WordPress.org

Make WordPress Core

Changeset 29620


Ignore:
Timestamp:
08/26/2014 07:38:51 AM (4 years ago)
Author:
nacin
Message:

Require a non-empty $nonce value in wp_verify_nonce().

props ocean90.
fixes #29217.

Location:
trunk
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/pluggable.php

    r29462 r29620  
    17081708    }
    17091709
     1710    if ( empty( $nonce ) ) {
     1711        return false;
     1712    }
     1713
    17101714    $token = wp_get_session_token();
    17111715    $i = wp_nonce_tick();
  • trunk/tests/phpunit/tests/auth.php

    r25709 r29620  
    9292        $this->assertTrue( wp_check_password( 'pass with vertial tab o_O', wp_hash_password( $password ) ) );
    9393    }
     94
     95    /**
     96     * @ticket 29217
     97     */
     98    function test_wp_verify_nonce_with_empty_arg() {
     99        $this->assertFalse( wp_verify_nonce( '' ) );
     100        $this->assertFalse( wp_verify_nonce( null ) );
     101    }
    94102}
Note: See TracChangeset for help on using the changeset viewer.