From 4e58365c5c5256173f8fa4b88988c10b7dc928aa Mon Sep 17 00:00:00 2001
From: Timothy Jacobs <timothyblynjacobs@git.wordpress.org>
Date: Thu, 22 Oct 2020 02:41:33 +0000
Subject: [PATCH] App Passwords: Fix success=false not being appended to
 fallback reject url.

Props TimothyBlynJacobs, georgestephanis.
Fixes #51581.


git-svn-id: https://develop.svn.wordpress.org/trunk@49272 602fd350-edb4-49c9-b593-d223f7449a82
---
 src/wp-admin/authorize-application.php | 23 ++++++++++++-----------
 1 file changed, 12 insertions(+), 11 deletions(-)

diff --git a/src/wp-admin/authorize-application.php b/src/wp-admin/authorize-application.php
index 978dfacec0..88804b7d74 100644
--- a/src/wp-admin/authorize-application.php
+++ b/src/wp-admin/authorize-application.php
@@ -22,7 +22,7 @@ if ( isset( $_POST['action'] ) && 'authorize_application_password' === $_POST['a
 
 	if ( isset( $_POST['reject'] ) ) {
 		if ( $reject_url ) {
-			$redirect = add_query_arg( 'success', 'false', $reject_url );
+			$redirect = $reject_url;
 		} else {
 			$redirect = admin_url();
 		}
@@ -57,8 +57,16 @@ $title = __( 'Authorize Application' );
 
 $app_name    = ! empty( $_REQUEST['app_name'] ) ? $_REQUEST['app_name'] : '';
 $success_url = ! empty( $_REQUEST['success_url'] ) ? $_REQUEST['success_url'] : null;
-$reject_url  = ! empty( $_REQUEST['reject_url'] ) ? $_REQUEST['reject_url'] : $success_url;
-$user        = wp_get_current_user();
+
+if ( ! empty( $_REQUEST['reject_url'] ) ) {
+	$reject_url = $_REQUEST['reject_url'];
+} elseif ( $success_url ) {
+	$reject_url = add_query_arg( 'success', 'false', $success_url );
+} else {
+	$reject_url = null;
+}
+
+$user = wp_get_current_user();
 
 $request  = compact( 'app_name', 'success_url', 'reject_url' );
 $is_valid = wp_is_authorize_application_password_request_valid( $request, $user );
@@ -230,14 +238,7 @@ require_once ABSPATH . 'wp-admin/admin-header.php';
 						printf(
 							/* translators: %s: The URL the user is being redirected to. */
 							__( 'You will be sent to %s' ),
-							'<strong><kbd>' . esc_html(
-								add_query_arg(
-									array(
-										'success' => 'false',
-									),
-									$reject_url
-								)
-							) . '</kbd></strong>'
+							'<strong><kbd>' . esc_html( $reject_url ) . '</kbd></strong>'
 						);
 					} else {
 						_e( 'You will be returned to the WordPress Dashboard, and no changes will be made.' );