From bf0272c8b1329b00f5101c3faea4c7b5d440cf10 Mon Sep 17 00:00:00 2001
From: Andrew Nacin <nacin@git.wordpress.org>
Date: Tue, 26 Aug 2014 07:38:51 +0000
Subject: [PATCH] Require a non-empty $nonce value in wp_verify_nonce().

props ocean90.
fixes #29217.


git-svn-id: https://develop.svn.wordpress.org/trunk@29620 602fd350-edb4-49c9-b593-d223f7449a82
---
 src/wp-includes/pluggable.php | 4 ++++
 tests/phpunit/tests/auth.php  | 8 ++++++++
 2 files changed, 12 insertions(+)

diff --git a/src/wp-includes/pluggable.php b/src/wp-includes/pluggable.php
index f2602960e7..8f20f7037f 100644
--- a/src/wp-includes/pluggable.php
+++ b/src/wp-includes/pluggable.php
@@ -1707,6 +1707,10 @@ function wp_verify_nonce($nonce, $action = -1) {
 		$uid = apply_filters( 'nonce_user_logged_out', $uid, $action );
 	}
 
+	if ( empty( $nonce ) ) {
+		return false;
+	}
+
 	$token = wp_get_session_token();
 	$i = wp_nonce_tick();
 
diff --git a/tests/phpunit/tests/auth.php b/tests/phpunit/tests/auth.php
index 32c679f9be..57faac9db7 100644
--- a/tests/phpunit/tests/auth.php
+++ b/tests/phpunit/tests/auth.php
@@ -91,4 +91,12 @@ class Tests_Auth extends WP_UnitTestCase {
 		$password = "pass with vertial tab o_O\x0B";
 		$this->assertTrue( wp_check_password( 'pass with vertial tab o_O', wp_hash_password( $password ) ) );
 	}
+
+	/**
+	 * @ticket 29217
+	 */
+	function test_wp_verify_nonce_with_empty_arg() {
+		$this->assertFalse( wp_verify_nonce( '' ) );
+		$this->assertFalse( wp_verify_nonce( null ) );
+	}
 }