Make WordPress Core

Changeset 38420


Ignore:
Timestamp:
08/28/2016 05:14:52 PM (9 years ago)
Author:
johnbillion
Message:

Security: Trigger a _doing_it_wrong() when check_ajax_referer() is called without its first parameter. This brings it inline with check_admin_referer().

Fixes #36361

Location:
trunk
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/pluggable.php

    r38411 r38420  
    10811081 */
    10821082function check_ajax_referer( $action = -1, $query_arg = false, $die = true ) {
     1083    if ( -1 == $action ) {
     1084        _doing_it_wrong( __FUNCTION__, __( 'You should specify a nonce action to be verified by using the first parameter.' ), '4.7' );
     1085    }
     1086
    10831087    $nonce = '';
    10841088
  • trunk/tests/phpunit/tests/auth.php

    r38398 r38420  
    150150    }
    151151
     152    /**
     153     * @ticket 36361
     154     */
     155    public function test_check_admin_referer_with_no_action_triggers_doing_it_wrong() {
     156        $this->setExpectedIncorrectUsage( 'check_admin_referer' );
     157
     158        // A valid nonce needs to be set so the check doesn't die()
     159        $_REQUEST['_wpnonce'] = wp_create_nonce( -1 );
     160        $result = check_admin_referer();
     161        $this->assertSame( 1, $result );
     162
     163        unset( $_REQUEST['_wpnonce'] );
     164    }
     165
     166    /**
     167     * @ticket 36361
     168     */
     169    public function test_check_ajax_referer_with_no_action_triggers_doing_it_wrong() {
     170        $this->setExpectedIncorrectUsage( 'check_ajax_referer' );
     171
     172        // A valid nonce needs to be set so the check doesn't die()
     173        $_REQUEST['_wpnonce'] = wp_create_nonce( -1 );
     174        $result = check_ajax_referer();
     175        $this->assertSame( 1, $result );
     176
     177        unset( $_REQUEST['_wpnonce'] );
     178    }
     179
    152180    function test_password_length_limit() {
    153181        $limit = str_repeat( 'a', 4096 );
Note: See TracChangeset for help on using the changeset viewer.