App Passwords: Explain that apps can access to all sites in a network.

Props georgestephanis, spacedmonkey, johnjamesjacoby, SergeyBiryukov, marybaum. Fixes #51489. Built from https://develop.svn.wordpress.org/trunk@49270 git-svn-id: http://core.svn.wordpress.org/trunk@49032 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-22 02:36:11 +00:00 · 2020-10-22 02:36:11 +00:00 · 85c49351af
parent cd04c0d68b
commit 85c49351af
3 changed files with 48 additions and 1 deletions
--- a/wp-admin/authorize-application.php
+++ b/wp-admin/authorize-application.php
@ -121,6 +121,30 @@ require_once ABSPATH . 'wp-admin/admin-header.php';
 			<p><?php _e( 'Would you like to give this application access to your account? You should only do this if you trust the app in question.' ); ?></p>
 		<?php endif; ?>

+		<?php
+		if ( is_multisite() ) {
+			$blogs = get_blogs_of_user( $user->ID, true );
+			if ( count( $blogs ) > 1 ) {
+				?>
+				<p>
+				<?php
+					printf(
+						/* translators: 1: url to my-sites.php, 2: Number of blogs the user has. */
+						_n(
+							'This will grant access to <a href="%1$s">the %2$s blog in this installation that you have permissions on</a>.',
+							'This will grant access to <a href="%1$s">all %2$s blogs in this installation that you have permissions on</a>.',
+							count( $blogs )
+						),
+						admin_url( 'my-sites.php' ),
+						number_format_i18n( count( $blogs ) )
+					);
+				?>
+				</p>
+				<?php
+			}
+		}
+		?>
+
 		<?php if ( $new_password ) : ?>
 			<div class="notice notice-success notice-alt below-h2">
 				<p class="password-display">
--- a/wp-admin/user-edit.php
+++ b/wp-admin/user-edit.php
@ -715,6 +715,29 @@ endif;
 	<div class="application-passwords hide-if-no-js" id="application-passwords-section">
 		<h2><?php _e( 'Application Passwords' ); ?></h2>
 		<p><?php _e( 'Application passwords allow authentication via non-interactive systems, such as XML-RPC or the REST API, without providing your actual password. Application passwords can be easily revoked. They cannot be used for traditional logins to your website.' ); ?></p>
+			<?php
+			if ( is_multisite() ) {
+				$blogs = get_blogs_of_user( $user_id, true );
+				if ( count( $blogs ) > 1 ) {
+					?>
+					<p>
+					<?php
+					printf(
+						/* translators: 1: url to my-sites.php, 2: Number of blogs the user has. */
+						_n(
+							'Application passwords grant access to <a href="%1$s">the %2$s blog in this installation that you have permissions on</a>.',
+							'Application passwords grant access to <a href="%1$s">all %2$s blogs in this installation that you have permissions on</a>.',
+							count( $blogs )
+						),
+						admin_url( 'my-sites.php' ),
+						number_format_i18n( count( $blogs ) )
+					);
+					?>
+					</p>
+					<?php
+				}
+			}
+			?>
 		<div class="create-application-password">
 			<label for="new_application_password_name" class="screen-reader-text"><?php _e( 'New Application Password Name' ); ?></label>
 			<input type="text" size="30" id="new_application_password_name" name="new_application_password_name" placeholder="<?php esc_attr_e( 'New Application Password Name' ); ?>" class="input" />
--- a/wp-includes/version.php
+++ b/wp-includes/version.php
@ -13,7 +13,7 @@
 *
 * @global string $wp_version
 */
-$wp_version = '5.6-beta1-49269';
+$wp_version = '5.6-beta1-49270';

 /**
 * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.