wp-admin/authorize-application.php
Lines:
1 to 100 of 333
<?php /** * Authorize Application Screen * * @package WordPress * @subpackage Administration */ /** WordPress Administration Bootstrap */ require_once __DIR__ . '/admin.php'; $error = null; $new_password = ''; // This is the no-js fallback script. Generally this will all be handled by `auth-app.js`. if ( isset( $_POST['action'] ) && 'authorize_application_password' === $_POST['action'] ) { check_admin_referer( 'authorize_application_password' ); $success_url = $_POST['success_url']; $reject_url = $_POST['reject_url']; $app_name = $_POST['app_name']; $app_id = $_POST['app_id']; $redirect = ''; if ( isset( $_POST['reject'] ) ) { if ( $reject_url ) { $redirect = $reject_url; } else { $redirect = admin_url(); } } elseif ( isset( $_POST['approve'] ) ) { $created = WP_Application_Passwords::create_new_application_password( get_current_user_id(), array( 'name' => $app_name, 'app_id' => $app_id, ) ); if ( is_wp_error( $created ) ) { $error = $created; } else { list( $new_password ) = $created; if ( $success_url ) { $redirect = add_query_arg( array( 'site_url' => urlencode( site_url() ), 'user_login' => urlencode( wp_get_current_user()->user_login ), 'password' => urlencode( $new_password ), ), $success_url ); } } } if ( $redirect ) { // Explicitly not using wp_safe_redirect b/c sends to arbitrary domain. wp_redirect( $redirect ); exit; } } // Used in the HTML title tag. $title = __( 'Authorize Application' ); $app_name = ! empty( $_REQUEST['app_name'] ) ? $_REQUEST['app_name'] : ''; $app_id = ! empty( $_REQUEST['app_id'] ) ? $_REQUEST['app_id'] : ''; $success_url = ! empty( $_REQUEST['success_url'] ) ? $_REQUEST['success_url'] : null; if ( ! empty( $_REQUEST['reject_url'] ) ) { $reject_url = $_REQUEST['reject_url']; } elseif ( $success_url ) { $reject_url = add_query_arg( 'success', 'false', $success_url ); } else { $reject_url = null; } $user = wp_get_current_user(); $request = compact( 'app_name', 'app_id', 'success_url', 'reject_url' ); $is_valid = wp_is_authorize_application_password_request_valid( $request, $user ); if ( is_wp_error( $is_valid ) ) { wp_die( __( 'The Authorize Application request is not allowed.' ) . ' ' . implode( ' ', $is_valid->get_error_messages() ), __( 'Cannot Authorize Application' ) ); } if ( wp_is_site_protected_by_basic_auth( 'front' ) ) { wp_die( __( 'Your website appears to use Basic Authentication, which is not currently compatible with application passwords.' ), __( 'Cannot Authorize Application' ), array( 'response' => 501,
Called by
Invoked by
Calls
1 to 6 of 6
- WP_Application_Passwords::chunk_password() – Sanitizes and then splits a password into smaller chunks.
- WP_Application_Passwords::create_new_application_password() – Creates a new application password.
- wp_is_application_passwords_available_for_user() – Checks if Application Passwords is available for a specific user.
- wp_is_application_passwords_available() – Checks if Application Passwords is globally available.
- wp_is_authorize_application_password_request_valid() – Checks if the Authorize Application Password request is valid.
- wp_is_site_protected_by_basic_auth() – Checks if this site is protected by HTTP Basic Auth.