Edit File by line
/home/barbar84/www/wp-admin
File: authorize-application.php
<?php
[0] Fix | Delete
/**
[1] Fix | Delete
* Authorize Application Screen
[2] Fix | Delete
*
[3] Fix | Delete
* @package WordPress
[4] Fix | Delete
* @subpackage Administration
[5] Fix | Delete
*/
[6] Fix | Delete
[7] Fix | Delete
/** WordPress Administration Bootstrap */
[8] Fix | Delete
require_once __DIR__ . '/admin.php';
[9] Fix | Delete
[10] Fix | Delete
$error = null;
[11] Fix | Delete
$new_password = '';
[12] Fix | Delete
[13] Fix | Delete
// This is the no-js fallback script. Generally this will all be handled by `auth-app.js`
[14] Fix | Delete
if ( isset( $_POST['action'] ) && 'authorize_application_password' === $_POST['action'] ) {
[15] Fix | Delete
check_admin_referer( 'authorize_application_password' );
[16] Fix | Delete
[17] Fix | Delete
$success_url = $_POST['success_url'];
[18] Fix | Delete
$reject_url = $_POST['reject_url'];
[19] Fix | Delete
$app_name = $_POST['app_name'];
[20] Fix | Delete
$app_id = $_POST['app_id'];
[21] Fix | Delete
$redirect = '';
[22] Fix | Delete
[23] Fix | Delete
if ( isset( $_POST['reject'] ) ) {
[24] Fix | Delete
if ( $reject_url ) {
[25] Fix | Delete
$redirect = $reject_url;
[26] Fix | Delete
} else {
[27] Fix | Delete
$redirect = admin_url();
[28] Fix | Delete
}
[29] Fix | Delete
} elseif ( isset( $_POST['approve'] ) ) {
[30] Fix | Delete
$created = WP_Application_Passwords::create_new_application_password(
[31] Fix | Delete
get_current_user_id(),
[32] Fix | Delete
array(
[33] Fix | Delete
'name' => $app_name,
[34] Fix | Delete
'app_id' => $app_id,
[35] Fix | Delete
)
[36] Fix | Delete
);
[37] Fix | Delete
[38] Fix | Delete
if ( is_wp_error( $created ) ) {
[39] Fix | Delete
$error = $created;
[40] Fix | Delete
} else {
[41] Fix | Delete
list( $new_password ) = $created;
[42] Fix | Delete
[43] Fix | Delete
if ( $success_url ) {
[44] Fix | Delete
$redirect = add_query_arg(
[45] Fix | Delete
array(
[46] Fix | Delete
'site_url' => urlencode( site_url() ),
[47] Fix | Delete
'user_login' => urlencode( wp_get_current_user()->user_login ),
[48] Fix | Delete
'password' => urlencode( $new_password ),
[49] Fix | Delete
),
[50] Fix | Delete
$success_url
[51] Fix | Delete
);
[52] Fix | Delete
}
[53] Fix | Delete
}
[54] Fix | Delete
}
[55] Fix | Delete
[56] Fix | Delete
if ( $redirect ) {
[57] Fix | Delete
// Explicitly not using wp_safe_redirect b/c sends to arbitrary domain.
[58] Fix | Delete
wp_redirect( $redirect );
[59] Fix | Delete
exit;
[60] Fix | Delete
}
[61] Fix | Delete
}
[62] Fix | Delete
[63] Fix | Delete
$title = __( 'Authorize Application' );
[64] Fix | Delete
[65] Fix | Delete
$app_name = ! empty( $_REQUEST['app_name'] ) ? $_REQUEST['app_name'] : '';
[66] Fix | Delete
$app_id = ! empty( $_REQUEST['app_id'] ) ? $_REQUEST['app_id'] : '';
[67] Fix | Delete
$success_url = ! empty( $_REQUEST['success_url'] ) ? $_REQUEST['success_url'] : null;
[68] Fix | Delete
[69] Fix | Delete
if ( ! empty( $_REQUEST['reject_url'] ) ) {
[70] Fix | Delete
$reject_url = $_REQUEST['reject_url'];
[71] Fix | Delete
} elseif ( $success_url ) {
[72] Fix | Delete
$reject_url = add_query_arg( 'success', 'false', $success_url );
[73] Fix | Delete
} else {
[74] Fix | Delete
$reject_url = null;
[75] Fix | Delete
}
[76] Fix | Delete
[77] Fix | Delete
$user = wp_get_current_user();
[78] Fix | Delete
[79] Fix | Delete
$request = compact( 'app_name', 'app_id', 'success_url', 'reject_url' );
[80] Fix | Delete
$is_valid = wp_is_authorize_application_password_request_valid( $request, $user );
[81] Fix | Delete
[82] Fix | Delete
if ( is_wp_error( $is_valid ) ) {
[83] Fix | Delete
wp_die(
[84] Fix | Delete
__( 'The Authorize Application request is not allowed.' ) . ' ' . implode( ' ', $is_valid->get_error_messages() ),
[85] Fix | Delete
__( 'Cannot Authorize Application' )
[86] Fix | Delete
);
[87] Fix | Delete
}
[88] Fix | Delete
[89] Fix | Delete
if ( wp_is_site_protected_by_basic_auth( 'front' ) ) {
[90] Fix | Delete
wp_die(
[91] Fix | Delete
__( 'Your website appears to use Basic Authentication, which is not currently compatible with Application Passwords.' ),
[92] Fix | Delete
__( 'Cannot Authorize Application' ),
[93] Fix | Delete
array(
[94] Fix | Delete
'response' => 501,
[95] Fix | Delete
'link_text' => __( 'Go Back' ),
[96] Fix | Delete
'link_url' => $reject_url ? add_query_arg( 'error', 'disabled', $reject_url ) : admin_url(),
[97] Fix | Delete
)
[98] Fix | Delete
);
[99] Fix | Delete
}
[100] Fix | Delete
[101] Fix | Delete
if ( ! wp_is_application_passwords_available_for_user( $user ) ) {
[102] Fix | Delete
if ( wp_is_application_passwords_available() ) {
[103] Fix | Delete
$message = __( 'Application passwords are not available for your account. Please contact the site administrator for assistance.' );
[104] Fix | Delete
} else {
[105] Fix | Delete
$message = __( 'Application passwords are not available.' );
[106] Fix | Delete
}
[107] Fix | Delete
[108] Fix | Delete
wp_die(
[109] Fix | Delete
$message,
[110] Fix | Delete
__( 'Cannot Authorize Application' ),
[111] Fix | Delete
array(
[112] Fix | Delete
'response' => 501,
[113] Fix | Delete
'link_text' => __( 'Go Back' ),
[114] Fix | Delete
'link_url' => $reject_url ? add_query_arg( 'error', 'disabled', $reject_url ) : admin_url(),
[115] Fix | Delete
)
[116] Fix | Delete
);
[117] Fix | Delete
}
[118] Fix | Delete
[119] Fix | Delete
wp_enqueue_script( 'auth-app' );
[120] Fix | Delete
wp_localize_script(
[121] Fix | Delete
'auth-app',
[122] Fix | Delete
'authApp',
[123] Fix | Delete
array(
[124] Fix | Delete
'site_url' => site_url(),
[125] Fix | Delete
'user_login' => $user->user_login,
[126] Fix | Delete
'success' => $success_url,
[127] Fix | Delete
'reject' => $reject_url ? $reject_url : admin_url(),
[128] Fix | Delete
)
[129] Fix | Delete
);
[130] Fix | Delete
[131] Fix | Delete
require_once ABSPATH . 'wp-admin/admin-header.php';
[132] Fix | Delete
[133] Fix | Delete
?>
[134] Fix | Delete
<div class="wrap">
[135] Fix | Delete
<h1><?php echo esc_html( $title ); ?></h1>
[136] Fix | Delete
[137] Fix | Delete
<?php if ( is_wp_error( $error ) ) : ?>
[138] Fix | Delete
<div class="notice notice-error"><p><?php echo $error->get_error_message(); ?></p></div>
[139] Fix | Delete
<?php endif; ?>
[140] Fix | Delete
[141] Fix | Delete
<div class="card auth-app-card">
[142] Fix | Delete
<h2 class="title"><?php _e( 'An application would like to connect to your account.' ); ?></h2>
[143] Fix | Delete
<?php if ( $app_name ) : ?>
[144] Fix | Delete
<p>
[145] Fix | Delete
<?php
[146] Fix | Delete
printf(
[147] Fix | Delete
/* translators: %s: Application name. */
[148] Fix | Delete
__( 'Would you like to give the application identifying itself as %s access to your account? You should only do this if you trust the app in question.' ),
[149] Fix | Delete
'<strong>' . esc_html( $app_name ) . '</strong>'
[150] Fix | Delete
);
[151] Fix | Delete
?>
[152] Fix | Delete
</p>
[153] Fix | Delete
<?php else : ?>
[154] Fix | Delete
<p><?php _e( 'Would you like to give this application access to your account? You should only do this if you trust the app in question.' ); ?></p>
[155] Fix | Delete
<?php endif; ?>
[156] Fix | Delete
[157] Fix | Delete
<?php
[158] Fix | Delete
if ( is_multisite() ) {
[159] Fix | Delete
$blogs = get_blogs_of_user( $user->ID, true );
[160] Fix | Delete
$blogs_count = count( $blogs );
[161] Fix | Delete
if ( $blogs_count > 1 ) {
[162] Fix | Delete
?>
[163] Fix | Delete
<p>
[164] Fix | Delete
<?php
[165] Fix | Delete
printf(
[166] Fix | Delete
/* translators: 1: URL to my-sites.php, 2: Number of blogs the user has. */
[167] Fix | Delete
_n(
[168] Fix | Delete
'This will grant access to <a href="%1$s">the %2$s blog in this installation that you have permissions on</a>.',
[169] Fix | Delete
'This will grant access to <a href="%1$s">all %2$s blogs in this installation that you have permissions on</a>.',
[170] Fix | Delete
$blogs_count
[171] Fix | Delete
),
[172] Fix | Delete
admin_url( 'my-sites.php' ),
[173] Fix | Delete
number_format_i18n( $blogs_count )
[174] Fix | Delete
);
[175] Fix | Delete
?>
[176] Fix | Delete
</p>
[177] Fix | Delete
<?php
[178] Fix | Delete
}
[179] Fix | Delete
}
[180] Fix | Delete
?>
[181] Fix | Delete
[182] Fix | Delete
<?php if ( $new_password ) : ?>
[183] Fix | Delete
<div class="notice notice-success notice-alt below-h2">
[184] Fix | Delete
<p class="application-password-display">
[185] Fix | Delete
<label for="new-application-password-value">
[186] Fix | Delete
<?php
[187] Fix | Delete
printf(
[188] Fix | Delete
/* translators: %s: Application name. */
[189] Fix | Delete
esc_html__( 'Your new password for %s is:' ),
[190] Fix | Delete
'<strong>' . esc_html( $app_name ) . '</strong>'
[191] Fix | Delete
);
[192] Fix | Delete
?>
[193] Fix | Delete
</label>
[194] Fix | Delete
<input id="new-application-password-value" type="text" class="code" readonly="readonly" value="<?php esc_attr( WP_Application_Passwords::chunk_password( $new_password ) ); ?>" />
[195] Fix | Delete
</p>
[196] Fix | Delete
<p><?php _e( 'Be sure to save this in a safe location. You will not be able to retrieve it.' ); ?></p>
[197] Fix | Delete
</div>
[198] Fix | Delete
[199] Fix | Delete
<?php
[200] Fix | Delete
/**
[201] Fix | Delete
* Fires in the Authorize Application Password new password section in the no-JS version.
[202] Fix | Delete
*
[203] Fix | Delete
* In most cases, this should be used in combination with the {@see 'wp_application_passwords_approve_app_request_success'}
[204] Fix | Delete
* action to ensure that both the JS and no-JS variants are handled.
[205] Fix | Delete
*
[206] Fix | Delete
* @since 5.6.0
[207] Fix | Delete
* @since 5.6.1 Corrected action name and signature.
[208] Fix | Delete
*
[209] Fix | Delete
* @param string $new_password The newly generated application password.
[210] Fix | Delete
* @param array $request The array of request data. All arguments are optional and may be empty.
[211] Fix | Delete
* @param WP_User $user The user authorizing the application.
[212] Fix | Delete
*/
[213] Fix | Delete
do_action( 'wp_authorize_application_password_form_approved_no_js', $new_password, $request, $user );
[214] Fix | Delete
?>
[215] Fix | Delete
<?php else : ?>
[216] Fix | Delete
<form action="<?php echo esc_url( admin_url( 'authorize-application.php' ) ); ?>" method="post" class="form-wrap">
[217] Fix | Delete
<?php wp_nonce_field( 'authorize_application_password' ); ?>
[218] Fix | Delete
<input type="hidden" name="action" value="authorize_application_password" />
[219] Fix | Delete
<input type="hidden" name="app_id" value="<?php echo esc_attr( $app_id ); ?>" />
[220] Fix | Delete
<input type="hidden" name="success_url" value="<?php echo esc_url( $success_url ); ?>" />
[221] Fix | Delete
<input type="hidden" name="reject_url" value="<?php echo esc_url( $reject_url ); ?>" />
[222] Fix | Delete
[223] Fix | Delete
<div class="form-field">
[224] Fix | Delete
<label for="app_name"><?php _e( 'New Application Password Name' ); ?></label>
[225] Fix | Delete
<input type="text" id="app_name" name="app_name" value="<?php echo esc_attr( $app_name ); ?>" placeholder="<?php esc_attr_e( 'WordPress App on My Phone' ); ?>" required />
[226] Fix | Delete
</div>
[227] Fix | Delete
[228] Fix | Delete
<?php
[229] Fix | Delete
/**
[230] Fix | Delete
* Fires in the Authorize Application Password form before the submit buttons.
[231] Fix | Delete
*
[232] Fix | Delete
* @since 5.6.0
[233] Fix | Delete
*
[234] Fix | Delete
* @param array $request {
[235] Fix | Delete
* The array of request data. All arguments are optional and may be empty.
[236] Fix | Delete
*
[237] Fix | Delete
* @type string $app_name The suggested name of the application.
[238] Fix | Delete
* @type string $success_url The url the user will be redirected to after approving the application.
[239] Fix | Delete
* @type string $reject_url The url the user will be redirected to after rejecting the application.
[240] Fix | Delete
* }
[241] Fix | Delete
* @param WP_User $user The user authorizing the application.
[242] Fix | Delete
*/
[243] Fix | Delete
do_action( 'wp_authorize_application_password_form', $request, $user );
[244] Fix | Delete
?>
[245] Fix | Delete
[246] Fix | Delete
<?php
[247] Fix | Delete
submit_button(
[248] Fix | Delete
__( 'Yes, I approve of this connection.' ),
[249] Fix | Delete
'primary',
[250] Fix | Delete
'approve',
[251] Fix | Delete
false,
[252] Fix | Delete
array(
[253] Fix | Delete
'aria-describedby' => 'description-approve',
[254] Fix | Delete
)
[255] Fix | Delete
);
[256] Fix | Delete
?>
[257] Fix | Delete
<p class="description" id="description-approve">
[258] Fix | Delete
<?php
[259] Fix | Delete
if ( $success_url ) {
[260] Fix | Delete
printf(
[261] Fix | Delete
/* translators: %s: The URL the user is being redirected to. */
[262] Fix | Delete
__( 'You will be sent to %s' ),
[263] Fix | Delete
'<strong><kbd>' . esc_html(
[264] Fix | Delete
add_query_arg(
[265] Fix | Delete
array(
[266] Fix | Delete
'site_url' => site_url(),
[267] Fix | Delete
'user_login' => $user->user_login,
[268] Fix | Delete
'password' => '[------]',
[269] Fix | Delete
),
[270] Fix | Delete
$success_url
[271] Fix | Delete
)
[272] Fix | Delete
) . '</kbd></strong>'
[273] Fix | Delete
);
[274] Fix | Delete
} else {
[275] Fix | Delete
_e( 'You will be given a password to manually enter into the application in question.' );
[276] Fix | Delete
}
[277] Fix | Delete
?>
[278] Fix | Delete
</p>
[279] Fix | Delete
[280] Fix | Delete
<?php
[281] Fix | Delete
submit_button(
[282] Fix | Delete
__( 'No, I do not approve of this connection.' ),
[283] Fix | Delete
'secondary',
[284] Fix | Delete
'reject',
[285] Fix | Delete
false,
[286] Fix | Delete
array(
[287] Fix | Delete
'aria-describedby' => 'description-reject',
[288] Fix | Delete
)
[289] Fix | Delete
);
[290] Fix | Delete
?>
[291] Fix | Delete
<p class="description" id="description-reject">
[292] Fix | Delete
<?php
[293] Fix | Delete
if ( $reject_url ) {
[294] Fix | Delete
printf(
[295] Fix | Delete
/* translators: %s: The URL the user is being redirected to. */
[296] Fix | Delete
__( 'You will be sent to %s' ),
[297] Fix | Delete
'<strong><kbd>' . esc_html( $reject_url ) . '</kbd></strong>'
[298] Fix | Delete
);
[299] Fix | Delete
} else {
[300] Fix | Delete
_e( 'You will be returned to the WordPress Dashboard, and no changes will be made.' );
[301] Fix | Delete
}
[302] Fix | Delete
?>
[303] Fix | Delete
</p>
[304] Fix | Delete
</form>
[305] Fix | Delete
<?php endif; ?>
[306] Fix | Delete
</div>
[307] Fix | Delete
</div>
[308] Fix | Delete
<?php
[309] Fix | Delete
[310] Fix | Delete
require_once ABSPATH . 'wp-admin/admin-footer.php';
[311] Fix | Delete
[312] Fix | Delete
It is recommended that you Edit text format, this type of Fix handles quite a lot in one request
Function