wp_is_authorize_application_password_request_valid()
Checks if the Authorize Application Password request is valid.
Hooks from the function
Return
true|WP_Error
. True if the request is valid, a WP_Error object contains errors if not.
Usage
wp_is_authorize_application_password_request_valid( $request, $user );
- $request(array) (required)
The array of request data. All arguments are optional and may be empty.
-
app_name(string)
The suggested name of the application. -
app_id(string)
A UUID provided by the application to uniquely identify it. -
success_url(string)
The URL the user will be redirected to after approving the application. - reject_url(string)
The URL the user will be redirected to after rejecting the application.
-
- $user(WP_User) (required)
- The user authorizing the application.
Changelog
Since 5.6.0 | Introduced. |
Since 6.2.0 | Allow insecure HTTP connections for the local environment. |
Since 6.3.2 | Validates the success and reject URLs to prevent javascript pseudo protocol from being executed. |
wp_is_authorize_application_password_request_valid() wp is authorize application password request valid code WP 6.5.2
function wp_is_authorize_application_password_request_valid( $request, $user ) { $error = new WP_Error(); if ( isset( $request['success_url'] ) ) { $validated_success_url = wp_is_authorize_application_redirect_url_valid( $request['success_url'] ); if ( is_wp_error( $validated_success_url ) ) { $error->add( $validated_success_url->get_error_code(), $validated_success_url->get_error_message() ); } } if ( isset( $request['reject_url'] ) ) { $validated_reject_url = wp_is_authorize_application_redirect_url_valid( $request['reject_url'] ); if ( is_wp_error( $validated_reject_url ) ) { $error->add( $validated_reject_url->get_error_code(), $validated_reject_url->get_error_message() ); } } if ( ! empty( $request['app_id'] ) && ! wp_is_uuid( $request['app_id'] ) ) { $error->add( 'invalid_app_id', __( 'The application ID must be a UUID.' ) ); } /** * Fires before application password errors are returned. * * @since 5.6.0 * * @param WP_Error $error The error object. * @param array $request The array of request data. * @param WP_User $user The user authorizing the application. */ do_action( 'wp_authorize_application_password_request_errors', $error, $request, $user ); if ( $error->has_errors() ) { return $error; } return true; }