wp-admin/authorize-application.php


Lines:

1 to 100 of 333
<?php

/**
 * Authorize Application Screen
 *
 * @package WordPress
 * @subpackage Administration
 */


/** WordPress Administration Bootstrap */
require_once __DIR__ . '/admin.php';

$error        = null;
$new_password = '';

// This is the no-js fallback script. Generally this will all be handled by `auth-app.js`.
if ( isset( $_POST['action'] ) && 'authorize_application_password' === $_POST['action'] ) {
  check_admin_referer( 'authorize_application_password' );

  $success_url = $_POST['success_url'];
  $reject_url  = $_POST['reject_url'];
  $app_name    = $_POST['app_name'];
  $app_id      = $_POST['app_id'];
  $redirect    = '';

  if ( isset( $_POST['reject'] ) ) {
    if ( $reject_url ) {
      $redirect = $reject_url;
    } else {
      $redirect = admin_url();
    }
  } elseif ( isset( $_POST['approve'] ) ) {
    $created = WP_Application_Passwords::create_new_application_password(
      get_current_user_id(),
      array(
        'name'   => $app_name,
        'app_id' => $app_id,
      )
    );

    if ( is_wp_error( $created ) ) {
      $error = $created;
    } else {
      list( $new_password ) = $created;

      if ( $success_url ) {
        $redirect = add_query_arg(
          array(
            'site_url'   => urlencode( site_url() ),
            'user_login' => urlencode( wp_get_current_user()->user_login ),
            'password'   => urlencode( $new_password ),
          ),
          $success_url
        );
      }
    }
  }

  if ( $redirect ) {
    // Explicitly not using wp_safe_redirect b/c sends to arbitrary domain.
    wp_redirect( $redirect );
    exit;
  }
}

// Used in the HTML title tag.
$title = __( 'Authorize Application' );

$app_name    = ! empty( $_REQUEST['app_name'] ) ? $_REQUEST['app_name'] : '';
$app_id      = ! empty( $_REQUEST['app_id'] ) ? $_REQUEST['app_id'] : '';
$success_url = ! empty( $_REQUEST['success_url'] ) ? $_REQUEST['success_url'] : null;

if ( ! empty( $_REQUEST['reject_url'] ) ) {
  $reject_url = $_REQUEST['reject_url'];
} elseif ( $success_url ) {
  $reject_url = add_query_arg( 'success', 'false', $success_url );
} else {
  $reject_url = null;
}

$user = wp_get_current_user();

$request  = compact( 'app_name', 'app_id', 'success_url', 'reject_url' );
$is_valid = wp_is_authorize_application_password_request_valid( $request, $user );

if ( is_wp_error( $is_valid ) ) {
  wp_die(
    __( 'The Authorize Application request is not allowed.' ) . ' ' . implode( ' ', $is_valid->get_error_messages() ),
    __( 'Cannot Authorize Application' )
  );
}

if ( wp_is_site_protected_by_basic_auth( 'front' ) ) {
  wp_die(
    __( 'Your website appears to use Basic Authentication, which is not currently compatible with application passwords.' ),
    __( 'Cannot Authorize Application' ),
    array(
      'response'  => 501,

 View on GitHub View on Trac

Called by

    Invoked by

      API Letters: ,,