WordPress.org
Get WordPress

Make WordPress Core

Ticket #29542: 29542.diff

File 29542.diff, 1.0 KB (added by jesin, 11 years ago)

Type cast $nonce to string. Includes unit tests.

  • src/wp-includes/pluggable.php

     
    16921692 * @param string|int $action Should give context to what is taking place and be the same when nonce was created.
    16931693 * @return bool Whether the nonce check passed or failed.
    16941694 */
    1695 function wp_verify_nonce($nonce, $action = -1) {
     1695function wp_verify_nonce( $nonce, $action = -1 ) {
     1696        $nonce = (string) $nonce;
    16961697        $user = wp_get_current_user();
    16971698        $uid = (int) $user->ID;
    16981699        if ( ! $uid ) {

  • tests/phpunit/tests/auth.php

     
    9999                $this->assertFalse( wp_verify_nonce( '' ) );
    100100                $this->assertFalse( wp_verify_nonce( null ) );
    101101        }
     102
     103        /**
     104         * @ticket 29542
     105         */
     106        function test_wp_verify_nonce_with_integer_arg() {
     107                $this->assertFalse( wp_verify_nonce( 1 ) );
     108        }
    102109}