Changeset 29620

Timestamp:

08/26/2014 07:38:51 AM (4 years ago)

Author:

nacin

Message:

Require a non-empty $nonce value in wp_verify_nonce().

props ocean90.
fixes #29217.

Location:

trunk

Files:

• src/wp-includes/pluggable.php (modified) (1 diff)
• tests/phpunit/tests/auth.php (modified) (1 diff)

trunk/src/wp-includes/pluggable.php

@@ -1708 +1708 @@
     }
 
+    if ( empty( $nonce ) ) {
+        return false;
+    }
+
     $token = wp_get_session_token();
     $i = wp_nonce_tick();

trunk/tests/phpunit/tests/auth.php

@@ -92 +92 @@
         $this->assertTrue( wp_check_password( 'pass with vertial tab o_O', wp_hash_password( $password ) ) );
     }
+
+    /**
+     * @ticket 29217
+     */
+    function test_wp_verify_nonce_with_empty_arg() {
+        $this->assertFalse( wp_verify_nonce( '' ) );
+        $this->assertFalse( wp_verify_nonce( null ) );
+    }
 }