Type cast $nonce to string in wp_verify_nonce().

props jesin. fixes #29542. git-svn-id: https://develop.svn.wordpress.org/trunk@30576 602fd350-edb4-49c9-b593-d223f7449a82
2014-11-26 19:18:02 +00:00 · 2014-11-26 19:18:02 +00:00 · ebfa390ea1
commit ebfa390ea1
parent 01b2c45025
2 changed files with 12 additions and 4 deletions
--- a/src/wp-includes/pluggable.php
+++ b/src/wp-includes/pluggable.php
@ -1695,7 +1695,8 @@ if ( !function_exists('wp_verify_nonce') ) :
 * @param string|int $action Should give context to what is taking place and be the same when nonce was created.
 * @return bool Whether the nonce check passed or failed.
 */
-function wp_verify_nonce($nonce, $action = -1) {
+function wp_verify_nonce( $nonce, $action = -1 ) {
+	$nonce = (string) $nonce;
 	$user = wp_get_current_user();
 	$uid = (int) $user->ID;
 	if ( ! $uid ) {
--- a/tests/phpunit/tests/auth.php
+++ b/tests/phpunit/tests/auth.php
@ -69,10 +69,10 @@ class Tests_Auth extends WP_UnitTestCase {

 	/**
 	 * Test wp_hash_password trims whitespace
-	 * 
-	 * This is similar to test_password_trimming but tests the "lower level" 
+	 *
+	 * This is similar to test_password_trimming but tests the "lower level"
 	 * wp_hash_password function
-	 * 
+	 *
 	 * @ticket 24973
 	 */
 	function test_wp_hash_password_trimming() {
@ -101,6 +101,13 @@ class Tests_Auth extends WP_UnitTestCase {
 		$this->assertFalse( wp_verify_nonce( null ) );
 	}

+	/**
+	 * @ticket 29542
+	 */
+	function test_wp_verify_nonce_with_integer_arg() {
+		$this->assertFalse( wp_verify_nonce( 1 ) );
+	}
+
 	function test_password_length_limit() {
 		$passwords = array(
 			str_repeat( 'a', 4095 ), // short