From ebfa390ea1d08107fc10aad0a97065169d9f5409 Mon Sep 17 00:00:00 2001 From: ocean90 Date: Wed, 26 Nov 2014 19:18:02 +0000 Subject: [PATCH] Type cast `$nonce` to string in `wp_verify_nonce()`. props jesin. fixes #29542. git-svn-id: https://develop.svn.wordpress.org/trunk@30576 602fd350-edb4-49c9-b593-d223f7449a82 --- src/wp-includes/pluggable.php | 3 ++- tests/phpunit/tests/auth.php | 13 ++++++++++--- 2 files changed, 12 insertions(+), 4 deletions(-) diff --git a/src/wp-includes/pluggable.php b/src/wp-includes/pluggable.php index eb8207bd99..f55631faff 100644 --- a/src/wp-includes/pluggable.php +++ b/src/wp-includes/pluggable.php @@ -1695,7 +1695,8 @@ if ( !function_exists('wp_verify_nonce') ) : * @param string|int $action Should give context to what is taking place and be the same when nonce was created. * @return bool Whether the nonce check passed or failed. */ -function wp_verify_nonce($nonce, $action = -1) { +function wp_verify_nonce( $nonce, $action = -1 ) { + $nonce = (string) $nonce; $user = wp_get_current_user(); $uid = (int) $user->ID; if ( ! $uid ) { diff --git a/tests/phpunit/tests/auth.php b/tests/phpunit/tests/auth.php index 5db5abfa38..8a3f6d9298 100644 --- a/tests/phpunit/tests/auth.php +++ b/tests/phpunit/tests/auth.php @@ -69,10 +69,10 @@ class Tests_Auth extends WP_UnitTestCase { /** * Test wp_hash_password trims whitespace - * - * This is similar to test_password_trimming but tests the "lower level" + * + * This is similar to test_password_trimming but tests the "lower level" * wp_hash_password function - * + * * @ticket 24973 */ function test_wp_hash_password_trimming() { @@ -101,6 +101,13 @@ class Tests_Auth extends WP_UnitTestCase { $this->assertFalse( wp_verify_nonce( null ) ); } + /** + * @ticket 29542 + */ + function test_wp_verify_nonce_with_integer_arg() { + $this->assertFalse( wp_verify_nonce( 1 ) ); + } + function test_password_length_limit() { $passwords = array( str_repeat( 'a', 4095 ), // short