Security: Trigger a `_doing_it_wrong()` when `check_ajax_referer()` is called without its first parameter. This brings it inline with `check_admin_referer()`.
Fixes #36361 git-svn-id: https://develop.svn.wordpress.org/trunk@38420 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
parent
c786774d21
commit
a03376e798
|
@ -1080,6 +1080,10 @@ if ( !function_exists('check_ajax_referer') ) :
|
||||||
* 0-12 hours ago, 2 if the nonce is valid and generated between 12-24 hours ago.
|
* 0-12 hours ago, 2 if the nonce is valid and generated between 12-24 hours ago.
|
||||||
*/
|
*/
|
||||||
function check_ajax_referer( $action = -1, $query_arg = false, $die = true ) {
|
function check_ajax_referer( $action = -1, $query_arg = false, $die = true ) {
|
||||||
|
if ( -1 == $action ) {
|
||||||
|
_doing_it_wrong( __FUNCTION__, __( 'You should specify a nonce action to be verified by using the first parameter.' ), '4.7' );
|
||||||
|
}
|
||||||
|
|
||||||
$nonce = '';
|
$nonce = '';
|
||||||
|
|
||||||
if ( $query_arg && isset( $_REQUEST[ $query_arg ] ) )
|
if ( $query_arg && isset( $_REQUEST[ $query_arg ] ) )
|
||||||
|
|
|
@ -149,6 +149,34 @@ class Tests_Auth extends WP_UnitTestCase {
|
||||||
$this->assertEquals( $count, did_action( $this->nonce_failure_hook ) );
|
$this->assertEquals( $count, did_action( $this->nonce_failure_hook ) );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @ticket 36361
|
||||||
|
*/
|
||||||
|
public function test_check_admin_referer_with_no_action_triggers_doing_it_wrong() {
|
||||||
|
$this->setExpectedIncorrectUsage( 'check_admin_referer' );
|
||||||
|
|
||||||
|
// A valid nonce needs to be set so the check doesn't die()
|
||||||
|
$_REQUEST['_wpnonce'] = wp_create_nonce( -1 );
|
||||||
|
$result = check_admin_referer();
|
||||||
|
$this->assertSame( 1, $result );
|
||||||
|
|
||||||
|
unset( $_REQUEST['_wpnonce'] );
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @ticket 36361
|
||||||
|
*/
|
||||||
|
public function test_check_ajax_referer_with_no_action_triggers_doing_it_wrong() {
|
||||||
|
$this->setExpectedIncorrectUsage( 'check_ajax_referer' );
|
||||||
|
|
||||||
|
// A valid nonce needs to be set so the check doesn't die()
|
||||||
|
$_REQUEST['_wpnonce'] = wp_create_nonce( -1 );
|
||||||
|
$result = check_ajax_referer();
|
||||||
|
$this->assertSame( 1, $result );
|
||||||
|
|
||||||
|
unset( $_REQUEST['_wpnonce'] );
|
||||||
|
}
|
||||||
|
|
||||||
function test_password_length_limit() {
|
function test_password_length_limit() {
|
||||||
$limit = str_repeat( 'a', 4096 );
|
$limit = str_repeat( 'a', 4096 );
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue