Make WordPress Core


Ignore:
Timestamp:
12/21/2021 02:43:18 AM (3 years ago)
Author:
hellofromTonya
Message:

Application Passwords: Show HTTPS required message without filtering when not enabled or not in local environment.

When add_filter( 'wp_is_application_passwords_available', '__return_false' ) exists, HTTPS requirement message is shown even if HTTPS is enabled on the site. This happens because wp_is_application_passwords_available_for_user() first invokes wp_is_application_passwords_available() which is filterable. The situation could happen if the 'wp_is_application_passwords_available_for_user' filter returns false.

To fix this, the check for HTTPS (or if in a 'local' environment) is moved to a new function called wp_is_application_passwords_supported(). Then the return from this function is used as an OR condition for the Application Passwords section and for displaying the HTTPS required message.

Tests are included for both wp_is_application_passwords_supported() and wp_is_application_passwords_available().

Follow-up to [51980], [51988].

Props davidbinda, SergeyBiryukov, ocean90, felipeelia, costdev, hellofromTonya.
Fixes #53658.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/user-edit.php

    r51988 r52398  
    734734    </table>
    735735
     736<?php if ( wp_is_application_passwords_available_for_user( $user_id ) || ! wp_is_application_passwords_supported() ) : // phpcs:disable Generic.WhiteSpace.ScopeIndent ?>
    736737    <div class="application-passwords hide-if-no-js" id="application-passwords-section">
    737738        <h2><?php _e( 'Application Passwords' ); ?></h2>
     
    797798            ?>
    798799        </div>
    799         <?php else : ?>
     800        <?php elseif ( ! wp_is_application_passwords_supported() ) : ?>
    800801            <p><?php _e( 'The application password feature requires HTTPS, which is not enabled on this site.' ); ?></p>
    801802            <p>
     
    810811        <?php endif; ?>
    811812    </div>
     813<?php endif; // phpcs:enable Generic.WhiteSpace.ScopeIndent ?>
    812814
    813815        <?php
Note: See TracChangeset for help on using the changeset viewer.