sergiotarxz/Wordpress
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

App Passwords: Include site_url in the success redirect payload.

Browse Source 
Props georgestephanis.
Fixes #51602.


git-svn-id: https://develop.svn.wordpress.org/trunk@49291 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Timothy Jacobs 2020-10-24 00:05:15 +00:00
parent 262e16b169
commit 1e85024fb4
2 changed files with 10 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/js/_enqueues/admin/auth-app.js
View File

@ -73,7 +73,8 @@
if ( raw ) { if ( raw ) {
url = raw + ( -1 === raw.indexOf( '?' ) ? '?' : '&' ) + url = raw + ( -1 === raw.indexOf( '?' ) ? '?' : '&' ) +
'user_login=' + encodeURIComponent( authApp.user_login ) + 'site_url=' + encodeURIComponent( authApp.site_url ) +
'&user_login=' + encodeURIComponent( authApp.user_login ) +
'&password=' + encodeURIComponent( response.password ); '&password=' + encodeURIComponent( response.password );
window.location = url; window.location = url;

12
src/wp-admin/authorize-application.php
View File

@ -12,6 +12,7 @@ require_once __DIR__ . '/admin.php';
$error = null; $error = null;
$new_password = ''; $new_password = '';
// This is the no-js fallback script. Generally this will all be handled by `auth-app.js`
if ( isset( $_POST['action'] ) && 'authorize_application_password' === $_POST['action'] ) { if ( isset( $_POST['action'] ) && 'authorize_application_password' === $_POST['action'] ) {
check_admin_referer( 'authorize_application_password' ); check_admin_referer( 'authorize_application_password' );
@ -44,8 +45,9 @@ if ( isset( $_POST['action'] ) && 'authorize_application_password' === $_POST['a
if ( $success_url ) { if ( $success_url ) {
$redirect = add_query_arg( $redirect = add_query_arg(
array( array(
'username' => urlencode( wp_get_current_user()->user_login ), 'site_url' => urlencode( site_url() ),
'password' => urlencode( $new_password ), 'user_login' => urlencode( wp_get_current_user()->user_login ),
'password' => urlencode( $new_password ),
), ),
$success_url $success_url
); );
@ -108,6 +110,7 @@ wp_localize_script(
'auth-app', 'auth-app',
'authApp', 'authApp',
array( array(
'site_url' => site_url(),
'user_login' => $user->user_login, 'user_login' => $user->user_login,
'success' => $success_url, 'success' => $success_url,
'reject' => $reject_url ? $reject_url : admin_url(), 'reject' => $reject_url ? $reject_url : admin_url(),
@ -230,8 +233,9 @@ require_once ABSPATH . 'wp-admin/admin-header.php';
'<strong><kbd>' . esc_html( '<strong><kbd>' . esc_html(
add_query_arg( add_query_arg(
array( array(
'username' => $user->user_login, 'site_url' => site_url(),
'password' => '[------]', 'user_login' => $user->user_login,
'password' => '[------]',
), ),
$success_url $success_url
) )