| [ Index ] |
PHP Cross Reference of WordPress Trunk (Updated Daily) |
[Summary view] [Print] [Text view]
1 <?php 2 /** 3 * Authorize Application Screen 4 * 5 * @package WordPress 6 * @subpackage Administration 7 */ 8 9 /** WordPress Administration Bootstrap */ 10 require_once __DIR__ . '/admin.php'; 11 12 $error = null; 13 $new_password = ''; 14 15 // This is the no-js fallback script. Generally this will all be handled by `auth-app.js`. 16 if ( isset( $_POST['action'] ) && 'authorize_application_password' === $_POST['action'] ) { 17 check_admin_referer( 'authorize_application_password' ); 18 19 $success_url = $_POST['success_url']; 20 $reject_url = $_POST['reject_url']; 21 $app_name = $_POST['app_name']; 22 $app_id = $_POST['app_id']; 23 $redirect = ''; 24 25 if ( isset( $_POST['reject'] ) ) { 26 if ( $reject_url ) { 27 $redirect = $reject_url; 28 } else { 29 $redirect = admin_url(); 30 } 31 } elseif ( isset( $_POST['approve'] ) ) { 32 $created = WP_Application_Passwords::create_new_application_password( 33 get_current_user_id(), 34 array( 35 'name' => $app_name, 36 'app_id' => $app_id, 37 ) 38 ); 39 40 if ( is_wp_error( $created ) ) { 41 $error = $created; 42 } else { 43 list( $new_password ) = $created; 44 45 if ( $success_url ) { 46 $redirect = add_query_arg( 47 array( 48 'site_url' => urlencode( site_url() ), 49 'user_login' => urlencode( wp_get_current_user()->user_login ), 50 'password' => urlencode( $new_password ), 51 ), 52 $success_url 53 ); 54 } 55 } 56 } 57 58 if ( $redirect ) { 59 // Explicitly not using wp_safe_redirect b/c sends to arbitrary domain. 60 wp_redirect( $redirect ); 61 exit; 62 } 63 } 64 65 // Used in the HTML title tag. 66 $title = __( 'Authorize Application' ); 67 68 $app_name = ! empty( $_REQUEST['app_name'] ) ? $_REQUEST['app_name'] : ''; 69 $app_id = ! empty( $_REQUEST['app_id'] ) ? $_REQUEST['app_id'] : ''; 70 $success_url = ! empty( $_REQUEST['success_url'] ) ? $_REQUEST['success_url'] : null; 71 72 if ( ! empty( $_REQUEST['reject_url'] ) ) { 73 $reject_url = $_REQUEST['reject_url']; 74 } elseif ( $success_url ) { 75 $reject_url = add_query_arg( 'success', 'false', $success_url ); 76 } else { 77 $reject_url = null; 78 } 79 80 $user = wp_get_current_user(); 81 82 $request = compact( 'app_name', 'app_id', 'success_url', 'reject_url' ); 83 $is_valid = wp_is_authorize_application_password_request_valid( $request, $user ); 84 85 if ( is_wp_error( $is_valid ) ) { 86 wp_die( 87 __( 'The Authorize Application request is not allowed.' ) . ' ' . implode( ' ', $is_valid->get_error_messages() ), 88 __( 'Cannot Authorize Application' ) 89 ); 90 } 91 92 if ( wp_is_site_protected_by_basic_auth( 'front' ) ) { 93 wp_die( 94 __( 'Your website appears to use Basic Authentication, which is not currently compatible with application passwords.' ), 95 __( 'Cannot Authorize Application' ), 96 array( 97 'response' => 501, 98 'link_text' => __( 'Go Back' ), 99 'link_url' => $reject_url ? add_query_arg( 'error', 'disabled', $reject_url ) : admin_url(), 100 ) 101 ); 102 } 103 104 if ( ! wp_is_application_passwords_available_for_user( $user ) ) { 105 if ( wp_is_application_passwords_available() ) { 106 $message = __( 'Application passwords are not available for your account. Please contact the site administrator for assistance.' ); 107 } else { 108 $message = __( 'Application passwords are not available.' ); 109 } 110 111 wp_die( 112 $message, 113 __( 'Cannot Authorize Application' ), 114 array( 115 'response' => 501, 116 'link_text' => __( 'Go Back' ), 117 'link_url' => $reject_url ? add_query_arg( 'error', 'disabled', $reject_url ) : admin_url(), 118 ) 119 ); 120 } 121 122 wp_enqueue_script( 'auth-app' ); 123 wp_localize_script( 124 'auth-app', 125 'authApp', 126 array( 127 'site_url' => site_url(), 128 'user_login' => $user->user_login, 129 'success' => $success_url, 130 'reject' => $reject_url ? $reject_url : admin_url(), 131 ) 132 ); 133 134 require_once ABSPATH . 'wp-admin/admin-header.php'; 135 136 ?> 137 <div class="wrap"> 138 <h1><?php echo esc_html( $title ); ?></h1> 139 140 <?php 141 if ( is_wp_error( $error ) ) { 142 wp_admin_notice( 143 $error->get_error_message(), 144 array( 145 'type' => 'error', 146 ) 147 ); 148 } 149 ?> 150 151 <div class="card auth-app-card"> 152 <h2 class="title"><?php _e( 'An application would like to connect to your account.' ); ?></h2> 153 <?php if ( $app_name ) : ?> 154 <p> 155 <?php 156 printf( 157 /* translators: %s: Application name. */ 158 __( 'Would you like to give the application identifying itself as %s access to your account? You should only do this if you trust the application in question.' ), 159 '<strong>' . esc_html( $app_name ) . '</strong>' 160 ); 161 ?> 162 </p> 163 <?php else : ?> 164 <p><?php _e( 'Would you like to give this application access to your account? You should only do this if you trust the application in question.' ); ?></p> 165 <?php endif; ?> 166 167 <?php 168 if ( is_multisite() ) { 169 $blogs = get_blogs_of_user( $user->ID, true ); 170 $blogs_count = count( $blogs ); 171 172 if ( $blogs_count > 1 ) { 173 ?> 174 <p> 175 <?php 176 /* translators: 1: URL to my-sites.php, 2: Number of sites the user has. */ 177 $message = _n( 178 'This will grant access to <a href="%1$s">the %2$s site in this installation that you have permissions on</a>.', 179 'This will grant access to <a href="%1$s">all %2$s sites in this installation that you have permissions on</a>.', 180 $blogs_count 181 ); 182 183 if ( is_super_admin() ) { 184 /* translators: 1: URL to my-sites.php, 2: Number of sites the user has. */ 185 $message = _n( 186 'This will grant access to <a href="%1$s">the %2$s site on the network as you have Super Admin rights</a>.', 187 'This will grant access to <a href="%1$s">all %2$s sites on the network as you have Super Admin rights</a>.', 188 $blogs_count 189 ); 190 } 191 192 printf( 193 $message, 194 admin_url( 'my-sites.php' ), 195 number_format_i18n( $blogs_count ) 196 ); 197 ?> 198 </p> 199 <?php 200 } 201 } 202 ?> 203 204 <?php 205 if ( $new_password ) : 206 $message = '<p class="application-password-display"> 207 <label for="new-application-password-value">' . sprintf( 208 /* translators: %s: Application name. */ 209 esc_html__( 'Your new password for %s is:' ), 210 '<strong>' . esc_html( $app_name ) . '</strong>' 211 ) . ' 212 </label> 213 <input id="new-application-password-value" type="text" class="code" readonly="readonly" value="' . esc_attr( WP_Application_Passwords::chunk_password( $new_password ) ) . '" /> 214 </p> 215 <p>' . __( 'Be sure to save this in a safe location. You will not be able to retrieve it.' ) . '</p>'; 216 $args = array( 217 'type' => 'success', 218 'additional_classes' => array( 'notice-alt', 'below-h2' ), 219 'paragraph_wrap' => false, 220 ); 221 wp_admin_notice( $message, $args ); 222 223 /** 224 * Fires in the Authorize Application Password new password section in the no-JS version. 225 * 226 * In most cases, this should be used in combination with the {@see 'wp_application_passwords_approve_app_request_success'} 227 * action to ensure that both the JS and no-JS variants are handled. 228 * 229 * @since 5.6.0 230 * @since 5.6.1 Corrected action name and signature. 231 * 232 * @param string $new_password The newly generated application password. 233 * @param array $request The array of request data. All arguments are optional and may be empty. 234 * @param WP_User $user The user authorizing the application. 235 */ 236 do_action( 'wp_authorize_application_password_form_approved_no_js', $new_password, $request, $user ); 237 else : 238 ?> 239 <form action="<?php echo esc_url( admin_url( 'authorize-application.php' ) ); ?>" method="post" class="form-wrap"> 240 <?php wp_nonce_field( 'authorize_application_password' ); ?> 241 <input type="hidden" name="action" value="authorize_application_password" /> 242 <input type="hidden" name="app_id" value="<?php echo esc_attr( $app_id ); ?>" /> 243 <input type="hidden" name="success_url" value="<?php echo esc_url( $success_url ); ?>" /> 244 <input type="hidden" name="reject_url" value="<?php echo esc_url( $reject_url ); ?>" /> 245 246 <div class="form-field"> 247 <label for="app_name"><?php _e( 'New Application Password Name' ); ?></label> 248 <input type="text" id="app_name" name="app_name" value="<?php echo esc_attr( $app_name ); ?>" required /> 249 </div> 250 251 <?php 252 /** 253 * Fires in the Authorize Application Password form before the submit buttons. 254 * 255 * @since 5.6.0 256 * 257 * @param array $request { 258 * The array of request data. All arguments are optional and may be empty. 259 * 260 * @type string $app_name The suggested name of the application. 261 * @type string $success_url The URL the user will be redirected to after approving the application. 262 * @type string $reject_url The URL the user will be redirected to after rejecting the application. 263 * } 264 * @param WP_User $user The user authorizing the application. 265 */ 266 do_action( 'wp_authorize_application_password_form', $request, $user ); 267 ?> 268 269 <?php 270 submit_button( 271 __( 'Yes, I approve of this connection' ), 272 'primary', 273 'approve', 274 false, 275 array( 276 'aria-describedby' => 'description-approve', 277 ) 278 ); 279 ?> 280 <p class="description" id="description-approve"> 281 <?php 282 if ( $success_url ) { 283 printf( 284 /* translators: %s: The URL the user is being redirected to. */ 285 __( 'You will be sent to %s' ), 286 '<strong><code>' . esc_html( 287 add_query_arg( 288 array( 289 'site_url' => site_url(), 290 'user_login' => $user->user_login, 291 'password' => '[------]', 292 ), 293 $success_url 294 ) 295 ) . '</code></strong>' 296 ); 297 } else { 298 _e( 'You will be given a password to manually enter into the application in question.' ); 299 } 300 ?> 301 </p> 302 303 <?php 304 submit_button( 305 __( 'No, I do not approve of this connection' ), 306 'secondary', 307 'reject', 308 false, 309 array( 310 'aria-describedby' => 'description-reject', 311 ) 312 ); 313 ?> 314 <p class="description" id="description-reject"> 315 <?php 316 if ( $reject_url ) { 317 printf( 318 /* translators: %s: The URL the user is being redirected to. */ 319 __( 'You will be sent to %s' ), 320 '<strong><code>' . esc_html( $reject_url ) . '</code></strong>' 321 ); 322 } else { 323 _e( 'You will be returned to the WordPress Dashboard, and no changes will be made.' ); 324 } 325 ?> 326 </p> 327 </form> 328 <?php endif; ?> 329 </div> 330 </div> 331 <?php 332 333 require_once ABSPATH . 'wp-admin/admin-footer.php';
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated : Tue Apr 23 08:20:01 2024 | Cross-referenced by PHPXref |