Ticket #29542: 29542.2.diff

src/wp-includes/pluggable.php

@@ -1692 +1692 @@
  * @param string|int $action Should give context to what is taking place and be the same when nonce was created.
  * @return bool Whether the nonce check passed or failed.
  */
-function wp_verify_nonce($nonce, $action = -1) {
+function wp_verify_nonce( $nonce, $action = -1 ) {
+        $nonce = (string) $nonce;
         $user = wp_get_current_user();
         $uid = (int) $user->ID;
         if ( ! $uid ) {
@@ -1707 +1708 @@
                 $uid = apply_filters( 'nonce_user_logged_out', $uid, $action );
         }
 
-        if ( empty( $nonce ) ) {
-                return false;
-        }
-
         $token = wp_get_session_token();
         $i = wp_nonce_tick();
 

tests/phpunit/tests/auth.php

@@ -99 +99 @@
                 $this->assertFalse( wp_verify_nonce( '' ) );
                 $this->assertFalse( wp_verify_nonce( null ) );
         }
+
+        /**
+         * @ticket 29542
+         */
+        function test_wp_verify_nonce_with_integer_arg() {
+                $this->assertFalse( wp_verify_nonce( 1 ) );
+        }
 }