From 626e77ec3b3bbaf848804f37a7818eaafab0e4d1 Mon Sep 17 00:00:00 2001
From: Andrew Nacin <nacin@git.wordpress.org>
Date: Fri, 21 Jun 2013 02:11:31 +0000
Subject: [PATCH] Add strict check to wp_verify_nonce() to avoid issues when it
 is improperly called.

git-svn-id: https://develop.svn.wordpress.org/trunk@24461 602fd350-edb4-49c9-b593-d223f7449a82
---
 wp-includes/pluggable.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/wp-includes/pluggable.php b/wp-includes/pluggable.php
index 47e4db76c1..76ebd21109 100644
--- a/wp-includes/pluggable.php
+++ b/wp-includes/pluggable.php
@@ -1259,10 +1259,10 @@ function wp_verify_nonce($nonce, $action = -1) {
 	$i = wp_nonce_tick();
 
 	// Nonce generated 0-12 hours ago
-	if ( substr(wp_hash($i . $action . $uid, 'nonce'), -12, 10) == $nonce )
+	if ( substr(wp_hash($i . $action . $uid, 'nonce'), -12, 10) === $nonce )
 		return 1;
 	// Nonce generated 12-24 hours ago
-	if ( substr(wp_hash(($i - 1) . $action . $uid, 'nonce'), -12, 10) == $nonce )
+	if ( substr(wp_hash(($i - 1) . $action . $uid, 'nonce'), -12, 10) === $nonce )
 		return 2;
 	// Invalid nonce
 	return false;