Merge branch 'develop'

10up · Oct 27, 2023 · 23b209e · 23b209e
2 parents 5bfbeae + 1ef974f
commit 23b209e
Show file tree

Hide file tree

Showing 4 changed files with 13 additions and 8 deletions.
diff --git a/10up-experience.php b/10up-experience.php
@@ -3,7 +3,7 @@
  * Plugin Name:       10up Experience
  * Plugin URI:        https://github.com/10up/10up-experience
  * Description:       The 10up Experience plugin configures WordPress to better protect and inform clients, aligned to 10up’s best practices.
- * Version:           1.11.0
+ * Version:           1.11.1
  * Author:            10up
  * Author URI:        https://10up.com
  * License:           GPLv2 or later
@@ -19,7 +19,7 @@
 
 use YahnisElsts\PluginUpdateChecker\v5\PucFactory;
 
-define( 'TENUP_EXPERIENCE_VERSION', '1.11.0' );
+define( 'TENUP_EXPERIENCE_VERSION', '1.11.1' );
 define( 'TENUP_EXPERIENCE_DIR', __DIR__ );
 define( 'TENUP_EXPERIENCE_FILE', __FILE__ );
 

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,6 +2,10 @@
 
 All notable changes to this project will be documented in this file, per [the Keep a Changelog standard](http://keepachangelog.com/).
 
+## [1.11.1] - 2023-10-27
+
+- Fixed disallow direct login warning
+
 ## [1.11.0] - 2023-10-27
 
 - Support Fueled SSO

diff --git a/includes/classes/Authentication/Passwords.php b/includes/classes/Authentication/Passwords.php
@@ -295,10 +295,10 @@ public function validate_strong_password( $errors, $user_data ) {
 		$enforce     = true;
 		// This is being sanitized later in the function, no need to sanitize for isset().
 		// phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
-		$password    = ( isset( $_POST['pass1'] ) && trim( $_POST['pass1'] ) ) ? sanitize_text_field( $_POST['pass1'] ) : false;
-		$role        = isset( $_POST['role'] ) ? sanitize_text_field( $_POST['role'] ) : false;
-		$user_id     = isset( $user_data->ID ) ? sanitize_text_field( $user_data->ID ) : false;
-		$username    = isset( $_POST['user_login'] ) ? sanitize_text_field( $_POST['user_login'] ) : $user_data->user_login;
+		$password = ( isset( $_POST['pass1'] ) && trim( $_POST['pass1'] ) ) ? sanitize_text_field( $_POST['pass1'] ) : false;
+		$role     = isset( $_POST['role'] ) ? sanitize_text_field( $_POST['role'] ) : false;
+		$user_id  = isset( $user_data->ID ) ? sanitize_text_field( $user_data->ID ) : false;
+		$username = isset( $_POST['user_login'] ) ? sanitize_text_field( $_POST['user_login'] ) : $user_data->user_login;
 
 		// No password set?
 		// Already got a password error?

diff --git a/includes/classes/SSO/SSO.php b/includes/classes/SSO/SSO.php
@@ -358,7 +358,8 @@ public function update_login_form() {
 		$buttons_html .= '</div><span class="or"><span>or</span></span>';
 		$buttons_html .= '</div>';
 
-		?><script type="text/javascript">
+		?>
+		<script type="text/javascript">
 			(function() {
 				document.getElementById('loginform').insertAdjacentHTML(
 					'beforebegin',
@@ -475,7 +476,7 @@ public function render_login_form_styles() {
 	 * @return WP_User
 	 */
 	public function prevent_standard_login_for_sso_user( $user ) {
-		if ( defined( 'TENUPSSO_DISALLOW_ALL_DIRECT_LOGIN' ) && TENUPSSO_DISALLOW_ALL_DIRECT_LOGIN ) {
+		if ( ! is_wp_error( $user ) && defined( 'TENUPSSO_DISALLOW_ALL_DIRECT_LOGIN' ) && TENUPSSO_DISALLOW_ALL_DIRECT_LOGIN ) {
 			return new WP_Error( 'tenup-sso', esc_html__( 'Username/password authentication is disabled', 'tenup' ) );
 		}