WordPress.org

Make WordPress Core

Changes between Initial Version and Version 1 of Ticket #52003


Ignore:
Timestamp:
12/09/2020 08:27:33 PM (3 months ago)
Author:
SergeyBiryukov
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #52003 – Description

    initial v1  
    1 wp_validate_application_password only checks for the existence of $_SERVER['PHP_AUTH_USER'] before calling wp_authenticate_application_password with both $_SERVER['PHP_AUTH_USER'] and $_SERVER['PHP_AUTH_PW'].
     1wp_validate_application_password only checks for the existence of `$_SERVER['PHP_AUTH_USER']` before calling wp_authenticate_application_password with both `$_SERVER['PHP_AUTH_USER']` and `$_SERVER['PHP_AUTH_PW']`.
    22
    3 In our environment (using Shibboleth-powered Single Sign-on), $_SERVER['PHP_AUTH_USER'] is already set, but $_SERVER['PHP_AUTH_PW'] is not defined. 
     3In our environment (using Shibboleth-powered Single Sign-on), `$_SERVER['PHP_AUTH_USER']` is already set, but `$_SERVER['PHP_AUTH_PW']` is not defined. 
    44
    55I believe that this section:
    6 
     6{{{
    77// Check that we're trying to authenticate
    88if ( ! isset( $_SERVER['PHP_AUTH_USER'] ) ) {
    99        return $input_user;
    1010}
    11 
     11}}}
    1212should likely be extended to confirm the presence of both variables before calling wp_authenticate_application_password.
    1313
    14 (Of course, I'm also now worried about what other problems we'll run into using PHP_AUTH_USER the way we are, but that's for another day!)
     14(Of course, I'm also now worried about what other problems we'll run into using `PHP_AUTH_USER` the way we are, but that's for another day!)