From e992757e5b871aadea634dafb3b4db677fd5187e Mon Sep 17 00:00:00 2001 From: TimothyBlynJacobs Date: Sat, 24 Oct 2020 00:07:08 +0000 Subject: [PATCH] App Passwords: Include site_url in the success redirect payload. Props georgestephanis. Fixes #51602. Built from https://develop.svn.wordpress.org/trunk@49291 git-svn-id: http://core.svn.wordpress.org/trunk@49053 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-admin/authorize-application.php | 12 ++++++++---- wp-admin/js/auth-app.js | 3 ++- wp-admin/js/auth-app.min.js | 2 +- wp-includes/version.php | 2 +- 4 files changed, 12 insertions(+), 7 deletions(-) diff --git a/wp-admin/authorize-application.php b/wp-admin/authorize-application.php index 524dbedf32..6f4378892a 100644 --- a/wp-admin/authorize-application.php +++ b/wp-admin/authorize-application.php @@ -12,6 +12,7 @@ require_once __DIR__ . '/admin.php'; $error = null; $new_password = ''; +// This is the no-js fallback script. Generally this will all be handled by `auth-app.js` if ( isset( $_POST['action'] ) && 'authorize_application_password' === $_POST['action'] ) { check_admin_referer( 'authorize_application_password' ); @@ -44,8 +45,9 @@ if ( isset( $_POST['action'] ) && 'authorize_application_password' === $_POST['a if ( $success_url ) { $redirect = add_query_arg( array( - 'username' => urlencode( wp_get_current_user()->user_login ), - 'password' => urlencode( $new_password ), + 'site_url' => urlencode( site_url() ), + 'user_login' => urlencode( wp_get_current_user()->user_login ), + 'password' => urlencode( $new_password ), ), $success_url ); @@ -108,6 +110,7 @@ wp_localize_script( 'auth-app', 'authApp', array( + 'site_url' => site_url(), 'user_login' => $user->user_login, 'success' => $success_url, 'reject' => $reject_url ? $reject_url : admin_url(), @@ -230,8 +233,9 @@ require_once ABSPATH . 'wp-admin/admin-header.php'; '' . esc_html( add_query_arg( array( - 'username' => $user->user_login, - 'password' => '[------]', + 'site_url' => site_url(), + 'user_login' => $user->user_login, + 'password' => '[------]', ), $success_url ) diff --git a/wp-admin/js/auth-app.js b/wp-admin/js/auth-app.js index 3152ed3c5c..592e074fb6 100644 --- a/wp-admin/js/auth-app.js +++ b/wp-admin/js/auth-app.js @@ -73,7 +73,8 @@ if ( raw ) { url = raw + ( -1 === raw.indexOf( '?' ) ? '?' : '&' ) + - 'user_login=' + encodeURIComponent( authApp.user_login ) + + 'site_url=' + encodeURIComponent( authApp.site_url ) + + '&user_login=' + encodeURIComponent( authApp.user_login ) + '&password=' + encodeURIComponent( response.password ); window.location = url; diff --git a/wp-admin/js/auth-app.min.js b/wp-admin/js/auth-app.min.js index 56dcf73340..04c2eb1a67 100644 --- a/wp-admin/js/auth-app.min.js +++ b/wp-admin/js/auth-app.min.js @@ -1,2 +1,2 @@ /*! This file is auto-generated */ -!function(i,c){var n=i("#app_name"),d=i("#approve"),e=i("#reject"),l=n.closest("form"),o={userLogin:c.user_login,successUrl:c.success,rejectUrl:c.reject};d.click(function(e){var r=n.val(),p=i('input[name="app_id"]',l).val();if(e.preventDefault(),0!==r.length){n.prop("disabled",!0),d.prop("disabled",!0);var s={name:r};0",""),t=i("
").attr("role","alert").attr("tabindex",0).addClass("notice notice-success notice-alt").append(i("

").html(a)),i("strong",t).text(r),i("kbd",t).text(e.password),l.replaceWith(t),t.focus())}).fail(function(e,p,s){var o=s,a=null;e.responseJSON&&(a=e.responseJSON).message&&(o=a.message);var t=i("
").attr("role","alert").addClass("notice notice-error").append(i("

").text(o));i("h1").after(t),n.prop("disabled",!1),d.prop("disabled",!1),wp.hooks.doAction("wp_application_passwords_approve_app_request_success",a,p,e)})}else n.focus()}),e.click(function(e){e.preventDefault(),wp.hooks.doAction("wp_application_passwords_reject_app",o),window.location=c.reject}),l.on("submit",function(e){e.preventDefault()})}(jQuery,authApp); \ No newline at end of file +!function(i,c){var n=i("#app_name"),d=i("#approve"),e=i("#reject"),l=n.closest("form"),o={userLogin:c.user_login,successUrl:c.success,rejectUrl:c.reject};d.click(function(e){var r=n.val(),s=i('input[name="app_id"]',l).val();if(e.preventDefault(),0!==r.length){n.prop("disabled",!0),d.prop("disabled",!0);var p={name:r};0",""),t=i("
").attr("role","alert").attr("tabindex",0).addClass("notice notice-success notice-alt").append(i("

").html(a)),i("strong",t).text(r),i("kbd",t).text(e.password),l.replaceWith(t),t.focus())}).fail(function(e,s,p){var o=p,a=null;e.responseJSON&&(a=e.responseJSON).message&&(o=a.message);var t=i("
").attr("role","alert").addClass("notice notice-error").append(i("

").text(o));i("h1").after(t),n.prop("disabled",!1),d.prop("disabled",!1),wp.hooks.doAction("wp_application_passwords_approve_app_request_success",a,s,e)})}else n.focus()}),e.click(function(e){e.preventDefault(),wp.hooks.doAction("wp_application_passwords_reject_app",o),window.location=c.reject}),l.on("submit",function(e){e.preventDefault()})}(jQuery,authApp); \ No newline at end of file diff --git a/wp-includes/version.php b/wp-includes/version.php index 80bc0713d0..95cd00b9a8 100644 --- a/wp-includes/version.php +++ b/wp-includes/version.php @@ -13,7 +13,7 @@ * * @global string $wp_version */ -$wp_version = '5.6-beta1-49290'; +$wp_version = '5.6-beta1-49291'; /** * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.