App Passwords: Explain that apps can access to all sites in a network.

Props georgestephanis, spacedmonkey, johnjamesjacoby, SergeyBiryukov, marybaum. Fixes #51489. git-svn-id: https://develop.svn.wordpress.org/trunk@49270 602fd350-edb4-49c9-b593-d223f7449a82
2020-10-22 02:34:16 +00:00 · 2020-10-22 02:34:16 +00:00 · 4143182d6b
commit 4143182d6b
parent cfbb2294f9
2 changed files with 47 additions and 0 deletions
--- a/src/wp-admin/authorize-application.php
+++ b/src/wp-admin/authorize-application.php
@ -121,6 +121,30 @@ require_once ABSPATH . 'wp-admin/admin-header.php';
 			<p><?php _e( 'Would you like to give this application access to your account? You should only do this if you trust the app in question.' ); ?></p>
 		<?php endif; ?>

+		<?php
+		if ( is_multisite() ) {
+			$blogs = get_blogs_of_user( $user->ID, true );
+			if ( count( $blogs ) > 1 ) {
+				?>
+				<p>
+				<?php
+					printf(
+						/* translators: 1: url to my-sites.php, 2: Number of blogs the user has. */
+						_n(
+							'This will grant access to <a href="%1$s">the %2$s blog in this installation that you have permissions on</a>.',
+							'This will grant access to <a href="%1$s">all %2$s blogs in this installation that you have permissions on</a>.',
+							count( $blogs )
+						),
+						admin_url( 'my-sites.php' ),
+						number_format_i18n( count( $blogs ) )
+					);
+				?>
+				</p>
+				<?php
+			}
+		}
+		?>
+
 		<?php if ( $new_password ) : ?>
 			<div class="notice notice-success notice-alt below-h2">
 				<p class="password-display">
--- a/src/wp-admin/user-edit.php
+++ b/src/wp-admin/user-edit.php
@ -715,6 +715,29 @@ endif;
 	<div class="application-passwords hide-if-no-js" id="application-passwords-section">
 		<h2><?php _e( 'Application Passwords' ); ?></h2>
 		<p><?php _e( 'Application passwords allow authentication via non-interactive systems, such as XML-RPC or the REST API, without providing your actual password. Application passwords can be easily revoked. They cannot be used for traditional logins to your website.' ); ?></p>
+			<?php
+			if ( is_multisite() ) {
+				$blogs = get_blogs_of_user( $user_id, true );
+				if ( count( $blogs ) > 1 ) {
+					?>
+					<p>
+					<?php
+					printf(
+						/* translators: 1: url to my-sites.php, 2: Number of blogs the user has. */
+						_n(
+							'Application passwords grant access to <a href="%1$s">the %2$s blog in this installation that you have permissions on</a>.',
+							'Application passwords grant access to <a href="%1$s">all %2$s blogs in this installation that you have permissions on</a>.',
+							count( $blogs )
+						),
+						admin_url( 'my-sites.php' ),
+						number_format_i18n( count( $blogs ) )
+					);
+					?>
+					</p>
+					<?php
+				}
+			}
+			?>
 		<div class="create-application-password">
 			<label for="new_application_password_name" class="screen-reader-text"><?php _e( 'New Application Password Name' ); ?></label>
 			<input type="text" size="30" id="new_application_password_name" name="new_application_password_name" placeholder="<?php esc_attr_e( 'New Application Password Name' ); ?>" class="input" />