wp_is_authorize_application_password_request_valid()
云策文档标注
概述
wp_is_authorize_application_password_request_valid() 函数用于验证授权应用密码请求的有效性。它检查请求数据中的参数,如重定向URL和UUID,并返回布尔值或WP_Error对象。
关键要点
- 函数接受两个参数:$request(请求数据数组)和$user(WP_User对象),返回true或WP_Error。
- 验证success_url和reject_url,确保它们不是javascript协议,使用wp_is_authorize_application_redirect_url_valid()函数。
- 如果提供app_id,必须为有效UUID,否则添加错误。
- 触发wp_authorize_application_password_request_errors钩子,允许开发者自定义错误处理。
- 从WordPress 5.6.0版本引入,后续版本增强了URL验证安全性。
代码示例
function wp_is_authorize_application_password_request_valid( $request, $user ) {
$error = new WP_Error();
if ( isset( $request['success_url'] ) ) {
$validated_success_url = wp_is_authorize_application_redirect_url_valid( $request['success_url'] );
if ( is_wp_error( $validated_success_url ) ) {
$error->add(
$validated_success_url->get_error_code(),
$validated_success_url->get_error_message()
);
}
}
if ( isset( $request['reject_url'] ) ) {
$validated_reject_url = wp_is_authorize_application_redirect_url_valid( $request['reject_url'] );
if ( is_wp_error( $validated_reject_url ) ) {
$error->add(
$validated_reject_url->get_error_code(),
$validated_reject_url->get_error_message()
);
}
}
if ( ! empty( $request['app_id'] ) && ! wp_is_uuid( $request['app_id'] ) ) {
$error->add(
'invalid_app_id',
__( 'The application ID must be a UUID.' )
);
}
do_action( 'wp_authorize_application_password_request_errors', $error, $request, $user );
if ( $error->has_errors() ) {
return $error;
}
return true;
}注意事项
- 请求参数均为可选,但验证时需确保数据完整性。
- URL验证防止javascript协议执行,增强安全性。
- 使用WP_Error对象收集错误,便于调试和处理。
原文内容
Checks if the Authorize Application Password request is valid.
Parameters
$requestarrayrequired-
The array of request data. All arguments are optional and may be empty.
app_namestringThe suggested name of the application.app_idstringA UUID provided by the application to uniquely identify it.success_urlstringThe URL the user will be redirected to after approving the application.reject_urlstringThe URL the user will be redirected to after rejecting the application.
$userWP_Userrequired-
The user authorizing the application.
Source
function wp_is_authorize_application_password_request_valid( $request, $user ) {
$error = new WP_Error();
if ( isset( $request['success_url'] ) ) {
$validated_success_url = wp_is_authorize_application_redirect_url_valid( $request['success_url'] );
if ( is_wp_error( $validated_success_url ) ) {
$error->add(
$validated_success_url->get_error_code(),
$validated_success_url->get_error_message()
);
}
}
if ( isset( $request['reject_url'] ) ) {
$validated_reject_url = wp_is_authorize_application_redirect_url_valid( $request['reject_url'] );
if ( is_wp_error( $validated_reject_url ) ) {
$error->add(
$validated_reject_url->get_error_code(),
$validated_reject_url->get_error_message()
);
}
}
if ( ! empty( $request['app_id'] ) && ! wp_is_uuid( $request['app_id'] ) ) {
$error->add(
'invalid_app_id',
__( 'The application ID must be a UUID.' )
);
}
/**
* Fires before application password errors are returned.
*
* @since 5.6.0
*
* @param WP_Error $error The error object.
* @param array $request The array of request data.
* @param WP_User $user The user authorizing the application.
*/
do_action( 'wp_authorize_application_password_request_errors', $error, $request, $user );
if ( $error->has_errors() ) {
return $error;
}
return true;
}
Hooks
- do_action( ‘wp_authorize_application_password_request_errors’, WP_Error $error, array $request, WP_User $user )
-
Fires before application password errors are returned.