Merge branch 'master' into flow/auth-prompt

application-passwords.js

@@ -19,6 +19,14 @@
 		method:     'POST',
 		beforeSend: function( xhr ) {
 			xhr.setRequestHeader( 'Authorization', 'Basic ' + btoa( testBasicAuthUser + ':' + testBasicAuthPassword ) );
+		},
+		error:      function( jqXHR ) {
+			if ( 404 === jqXHR.status ) {
+				$newAppPassForm.before( tmplNotice( {
+					type:    'error',
+					message: appPass.text.no_credentials
+				} ) );
+			}
 		}
 	} ).done( function( response ) {
 		if ( response.PHP_AUTH_USER === testBasicAuthUser && response.PHP_AUTH_PW === testBasicAuthPassword ) {

class.application-passwords.php

@@ -515,7 +515,7 @@ public static function show_user_profile( $user ) {
 			'nonce'      => wp_create_nonce( 'wp_rest' ),
 			'user_id'    => $user->ID,
 			'text'       => array(
-				'no_credentials' => __( 'Due to a potential server misconfiguration, it seems that HTTP Basic Authorization may not work for the REST API on this site: `Authorization` headers are not being sent to WordPress by the web server.' ),
+				'no_credentials' => __( 'Due to a potential server misconfiguration, it seems that HTTP Basic Authorization may not work for the REST API on this site: `Authorization` headers are not being sent to WordPress by the web server. <a href="https://github.com/georgestephanis/application-passwords/wiki/Basic-Authorization-Header----Missing">You can learn more about this problem, and a possible solution, on our GitHub Wiki.</a>' ),
 			),
 		) );
 
@@ -580,7 +580,7 @@ public static function show_user_profile( $user ) {
 		</script>
 
 		<script type="text/html" id="tmpl-application-password-notice">
-			<div class="notice notice-{{ data.type }}"><p>{{ data.message }}</p></div>
+			<div class="notice notice-{{ data.type }}"><p>{{{ data.message }}}</p></div>
 		</script>
 		<?php
 	}

readme.md

@@ -90,7 +90,7 @@ echo -n "admin:mypassword123" | base64
 
 2. Once your username and password are base64 encoded, you are now able to make a simple REST API call using the terminal window to update a post.  Because you are performing a POST request, you will need to authorize the request using your newly created base64 encoded access token. If authorized correctly, you will see the post title update to "New Title."
 ```shell
-curl --header "Authorization: Basic ACCESS_TOKEN" -X POST -d "title=New Title" http://LOCALHOST/wp-json/wp/v2/posts/POST_ID}
+curl --header "Authorization: Basic ACCESS_TOKEN" -X POST -d "title=New Title" http://LOCALHOST/wp-json/wp/v2/posts/POST_ID
 ```
    When running this command, be sure to replace *ACCESS_TOKEN* with your newly generated access token, *LOCALHOST* with the location of your local WordPress installation, and *POST_ID* with the ID of the post that you want to edit.
 

readme.txt

@@ -2,7 +2,7 @@
 Contributors: georgestephanis, valendesigns, kraftbj
 Tags: application-passwords, rest api, xml-rpc, security, authentication
 Requires at least: 4.4
-Tested up to: 4.5
+Tested up to: 4.9
 Stable tag: trunk
 License: GPLv2 or later
 License URI: http://www.gnu.org/licenses/gpl-2.0.html
@@ -81,4 +81,5 @@ Once you have created a new application password, it's time to send a request to
 ```shell
 curl -H 'Content-Type: text/xml' -d '<methodCall><methodName>wp.getUsers</methodName><params><param><value>1</value></param><param><value>USERNAME</value></param><param><value>APPLICATION_PASSWORD</value></param></params></methodCall>' LOCALHOST
 ```
-In the above example, replace *USERNAME* with your username, and *APPLICATION_PASSWORD* with your new application password.  This should output a response containing all users on your site.
+In the above example, replace *USERNAME* with your username, and *APPLICATION_PASSWORD* with your new application password.  This should output a response containing all users on your site.
+