wp_is_authorize_application_password_request_valid( array $request, WP_User $user )
Checks if the Authorize Application Password request is valid.
Parameters
- $request
-
(Required) The array of request data. All arguments are optional and may be empty.<br>
- 'app_name'
(string) The suggested name of the application.<br> - 'app_id'
(string) A UUID provided by the application to uniquely identify it.<br> - 'success_url'
(string) The URL the user will be redirected to after approving the application.<br> - 'reject_url'
(string) The URL the user will be redirected to after rejecting the application.<br>
- 'app_name'
- $user
-
(Required) The user authorizing the application.
Return
(true|WP_Error) True if the request is valid, a WP_Error object contains errors if not.
Source
File: wp-admin/includes/user.php
function wp_is_authorize_application_password_request_valid( $request, $user ) {
$error = new WP_Error();
if ( isset( $request['success_url'] ) ) {
$validated_success_url = wp_is_authorize_application_redirect_url_valid( $request['success_url'] );
if ( is_wp_error( $validated_success_url ) ) {
$error->add(
$validated_success_url->get_error_code(),
$validated_success_url->get_error_message()
);
}
}
if ( isset( $request['reject_url'] ) ) {
$validated_reject_url = wp_is_authorize_application_redirect_url_valid( $request['reject_url'] );
if ( is_wp_error( $validated_reject_url ) ) {
$error->add(
$validated_reject_url->get_error_code(),
$validated_reject_url->get_error_message()
);
}
}
if ( ! empty( $request['app_id'] ) && ! wp_is_uuid( $request['app_id'] ) ) {
$error->add(
'invalid_app_id',
__( 'The application ID must be a UUID.' )
);
}
/**
* Fires before application password errors are returned.
*
* @since 5.6.0
*
* @param WP_Error $error The error object.
* @param array $request The array of request data.
* @param WP_User $user The user authorizing the application.
*/
do_action( 'wp_authorize_application_password_request_errors', $error, $request, $user );
if ( $error->has_errors() ) {
return $error;
}
return true;
}
Changelog
Version | Description |
---|---|
6.3.2 | Validates the success and reject URLs to prevent javascript pseudo protocol being executed. |
6.2.0 | Allow insecure HTTP connections for the local environment. |
5.6.0 | Introduced. |