--- a/wp/wp-admin/includes/user.php Tue Dec 15 15:52:01 2020 +0100
+++ b/wp/wp-admin/includes/user.php Wed Sep 21 18:19:35 2022 +0200
@@ -47,10 +47,10 @@
$pass1 = '';
$pass2 = '';
if ( isset( $_POST['pass1'] ) ) {
- $pass1 = $_POST['pass1'];
+ $pass1 = trim( $_POST['pass1'] );
}
if ( isset( $_POST['pass2'] ) ) {
- $pass2 = $_POST['pass2'];
+ $pass2 = trim( $_POST['pass2'] );
}
if ( isset( $_POST['role'] ) && current_user_can( 'promote_users' ) && ( ! $user_id || current_user_can( 'promote_user', $user_id ) ) ) {
@@ -280,7 +280,7 @@
* @since 2.0.5
*
* @param int $user_id User ID.
- * @return WP_User|bool WP_User object on success, false on failure.
+ * @return WP_User|false WP_User object on success, false on failure.
*/
function get_user_to_edit( $user_id ) {
$user = get_userdata( $user_id );
@@ -482,15 +482,15 @@
|| isset( $_GET['default_password_nag'] ) && '0' == $_GET['default_password_nag']
) {
delete_user_setting( 'default_password_nag' );
- update_user_option( $user_ID, 'default_password_nag', false, true );
+ update_user_meta( $user_ID, 'default_password_nag', false );
}
}
/**
* @since 2.8.0
*
- * @param int $user_ID
- * @param object $old_data
+ * @param int $user_ID
+ * @param WP_User $old_data
*/
function default_password_nag_edit_user( $user_ID, $old_data ) {
// Short-circuit it.
@@ -503,7 +503,7 @@
// Remove the nag if the password has been changed.
if ( $new_data->user_pass != $old_data->user_pass ) {
delete_user_setting( 'default_password_nag' );
- update_user_option( $user_ID, 'default_password_nag', false, true );
+ update_user_meta( $user_ID, 'default_password_nag', false );
}
}
@@ -594,3 +594,69 @@
wp_specialchars_decode( translate_user_role( $role['name'] ) )
);
}
+
+/**
+ * Checks if the Authorize Application Password request is valid.
+ *
+ * @since 5.6.0
+ *
+ * @param array $request {
+ * The array of request data. All arguments are optional and may be empty.
+ *
+ * @type string $app_name The suggested name of the application.
+ * @type string $app_id A uuid provided by the application to uniquely identify it.
+ * @type string $success_url The url the user will be redirected to after approving the application.
+ * @type string $reject_url The url the user will be redirected to after rejecting the application.
+ * }
+ * @param WP_User $user The user authorizing the application.
+ * @return true|WP_Error True if the request is valid, a WP_Error object contains errors if not.
+ */
+function wp_is_authorize_application_password_request_valid( $request, $user ) {
+ $error = new WP_Error();
+
+ if ( ! empty( $request['success_url'] ) ) {
+ $scheme = wp_parse_url( $request['success_url'], PHP_URL_SCHEME );
+
+ if ( 'http' === $scheme ) {
+ $error->add(
+ 'invalid_redirect_scheme',
+ __( 'The success url must be served over a secure connection.' )
+ );
+ }
+ }
+
+ if ( ! empty( $request['reject_url'] ) ) {
+ $scheme = wp_parse_url( $request['reject_url'], PHP_URL_SCHEME );
+
+ if ( 'http' === $scheme ) {
+ $error->add(
+ 'invalid_redirect_scheme',
+ __( 'The rejection url must be served over a secure connection.' )
+ );
+ }
+ }
+
+ if ( ! empty( $request['app_id'] ) && ! wp_is_uuid( $request['app_id'] ) ) {
+ $error->add(
+ 'invalid_app_id',
+ __( 'The app id must be a uuid.' )
+ );
+ }
+
+ /**
+ * Fires before application password errors are returned.
+ *
+ * @since 5.6.0
+ *
+ * @param WP_Error $error The error object.
+ * @param array $request The array of request data.
+ * @param WP_User $user The user authorizing the application.
+ */
+ do_action( 'wp_authorize_application_password_request_errors', $error, $request, $user );
+
+ if ( $error->has_errors() ) {
+ return $error;
+ }
+
+ return true;
+}