WordPress.org
Get WordPress

Make WordPress Core

Changeset 24462


Ignore:
Timestamp:
06/21/2013 02:15:55 AM (12 years ago)
Author:
nacin
Message:

Add strict check to wp_verify_nonce() to avoid issues when it is improperly called.

Merges [24461] to the 3.5 branch.

Location:
branches/3.5
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • branches/3.5

  • branches/3.5/wp-includes/pluggable.php

    r22566 r24462  
    12581258
    12591259    // Nonce generated 0-12 hours ago
    1260     if ( substr(wp_hash($i . $action . $uid, 'nonce'), -12, 10) == $nonce )
     1260    if ( substr(wp_hash($i . $action . $uid, 'nonce'), -12, 10) === $nonce )
    12611261        return 1;
    12621262    // Nonce generated 12-24 hours ago
    1263     if ( substr(wp_hash(($i - 1) . $action . $uid, 'nonce'), -12, 10) == $nonce )
     1263    if ( substr(wp_hash(($i - 1) . $action . $uid, 'nonce'), -12, 10) === $nonce )
    12641264        return 2;
    12651265    // Invalid nonce
Note: See TracChangeset for help on using the changeset viewer.