Make WordPress Core


Ignore:
Timestamp:
12/21/2021 02:43:18 AM (3 years ago)
Author:
hellofromTonya
Message:

Application Passwords: Show HTTPS required message without filtering when not enabled or not in local environment.

When add_filter( 'wp_is_application_passwords_available', '__return_false' ) exists, HTTPS requirement message is shown even if HTTPS is enabled on the site. This happens because wp_is_application_passwords_available_for_user() first invokes wp_is_application_passwords_available() which is filterable. The situation could happen if the 'wp_is_application_passwords_available_for_user' filter returns false.

To fix this, the check for HTTPS (or if in a 'local' environment) is moved to a new function called wp_is_application_passwords_supported(). Then the return from this function is used as an OR condition for the Application Passwords section and for displaying the HTTPS required message.

Tests are included for both wp_is_application_passwords_supported() and wp_is_application_passwords_available().

Follow-up to [51980], [51988].

Props davidbinda, SergeyBiryukov, ocean90, felipeelia, costdev, hellofromTonya.
Fixes #53658.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/user.php

    r52352 r52398  
    46594659
    46604660/**
     4661 * Checks if Application Passwords is supported.
     4662 *
     4663 * Application Passwords is supported only by sites using SSL or local environments
     4664 * but may be made available using the {@see 'wp_is_application_passwords_available'} filter.
     4665 *
     4666 * @since 5.9.0
     4667 *
     4668 * @return bool
     4669 */
     4670function wp_is_application_passwords_supported() {
     4671    return is_ssl() || 'local' === wp_get_environment_type();
     4672}
     4673
     4674/**
    46614675 * Checks if Application Passwords is globally available.
    46624676 *
    46634677 * By default, Application Passwords is available to all sites using SSL or to local environments.
    4664  * Use {@see 'wp_is_application_passwords_available'} to adjust its availability.
     4678 * Use the {@see 'wp_is_application_passwords_available'} filter to adjust its availability.
    46654679 *
    46664680 * @since 5.6.0
     
    46694683 */
    46704684function wp_is_application_passwords_available() {
    4671     $available = is_ssl() || 'local' === wp_get_environment_type();
    4672 
    46734685    /**
    46744686     * Filters whether Application Passwords is available.
     
    46784690     * @param bool $available True if available, false otherwise.
    46794691     */
    4680     return apply_filters( 'wp_is_application_passwords_available', $available );
     4692    return apply_filters( 'wp_is_application_passwords_available', wp_is_application_passwords_supported() );
    46814693}
    46824694
Note: See TracChangeset for help on using the changeset viewer.