WordPress-C
/
WordPress
mirror of https://github.com/WordPress/WordPress.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Application Passwords: Allow plain HTTP success and reject URLs when using a local environment type. 

It's not uncommon for local environments to run over HTTP due to the relative complexity of configuring HTTPS for a local environment. This change allows HTTP URLs for application password responses when that is the case.

Props peterwilsoncc, wppunk, cadic, viralsampat

Fixes #52617

Built from https://develop.svn.wordpress.org/trunk@55283


git-svn-id: http://core.svn.wordpress.org/trunk@54816 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
John Blackbourn 2023-02-07 17:46:20 +00:00
parent dbdba246b6
commit e374552961
2 changed files with 6 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
wp-admin/includes/user.php
View File

@ -612,6 +612,7 @@ Please click the following link to activate your user account:
* Checks if the Authorize Application Password request is valid. * Checks if the Authorize Application Password request is valid.
* *
* @since 5.6.0 * @since 5.6.0
* @since 6.2.0 Allow insecure HTTP connections for the local environment.
* *
* @param array $request { * @param array $request {
* The array of request data. All arguments are optional and may be empty. * The array of request data. All arguments are optional and may be empty.
@ -625,12 +626,13 @@ Please click the following link to activate your user account:
* @return true|WP_Error True if the request is valid, a WP_Error object contains errors if not. * @return true|WP_Error True if the request is valid, a WP_Error object contains errors if not.
*/ */
function wp_is_authorize_application_password_request_valid( $request, $user ) { function wp_is_authorize_application_password_request_valid( $request, $user ) {
$error = new WP_Error(); $error = new WP_Error();
$is_local = 'local' === wp_get_environment_type();
if ( ! empty( $request['success_url'] ) ) { if ( ! empty( $request['success_url'] ) ) {
$scheme = wp_parse_url( $request['success_url'], PHP_URL_SCHEME ); $scheme = wp_parse_url( $request['success_url'], PHP_URL_SCHEME );
if ( 'http' === $scheme ) { if ( 'http' === $scheme && ! $is_local ) {
$error->add( $error->add(
'invalid_redirect_scheme', 'invalid_redirect_scheme',
__( 'The success URL must be served over a secure connection.' ) __( 'The success URL must be served over a secure connection.' )
@ -641,7 +643,7 @@ function wp_is_authorize_application_password_request_valid( $request, $user ) {
if ( ! empty( $request['reject_url'] ) ) { if ( ! empty( $request['reject_url'] ) ) {
$scheme = wp_parse_url( $request['reject_url'], PHP_URL_SCHEME ); $scheme = wp_parse_url( $request['reject_url'], PHP_URL_SCHEME );
if ( 'http' === $scheme ) { if ( 'http' === $scheme && ! $is_local ) {
$error->add( $error->add(
'invalid_redirect_scheme', 'invalid_redirect_scheme',
__( 'The rejection URL must be served over a secure connection.' ) __( 'The rejection URL must be served over a secure connection.' )

2
wp-includes/version.php
View File

@ -16,7 +16,7 @@
* *
* @global string $wp_version * @global string $wp_version
*/ */
$wp_version = '6.2-alpha-55282'; $wp_version = '6.2-alpha-55283';
/** /**
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema. * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.