WordPress/wp-admin
Helen Hou-Sandí 1fc7b75913 App Passwords: Prevent conflicts when Basic Auth is already used by the site.
Application Passwords uses Basic Authentication to transfer authentication details. If the site is already using Basic Auth, for instance to implement a private staging environment, then the REST API will treat this as an authentication attempt and would end up generating an error for any REST API request.

Now, Application Password authentication will only be attempted if Application Passwords is in use by a site. This is flagged by setting an option whenever an Application Password is created. An upgrade routine is added to set this option if any App Passwords already exist.

Lastly, creating an Application Password will be prevented if the site appears to already be using Basic Authentication.

Props chexwarrior, georgestephanis, adamsilverstein, helen, Clorith, marybaum, TimothyBlynJacobs.
Reviewed by TimothyBlynJacobs, helen.
Merges [49752] to the 5.6 branch.
Fixes #51939.

Built from https://develop.svn.wordpress.org/branches/5.6@49754


git-svn-id: http://core.svn.wordpress.org/branches/5.6@49477 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-12-04 21:48:03 +00:00
..
css Help/About: WordPress 5.6 About Page. 2020-11-17 21:34:04 +00:00
images About: Optimize freedoms sprite and add 2 column layout. 2020-11-02 19:46:14 +00:00
includes App Passwords: Prevent conflicts when Basic Auth is already used by the site. 2020-12-04 21:48:03 +00:00
js Site Health, App Passwords: Ensure REST API responses are properly translated. 2020-12-01 18:07:08 +00:00
maint Administration: Remove the `xmlns` attribute on the `<html>` tag. 2020-06-22 21:26:16 +00:00
network Coding standards: Modify escaping functions to avoid potential false positives. 2020-10-29 18:03:11 +00:00
user Code Modernization: Replace `dirname( __FILE__ )` calls with `__DIR__` magic constant. 2020-02-06 06:33:11 +00:00
about.php Help/About: Move trailing punctuation in the jQuery Migrate Helper plugin link outside of the HTML tag. 2020-12-01 19:35:07 +00:00
admin-ajax.php Site Health, REST API: Move async tests to REST API endpoints. 2020-10-15 02:00:08 +00:00
admin-footer.php Docs: Improve inline comments per the documentation standards. 2020-01-29 00:45:18 +00:00
admin-functions.php Code Modernization: Replace `dirname( __FILE__ )` calls with `__DIR__` magic constant. 2020-02-06 06:33:11 +00:00
admin-header.php Coding standards: Modify escaping functions to avoid potential false positives. 2020-10-29 18:03:11 +00:00
admin-post.php Code Modernization: Replace `dirname( __FILE__ )` calls with `__DIR__` magic constant. 2020-02-06 06:33:11 +00:00
admin.php Upgrade/Install: Don't trigger database upgrade on Ajax requests via `wp-admin/async-upload.php`. 2020-07-22 12:56:04 +00:00
async-upload.php General: Replace older-style PHP type conversion functions with type casts. 2020-10-08 21:15:13 +00:00
authorize-application.php App Passwords: Prevent conflicts when Basic Auth is already used by the site. 2020-12-04 21:48:03 +00:00
comment.php Docs: Update the URL for PHP date formats table in translator comments. 2020-09-18 10:37:08 +00:00
credits.php Help/About: WordPress 5.6 About Page. 2020-11-17 21:34:04 +00:00
custom-background.php Code Modernization: Replace `dirname( __FILE__ )` calls with `__DIR__` magic constant. 2020-02-06 06:33:11 +00:00
custom-header.php Code Modernization: Replace `dirname( __FILE__ )` calls with `__DIR__` magic constant. 2020-02-06 06:33:11 +00:00
customize.php Docs: Correct documentation for `customize_controls_head` hook and `_customizer_mobile_viewport_meta()` function. 2020-07-10 11:36:07 +00:00
edit-comments.php Comments: Correct ending tag placement in the "Search results for: ..." subtitle. 2020-11-28 17:32:04 +00:00
edit-form-advanced.php Docs: Update the URL for PHP date formats table in translator comments. 2020-09-18 10:37:08 +00:00
edit-form-blocks.php Editor: Hide Screen Options tab from block editor 2020-09-24 03:00:08 +00:00
edit-form-comment.php Docs: Update the URL for PHP date formats table in translator comments. 2020-09-18 10:37:08 +00:00
edit-link-form.php Administration: Use HTTPS for XHTML Friends Network URL. 2020-07-04 09:33:01 +00:00
edit-tag-form.php Docs: Fix and upgrade various `object` docblock notations. 2020-10-17 16:05:09 +00:00
edit-tags.php Coding Standards: Split long `printf()` calls for search results for better readability. 2020-10-23 17:19:14 +00:00
edit.php Coding Standards: Split long `printf()` calls for search results for better readability. 2020-10-23 17:19:14 +00:00
erase-personal-data.php Privacy: Improve clarity of privacy error strings. 2020-10-04 03:23:09 +00:00
export-personal-data.php Privacy: Set the direction for the "Username or email address" field on privacy screens to LTR. 2020-07-14 11:17:04 +00:00
export.php Coding Standards: Use strict comparison in some `wp-admin` files. 2020-05-12 18:32:08 +00:00
freedoms.php Help/About: WordPress 5.6 About Page. 2020-11-17 21:34:04 +00:00
import.php I18N: Add context to some plugin and theme strings for consistency. 2020-07-20 23:14:05 +00:00
index.php Help/About: Add Site Health Status dashboard widget to the Help → Content tab. 2020-11-10 19:05:10 +00:00
install-helper.php Docs: Improve documentation for functions in `wp-admin/install-helper.php` per the documentation standards. 2020-05-12 18:40:07 +00:00
install.php Site Health: Improve the error message displayed when activating a plugin that requires a higher version of PHP or WordPress. 2020-06-26 00:27:09 +00:00
link-add.php Code Modernization: Replace `dirname( __FILE__ )` calls with `__DIR__` magic constant. 2020-02-06 06:33:11 +00:00
link-manager.php Coding Standards: Split long `printf()` calls for search results for better readability. 2020-10-23 17:19:14 +00:00
link-parse-opml.php XML-RPC: Explicitly unset the reference to the parser resource after calling `xml_parser_free()` to avoid memory leaks in PHP 7.0.0 or higher. 2020-07-05 15:22:01 +00:00
link.php Coding Standards: Replace alias PHP functions with the canonical names. 2020-10-18 17:27:06 +00:00
load-scripts.php Coding Standards: Fix instances of `Generic.WhiteSpace.ArbitraryParenthesesSpacing.FoundEmpty`. 2020-05-26 09:37:10 +00:00
load-styles.php Coding Standards: Fix instances of `Generic.WhiteSpace.ArbitraryParenthesesSpacing.FoundEmpty`. 2020-05-26 09:37:10 +00:00
media-new.php Coding standards: Modify escaping functions to avoid potential false positives. 2020-10-29 18:03:11 +00:00
media-upload.php General: Replace older-style PHP type conversion functions with type casts. 2020-10-08 21:15:13 +00:00
media.php Coding Standards: Fix instances of `Generic.WhiteSpace.ArbitraryParenthesesSpacing.FoundEmpty`. 2020-05-26 09:37:10 +00:00
menu-header.php Coding Standards: Replace alias PHP functions with the canonical names. 2020-10-18 17:27:06 +00:00
menu.php Users: Change "Your Profile" and "My Profile" links in admin menu and toolbar to just "Profile" for consistency. 2020-04-20 08:39:06 +00:00
moderation.php Code Modernization: Replace `dirname( __FILE__ )` calls with `__DIR__` magic constant. 2020-02-06 06:33:11 +00:00
ms-admin.php Code Modernization: Replace `dirname( __FILE__ )` calls with `__DIR__` magic constant. 2020-02-06 06:33:11 +00:00
ms-delete-site.php Docs: Various docblock improvements related to user and site signup functionality. 2020-09-30 21:54:07 +00:00
ms-edit.php Code Modernization: Replace `dirname( __FILE__ )` calls with `__DIR__` magic constant. 2020-02-06 06:33:11 +00:00
ms-options.php Code Modernization: Replace `dirname( __FILE__ )` calls with `__DIR__` magic constant. 2020-02-06 06:33:11 +00:00
ms-sites.php Code Modernization: Replace `dirname( __FILE__ )` calls with `__DIR__` magic constant. 2020-02-06 06:33:11 +00:00
ms-themes.php Code Modernization: Replace `dirname( __FILE__ )` calls with `__DIR__` magic constant. 2020-02-06 06:33:11 +00:00
ms-upgrade-network.php Code Modernization: Replace `dirname( __FILE__ )` calls with `__DIR__` magic constant. 2020-02-06 06:33:11 +00:00
ms-users.php Code Modernization: Replace `dirname( __FILE__ )` calls with `__DIR__` magic constant. 2020-02-06 06:33:11 +00:00
my-sites.php Coding Standards: Use strict comparison in some `wp-admin` files. 2020-05-12 18:32:08 +00:00
nav-menus.php Administration: Better targeting for required form field highlighting. 2020-10-23 15:05:09 +00:00
network.php Coding Standards: Use strict comparison for `count()` calls. 2020-05-23 11:38:08 +00:00
options-discussion.php General: Update code for readability and inclusion 2020-07-23 03:14:06 +00:00
options-general.php Docs: Update the URL for PHP date formats table in translator comments. 2020-09-18 10:37:08 +00:00
options-head.php Administration: Replace legacy `updated` message type in `add_settings_error()` calls with `success`. 2019-08-16 00:39:55 +00:00
options-media.php Docs: Correct and clarify an inline comment about the `upload_url_path` and `upload_path` options in `wp-admin/options-media.php`. 2020-06-01 11:22:13 +00:00
options-permalink.php Permalinks: Don't show "You should update your `.htaccess` file now" message when saving permalink settings on Multisite. 2020-08-02 12:57:08 +00:00
options-privacy.php Privacy: Improve clarity of privacy error strings. 2020-10-04 03:23:09 +00:00
options-reading.php Help/About: Clarify that discouraging search engines does not prevent them from crawling the site. 2020-10-23 18:07:13 +00:00
options-writing.php Administration: Add missing comma to the message in "Post via email" section. 2020-06-26 19:38:06 +00:00
options.php General: Update code for readability and inclusion 2020-07-23 03:14:06 +00:00
plugin-editor.php Coding Standards: Replace alias PHP functions with the canonical names. 2020-10-18 17:27:06 +00:00
plugin-install.php Accessibility: Plugins: Accessibility and CSS improvements for the Plugins pages. 2020-07-03 08:51:05 +00:00
plugins.php Coding Standards: Split long `printf()` calls for search results for better readability. 2020-10-23 17:19:14 +00:00
post-new.php Coding Standards: Use strict comparison where static strings are involved. 2020-05-16 18:42:12 +00:00
post.php Posts, Post Types: Switch to restoring posts to `draft` status by default when they are untrashed. 2020-10-11 13:39:07 +00:00
press-this.php Code Modernization: Replace `dirname( __FILE__ )` calls with `__DIR__` magic constant. 2020-02-06 06:33:11 +00:00
privacy-policy-guide.php Privacy: Improve clarity of privacy error strings. 2020-10-04 03:23:09 +00:00
privacy.php Help/About: WordPress 5.6 About Page. 2020-11-17 21:34:04 +00:00
profile.php Code Modernization: Replace `dirname( __FILE__ )` calls with `__DIR__` magic constant. 2020-02-06 06:33:11 +00:00
revision.php Text Changes: Unify various "Back to..." vs. "Return to..." vs. "Go to..." strings. 2020-11-09 10:53:10 +00:00
setup-config.php Administration: Remove the `xmlns` attribute on the `<html>` tag. 2020-06-22 21:26:16 +00:00
site-health-info.php Accessibility: Site Health: Improve the "Copy site info" button accessibility. 2020-06-30 13:26:03 +00:00
site-health.php Site Health: Validate the test result data format in JS before using it. 2020-11-08 09:52:10 +00:00
term.php Coding Standards: Use strict type check for `in_array()` and `array_search()` where strings are involved. 2020-04-05 03:02:11 +00:00
theme-editor.php Coding Standards: Replace alias PHP functions with the canonical names. 2020-10-18 17:27:06 +00:00
theme-install.php Themes: Display a message in theme grid if a theme requires a higher version of PHP or WordPress. 2020-07-27 15:04:03 +00:00
themes.php Upgrade/Install: Only show auto-update for themes that support the feature. 2020-07-29 20:01:08 +00:00
tools.php Privacy: Fix the URLs and legacy redirects for the personal data export and erasure screens. 2020-03-03 00:50:06 +00:00
update-core.php Upgrade/Install: Display "You are using a development version" message on WordPress Updates screen for Beta or RC versions. 2020-11-30 16:53:05 +00:00
update.php Upgrade/Install: Ensure cleanup after canceled update. 2020-07-10 06:08:06 +00:00
upgrade-functions.php Code Modernization: Replace `dirname( __FILE__ )` calls with `__DIR__` magic constant. 2020-02-06 06:33:11 +00:00
upgrade.php Site Health: Improve the error message displayed when activating a plugin that requires a higher version of PHP or WordPress. 2020-06-26 00:27:09 +00:00
upload.php Coding Standards: Split long `printf()` calls for search results for better readability. 2020-10-23 17:19:14 +00:00
user-edit.php App Passwords: Prevent conflicts when Basic Auth is already used by the site. 2020-12-04 21:48:03 +00:00
user-new.php Coding Standards: Remove unused `$current_role` variable from Add New User form. 2020-10-24 12:49:05 +00:00
users.php Coding Standards: Split long `printf()` calls for search results for better readability. 2020-10-23 17:19:14 +00:00
widgets.php Accessibility: Widgets: Add a "Cancel" link when editing a widget in accessibility mode. 2020-10-09 15:53:08 +00:00