WordPress.org

Make WordPress Core


Ignore:
Timestamp:
10/14/2019 06:38:34 PM (8 weeks ago)
Author:
whyisjake
Message:

Backporting several bug fixes.

  • Query: Remove the static query property.
  • HTTP API: Protect against hex interpretation.
  • Filesystem API: Prevent directory travelersals when creating new folders.
  • Administration: Ensure that admin referer nonce is valid.
  • REST API: Send a Vary: Origin header on GET requests.

Backports [46474], [46475], [46476], [46477], [46478], [46483], [46485] to the 5.0 branch.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • branches/4.9/tests/phpunit/tests/auth.php

    r39364 r46493  
    164164    }
    165165
     166    public function test_check_admin_referer_with_default_action_as_string_not_doing_it_wrong() {
     167        // A valid nonce needs to be set so the check doesn't die()
     168        $_REQUEST['_wpnonce'] = wp_create_nonce( '-1' );
     169        $result               = check_admin_referer( '-1' );
     170        $this->assertSame( 1, $result );
     171
     172        unset( $_REQUEST['_wpnonce'] );
     173    }
     174
    166175    /**
    167176     * @ticket 36361
Note: See TracChangeset for help on using the changeset viewer.