wpseek.com
A WordPress-centric search engine for devs and theme authors



wp_connectors_sanitize_application_password_credentials › WordPress Function

Since7.1.0
Deprecatedn/a
wp_connectors_sanitize_application_password_credentials ( $value, $option = '' )
Access:
  • private
Parameters: (2)
  • (mixed) $value The submitted setting value.
    Required: Yes
  • (string) $option The option name being sanitized. Passed explicitly by the registered sanitize callback; falls back to the current `sanitize_option_{$option}` filter name when omitted.
    Required: No
    Default: (empty)
Returns:
  • (array{username: string, password: string}) Sanitized credentials.
Defined at:
Codex:

Sanitizes stored application-password credentials for a connector.

Credential fields that are missing or not strings keep their currently stored values, so partial updates cannot silently clear a stored secret. A password matching the mask that _wp_connectors_rest_settings_dispatch() places in REST responses also keeps the stored password, so a masked settings response can be submitted back to the endpoint unchanged. Pass an empty string to clear a field. If the sanitized username is empty, both fields are discarded so partial credentials cannot leave an orphaned secret.


Source

function wp_connectors_sanitize_application_password_credentials( $value, string $option = '' ): array {
	if ( ! is_array( $value ) ) {
		$value = array();
	}

	if ( '' === $option ) {
		$option = str_replace( 'sanitize_option_', '', (string) current_filter() );
	}

	$stored = get_option( $option );
	if ( ! is_array( $stored ) ) {
		$stored = array();
	}

	$credentials = array();
	foreach ( array( 'username', 'password' ) as $field ) {
		if ( isset( $value[ $field ] ) && is_string( $value[ $field ] ) ) {
			$credentials[ $field ] = sanitize_text_field( $value[ $field ] );
		} else {
			$credentials[ $field ] = isset( $stored[ $field ] ) && is_string( $stored[ $field ] ) ? $stored[ $field ] : '';
		}
	}

	// A masked password means a client resubmitted a masked REST response.
	if ( str_repeat( "\u{2022}", 16 ) === $credentials['password'] ) {
		$credentials['password'] = isset( $stored['password'] ) && is_string( $stored['password'] ) ? $stored['password'] : '';
	}

	if ( '' === $credentials['username'] ) {
		return array(
			'username' => '',
			'password' => '',
		);
	}

	return $credentials;
}