Make WordPress Core


Ignore:
Timestamp:
10/14/2019 03:38:14 PM (5 years ago)
Author:
whyisjake
Message:

Administration: Ensure that admin referer nonce is valid.

Coding standards, ensure that nonce is valid with identical, rather then equal operator.

Props vortfu, xknown, whyisjake.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/tests/phpunit/tests/auth.php

    r45717 r46477  
    2525        self::$user_id = self::$_user->ID;
    2626
    27         require_once( ABSPATH . WPINC . '/class-phpass.php' );
     27        require_once ABSPATH . WPINC . '/class-phpass.php';
    2828        self::$wp_hasher = new PasswordHash( 8, true );
    2929    }
     
    166166    }
    167167
     168    public function test_check_admin_referer_with_default_action_as_string_not_doing_it_wrong() {
     169        $this->setExpectedIncorrectUsage( 'check_admin_referer' );
     170        // A valid nonce needs to be set so the check doesn't die()
     171        $_REQUEST['_wpnonce'] = wp_create_nonce( '-1' );
     172        $result               = check_admin_referer( '-1' );
     173        $this->assertSame( 1, $result );
     174
     175        unset( $_REQUEST['_wpnonce'] );
     176    }
     177
    168178    /**
    169179     * @ticket 36361
Note: See TracChangeset for help on using the changeset viewer.