Type cast $nonce to string in wp_verify_nonce().

props jesin.
fixes #29542.

git-svn-id: https://develop.svn.wordpress.org/trunk@30576 602fd350-edb4-49c9-b593-d223f7449a82

src/wp-includes/pluggable.php

@@ -1695,7 +1695,8 @@ if ( !function_exists('wp_verify_nonce') ) :
  * @param string|int $action Should give context to what is taking place and be the same when nonce was created.
  * @return bool Whether the nonce check passed or failed.
  */
-function wp_verify_nonce($nonce, $action = -1) {
+function wp_verify_nonce( $nonce, $action = -1 ) {
+	$nonce = (string) $nonce;
 	$user = wp_get_current_user();
 	$uid = (int) $user->ID;
 	if ( ! $uid ) {

tests/phpunit/tests/auth.php

@@ -69,10 +69,10 @@ class Tests_Auth extends WP_UnitTestCase {
 
 	/**
 	 * Test wp_hash_password trims whitespace
-	 * 
+	 *
-	 * This is similar to test_password_trimming but tests the "lower level" 
+	 * This is similar to test_password_trimming but tests the "lower level"
 	 * wp_hash_password function
-	 * 
+	 *
 	 * @ticket 24973
 	 */
 	function test_wp_hash_password_trimming() {
@@ -101,6 +101,13 @@ class Tests_Auth extends WP_UnitTestCase {
 		$this->assertFalse( wp_verify_nonce( null ) );
 	}
 
+	/**
+	 * @ticket 29542
+	 */
+	function test_wp_verify_nonce_with_integer_arg() {
+		$this->assertFalse( wp_verify_nonce( 1 ) );
+	}
+
 	function test_password_length_limit() {
 		$passwords = array(
 			str_repeat( 'a', 4095 ), // short