Make WordPress Core


Ignore:
Timestamp:
10/14/2019 03:38:14 PM (5 years ago)
Author:
whyisjake
Message:

Administration: Ensure that admin referer nonce is valid.

Coding standards, ensure that nonce is valid with identical, rather then equal operator.

Props vortfu, xknown, whyisjake.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/pluggable.php

    r46472 r46477  
    11071107     */
    11081108    function check_admin_referer( $action = -1, $query_arg = '_wpnonce' ) {
    1109         if ( -1 == $action ) {
     1109        if ( -1 === $action ) {
    11101110            _doing_it_wrong( __FUNCTION__, __( 'You should specify a nonce action to be verified by using the first parameter.' ), '3.2.0' );
    11111111        }
     
    11261126        do_action( 'check_admin_referer', $action, $result );
    11271127
    1128         if ( ! $result && ! ( -1 == $action && strpos( $referer, $adminurl ) === 0 ) ) {
     1128        if ( ! $result && ! ( -1 === $action && strpos( $referer, $adminurl ) === 0 ) ) {
    11291129            wp_nonce_ays( $action );
    11301130            die();
Note: See TracChangeset for help on using the changeset viewer.