Security: Trigger a _doing_it_wrong() when check_ajax_referer() is called without its first parameter. This brings it inline with check_admin_referer().

Fixes #36361 git-svn-id: https://develop.svn.wordpress.org/trunk@38420 602fd350-edb4-49c9-b593-d223f7449a82
2026-06-28 14:20:15 +00:00 · 2016-08-28 17:14:52 +00:00
parent c786774d21
commit a03376e798
2 changed files with 32 additions and 0 deletions
--- a/tests/phpunit/tests/auth.php
+++ b/tests/phpunit/tests/auth.php
@@ -149,6 +149,34 @@ class Tests_Auth extends WP_UnitTestCase {
 		$this->assertEquals( $count, did_action( $this->nonce_failure_hook ) );
 	}

+	/**
+	 * @ticket 36361
+	 */
+	public function test_check_admin_referer_with_no_action_triggers_doing_it_wrong() {
+		$this->setExpectedIncorrectUsage( 'check_admin_referer' );
+
+		// A valid nonce needs to be set so the check doesn't die()
+		$_REQUEST['_wpnonce'] = wp_create_nonce( -1 );
+		$result = check_admin_referer();
+		$this->assertSame( 1, $result );
+
+		unset( $_REQUEST['_wpnonce'] );
+	}
+
+	/**
+	 * @ticket 36361
+	 */
+	public function test_check_ajax_referer_with_no_action_triggers_doing_it_wrong() {
+		$this->setExpectedIncorrectUsage( 'check_ajax_referer' );
+
+		// A valid nonce needs to be set so the check doesn't die()
+		$_REQUEST['_wpnonce'] = wp_create_nonce( -1 );
+		$result = check_ajax_referer();
+		$this->assertSame( 1, $result );
+
+		unset( $_REQUEST['_wpnonce'] );
+	}
+
 	function test_password_length_limit() {
 		$limit = str_repeat( 'a', 4096 );