From 1e85024fb4be72eb6a1244d0c7c09590ed7172a2 Mon Sep 17 00:00:00 2001
From: Timothy Jacobs <timothyblynjacobs@git.wordpress.org>
Date: Sat, 24 Oct 2020 00:05:15 +0000
Subject: [PATCH] App Passwords: Include site_url in the success redirect
 payload.

Props georgestephanis.
Fixes #51602.


git-svn-id: https://develop.svn.wordpress.org/trunk@49291 602fd350-edb4-49c9-b593-d223f7449a82
---
 src/js/_enqueues/admin/auth-app.js     |  3 ++-
 src/wp-admin/authorize-application.php | 12 ++++++++----
 2 files changed, 10 insertions(+), 5 deletions(-)

diff --git a/src/js/_enqueues/admin/auth-app.js b/src/js/_enqueues/admin/auth-app.js
index 3152ed3c5c..592e074fb6 100644
--- a/src/js/_enqueues/admin/auth-app.js
+++ b/src/js/_enqueues/admin/auth-app.js
@@ -73,7 +73,8 @@
 
 			if ( raw ) {
 				url = raw + ( -1 === raw.indexOf( '?' ) ? '?' : '&' ) +
-					'user_login=' + encodeURIComponent( authApp.user_login ) +
+					'site_url=' + encodeURIComponent( authApp.site_url ) +
+					'&user_login=' + encodeURIComponent( authApp.user_login ) +
 					'&password=' + encodeURIComponent( response.password );
 
 				window.location = url;
diff --git a/src/wp-admin/authorize-application.php b/src/wp-admin/authorize-application.php
index 524dbedf32..6f4378892a 100644
--- a/src/wp-admin/authorize-application.php
+++ b/src/wp-admin/authorize-application.php
@@ -12,6 +12,7 @@ require_once __DIR__ . '/admin.php';
 $error        = null;
 $new_password = '';
 
+// This is the no-js fallback script.  Generally this will all be handled by `auth-app.js`
 if ( isset( $_POST['action'] ) && 'authorize_application_password' === $_POST['action'] ) {
 	check_admin_referer( 'authorize_application_password' );
 
@@ -44,8 +45,9 @@ if ( isset( $_POST['action'] ) && 'authorize_application_password' === $_POST['a
 			if ( $success_url ) {
 				$redirect = add_query_arg(
 					array(
-						'username' => urlencode( wp_get_current_user()->user_login ),
-						'password' => urlencode( $new_password ),
+						'site_url'   => urlencode( site_url() ),
+						'user_login' => urlencode( wp_get_current_user()->user_login ),
+						'password'   => urlencode( $new_password ),
 					),
 					$success_url
 				);
@@ -108,6 +110,7 @@ wp_localize_script(
 	'auth-app',
 	'authApp',
 	array(
+		'site_url'   => site_url(),
 		'user_login' => $user->user_login,
 		'success'    => $success_url,
 		'reject'     => $reject_url ? $reject_url : admin_url(),
@@ -230,8 +233,9 @@ require_once ABSPATH . 'wp-admin/admin-header.php';
 							'<strong><kbd>' . esc_html(
 								add_query_arg(
 									array(
-										'username' => $user->user_login,
-										'password' => '[------]',
+										'site_url'   => site_url(),
+										'user_login' => $user->user_login,
+										'password'   => '[------]',
 									),
 									$success_url
 								)