Security: Trigger a _doing_it_wrong() when check_ajax_referer() is called without its first parameter. This brings it inline with check_admin_referer().

Fixes #36361 git-svn-id: https://develop.svn.wordpress.org/trunk@38420 602fd350-edb4-49c9-b593-d223f7449a82
2026-04-04 20:54:29 +00:00 · 2016-08-28 17:14:52 +00:00
parent c786774d21
commit a03376e798
2 changed files with 32 additions and 0 deletions
--- a/src/wp-includes/pluggable.php
+++ b/src/wp-includes/pluggable.php
@@ -1080,6 +1080,10 @@ if ( !function_exists('check_ajax_referer') ) :
 *                   0-12 hours ago, 2 if the nonce is valid and generated between 12-24 hours ago.
 */
 function check_ajax_referer( $action = -1, $query_arg = false, $die = true ) {
+	if ( -1 == $action ) {
+		_doing_it_wrong( __FUNCTION__, __( 'You should specify a nonce action to be verified by using the first parameter.' ), '4.7' );
+	}
+
 	$nonce = '';

 	if ( $query_arg && isset( $_REQUEST[ $query_arg ] ) )