -425,6 +435,6 @@ class WP_User_Meta_Session_Tokens extends WP_Session_Tokens { * @static */ public static function drop_sessions() { - delete_metadata( 'user', false, 'session_tokens', false, true ); + delete_metadata( 'user', 0, 'session_tokens', false, true ); } }