diff --git a/src/wp-includes/functions.php b/src/wp-includes/functions.php
index 7bb1c59632..8cb524b5f9 100644
a
|
b
|
function wp_nonce_url( $actionurl, $action = -1, $name = '_wpnonce' ) { |
1773 | 1773 | * @return string Nonce field HTML markup. |
1774 | 1774 | */ |
1775 | 1775 | function wp_nonce_field( $action = -1, $name = '_wpnonce', $referer = true, $echo = true ) { |
| 1776 | global $wp_nonce_field_ids; |
| 1777 | if ( ! isset( $wp_nonce_field_ids ) ) { |
| 1778 | $wp_nonce_field_ids = array(); |
| 1779 | } |
| 1780 | |
| 1781 | /* |
| 1782 | * To avoid conflicting HTML IDs, a unique `$name` is recommended. Track a |
| 1783 | * global incrementing count for reused names as a fallback precaution, to |
| 1784 | * assure that a unique ID is assigned. |
| 1785 | */ |
| 1786 | $id = $name; |
| 1787 | if ( isset( $wp_nonce_field_ids[ $id ] ) ) { |
| 1788 | $id .= '-' . ++$wp_nonce_field_ids[ $id ]; |
| 1789 | } else { |
| 1790 | $wp_nonce_field_ids[ $id ] = 1; |
| 1791 | } |
| 1792 | |
1776 | 1793 | $name = esc_attr( $name ); |
1777 | 1794 | $nonce_field = '<input type="hidden" id="' . $name . '" name="' . $name . '" value="' . wp_create_nonce( $action ) . '" />'; |
1778 | 1795 | |
diff --git a/tests/phpunit/includes/abstract-testcase.php b/tests/phpunit/includes/abstract-testcase.php
index d18a584a7d..1746800be3 100644
a
|
b
|
abstract class WP_UnitTestCase_Base extends PHPUnit_Framework_TestCase { |
177 | 177 | $_GET = array(); |
178 | 178 | $_POST = array(); |
179 | 179 | self::flush_cache(); |
| 180 | |
| 181 | global $wp_nonce_field_ids; |
| 182 | unset( $wp_nonce_field_ids ); |
180 | 183 | } |
181 | 184 | |
182 | 185 | /** |
diff --git a/tests/phpunit/tests/functions.php b/tests/phpunit/tests/functions.php
index a47fd021fd..a12456a82f 100644
a
|
b
|
class Tests_Functions extends WP_UnitTestCase { |
1678 | 1678 | array( '03:61:59', false ), // Out of bound. |
1679 | 1679 | ); |
1680 | 1680 | } |
| 1681 | |
| 1682 | function test_wp_nonce_field_unique_ids() { |
| 1683 | $field_one = wp_nonce_field( 'my-action', 'my-name', true, false ); |
| 1684 | $field_two = wp_nonce_field( 'my-action', 'my-name', true, false ); |
| 1685 | |
| 1686 | $this->assertStringMatchesFormat( '<input type="hidden" id="my-name" name="my-name" value="%s" />', $field_one ); |
| 1687 | $this->assertStringMatchesFormat( '<input type="hidden" id="my-name-2" name="my-name" value="%s" />', $field_two ); |
| 1688 | } |
| 1689 | |
1681 | 1690 | } |