[ Index ]

PHP Cross Reference of WordPress

title

Body

[close]

/wp-admin/includes/ -> user.php (source)

   1  <?php
   2  /**
   3   * WordPress user administration API.
   4   *
   5   * @package WordPress
   6   * @subpackage Administration
   7   */
   8  
   9  /**
  10   * Creates a new user from the "Users" form using $_POST information.
  11   *
  12   * @since 2.0.0
  13   *
  14   * @return int|WP_Error WP_Error or User ID.
  15   */
  16  function add_user() {
  17      return edit_user();
  18  }
  19  
  20  /**
  21   * Edit user settings based on contents of $_POST
  22   *
  23   * Used on user-edit.php and profile.php to manage and process user options, passwords etc.
  24   *
  25   * @since 2.0.0
  26   *
  27   * @param int $user_id Optional. User ID.
  28   * @return int|WP_Error User ID of the updated user or WP_Error on failure.
  29   */
  30  function edit_user( $user_id = 0 ) {
  31      $wp_roles = wp_roles();
  32      $user     = new stdClass;
  33      $user_id  = (int) $user_id;
  34      if ( $user_id ) {
  35          $update           = true;
  36          $user->ID         = $user_id;
  37          $userdata         = get_userdata( $user_id );
  38          $user->user_login = wp_slash( $userdata->user_login );
  39      } else {
  40          $update = false;
  41      }
  42  
  43      if ( ! $update && isset( $_POST['user_login'] ) ) {
  44          $user->user_login = sanitize_user( wp_unslash( $_POST['user_login'] ), true );
  45      }
  46  
  47      $pass1 = '';
  48      $pass2 = '';
  49      if ( isset( $_POST['pass1'] ) ) {
  50          $pass1 = trim( $_POST['pass1'] );
  51      }
  52      if ( isset( $_POST['pass2'] ) ) {
  53          $pass2 = trim( $_POST['pass2'] );
  54      }
  55  
  56      if ( isset( $_POST['role'] ) && current_user_can( 'promote_users' ) && ( ! $user_id || current_user_can( 'promote_user', $user_id ) ) ) {
  57          $new_role = sanitize_text_field( $_POST['role'] );
  58  
  59          // If the new role isn't editable by the logged-in user die with error.
  60          $editable_roles = get_editable_roles();
  61          if ( ! empty( $new_role ) && empty( $editable_roles[ $new_role ] ) ) {
  62              wp_die( __( 'Sorry, you are not allowed to give users that role.' ), 403 );
  63          }
  64  
  65          $potential_role = isset( $wp_roles->role_objects[ $new_role ] ) ? $wp_roles->role_objects[ $new_role ] : false;
  66  
  67          /*
  68           * Don't let anyone with 'promote_users' edit their own role to something without it.
  69           * Multisite super admins can freely edit their roles, they possess all caps.
  70           */
  71          if (
  72              ( is_multisite() && current_user_can( 'manage_network_users' ) ) ||
  73              get_current_user_id() !== $user_id ||
  74              ( $potential_role && $potential_role->has_cap( 'promote_users' ) )
  75          ) {
  76              $user->role = $new_role;
  77          }
  78      }
  79  
  80      if ( isset( $_POST['email'] ) ) {
  81          $user->user_email = sanitize_text_field( wp_unslash( $_POST['email'] ) );
  82      }
  83      if ( isset( $_POST['url'] ) ) {
  84          if ( empty( $_POST['url'] ) || 'http://' === $_POST['url'] ) {
  85              $user->user_url = '';
  86          } else {
  87              $user->user_url = esc_url_raw( $_POST['url'] );
  88              $protocols      = implode( '|', array_map( 'preg_quote', wp_allowed_protocols() ) );
  89              $user->user_url = preg_match( '/^(' . $protocols . '):/is', $user->user_url ) ? $user->user_url : 'http://' . $user->user_url;
  90          }
  91      }
  92      if ( isset( $_POST['first_name'] ) ) {
  93          $user->first_name = sanitize_text_field( $_POST['first_name'] );
  94      }
  95      if ( isset( $_POST['last_name'] ) ) {
  96          $user->last_name = sanitize_text_field( $_POST['last_name'] );
  97      }
  98      if ( isset( $_POST['nickname'] ) ) {
  99          $user->nickname = sanitize_text_field( $_POST['nickname'] );
 100      }
 101      if ( isset( $_POST['display_name'] ) ) {
 102          $user->display_name = sanitize_text_field( $_POST['display_name'] );
 103      }
 104  
 105      if ( isset( $_POST['description'] ) ) {
 106          $user->description = trim( $_POST['description'] );
 107      }
 108  
 109      foreach ( wp_get_user_contact_methods( $user ) as $method => $name ) {
 110          if ( isset( $_POST[ $method ] ) ) {
 111              $user->$method = sanitize_text_field( $_POST[ $method ] );
 112          }
 113      }
 114  
 115      if ( isset( $_POST['locale'] ) ) {
 116          $locale = sanitize_text_field( $_POST['locale'] );
 117          if ( 'site-default' === $locale ) {
 118              $locale = '';
 119          } elseif ( '' === $locale ) {
 120              $locale = 'en_US';
 121          } elseif ( ! in_array( $locale, get_available_languages(), true ) ) {
 122              $locale = '';
 123          }
 124  
 125          $user->locale = $locale;
 126      }
 127  
 128      if ( $update ) {
 129          $user->rich_editing         = isset( $_POST['rich_editing'] ) && 'false' === $_POST['rich_editing'] ? 'false' : 'true';
 130          $user->syntax_highlighting  = isset( $_POST['syntax_highlighting'] ) && 'false' === $_POST['syntax_highlighting'] ? 'false' : 'true';
 131          $user->admin_color          = isset( $_POST['admin_color'] ) ? sanitize_text_field( $_POST['admin_color'] ) : 'fresh';
 132          $user->show_admin_bar_front = isset( $_POST['admin_bar_front'] ) ? 'true' : 'false';
 133      }
 134  
 135      $user->comment_shortcuts = isset( $_POST['comment_shortcuts'] ) && 'true' === $_POST['comment_shortcuts'] ? 'true' : '';
 136  
 137      $user->use_ssl = 0;
 138      if ( ! empty( $_POST['use_ssl'] ) ) {
 139          $user->use_ssl = 1;
 140      }
 141  
 142      $errors = new WP_Error();
 143  
 144      /* checking that username has been typed */
 145      if ( '' === $user->user_login ) {
 146          $errors->add( 'user_login', __( '<strong>Error</strong>: Please enter a username.' ) );
 147      }
 148  
 149      /* checking that nickname has been typed */
 150      if ( $update && empty( $user->nickname ) ) {
 151          $errors->add( 'nickname', __( '<strong>Error</strong>: Please enter a nickname.' ) );
 152      }
 153  
 154      /**
 155       * Fires before the password and confirm password fields are checked for congruity.
 156       *
 157       * @since 1.5.1
 158       *
 159       * @param string $user_login The username.
 160       * @param string $pass1     The password (passed by reference).
 161       * @param string $pass2     The confirmed password (passed by reference).
 162       */
 163      do_action_ref_array( 'check_passwords', array( $user->user_login, &$pass1, &$pass2 ) );
 164  
 165      // Check for blank password when adding a user.
 166      if ( ! $update && empty( $pass1 ) ) {
 167          $errors->add( 'pass', __( '<strong>Error</strong>: Please enter a password.' ), array( 'form-field' => 'pass1' ) );
 168      }
 169  
 170      // Check for "\" in password.
 171      if ( false !== strpos( wp_unslash( $pass1 ), '\\' ) ) {
 172          $errors->add( 'pass', __( '<strong>Error</strong>: Passwords may not contain the character "\\".' ), array( 'form-field' => 'pass1' ) );
 173      }
 174  
 175      // Checking the password has been typed twice the same.
 176      if ( ( $update || ! empty( $pass1 ) ) && $pass1 != $pass2 ) {
 177          $errors->add( 'pass', __( '<strong>Error</strong>: Passwords do not match. Please enter the same password in both password fields.' ), array( 'form-field' => 'pass1' ) );
 178      }
 179  
 180      if ( ! empty( $pass1 ) ) {
 181          $user->user_pass = $pass1;
 182      }
 183  
 184      if ( ! $update && isset( $_POST['user_login'] ) && ! validate_username( $_POST['user_login'] ) ) {
 185          $errors->add( 'user_login', __( '<strong>Error</strong>: This username is invalid because it uses illegal characters. Please enter a valid username.' ) );
 186      }
 187  
 188      if ( ! $update && username_exists( $user->user_login ) ) {
 189          $errors->add( 'user_login', __( '<strong>Error</strong>: This username is already registered. Please choose another one.' ) );
 190      }
 191  
 192      /** This filter is documented in wp-includes/user.php */
 193      $illegal_logins = (array) apply_filters( 'illegal_user_logins', array() );
 194  
 195      if ( in_array( strtolower( $user->user_login ), array_map( 'strtolower', $illegal_logins ), true ) ) {
 196          $errors->add( 'invalid_username', __( '<strong>Error</strong>: Sorry, that username is not allowed.' ) );
 197      }
 198  
 199      /* checking email address */
 200      if ( empty( $user->user_email ) ) {
 201          $errors->add( 'empty_email', __( '<strong>Error</strong>: Please enter an email address.' ), array( 'form-field' => 'email' ) );
 202      } elseif ( ! is_email( $user->user_email ) ) {
 203          $errors->add( 'invalid_email', __( '<strong>Error</strong>: The email address is not correct.' ), array( 'form-field' => 'email' ) );
 204      } else {
 205          $owner_id = email_exists( $user->user_email );
 206          if ( $owner_id && ( ! $update || ( $owner_id != $user->ID ) ) ) {
 207              $errors->add( 'email_exists', __( '<strong>Error</strong>: This email is already registered. Please choose another one.' ), array( 'form-field' => 'email' ) );
 208          }
 209      }
 210  
 211      /**
 212       * Fires before user profile update errors are returned.
 213       *
 214       * @since 2.8.0
 215       *
 216       * @param WP_Error $errors WP_Error object (passed by reference).
 217       * @param bool     $update Whether this is a user update.
 218       * @param stdClass $user   User object (passed by reference).
 219       */
 220      do_action_ref_array( 'user_profile_update_errors', array( &$errors, $update, &$user ) );
 221  
 222      if ( $errors->has_errors() ) {
 223          return $errors;
 224      }
 225  
 226      if ( $update ) {
 227          $user_id = wp_update_user( $user );
 228      } else {
 229          $user_id = wp_insert_user( $user );
 230          $notify  = isset( $_POST['send_user_notification'] ) ? 'both' : 'admin';
 231  
 232          /**
 233           * Fires after a new user has been created.
 234           *
 235           * @since 4.4.0
 236           *
 237           * @param int|WP_Error $user_id ID of the newly created user or WP_Error on failure.
 238           * @param string       $notify  Type of notification that should happen. See
 239           *                              wp_send_new_user_notifications() for more information.
 240           */
 241          do_action( 'edit_user_created_user', $user_id, $notify );
 242      }
 243      return $user_id;
 244  }
 245  
 246  /**
 247   * Fetch a filtered list of user roles that the current user is
 248   * allowed to edit.
 249   *
 250   * Simple function whose main purpose is to allow filtering of the
 251   * list of roles in the $wp_roles object so that plugins can remove
 252   * inappropriate ones depending on the situation or user making edits.
 253   * Specifically because without filtering anyone with the edit_users
 254   * capability can edit others to be administrators, even if they are
 255   * only editors or authors. This filter allows admins to delegate
 256   * user management.
 257   *
 258   * @since 2.8.0
 259   *
 260   * @return array[] Array of arrays containing role information.
 261   */
 262  function get_editable_roles() {
 263      $all_roles = wp_roles()->roles;
 264  
 265      /**
 266       * Filters the list of editable roles.
 267       *
 268       * @since 2.8.0
 269       *
 270       * @param array[] $all_roles Array of arrays containing role information.
 271       */
 272      $editable_roles = apply_filters( 'editable_roles', $all_roles );
 273  
 274      return $editable_roles;
 275  }
 276  
 277  /**
 278   * Retrieve user data and filter it.
 279   *
 280   * @since 2.0.5
 281   *
 282   * @param int $user_id User ID.
 283   * @return WP_User|false WP_User object on success, false on failure.
 284   */
 285  function get_user_to_edit( $user_id ) {
 286      $user = get_userdata( $user_id );
 287  
 288      if ( $user ) {
 289          $user->filter = 'edit';
 290      }
 291  
 292      return $user;
 293  }
 294  
 295  /**
 296   * Retrieve the user's drafts.
 297   *
 298   * @since 2.0.0
 299   *
 300   * @global wpdb $wpdb WordPress database abstraction object.
 301   *
 302   * @param int $user_id User ID.
 303   * @return array
 304   */
 305  function get_users_drafts( $user_id ) {
 306      global $wpdb;
 307      $query = $wpdb->prepare( "SELECT ID, post_title FROM $wpdb->posts WHERE post_type = 'post' AND post_status = 'draft' AND post_author = %d ORDER BY post_modified DESC", $user_id );
 308  
 309      /**
 310       * Filters the user's drafts query string.
 311       *
 312       * @since 2.0.0
 313       *
 314       * @param string $query The user's drafts query string.
 315       */
 316      $query = apply_filters( 'get_users_drafts', $query );
 317      return $wpdb->get_results( $query );
 318  }
 319  
 320  /**
 321   * Remove user and optionally reassign posts and links to another user.
 322   *
 323   * If the $reassign parameter is not assigned to a User ID, then all posts will
 324   * be deleted of that user. The action {@see 'delete_user'} that is passed the User ID
 325   * being deleted will be run after the posts are either reassigned or deleted.
 326   * The user meta will also be deleted that are for that User ID.
 327   *
 328   * @since 2.0.0
 329   *
 330   * @global wpdb $wpdb WordPress database abstraction object.
 331   *
 332   * @param int $id User ID.
 333   * @param int $reassign Optional. Reassign posts and links to new User ID.
 334   * @return bool True when finished.
 335   */
 336  function wp_delete_user( $id, $reassign = null ) {
 337      global $wpdb;
 338  
 339      if ( ! is_numeric( $id ) ) {
 340          return false;
 341      }
 342  
 343      $id   = (int) $id;
 344      $user = new WP_User( $id );
 345  
 346      if ( ! $user->exists() ) {
 347          return false;
 348      }
 349  
 350      // Normalize $reassign to null or a user ID. 'novalue' was an older default.
 351      if ( 'novalue' === $reassign ) {
 352          $reassign = null;
 353      } elseif ( null !== $reassign ) {
 354          $reassign = (int) $reassign;
 355      }
 356  
 357      /**
 358       * Fires immediately before a user is deleted from the database.
 359       *
 360       * @since 2.0.0
 361       * @since 5.5.0 Added the `$user` parameter.
 362       *
 363       * @param int      $id       ID of the user to delete.
 364       * @param int|null $reassign ID of the user to reassign posts and links to.
 365       *                           Default null, for no reassignment.
 366       * @param WP_User  $user     WP_User object of the user to delete.
 367       */
 368      do_action( 'delete_user', $id, $reassign, $user );
 369  
 370      if ( null === $reassign ) {
 371          $post_types_to_delete = array();
 372          foreach ( get_post_types( array(), 'objects' ) as $post_type ) {
 373              if ( $post_type->delete_with_user ) {
 374                  $post_types_to_delete[] = $post_type->name;
 375              } elseif ( null === $post_type->delete_with_user && post_type_supports( $post_type->name, 'author' ) ) {
 376                  $post_types_to_delete[] = $post_type->name;
 377              }
 378          }
 379  
 380          /**
 381           * Filters the list of post types to delete with a user.
 382           *
 383           * @since 3.4.0
 384           *
 385           * @param string[] $post_types_to_delete Array of post types to delete.
 386           * @param int      $id                   User ID.
 387           */
 388          $post_types_to_delete = apply_filters( 'post_types_to_delete_with_user', $post_types_to_delete, $id );
 389          $post_types_to_delete = implode( "', '", $post_types_to_delete );
 390          $post_ids             = $wpdb->get_col( $wpdb->prepare( "SELECT ID FROM $wpdb->posts WHERE post_author = %d AND post_type IN ('$post_types_to_delete')", $id ) );
 391          if ( $post_ids ) {
 392              foreach ( $post_ids as $post_id ) {
 393                  wp_delete_post( $post_id );
 394              }
 395          }
 396  
 397          // Clean links.
 398          $link_ids = $wpdb->get_col( $wpdb->prepare( "SELECT link_id FROM $wpdb->links WHERE link_owner = %d", $id ) );
 399  
 400          if ( $link_ids ) {
 401              foreach ( $link_ids as $link_id ) {
 402                  wp_delete_link( $link_id );
 403              }
 404          }
 405      } else {
 406          $post_ids = $wpdb->get_col( $wpdb->prepare( "SELECT ID FROM $wpdb->posts WHERE post_author = %d", $id ) );
 407          $wpdb->update( $wpdb->posts, array( 'post_author' => $reassign ), array( 'post_author' => $id ) );
 408          if ( ! empty( $post_ids ) ) {
 409              foreach ( $post_ids as $post_id ) {
 410                  clean_post_cache( $post_id );
 411              }
 412          }
 413          $link_ids = $wpdb->get_col( $wpdb->prepare( "SELECT link_id FROM $wpdb->links WHERE link_owner = %d", $id ) );
 414          $wpdb->update( $wpdb->links, array( 'link_owner' => $reassign ), array( 'link_owner' => $id ) );
 415          if ( ! empty( $link_ids ) ) {
 416              foreach ( $link_ids as $link_id ) {
 417                  clean_bookmark_cache( $link_id );
 418              }
 419          }
 420      }
 421  
 422      // FINALLY, delete user.
 423      if ( is_multisite() ) {
 424          remove_user_from_blog( $id, get_current_blog_id() );
 425      } else {
 426          $meta = $wpdb->get_col( $wpdb->prepare( "SELECT umeta_id FROM $wpdb->usermeta WHERE user_id = %d", $id ) );
 427          foreach ( $meta as $mid ) {
 428              delete_metadata_by_mid( 'user', $mid );
 429          }
 430  
 431          $wpdb->delete( $wpdb->users, array( 'ID' => $id ) );
 432      }
 433  
 434      clean_user_cache( $user );
 435  
 436      /**
 437       * Fires immediately after a user is deleted from the database.
 438       *
 439       * @since 2.9.0
 440       * @since 5.5.0 Added the `$user` parameter.
 441       *
 442       * @param int      $id       ID of the deleted user.
 443       * @param int|null $reassign ID of the user to reassign posts and links to.
 444       *                           Default null, for no reassignment.
 445       * @param WP_User  $user     WP_User object of the deleted user.
 446       */
 447      do_action( 'deleted_user', $id, $reassign, $user );
 448  
 449      return true;
 450  }
 451  
 452  /**
 453   * Remove all capabilities from user.
 454   *
 455   * @since 2.1.0
 456   *
 457   * @param int $id User ID.
 458   */
 459  function wp_revoke_user( $id ) {
 460      $id = (int) $id;
 461  
 462      $user = new WP_User( $id );
 463      $user->remove_all_caps();
 464  }
 465  
 466  /**
 467   * @since 2.8.0
 468   *
 469   * @global int $user_ID
 470   *
 471   * @param false $errors Deprecated.
 472   */
 473  function default_password_nag_handler( $errors = false ) {
 474      global $user_ID;
 475      // Short-circuit it.
 476      if ( ! get_user_option( 'default_password_nag' ) ) {
 477          return;
 478      }
 479  
 480      // get_user_setting() = JS-saved UI setting. Else no-js-fallback code.
 481      if ( 'hide' === get_user_setting( 'default_password_nag' )
 482          || isset( $_GET['default_password_nag'] ) && '0' == $_GET['default_password_nag']
 483      ) {
 484          delete_user_setting( 'default_password_nag' );
 485          update_user_meta( $user_ID, 'default_password_nag', false );
 486      }
 487  }
 488  
 489  /**
 490   * @since 2.8.0
 491   *
 492   * @param int     $user_ID
 493   * @param WP_User $old_data
 494   */
 495  function default_password_nag_edit_user( $user_ID, $old_data ) {
 496      // Short-circuit it.
 497      if ( ! get_user_option( 'default_password_nag', $user_ID ) ) {
 498          return;
 499      }
 500  
 501      $new_data = get_userdata( $user_ID );
 502  
 503      // Remove the nag if the password has been changed.
 504      if ( $new_data->user_pass != $old_data->user_pass ) {
 505          delete_user_setting( 'default_password_nag' );
 506          update_user_meta( $user_ID, 'default_password_nag', false );
 507      }
 508  }
 509  
 510  /**
 511   * @since 2.8.0
 512   *
 513   * @global string $pagenow The filename of the current screen.
 514   */
 515  function default_password_nag() {
 516      global $pagenow;
 517  
 518      // Short-circuit it.
 519      if ( 'profile.php' === $pagenow || ! get_user_option( 'default_password_nag' ) ) {
 520          return;
 521      }
 522  
 523      echo '<div class="error default-password-nag">';
 524      echo '<p>';
 525      echo '<strong>' . __( 'Notice:' ) . '</strong> ';
 526      _e( 'You&rsquo;re using the auto-generated password for your account. Would you like to change it?' );
 527      echo '</p><p>';
 528      printf( '<a href="%s">' . __( 'Yes, take me to my profile page' ) . '</a> | ', get_edit_profile_url() . '#password' );
 529      printf( '<a href="%s" id="default-password-nag-no">' . __( 'No thanks, do not remind me again' ) . '</a>', '?default_password_nag=0' );
 530      echo '</p></div>';
 531  }
 532  
 533  /**
 534   * @since 3.5.0
 535   * @access private
 536   */
 537  function delete_users_add_js() {
 538      ?>
 539  <script>
 540  jQuery( function($) {
 541      var submit = $('#submit').prop('disabled', true);
 542      $('input[name="delete_option"]').one('change', function() {
 543          submit.prop('disabled', false);
 544      });
 545      $('#reassign_user').focus( function() {
 546          $('#delete_option1').prop('checked', true).trigger('change');
 547      });
 548  } );
 549  </script>
 550      <?php
 551  }
 552  
 553  /**
 554   * Optional SSL preference that can be turned on by hooking to the 'personal_options' action.
 555   *
 556   * See the {@see 'personal_options'} action.
 557   *
 558   * @since 2.7.0
 559   *
 560   * @param WP_User $user User data object.
 561   */
 562  function use_ssl_preference( $user ) {
 563      ?>
 564      <tr class="user-use-ssl-wrap">
 565          <th scope="row"><?php _e( 'Use https' ); ?></th>
 566          <td><label for="use_ssl"><input name="use_ssl" type="checkbox" id="use_ssl" value="1" <?php checked( '1', $user->use_ssl ); ?> /> <?php _e( 'Always use https when visiting the admin' ); ?></label></td>
 567      </tr>
 568      <?php
 569  }
 570  
 571  /**
 572   * @since MU (3.0.0)
 573   *
 574   * @param string $text
 575   * @return string
 576   */
 577  function admin_created_user_email( $text ) {
 578      $roles = get_editable_roles();
 579      $role  = $roles[ $_REQUEST['role'] ];
 580  
 581      if ( '' !== get_bloginfo( 'name' ) ) {
 582          $site_title = wp_specialchars_decode( get_bloginfo( 'name' ), ENT_QUOTES );
 583      } else {
 584          $site_title = parse_url( home_url(), PHP_URL_HOST );
 585      }
 586  
 587      return sprintf(
 588          /* translators: 1: Site title, 2: Site URL, 3: User role. */
 589          __(
 590              'Hi,
 591  You\'ve been invited to join \'%1$s\' at
 592  %2$s with the role of %3$s.
 593  If you do not want to join this site please ignore
 594  this email. This invitation will expire in a few days.
 595  
 596  Please click the following link to activate your user account:
 597  %%s'
 598          ),
 599          $site_title,
 600          home_url(),
 601          wp_specialchars_decode( translate_user_role( $role['name'] ) )
 602      );
 603  }
 604  
 605  /**
 606   * Checks if the Authorize Application Password request is valid.
 607   *
 608   * @since 5.6.0
 609   *
 610   * @param array   $request {
 611   *     The array of request data. All arguments are optional and may be empty.
 612   *
 613   *     @type string $app_name    The suggested name of the application.
 614   *     @type string $app_id      A UUID provided by the application to uniquely identify it.
 615   *     @type string $success_url The URL the user will be redirected to after approving the application.
 616   *     @type string $reject_url  The URL the user will be redirected to after rejecting the application.
 617   * }
 618   * @param WP_User $user The user authorizing the application.
 619   * @return true|WP_Error True if the request is valid, a WP_Error object contains errors if not.
 620   */
 621  function wp_is_authorize_application_password_request_valid( $request, $user ) {
 622      $error = new WP_Error();
 623  
 624      if ( ! empty( $request['success_url'] ) ) {
 625          $scheme = wp_parse_url( $request['success_url'], PHP_URL_SCHEME );
 626  
 627          if ( 'http' === $scheme ) {
 628              $error->add(
 629                  'invalid_redirect_scheme',
 630                  __( 'The success URL must be served over a secure connection.' )
 631              );
 632          }
 633      }
 634  
 635      if ( ! empty( $request['reject_url'] ) ) {
 636          $scheme = wp_parse_url( $request['reject_url'], PHP_URL_SCHEME );
 637  
 638          if ( 'http' === $scheme ) {
 639              $error->add(
 640                  'invalid_redirect_scheme',
 641                  __( 'The rejection URL must be served over a secure connection.' )
 642              );
 643          }
 644      }
 645  
 646      if ( ! empty( $request['app_id'] ) && ! wp_is_uuid( $request['app_id'] ) ) {
 647          $error->add(
 648              'invalid_app_id',
 649              __( 'The application ID must be a UUID.' )
 650          );
 651      }
 652  
 653      /**
 654       * Fires before application password errors are returned.
 655       *
 656       * @since 5.6.0
 657       *
 658       * @param WP_Error $error   The error object.
 659       * @param array    $request The array of request data.
 660       * @param WP_User  $user    The user authorizing the application.
 661       */
 662      do_action( 'wp_authorize_application_password_request_errors', $error, $request, $user );
 663  
 664      if ( $error->has_errors() ) {
 665          return $error;
 666      }
 667  
 668      return true;
 669  }


Generated: Sun Dec 22 01:00:02 2024 Cross-referenced by PHPXref 0.7.1