[ Index ]

PHP Cross Reference of WordPress

title

Body

[close]

/wp-admin/ -> authorize-application.php (source)

   1  <?php
   2  /**
   3   * Authorize Application Screen
   4   *
   5   * @package WordPress
   6   * @subpackage Administration
   7   */
   8  
   9  /** WordPress Administration Bootstrap */
  10  require_once  __DIR__ . '/admin.php';
  11  
  12  $error        = null;
  13  $new_password = '';
  14  
  15  // This is the no-js fallback script. Generally this will all be handled by `auth-app.js`.
  16  if ( isset( $_POST['action'] ) && 'authorize_application_password' === $_POST['action'] ) {
  17      check_admin_referer( 'authorize_application_password' );
  18  
  19      $success_url = $_POST['success_url'];
  20      $reject_url  = $_POST['reject_url'];
  21      $app_name    = $_POST['app_name'];
  22      $app_id      = $_POST['app_id'];
  23      $redirect    = '';
  24  
  25      if ( isset( $_POST['reject'] ) ) {
  26          if ( $reject_url ) {
  27              $redirect = $reject_url;
  28          } else {
  29              $redirect = admin_url();
  30          }
  31      } elseif ( isset( $_POST['approve'] ) ) {
  32          $created = WP_Application_Passwords::create_new_application_password(
  33              get_current_user_id(),
  34              array(
  35                  'name'   => $app_name,
  36                  'app_id' => $app_id,
  37              )
  38          );
  39  
  40          if ( is_wp_error( $created ) ) {
  41              $error = $created;
  42          } else {
  43              list( $new_password ) = $created;
  44  
  45              if ( $success_url ) {
  46                  $redirect = add_query_arg(
  47                      array(
  48                          'site_url'   => urlencode( site_url() ),
  49                          'user_login' => urlencode( wp_get_current_user()->user_login ),
  50                          'password'   => urlencode( $new_password ),
  51                      ),
  52                      $success_url
  53                  );
  54              }
  55          }
  56      }
  57  
  58      if ( $redirect ) {
  59          // Explicitly not using wp_safe_redirect b/c sends to arbitrary domain.
  60          wp_redirect( $redirect );
  61          exit;
  62      }
  63  }
  64  
  65  // Used in the HTML title tag.
  66  $title = __( 'Authorize Application' );
  67  
  68  $app_name    = ! empty( $_REQUEST['app_name'] ) ? $_REQUEST['app_name'] : '';
  69  $app_id      = ! empty( $_REQUEST['app_id'] ) ? $_REQUEST['app_id'] : '';
  70  $success_url = ! empty( $_REQUEST['success_url'] ) ? $_REQUEST['success_url'] : null;
  71  
  72  if ( ! empty( $_REQUEST['reject_url'] ) ) {
  73      $reject_url = $_REQUEST['reject_url'];
  74  } elseif ( $success_url ) {
  75      $reject_url = add_query_arg( 'success', 'false', $success_url );
  76  } else {
  77      $reject_url = null;
  78  }
  79  
  80  $user = wp_get_current_user();
  81  
  82  $request  = compact( 'app_name', 'app_id', 'success_url', 'reject_url' );
  83  $is_valid = wp_is_authorize_application_password_request_valid( $request, $user );
  84  
  85  if ( is_wp_error( $is_valid ) ) {
  86      wp_die(
  87          __( 'The Authorize Application request is not allowed.' ) . ' ' . implode( ' ', $is_valid->get_error_messages() ),
  88          __( 'Cannot Authorize Application' )
  89      );
  90  }
  91  
  92  if ( wp_is_site_protected_by_basic_auth( 'front' ) ) {
  93      wp_die(
  94          __( 'Your website appears to use Basic Authentication, which is not currently compatible with application passwords.' ),
  95          __( 'Cannot Authorize Application' ),
  96          array(
  97              'response'  => 501,
  98              'link_text' => __( 'Go Back' ),
  99              'link_url'  => $reject_url ? add_query_arg( 'error', 'disabled', $reject_url ) : admin_url(),
 100          )
 101      );
 102  }
 103  
 104  if ( ! wp_is_application_passwords_available_for_user( $user ) ) {
 105      if ( wp_is_application_passwords_available() ) {
 106          $message = __( 'Application passwords are not available for your account. Please contact the site administrator for assistance.' );
 107      } else {
 108          $message = __( 'Application passwords are not available.' );
 109      }
 110  
 111      wp_die(
 112          $message,
 113          __( 'Cannot Authorize Application' ),
 114          array(
 115              'response'  => 501,
 116              'link_text' => __( 'Go Back' ),
 117              'link_url'  => $reject_url ? add_query_arg( 'error', 'disabled', $reject_url ) : admin_url(),
 118          )
 119      );
 120  }
 121  
 122  wp_enqueue_script( 'auth-app' );
 123  wp_localize_script(
 124      'auth-app',
 125      'authApp',
 126      array(
 127          'site_url'   => site_url(),
 128          'user_login' => $user->user_login,
 129          'success'    => $success_url,
 130          'reject'     => $reject_url ? $reject_url : admin_url(),
 131      )
 132  );
 133  
 134  require_once ABSPATH . 'wp-admin/admin-header.php';
 135  
 136  ?>
 137  <div class="wrap">
 138      <h1><?php echo esc_html( $title ); ?></h1>
 139  
 140      <?php if ( is_wp_error( $error ) ) : ?>
 141          <div class="notice notice-error"><p><?php echo $error->get_error_message(); ?></p></div>
 142      <?php endif; ?>
 143  
 144      <div class="card auth-app-card">
 145          <h2 class="title"><?php _e( 'An application would like to connect to your account.' ); ?></h2>
 146          <?php if ( $app_name ) : ?>
 147              <p>
 148                  <?php
 149                  printf(
 150                      /* translators: %s: Application name. */
 151                      __( 'Would you like to give the application identifying itself as %s access to your account? You should only do this if you trust the application in question.' ),
 152                      '<strong>' . esc_html( $app_name ) . '</strong>'
 153                  );
 154                  ?>
 155              </p>
 156          <?php else : ?>
 157              <p><?php _e( 'Would you like to give this application access to your account? You should only do this if you trust the application in question.' ); ?></p>
 158          <?php endif; ?>
 159  
 160          <?php
 161          if ( is_multisite() ) {
 162              $blogs       = get_blogs_of_user( $user->ID, true );
 163              $blogs_count = count( $blogs );
 164  
 165              if ( $blogs_count > 1 ) {
 166                  ?>
 167                  <p>
 168                      <?php
 169                      /* translators: 1: URL to my-sites.php, 2: Number of sites the user has. */
 170                      $message = _n(
 171                          'This will grant access to <a href="%1$s">the %2$s site in this installation that you have permissions on</a>.',
 172                          'This will grant access to <a href="%1$s">all %2$s sites in this installation that you have permissions on</a>.',
 173                          $blogs_count
 174                      );
 175  
 176                      if ( is_super_admin() ) {
 177                          /* translators: 1: URL to my-sites.php, 2: Number of sites the user has. */
 178                          $message = _n(
 179                              'This will grant access to <a href="%1$s">the %2$s site on the network as you have Super Admin rights</a>.',
 180                              'This will grant access to <a href="%1$s">all %2$s sites on the network as you have Super Admin rights</a>.',
 181                              $blogs_count
 182                          );
 183                      }
 184  
 185                      printf(
 186                          $message,
 187                          admin_url( 'my-sites.php' ),
 188                          number_format_i18n( $blogs_count )
 189                      );
 190                      ?>
 191                  </p>
 192                  <?php
 193              }
 194          }
 195          ?>
 196  
 197          <?php if ( $new_password ) : ?>
 198              <div class="notice notice-success notice-alt below-h2">
 199                  <p class="application-password-display">
 200                      <label for="new-application-password-value">
 201                          <?php
 202                          printf(
 203                              /* translators: %s: Application name. */
 204                              esc_html__( 'Your new password for %s is:' ),
 205                              '<strong>' . esc_html( $app_name ) . '</strong>'
 206                          );
 207                          ?>
 208                      </label>
 209                      <input id="new-application-password-value" type="text" class="code" readonly="readonly" value="<?php esc_attr( WP_Application_Passwords::chunk_password( $new_password ) ); ?>" />
 210                  </p>
 211                  <p><?php _e( 'Be sure to save this in a safe location. You will not be able to retrieve it.' ); ?></p>
 212              </div>
 213  
 214              <?php
 215              /**
 216               * Fires in the Authorize Application Password new password section in the no-JS version.
 217               *
 218               * In most cases, this should be used in combination with the {@see 'wp_application_passwords_approve_app_request_success'}
 219               * action to ensure that both the JS and no-JS variants are handled.
 220               *
 221               * @since 5.6.0
 222               * @since 5.6.1 Corrected action name and signature.
 223               *
 224               * @param string  $new_password The newly generated application password.
 225               * @param array   $request      The array of request data. All arguments are optional and may be empty.
 226               * @param WP_User $user         The user authorizing the application.
 227               */
 228              do_action( 'wp_authorize_application_password_form_approved_no_js', $new_password, $request, $user );
 229              ?>
 230          <?php else : ?>
 231              <form action="<?php echo esc_url( admin_url( 'authorize-application.php' ) ); ?>" method="post" class="form-wrap">
 232                  <?php wp_nonce_field( 'authorize_application_password' ); ?>
 233                  <input type="hidden" name="action" value="authorize_application_password" />
 234                  <input type="hidden" name="app_id" value="<?php echo esc_attr( $app_id ); ?>" />
 235                  <input type="hidden" name="success_url" value="<?php echo esc_url( $success_url ); ?>" />
 236                  <input type="hidden" name="reject_url" value="<?php echo esc_url( $reject_url ); ?>" />
 237  
 238                  <div class="form-field">
 239                      <label for="app_name"><?php _e( 'New Application Password Name' ); ?></label>
 240                      <input type="text" id="app_name" name="app_name" value="<?php echo esc_attr( $app_name ); ?>" required />
 241                  </div>
 242  
 243                  <?php
 244                  /**
 245                   * Fires in the Authorize Application Password form before the submit buttons.
 246                   *
 247                   * @since 5.6.0
 248                   *
 249                   * @param array   $request {
 250                   *     The array of request data. All arguments are optional and may be empty.
 251                   *
 252                   *     @type string $app_name    The suggested name of the application.
 253                   *     @type string $success_url The url the user will be redirected to after approving the application.
 254                   *     @type string $reject_url  The url the user will be redirected to after rejecting the application.
 255                   * }
 256                   * @param WP_User $user The user authorizing the application.
 257                   */
 258                  do_action( 'wp_authorize_application_password_form', $request, $user );
 259                  ?>
 260  
 261                  <?php
 262                  submit_button(
 263                      __( 'Yes, I approve of this connection' ),
 264                      'primary',
 265                      'approve',
 266                      false,
 267                      array(
 268                          'aria-describedby' => 'description-approve',
 269                      )
 270                  );
 271                  ?>
 272                  <p class="description" id="description-approve">
 273                      <?php
 274                      if ( $success_url ) {
 275                          printf(
 276                              /* translators: %s: The URL the user is being redirected to. */
 277                              __( 'You will be sent to %s' ),
 278                              '<strong><code>' . esc_html(
 279                                  add_query_arg(
 280                                      array(
 281                                          'site_url'   => site_url(),
 282                                          'user_login' => $user->user_login,
 283                                          'password'   => '[------]',
 284                                      ),
 285                                      $success_url
 286                                  )
 287                              ) . '</code></strong>'
 288                          );
 289                      } else {
 290                          _e( 'You will be given a password to manually enter into the application in question.' );
 291                      }
 292                      ?>
 293                  </p>
 294  
 295                  <?php
 296                  submit_button(
 297                      __( 'No, I do not approve of this connection' ),
 298                      'secondary',
 299                      'reject',
 300                      false,
 301                      array(
 302                          'aria-describedby' => 'description-reject',
 303                      )
 304                  );
 305                  ?>
 306                  <p class="description" id="description-reject">
 307                      <?php
 308                      if ( $reject_url ) {
 309                          printf(
 310                              /* translators: %s: The URL the user is being redirected to. */
 311                              __( 'You will be sent to %s' ),
 312                              '<strong><code>' . esc_html( $reject_url ) . '</code></strong>'
 313                          );
 314                      } else {
 315                          _e( 'You will be returned to the WordPress Dashboard, and no changes will be made.' );
 316                      }
 317                      ?>
 318                  </p>
 319              </form>
 320          <?php endif; ?>
 321      </div>
 322  </div>
 323  <?php
 324  
 325  require_once ABSPATH . 'wp-admin/admin-footer.php';


Generated: Sat Jun 25 01:00:03 2022 Cross-referenced by PHPXref 0.7.1