WordPress-C
/
WordPress
mirror of https://github.com/WordPress/WordPress.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Application Passwords: Show HTTPS required message without filtering when not enabled or not in local environment. 

When `add_filter( 'wp_is_application_passwords_available', '__return_false' )` exists, HTTPS requirement message is shown even if HTTPS is enabled on the site. This happens because `wp_is_application_passwords_available_for_user()` first invokes `wp_is_application_passwords_available()` which is filterable. The situation could happen if the `'wp_is_application_passwords_available_for_user'` filter returns `false`.

To fix this, the check for HTTPS (or if in a 'local' environment) is moved to a new function called `wp_is_application_passwords_supported()`. Then the return from this function is used as an OR condition for the Application Passwords section and for displaying the HTTPS required message.

Tests are included for both `wp_is_application_passwords_supported()` and `wp_is_application_passwords_available()`.

Follow-up to [51980], [51988].

Props davidbinda, SergeyBiryukov, ocean90, felipeelia, costdev, hellofromTonya.
Fixes #53658.
Built from https://develop.svn.wordpress.org/trunk@52398


git-svn-id: http://core.svn.wordpress.org/trunk@51990 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
hellofromTonya 2021-12-21 02:45:03 +00:00
parent f067011b59
commit 28b0710360
4 changed files with 21 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
wp-admin/user-edit.php
View File

@ -733,6 +733,7 @@ endif;
</table> </table>
<?php if ( wp_is_application_passwords_available_for_user( $user_id ) || ! wp_is_application_passwords_supported() ) : // phpcs:disable Generic.WhiteSpace.ScopeIndent ?>
<div class="application-passwords hide-if-no-js" id="application-passwords-section"> <div class="application-passwords hide-if-no-js" id="application-passwords-section">
<h2><?php _e( 'Application Passwords' ); ?></h2> <h2><?php _e( 'Application Passwords' ); ?></h2>
<p><?php _e( 'Application passwords allow authentication via non-interactive systems, such as XML-RPC or the REST API, without providing your actual password. Application passwords can be easily revoked. They cannot be used for traditional logins to your website.' ); ?></p> <p><?php _e( 'Application passwords allow authentication via non-interactive systems, such as XML-RPC or the REST API, without providing your actual password. Application passwords can be easily revoked. They cannot be used for traditional logins to your website.' ); ?></p>
@ -796,7 +797,7 @@ endif;
$application_passwords_list_table->display(); $application_passwords_list_table->display();
?> ?>
</div> </div>
<?php else : ?> <?php elseif ( ! wp_is_application_passwords_supported() ) : ?>
<p><?php _e( 'The application password feature requires HTTPS, which is not enabled on this site.' ); ?></p> <p><?php _e( 'The application password feature requires HTTPS, which is not enabled on this site.' ); ?></p>
<p> <p>
<?php <?php
@ -809,6 +810,7 @@ endif;
</p> </p>
<?php endif; ?> <?php endif; ?>
</div> </div>
<?php endif; // phpcs:enable Generic.WhiteSpace.ScopeIndent ?>
<?php <?php
if ( IS_PROFILE_PAGE ) { if ( IS_PROFILE_PAGE ) {

2
wp-includes/load.php
View File

@ -191,7 +191,7 @@ function wp_check_php_mysql_versions() {
function wp_get_environment_type() { function wp_get_environment_type() {
static $current_env = ''; static $current_env = '';
if ( $current_env ) { if ( ! defined( 'WP_RUN_CORE_TESTS' ) && $current_env ) {
return $current_env; return $current_env;
} }

20
wp-includes/user.php
View File

@ -4657,19 +4657,31 @@ function wp_get_user_request( $request_id ) {
return new WP_User_Request( $post ); return new WP_User_Request( $post );
} }
/**
* Checks if Application Passwords is supported.
*
* Application Passwords is supported only by sites using SSL or local environments
* but may be made available using the {@see 'wp_is_application_passwords_available'} filter.
*
* @since 5.9.0
*
* @return bool
*/
function wp_is_application_passwords_supported() {
return is_ssl() || 'local' === wp_get_environment_type();
}
/** /**
* Checks if Application Passwords is globally available. * Checks if Application Passwords is globally available.
* *
* By default, Application Passwords is available to all sites using SSL or to local environments. * By default, Application Passwords is available to all sites using SSL or to local environments.
* Use {@see 'wp_is_application_passwords_available'} to adjust its availability. * Use the {@see 'wp_is_application_passwords_available'} filter to adjust its availability.
* *
* @since 5.6.0 * @since 5.6.0
* *
* @return bool * @return bool
*/ */
function wp_is_application_passwords_available() { function wp_is_application_passwords_available() {
$available = is_ssl() || 'local' === wp_get_environment_type();
/** /**
* Filters whether Application Passwords is available. * Filters whether Application Passwords is available.
* *
@ -4677,7 +4689,7 @@ function wp_is_application_passwords_available() {
* *
* @param bool $available True if available, false otherwise. * @param bool $available True if available, false otherwise.
*/ */
return apply_filters( 'wp_is_application_passwords_available', $available ); return apply_filters( 'wp_is_application_passwords_available', wp_is_application_passwords_supported() );
} }
/** /**

2
wp-includes/version.php
View File

@ -16,7 +16,7 @@
* *
* @global string $wp_version * @global string $wp_version
*/ */
$wp_version = '5.9-beta3-52397'; $wp_version = '5.9-beta3-52398';
/** /**
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema. * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.