Edit File by line

<?php

[0] Fix | Delete

/**

[1] Fix | Delete

* Authorize Application Screen

[2] Fix | Delete

[3] Fix | Delete

* @package WordPress

[4] Fix | Delete

* @subpackage Administration

[5] Fix | Delete

[6] Fix | Delete

[7] Fix | Delete

/** WordPress Administration Bootstrap */

[8] Fix | Delete

require_once __DIR__ . '/admin.php';

[9] Fix | Delete

[10] Fix | Delete

$error = null;

[11] Fix | Delete

$new_password = '';

[12] Fix | Delete

[13] Fix | Delete

// This is the no-js fallback script. Generally this will all be handled by `auth-app.js`

[14] Fix | Delete

if ( isset( $_POST['action'] ) && 'authorize_application_password' === $_POST['action'] ) {

[15] Fix | Delete

check_admin_referer( 'authorize_application_password' );

[16] Fix | Delete

[17] Fix | Delete

$success_url = $_POST['success_url'];

[18] Fix | Delete

$reject_url = $_POST['reject_url'];

[19] Fix | Delete

$app_name = $_POST['app_name'];

[20] Fix | Delete

$app_id = $_POST['app_id'];

[21] Fix | Delete

$redirect = '';

[22] Fix | Delete

[23] Fix | Delete

if ( isset( $_POST['reject'] ) ) {

[24] Fix | Delete

if ( $reject_url ) {

[25] Fix | Delete

$redirect = $reject_url;

[26] Fix | Delete

} else {

[27] Fix | Delete

$redirect = admin_url();

[28] Fix | Delete

}

[29] Fix | Delete

} elseif ( isset( $_POST['approve'] ) ) {

[30] Fix | Delete

$created = WP_Application_Passwords::create_new_application_password(

[31] Fix | Delete

get_current_user_id(),

[32] Fix | Delete

array(

[33] Fix | Delete

'name' => $app_name,

[34] Fix | Delete

'app_id' => $app_id,

[35] Fix | Delete

)

[36] Fix | Delete

);

[37] Fix | Delete

[38] Fix | Delete

if ( is_wp_error( $created ) ) {

[39] Fix | Delete

$error = $created;

[40] Fix | Delete

} else {

[41] Fix | Delete

list( $new_password ) = $created;

[42] Fix | Delete

[43] Fix | Delete

if ( $success_url ) {

[44] Fix | Delete

$redirect = add_query_arg(

[45] Fix | Delete

array(

[46] Fix | Delete

'site_url' => urlencode( site_url() ),

[47] Fix | Delete

'user_login' => urlencode( wp_get_current_user()->user_login ),

[48] Fix | Delete

'password' => urlencode( $new_password ),

[49] Fix | Delete

[50] Fix | Delete

$success_url

[51] Fix | Delete

);

[52] Fix | Delete

}

[53] Fix | Delete

}

[54] Fix | Delete

}

[55] Fix | Delete

[56] Fix | Delete

if ( $redirect ) {

[57] Fix | Delete

// Explicitly not using wp_safe_redirect b/c sends to arbitrary domain.

[58] Fix | Delete

wp_redirect( $redirect );

[59] Fix | Delete

exit;

[60] Fix | Delete

}

[61] Fix | Delete

}

[62] Fix | Delete

[63] Fix | Delete

$title = __( 'Authorize Application' );

[64] Fix | Delete

[65] Fix | Delete

$app_name = ! empty( $_REQUEST['app_name'] ) ? $_REQUEST['app_name'] : '';

[66] Fix | Delete

$app_id = ! empty( $_REQUEST['app_id'] ) ? $_REQUEST['app_id'] : '';

[67] Fix | Delete

$success_url = ! empty( $_REQUEST['success_url'] ) ? $_REQUEST['success_url'] : null;

[68] Fix | Delete

[69] Fix | Delete

if ( ! empty( $_REQUEST['reject_url'] ) ) {

[70] Fix | Delete

$reject_url = $_REQUEST['reject_url'];

[71] Fix | Delete

} elseif ( $success_url ) {

[72] Fix | Delete

$reject_url = add_query_arg( 'success', 'false', $success_url );

[73] Fix | Delete

} else {

[74] Fix | Delete

$reject_url = null;

[75] Fix | Delete

}

[76] Fix | Delete

[77] Fix | Delete

$user = wp_get_current_user();

[78] Fix | Delete

[79] Fix | Delete

$request = compact( 'app_name', 'app_id', 'success_url', 'reject_url' );

[80] Fix | Delete

$is_valid = wp_is_authorize_application_password_request_valid( $request, $user );

[81] Fix | Delete

[82] Fix | Delete

if ( is_wp_error( $is_valid ) ) {

[83] Fix | Delete

wp_die(

[84] Fix | Delete

__( 'The Authorize Application request is not allowed.' ) . ' ' . implode( ' ', $is_valid->get_error_messages() ),

[85] Fix | Delete

__( 'Cannot Authorize Application' )

[86] Fix | Delete

);

[87] Fix | Delete

}

[88] Fix | Delete

[89] Fix | Delete

if ( wp_is_site_protected_by_basic_auth( 'front' ) ) {

[90] Fix | Delete

wp_die(

[91] Fix | Delete

__( 'Your website appears to use Basic Authentication, which is not currently compatible with Application Passwords.' ),

[92] Fix | Delete

__( 'Cannot Authorize Application' ),

[93] Fix | Delete

array(

[94] Fix | Delete

'response' => 501,

[95] Fix | Delete

'link_text' => __( 'Go Back' ),

[96] Fix | Delete

'link_url' => $reject_url ? add_query_arg( 'error', 'disabled', $reject_url ) : admin_url(),

[97] Fix | Delete

)

[98] Fix | Delete

);

[99] Fix | Delete

}

[100] Fix | Delete

[101] Fix | Delete

if ( ! wp_is_application_passwords_available_for_user( $user ) ) {

[102] Fix | Delete

if ( wp_is_application_passwords_available() ) {

[103] Fix | Delete

$message = __( 'Application passwords are not available for your account. Please contact the site administrator for assistance.' );

[104] Fix | Delete

} else {

[105] Fix | Delete

$message = __( 'Application passwords are not available.' );

[106] Fix | Delete

}

[107] Fix | Delete

[108] Fix | Delete

wp_die(

[109] Fix | Delete

$message,

[110] Fix | Delete

__( 'Cannot Authorize Application' ),

[111] Fix | Delete

array(

[112] Fix | Delete

'response' => 501,

[113] Fix | Delete

'link_text' => __( 'Go Back' ),

[114] Fix | Delete

'link_url' => $reject_url ? add_query_arg( 'error', 'disabled', $reject_url ) : admin_url(),

[115] Fix | Delete

)

[116] Fix | Delete

);

[117] Fix | Delete

}

[118] Fix | Delete

[119] Fix | Delete

wp_enqueue_script( 'auth-app' );

[120] Fix | Delete

wp_localize_script(

[121] Fix | Delete

'auth-app',

[122] Fix | Delete

'authApp',

[123] Fix | Delete

array(

[124] Fix | Delete

'site_url' => site_url(),

[125] Fix | Delete

'user_login' => $user->user_login,

[126] Fix | Delete

'success' => $success_url,

[127] Fix | Delete

'reject' => $reject_url ? $reject_url : admin_url(),

[128] Fix | Delete

)

[129] Fix | Delete

);

[130] Fix | Delete

[131] Fix | Delete

require_once ABSPATH . 'wp-admin/admin-header.php';

[132] Fix | Delete

[133] Fix | Delete

[134] Fix | Delete

[135] Fix | Delete

[136] Fix | Delete

[137] Fix | Delete

<?php if ( is_wp_error( $error ) ) : ?>

[138] Fix | Delete

<div class="notice notice-error"><p><?php echo $error->get_error_message(); ?></p></div>

[139] Fix | Delete

<?php endif; ?>

[140] Fix | Delete

[141] Fix | Delete

[142] Fix | Delete

[143] Fix | Delete

<?php if ( $app_name ) : ?>

[144] Fix | Delete

<p>

[145] Fix | Delete

<?php

[146] Fix | Delete

printf(

[147] Fix | Delete

/* translators: %s: Application name. */

[148] Fix | Delete

__( 'Would you like to give the application identifying itself as %s access to your account? You should only do this if you trust the app in question.' ),

[149] Fix | Delete

'<strong>' . esc_html( $app_name ) . '</strong>'

[150] Fix | Delete

);

[151] Fix | Delete

[152] Fix | Delete

</p>

[153] Fix | Delete

<?php else : ?>

[154] Fix | Delete

[155] Fix | Delete

<?php endif; ?>

[156] Fix | Delete

[157] Fix | Delete

<?php

[158] Fix | Delete

if ( is_multisite() ) {

[159] Fix | Delete

$blogs = get_blogs_of_user( $user->ID, true );

[160] Fix | Delete

$blogs_count = count( $blogs );

[161] Fix | Delete

if ( $blogs_count > 1 ) {

[162] Fix | Delete

[163] Fix | Delete

<p>

[164] Fix | Delete

<?php

[165] Fix | Delete

printf(

[166] Fix | Delete

/* translators: 1: URL to my-sites.php, 2: Number of blogs the user has. */

[167] Fix | Delete

_n(

[168] Fix | Delete

'This will grant access to <a href="%1$s">the %2$s blog in this installation that you have permissions on</a>.',

[169] Fix | Delete

'This will grant access to <a href="%1$s">all %2$s blogs in this installation that you have permissions on</a>.',

[170] Fix | Delete

$blogs_count

[171] Fix | Delete

[172] Fix | Delete

admin_url( 'my-sites.php' ),

[173] Fix | Delete

number_format_i18n( $blogs_count )

[174] Fix | Delete

);

[175] Fix | Delete

[176] Fix | Delete

</p>

[177] Fix | Delete

<?php

[178] Fix | Delete

}

[179] Fix | Delete

}

[180] Fix | Delete

[181] Fix | Delete

[182] Fix | Delete

<?php if ( $new_password ) : ?>

[183] Fix | Delete

[184] Fix | Delete

[185] Fix | Delete

[186] Fix | Delete

<?php

[187] Fix | Delete

printf(

[188] Fix | Delete

/* translators: %s: Application name. */

[189] Fix | Delete

esc_html__( 'Your new password for %s is:' ),

[190] Fix | Delete

'<strong>' . esc_html( $app_name ) . '</strong>'

[191] Fix | Delete

);

[192] Fix | Delete

[193] Fix | Delete

</label>

[194] Fix | Delete

[195] Fix | Delete

</p>

[196] Fix | Delete

[197] Fix | Delete

</div>

[198] Fix | Delete

[199] Fix | Delete

<?php

[200] Fix | Delete

/**

[201] Fix | Delete

* Fires in the Authorize Application Password new password section in the no-JS version.

[202] Fix | Delete

[203] Fix | Delete

* In most cases, this should be used in combination with the {@see 'wp_application_passwords_approve_app_request_success'}

[204] Fix | Delete

* action to ensure that both the JS and no-JS variants are handled.

[205] Fix | Delete

[206] Fix | Delete

* @since 5.6.0

[207] Fix | Delete

* @since 5.6.1 Corrected action name and signature.

[208] Fix | Delete

[209] Fix | Delete

* @param string $new_password The newly generated application password.

[210] Fix | Delete

* @param array $request The array of request data. All arguments are optional and may be empty.

[211] Fix | Delete

* @param WP_User $user The user authorizing the application.

[212] Fix | Delete

[213] Fix | Delete

do_action( 'wp_authorize_application_password_form_approved_no_js', $new_password, $request, $user );

[214] Fix | Delete

[215] Fix | Delete

<?php else : ?>

[216] Fix | Delete

<form action="<?php echo esc_url( admin_url( 'authorize-application.php' ) ); ?>" method="post" class="form-wrap">

[217] Fix | Delete

<?php wp_nonce_field( 'authorize_application_password' ); ?>

[218] Fix | Delete

[219] Fix | Delete

[220] Fix | Delete

[221] Fix | Delete

[222] Fix | Delete

[223] Fix | Delete

[224] Fix | Delete

[225] Fix | Delete

<input type="text" id="app_name" name="app_name" value="<?php echo esc_attr( $app_name ); ?>" placeholder="<?php esc_attr_e( 'WordPress App on My Phone' ); ?>" required />

[226] Fix | Delete

</div>

[227] Fix | Delete

[228] Fix | Delete

<?php

[229] Fix | Delete

/**

[230] Fix | Delete

* Fires in the Authorize Application Password form before the submit buttons.

[231] Fix | Delete

[232] Fix | Delete

* @since 5.6.0

[233] Fix | Delete

[234] Fix | Delete

* @param array $request {

[235] Fix | Delete

* The array of request data. All arguments are optional and may be empty.

[236] Fix | Delete

[237] Fix | Delete

* @type string $app_name The suggested name of the application.

[238] Fix | Delete

* @type string $success_url The url the user will be redirected to after approving the application.

[239] Fix | Delete

* @type string $reject_url The url the user will be redirected to after rejecting the application.

[240] Fix | Delete

* }

[241] Fix | Delete

* @param WP_User $user The user authorizing the application.

[242] Fix | Delete

[243] Fix | Delete

do_action( 'wp_authorize_application_password_form', $request, $user );

[244] Fix | Delete

[245] Fix | Delete

[246] Fix | Delete

<?php

[247] Fix | Delete

submit_button(

[248] Fix | Delete

__( 'Yes, I approve of this connection.' ),

[249] Fix | Delete

'primary',

[250] Fix | Delete

'approve',

[251] Fix | Delete

false,

[252] Fix | Delete

array(

[253] Fix | Delete

'aria-describedby' => 'description-approve',

[254] Fix | Delete

)

[255] Fix | Delete

);

[256] Fix | Delete

[257] Fix | Delete

[258] Fix | Delete

<?php

[259] Fix | Delete

if ( $success_url ) {

[260] Fix | Delete

printf(

[261] Fix | Delete

/* translators: %s: The URL the user is being redirected to. */

[262] Fix | Delete

__( 'You will be sent to %s' ),

[263] Fix | Delete

'<strong><kbd>' . esc_html(

[264] Fix | Delete

add_query_arg(

[265] Fix | Delete

array(

[266] Fix | Delete

'site_url' => site_url(),

[267] Fix | Delete

'user_login' => $user->user_login,

[268] Fix | Delete

'password' => '[------]',

[269] Fix | Delete

[270] Fix | Delete

$success_url

[271] Fix | Delete

)

[272] Fix | Delete

) . '</kbd></strong>'

[273] Fix | Delete

);

[274] Fix | Delete

} else {

[275] Fix | Delete

_e( 'You will be given a password to manually enter into the application in question.' );

[276] Fix | Delete

}

[277] Fix | Delete

[278] Fix | Delete

</p>

[279] Fix | Delete

[280] Fix | Delete

<?php

[281] Fix | Delete

submit_button(

[282] Fix | Delete

__( 'No, I do not approve of this connection.' ),

[283] Fix | Delete

'secondary',

[284] Fix | Delete

'reject',

[285] Fix | Delete

false,

[286] Fix | Delete

array(

[287] Fix | Delete

'aria-describedby' => 'description-reject',

[288] Fix | Delete

)

[289] Fix | Delete

);

[290] Fix | Delete

[291] Fix | Delete

[292] Fix | Delete

<?php

[293] Fix | Delete

if ( $reject_url ) {

[294] Fix | Delete

printf(

[295] Fix | Delete

/* translators: %s: The URL the user is being redirected to. */

[296] Fix | Delete

__( 'You will be sent to %s' ),

[297] Fix | Delete

'<strong><kbd>' . esc_html( $reject_url ) . '</kbd></strong>'

[298] Fix | Delete

);

[299] Fix | Delete

} else {

[300] Fix | Delete

_e( 'You will be returned to the WordPress Dashboard, and no changes will be made.' );

[301] Fix | Delete

}

[302] Fix | Delete

[303] Fix | Delete

</p>

[304] Fix | Delete

</form>

[305] Fix | Delete

<?php endif; ?>

[306] Fix | Delete

</div>

[307] Fix | Delete

</div>

[308] Fix | Delete

<?php

[309] Fix | Delete

[310] Fix | Delete

require_once ABSPATH . 'wp-admin/admin-footer.php';

[311] Fix | Delete

[312] Fix | Delete