Changeset 30576

Timestamp:

11/26/2014 07:18:02 PM (11 years ago)

Author:

ocean90

Message:

Type cast $nonce to string in wp_verify_nonce().

props jesin.
fixes #29542.

Location:

trunk

Files:

• src/wp-includes/pluggable.php (modified) (1 diff)
• tests/phpunit/tests/auth.php (modified) (2 diffs)

trunk/src/wp-includes/pluggable.php

@@ -1696 +1696 @@
  * @return bool Whether the nonce check passed or failed.
  */
-function wp_verify_nonce($nonce, $action = -1) {
+function wp_verify_nonce( $nonce, $action = -1 ) {
+    $nonce = (string) $nonce;
     $user = wp_get_current_user();
     $uid = (int) $user->ID;

trunk/tests/phpunit/tests/auth.php

@@ -70 +70 @@
     /**
      * Test wp_hash_password trims whitespace
-     * 
-     * This is similar to test_password_trimming but tests the "lower level" 
+     *
+     * This is similar to test_password_trimming but tests the "lower level"
      * wp_hash_password function
-     * 
+     *
      * @ticket 24973
      */
@@ -100 +100 @@
         $this->assertFalse( wp_verify_nonce( '' ) );
         $this->assertFalse( wp_verify_nonce( null ) );
+    }
+
+    /**
+     * @ticket 29542
+     */
+    function test_wp_verify_nonce_with_integer_arg() {
+        $this->assertFalse( wp_verify_nonce( 1 ) );
     }