App Passwords: Include site_url in the success redirect payload.

Props georgestephanis. Fixes #51602. Built from https://develop.svn.wordpress.org/trunk@49291 git-svn-id: http://core.svn.wordpress.org/trunk@49053 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-24 00:07:08 +00:00 · 2020-10-24 00:07:08 +00:00 · e992757e5b
parent ce4b1cc8ba
commit e992757e5b
4 changed files with 12 additions and 7 deletions
--- a/wp-admin/authorize-application.php
+++ b/wp-admin/authorize-application.php
@ -12,6 +12,7 @@ require_once __DIR__ . '/admin.php';
 $error        = null;
 $new_password = '';

+// This is the no-js fallback script.  Generally this will all be handled by `auth-app.js`
 if ( isset( $_POST['action'] ) && 'authorize_application_password' === $_POST['action'] ) {
 	check_admin_referer( 'authorize_application_password' );

@ -44,8 +45,9 @@ if ( isset( $_POST['action'] ) && 'authorize_application_password' === $_POST['a
 			if ( $success_url ) {
 				$redirect = add_query_arg(
 					array(
-						'username' => urlencode( wp_get_current_user()->user_login ),
-						'password' => urlencode( $new_password ),
+						'site_url'   => urlencode( site_url() ),
+						'user_login' => urlencode( wp_get_current_user()->user_login ),
+						'password'   => urlencode( $new_password ),
 					),
 					$success_url
 				);
@ -108,6 +110,7 @@ wp_localize_script(
 	'auth-app',
 	'authApp',
 	array(
+		'site_url'   => site_url(),
 		'user_login' => $user->user_login,
 		'success'    => $success_url,
 		'reject'     => $reject_url ? $reject_url : admin_url(),
@ -230,8 +233,9 @@ require_once ABSPATH . 'wp-admin/admin-header.php';
 							'<strong><kbd>' . esc_html(
 								add_query_arg(
 									array(
-										'username' => $user->user_login,
-										'password' => '[------]',
+										'site_url'   => site_url(),
+										'user_login' => $user->user_login,
+										'password'   => '[------]',
 									),
 									$success_url
 								)
--- a/wp-admin/js/auth-app.js
+++ b/wp-admin/js/auth-app.js
@ -73,7 +73,8 @@

 			if ( raw ) {
 				url = raw + ( -1 === raw.indexOf( '?' ) ? '?' : '&' ) +
-					'user_login=' + encodeURIComponent( authApp.user_login ) +
+					'site_url=' + encodeURIComponent( authApp.site_url ) +
+					'&user_login=' + encodeURIComponent( authApp.user_login ) +
 					'&password=' + encodeURIComponent( response.password );

 				window.location = url;
--- a/wp-admin/js/auth-app.min.js
+++ b/wp-admin/js/auth-app.min.js
@ -1,2 +1,2 @@
 /*! This file is auto-generated */
-!function(i,c){var n=i("#app_name"),d=i("#approve"),e=i("#reject"),l=n.closest("form"),o={userLogin:c.user_login,successUrl:c.success,rejectUrl:c.reject};d.click(function(e){var r=n.val(),p=i('input[name="app_id"]',l).val();if(e.preventDefault(),0!==r.length){n.prop("disabled",!0),d.prop("disabled",!0);var s={name:r};0<p.length&&(s.app_id=p),s=wp.hooks.applyFilters("wp_application_passwords_approve_app_request",s,o),wp.apiRequest({path:"/wp/v2/users/me/application-passwords",method:"POST",data:s}).done(function(e,p,s){wp.hooks.doAction("wp_application_passwords_approve_app_request_success",e,p,s);var o,a,t,n=c.success;n?(o=n+(-1===n.indexOf("?")?"?":"&")+"user_login="+encodeURIComponent(c.user_login)+"&password="+encodeURIComponent(e.password),window.location=o):(a=wp.i18n.sprintf(wp.i18n.__("Your new password for %1$s is: %2$s."),"<strong></strong>","<kbd></kbd>"),t=i("<div></div>").attr("role","alert").attr("tabindex",0).addClass("notice notice-success notice-alt").append(i("<p></p>").html(a)),i("strong",t).text(r),i("kbd",t).text(e.password),l.replaceWith(t),t.focus())}).fail(function(e,p,s){var o=s,a=null;e.responseJSON&&(a=e.responseJSON).message&&(o=a.message);var t=i("<div></div>").attr("role","alert").addClass("notice notice-error").append(i("<p></p>").text(o));i("h1").after(t),n.prop("disabled",!1),d.prop("disabled",!1),wp.hooks.doAction("wp_application_passwords_approve_app_request_success",a,p,e)})}else n.focus()}),e.click(function(e){e.preventDefault(),wp.hooks.doAction("wp_application_passwords_reject_app",o),window.location=c.reject}),l.on("submit",function(e){e.preventDefault()})}(jQuery,authApp);
+!function(i,c){var n=i("#app_name"),d=i("#approve"),e=i("#reject"),l=n.closest("form"),o={userLogin:c.user_login,successUrl:c.success,rejectUrl:c.reject};d.click(function(e){var r=n.val(),s=i('input[name="app_id"]',l).val();if(e.preventDefault(),0!==r.length){n.prop("disabled",!0),d.prop("disabled",!0);var p={name:r};0<s.length&&(p.app_id=s),p=wp.hooks.applyFilters("wp_application_passwords_approve_app_request",p,o),wp.apiRequest({path:"/wp/v2/users/me/application-passwords",method:"POST",data:p}).done(function(e,s,p){wp.hooks.doAction("wp_application_passwords_approve_app_request_success",e,s,p);var o,a,t,n=c.success;n?(o=n+(-1===n.indexOf("?")?"?":"&")+"site_url="+encodeURIComponent(c.site_url)+"&user_login="+encodeURIComponent(c.user_login)+"&password="+encodeURIComponent(e.password),window.location=o):(a=wp.i18n.sprintf(wp.i18n.__("Your new password for %1$s is: %2$s."),"<strong></strong>","<kbd></kbd>"),t=i("<div></div>").attr("role","alert").attr("tabindex",0).addClass("notice notice-success notice-alt").append(i("<p></p>").html(a)),i("strong",t).text(r),i("kbd",t).text(e.password),l.replaceWith(t),t.focus())}).fail(function(e,s,p){var o=p,a=null;e.responseJSON&&(a=e.responseJSON).message&&(o=a.message);var t=i("<div></div>").attr("role","alert").addClass("notice notice-error").append(i("<p></p>").text(o));i("h1").after(t),n.prop("disabled",!1),d.prop("disabled",!1),wp.hooks.doAction("wp_application_passwords_approve_app_request_success",a,s,e)})}else n.focus()}),e.click(function(e){e.preventDefault(),wp.hooks.doAction("wp_application_passwords_reject_app",o),window.location=c.reject}),l.on("submit",function(e){e.preventDefault()})}(jQuery,authApp);
--- a/wp-includes/version.php
+++ b/wp-includes/version.php
@ -13,7 +13,7 @@
 *
 * @global string $wp_version
 */
-$wp_version = '5.6-beta1-49290';
+$wp_version = '5.6-beta1-49291';

 /**
 * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.