Opened 10 years ago
Closed 10 years ago
#29542 closed defect (bug) (fixed)
hash_equals throws a fatal error (hhvm) when a nonce is sent as an integer
Reported by: | newleaves | Owned by: | |
---|---|---|---|
Milestone: | 4.1 | Priority: | low |
Severity: | normal | Version: | 4.0 |
Component: | Plugins | Keywords: | has-patch needs-testing |
Focuses: | Cc: |
Description
This is a follow-up to #29217.
can we add:
$nonce = (string) $nonce;
to the top of the wp_verify_nonce() function in /wp-includes/pluggable.php
Attachments (2)
Change History (9)
#1
@
10 years ago
- Keywords needs-patch needs-unit-tests added
- Milestone changed from Awaiting Review to 4.1
- Priority changed from normal to low
#2
@
10 years ago
- Keywords has-patch needs-testing added; needs-patch needs-unit-tests removed
Patch 29542.diff's unit test would error on PHP 5.6 without the type cast.
#3
follow-up:
↓ 6
@
10 years ago
We can likely revert [29620/trunk/src] in the process.
#4
@
10 years ago
Patch 29542.2.diff reverts [29620/trunk/src]. Now null
becomes a string "null"
.
I think that shouldn't be a problem.
Note: See
TracTickets for help on using
tickets.
Type cast
$nonce
to string. Includes unit tests.