Make WordPress Core


Ignore:
Timestamp:
10/22/2020 03:04:23 PM (4 years ago)
Author:
TimothyBlynJacobs
Message:

App Passwords: Support an app_id to uniquely identify instances of an app.

Apps may now optionally include an app_id parameter when directing the user to the Authorize Application screen. This allows for instances of an application to be identified and potentially revoked or blocked.

Props TimothyBlynJacobs, georgestephanis.
Fixes #51583.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/authorize-application.php

    r49272 r49276  
    1919    $reject_url  = $_POST['reject_url'];
    2020    $app_name    = $_POST['app_name'];
     21    $app_id      = $_POST['app_id'];
    2122    $redirect    = '';
    2223
     
    2829        }
    2930    } elseif ( isset( $_POST['approve'] ) ) {
    30         $created = WP_Application_Passwords::create_new_application_password( get_current_user_id(), array( 'name' => $app_name ) );
     31        $created = WP_Application_Passwords::create_new_application_password(
     32            get_current_user_id(),
     33            array(
     34                'name'   => $app_name,
     35                'app_id' => $app_id,
     36            )
     37        );
    3138
    3239        if ( is_wp_error( $created ) ) {
     
    5764
    5865$app_name    = ! empty( $_REQUEST['app_name'] ) ? $_REQUEST['app_name'] : '';
     66$app_id      = ! empty( $_REQUEST['app_id'] ) ? $_REQUEST['app_id'] : '';
    5967$success_url = ! empty( $_REQUEST['success_url'] ) ? $_REQUEST['success_url'] : null;
    6068
     
    6977$user = wp_get_current_user();
    7078
    71 $request  = compact( 'app_name', 'success_url', 'reject_url' );
     79$request  = compact( 'app_name', 'app_id', 'success_url', 'reject_url' );
    7280$is_valid = wp_is_authorize_application_password_request_valid( $request, $user );
    7381
     
    184192                <?php wp_nonce_field( 'authorize_application_password' ); ?>
    185193                <input type="hidden" name="action" value="authorize_application_password" />
     194                <input type="hidden" name="app_id" value="<?php echo esc_attr( $app_id ); ?>" />
    186195                <input type="hidden" name="success_url" value="<?php echo esc_url( $success_url ); ?>" />
    187196                <input type="hidden" name="reject_url" value="<?php echo esc_url( $reject_url ); ?>" />
Note: See TracChangeset for help on using the changeset viewer.