Application Passwords: Show HTTPS required message without filtering when not enabled or not in local environment.
When add_filter( 'wp_is_application_passwords_available', '__return_false' )
exists, HTTPS requirement message is shown even if HTTPS is enabled on the site. This happens because wp_is_application_passwords_available_for_user()
first invokes wp_is_application_passwords_available()
which is filterable. The situation could happen if the 'wp_is_application_passwords_available_for_user'
filter returns false
.
To fix this, the check for HTTPS (or if in a 'local' environment) is moved to a new function called wp_is_application_passwords_supported()
. Then the return from this function is used as an OR condition for the Application Passwords section and for displaying the HTTPS required message.
Tests are included for both wp_is_application_passwords_supported()
and wp_is_application_passwords_available()
.
Follow-up to [51980], [51988].
Props davidbinda, SergeyBiryukov, ocean90, felipeelia, costdev, hellofromTonya.
Fixes #53658.