<?php
/**
* Authorize Application Screen
*
* @package WordPress
* @subpackage Administration
*/
/** WordPress Administration Bootstrap */
require_once __DIR__ . '/admin.php';
$error = null;
$new_password = '';
// This is the no-js fallback script. Generally this will all be handled by `auth-app.js`.
if ( isset( $_POST['action'] ) && 'authorize_application_password' === $_POST['action'] ) {
check_admin_referer( 'authorize_application_password' );
$success_url = $_POST['success_url'];
$reject_url = $_POST['reject_url'];
$app_name = $_POST['app_name'];
$app_id = $_POST['app_id'];
$redirect = '';
if ( isset( $_POST['reject'] ) ) {
if ( $reject_url ) {
$redirect = $reject_url;
} else {
$redirect = admin_url();
}
} elseif ( isset( $_POST['approve'] ) ) {
$created = WP_Application_Passwords::create_new_application_password(
get_current_user_id(),
array(
'name' => $app_name,
'app_id' => $app_id,
)
);
if ( is_wp_error( $created ) ) {
$error = $created;
} else {
list( $new_password ) = $created;
if ( $success_url ) {
$redirect = add_query_arg(
array(
'site_url' => urlencode( site_url() ),
'user_login' => urlencode( wp_get_current_user()->user_login ),
'password' => urlencode( $new_password ),
),
$success_url
);
}
}
}
if ( $redirect ) {
// Explicitly not using wp_safe_redirect b/c sends to arbitrary domain.
wp_redirect( $redirect );
exit;
}
}
// Used in the HTML title tag.
$title = __( 'Authorize Application' );
$app_name = ! empty( $_REQUEST['app_name'] ) ? $_REQUEST['app_name'] : '';
$app_id = ! empty( $_REQUEST['app_id'] ) ? $_REQUEST['app_id'] : '';
$success_url = ! empty( $_REQUEST['success_url'] ) ? $_REQUEST['success_url'] : null;
if ( ! empty( $_REQUEST['reject_url'] ) ) {
$reject_url = $_REQUEST['reject_url'];
} elseif ( $success_url ) {
$reject_url = add_query_arg( 'success', 'false', $success_url );
} else {
$reject_url = null;
}
$user = wp_get_current_user();
$request = compact( 'app_name', 'app_id', 'success_url', 'reject_url' );
$is_valid = wp_is_authorize_application_password_request_valid( $request, $user );
if ( is_wp_error( $is_valid ) ) {
wp_die(
__( 'The Authorize Application request is not allowed.' ) . ' ' . implode( ' ', $is_valid->get_error_messages() ),
__( 'Cannot Authorize Application' )
);
}
if ( wp_is_site_protected_by_basic_auth( 'front' ) ) {
wp_die(
__( 'Your website appears to use Basic Authentication, which is not currently compatible with application passwords.' ),
__( 'Cannot Authorize Application' ),
array(
'response' => 501,
'link_text' => __( 'Go Back' ),
'link_url' => $reject_url ? add_query_arg( 'error', 'disabled', $reject_url ) : admin_url(),
)
);
}
if ( ! wp_is_application_passwords_available_for_user( $user ) ) {
if ( wp_is_application_passwords_available() ) {
$message = __( 'Application passwords are not available for your account. Please contact the site administrator for assistance.' );
} else {
$message = __( 'Application passwords are not available.' );
}
wp_die(
$message,
__( 'Cannot Authorize Application' ),
array(
'response' => 501,
'link_text' => __( 'Go Back' ),
'link_url' => $reject_url ? add_query_arg( 'error', 'disabled', $reject_url ) : admin_url(),
)
);
}
wp_enqueue_script( 'auth-app' );
wp_localize_script(
'auth-app',
'authApp',
array(
'site_url' => site_url(),
'user_login' => $user->user_login,
'success' => $success_url,
'reject' => $reject_url ? $reject_url : admin_url(),
)
);
require_once ABSPATH . 'wp-admin/admin-header.php';
?>
<div class="wrap">
<h1><?php echo esc_html( $title ); ?></h1>
<?php
if ( is_wp_error( $error ) ) {
wp_admin_notice(
$error->get_error_message(),
array(
'type' => 'error',
)
);
}
?>
<div class="card auth-app-card">
<h2 class="title"><?php _e( 'An application would like to connect to your account.' ); ?></h2>
<?php if ( $app_name ) : ?>
<p>
<?php
printf(
/* translators: %s: Application name. */
__( 'Would you like to give the application identifying itself as %s access to your account? You should only do this if you trust the application in question.' ),
'<strong>' . esc_html( $app_name ) . '</strong>'
);
?>
</p>
<?php else : ?>
<p><?php _e( 'Would you like to give this application access to your account? You should only do this if you trust the application in question.' ); ?></p>
<?php endif; ?>
<?php
if ( is_multisite() ) {
$blogs = get_blogs_of_user( $user->ID, true );
$blogs_count = count( $blogs );
if ( $blogs_count > 1 ) {
?>
<p>
<?php
/* translators: 1: URL to my-sites.php, 2: Number of sites the user has. */
$message = _n(
'This will grant access to <a href="%1$s">the %2$s site in this installation that you have permissions on</a>.',
'This will grant access to <a href="%1$s">all %2$s sites in this installation that you have permissions on</a>.',
$blogs_count
);
if ( is_super_admin() ) {
/* translators: 1: URL to my-sites.php, 2: Number of sites the user has. */
$message = _n(
'This will grant access to <a href="%1$s">the %2$s site on the network as you have Super Admin rights</a>.',
'This will grant access to <a href="%1$s">all %2$s sites on the network as you have Super Admin rights</a>.',
$blogs_count
);
}
printf(
$message,
admin_url( 'my-sites.php' ),
number_format_i18n( $blogs_count )
);
?>
</p>
<?php
}
}
?>
<?php
if ( $new_password ) :
$message = '<p class="application-password-display">
<label for="new-application-password-value">' . sprintf(
/* translators: %s: Application name. */
esc_html__( 'Your new password for %s is:' ),
'<strong>' . esc_html( $app_name ) . '</strong>'
) . '
</label>
<input id="new-application-password-value" type="text" class="code" readonly="readonly" value="' . esc_attr( WP_Application_Passwords::chunk_password( $new_password ) ) . '" />
</p>
<p>' . __( 'Be sure to save this in a safe location. You will not be able to retrieve it.' ) . '</p>';
$args = array(
'type' => 'success',
'additional_classes' => array( 'notice-alt', 'below-h2' ),
'paragraph_wrap' => false,
);
wp_admin_notice( $message, $args );
/**
* Fires in the Authorize Application Password new password section in the no-JS version.
*
* In most cases, this should be used in combination with the {@see 'wp_application_passwords_approve_app_request_success'}
* action to ensure that both the JS and no-JS variants are handled.
*
* @since 5.6.0
* @since 5.6.1 Corrected action name and signature.
*
* @param string $new_password The newly generated application password.
* @param array $request The array of request data. All arguments are optional and may be empty.
* @param WP_User $user The user authorizing the application.
*/
do_action( 'wp_authorize_application_password_form_approved_no_js', $new_password, $request, $user );
else :
?>
<form action="<?php echo esc_url( admin_url( 'authorize-application.php' ) ); ?>" method="post" class="form-wrap">
<?php wp_nonce_field( 'authorize_application_password' ); ?>
<input type="hidden" name="action" value="authorize_application_password" />
<input type="hidden" name="app_id" value="<?php echo esc_attr( $app_id ); ?>" />
<input type="hidden" name="success_url" value="<?php echo esc_url( $success_url ); ?>" />
<input type="hidden" name="reject_url" value="<?php echo esc_url( $reject_url ); ?>" />
<div class="form-field">
<label for="app_name"><?php _e( 'New Application Password Name' ); ?></label>
<input type="text" id="app_name" name="app_name" value="<?php echo esc_attr( $app_name ); ?>" required />
</div>
<?php
/**
* Fires in the Authorize Application Password form before the submit buttons.
*
* @since 5.6.0
*
* @param array $request {
* The array of request data. All arguments are optional and may be empty.
*
* @type string $app_name The suggested name of the application.
* @type string $success_url The URL the user will be redirected to after approving the application.
* @type string $reject_url The URL the user will be redirected to after rejecting the application.
* }
* @param WP_User $user The user authorizing the application.
*/
do_action( 'wp_authorize_application_password_form', $request, $user );
?>
<?php
submit_button(
__( 'Yes, I approve of this connection' ),
'primary',
'approve',
false,
array(
'aria-describedby' => 'description-approve',
)
);
?>
<p class="description" id="description-approve">
<?php
if ( $success_url ) {
printf(
/* translators: %s: The URL the user is being redirected to. */
__( 'You will be sent to %s' ),
'<strong><code>' . esc_html(
add_query_arg(
array(
'site_url' => site_url(),
'user_login' => $user->user_login,
'password' => '[------]',
),
$success_url
)
) . '</code></strong>'
);
} else {
_e( 'You will be given a password to manually enter into the application in question.' );
}
?>
</p>
<?php
submit_button(
__( 'No, I do not approve of this connection' ),
'secondary',
'reject',
false,
array(
'aria-describedby' => 'description-reject',
)
);
?>
<p class="description" id="description-reject">
<?php
if ( $reject_url ) {
printf(
/* translators: %s: The URL the user is being redirected to. */
__( 'You will be sent to %s' ),
'<strong><code>' . esc_html( $reject_url ) . '</code></strong>'
);
} else {
_e( 'You will be returned to the WordPress Dashboard, and no changes will be made.' );
}
?>
</p>
</form>
<?php endif; ?>
</div>
</div>
<?php
require_once ABSPATH . 'wp-admin/admin-footer.php';
| Name | Type | Size | Permission | Actions |
|---|---|---|---|---|
| css | Folder | 0777 |
|
|
| images | Folder | 0777 |
|
|
| includes | Folder | 0777 |
|
|
| js | Folder | 0755 |
|
|
| maint | Folder | 0777 |
|
|
| network | Folder | 0777 |
|
|
| user | Folder | 0777 |
|
|
| about.php | File | 16.59 KB | 0777 |
|
| admin-ajax.php | File | 5.03 KB | 0777 |
|
| admin-footer.php | File | 2.77 KB | 0777 |
|
| admin-functions.php | File | 406 B | 0777 |
|
| admin-header.php | File | 8.86 KB | 0777 |
|
| admin-post.php | File | 2.02 KB | 0777 |
|
| admin.php | File | 12.27 KB | 0777 |
|
| async-upload.php | File | 4.74 KB | 0777 |
|
| authorize-application.php | File | 10.09 KB | 0777 |
|
| comment.php | File | 11.35 KB | 0777 |
|
| contribute.php | File | 5.59 KB | 0777 |
|
| credits.php | File | 3.75 KB | 0777 |
|
| custom-background.php | File | 416 B | 0777 |
|
| custom-header.php | File | 426 B | 0777 |
|
| customize.php | File | 10.87 KB | 0777 |
|
| edit-comments.php | File | 14.38 KB | 0777 |
|
| edit-form-advanced.php | File | 28.86 KB | 0777 |
|
| edit-form-blocks.php | File | 12.96 KB | 0777 |
|
| edit-form-comment.php | File | 8.34 KB | 0777 |
|
| edit-link-form.php | File | 6.21 KB | 0777 |
|
| edit-tag-form.php | File | 10.44 KB | 0777 |
|
| edit-tags.php | File | 22 KB | 0777 |
|
| edit.php | File | 19.48 KB | 0777 |
|
| erase-personal-data.php | File | 7.33 KB | 0777 |
|
| export-personal-data.php | File | 7.75 KB | 0777 |
|
| export.php | File | 11.02 KB | 0777 |
|
| freedoms.php | File | 4.5 KB | 0777 |
|
| import.php | File | 7.48 KB | 0777 |
|
| index.php | File | 7.68 KB | 0644 |
|
| install-helper.php | File | 6.8 KB | 0777 |
|
| install.php | File | 17.1 KB | 0777 |
|
| link-add.php | File | 938 B | 0777 |
|
| link-manager.php | File | 4.26 KB | 0777 |
|
| link-parse-opml.php | File | 2.63 KB | 0777 |
|
| link.php | File | 2.89 KB | 0777 |
|
| load-scripts.php | File | 2.02 KB | 0777 |
|
| load-styles.php | File | 2.56 KB | 0777 |
|
| media-new.php | File | 3.18 KB | 0777 |
|
| media-upload.php | File | 3.49 KB | 0777 |
|
| media.php | File | 819 B | 0777 |
|
| menu-header.php | File | 9.83 KB | 0777 |
|
| menu.php | File | 16.67 KB | 0777 |
|
| moderation.php | File | 307 B | 0777 |
|
| ms-admin.php | File | 196 B | 0777 |
|
| ms-delete-site.php | File | 4.19 KB | 0777 |
|
| ms-edit.php | File | 216 B | 0777 |
|
| ms-options.php | File | 229 B | 0777 |
|
| ms-sites.php | File | 215 B | 0777 |
|
| ms-themes.php | File | 217 B | 0777 |
|
| ms-upgrade-network.php | File | 219 B | 0777 |
|
| ms-users.php | File | 215 B | 0777 |
|
| my-sites.php | File | 4.74 KB | 0777 |
|
| nav-menus.php | File | 48.12 KB | 0777 |
|
| network.php | File | 5.39 KB | 0777 |
|
| options-discussion.php | File | 15.4 KB | 0777 |
|
| options-general.php | File | 21.51 KB | 0777 |
|
| options-head.php | File | 548 B | 0777 |
|
| options-media.php | File | 6.35 KB | 0777 |
|
| options-permalink.php | File | 21.21 KB | 0777 |
|
| options-privacy.php | File | 9.95 KB | 0777 |
|
| options-reading.php | File | 10.03 KB | 0777 |
|
| options-writing.php | File | 9.1 KB | 0777 |
|
| options.php | File | 13.45 KB | 0777 |
|
| plugin-editor.php | File | 13.42 KB | 0777 |
|
| plugin-install.php | File | 6.96 KB | 0777 |
|
| plugins.php | File | 30.01 KB | 0777 |
|
| post-new.php | File | 2.7 KB | 0777 |
|
| post.php | File | 9.97 KB | 0777 |
|
| press-this.php | File | 2.34 KB | 0777 |
|
| privacy-policy-guide.php | File | 3.67 KB | 0777 |
|
| privacy.php | File | 2.48 KB | 0777 |
|
| profile.php | File | 283 B | 0777 |
|
| revision.php | File | 5.47 KB | 0777 |
|
| setup-config.php | File | 17.48 KB | 0777 |
|
| site-editor.php | File | 5.96 KB | 0777 |
|
| site-health-info.php | File | 3.97 KB | 0777 |
|
| site-health.php | File | 10.14 KB | 0777 |
|
| term.php | File | 2.2 KB | 0777 |
|
| theme-editor.php | File | 15.42 KB | 0777 |
|
| theme-install.php | File | 23.37 KB | 0777 |
|
| themes.php | File | 46.95 KB | 0777 |
|
| tools.php | File | 3.43 KB | 0777 |
|
| update-core.php | File | 45.43 KB | 0777 |
|
| update.php | File | 12.79 KB | 0777 |
|
| upgrade-functions.php | File | 341 B | 0777 |
|
| upgrade.php | File | 5.57 KB | 0777 |
|
| upload.php | File | 14.85 KB | 0777 |
|
| user-edit.php | File | 39.6 KB | 0777 |
|
| user-new.php | File | 23.97 KB | 0777 |
|
| users.php | File | 23.29 KB | 0777 |
|
| widgets-form-blocks.php | File | 4.97 KB | 0777 |
|
| widgets-form.php | File | 19.17 KB | 0777 |
|
| widgets.php | File | 1.09 KB | 0777 |
|