Type cast $nonce to string in wp_verify_nonce().

props jesin. fixes #29542. git-svn-id: https://develop.svn.wordpress.org/trunk@30576 602fd350-edb4-49c9-b593-d223f7449a82
2014-11-26 19:18:02 +00:00 · 2014-11-26 19:18:02 +00:00 · ebfa390ea1
commit ebfa390ea1
parent 01b2c45025
2 changed files with 12 additions and 4 deletions
--- a/src/wp-includes/pluggable.php
+++ b/src/wp-includes/pluggable.php
@ -1696,6 +1696,7 @@ if ( !function_exists('wp_verify_nonce') ) :
 * @return bool Whether the nonce check passed or failed.
 */
 function wp_verify_nonce( $nonce, $action = -1 ) {
+	$nonce = (string) $nonce;
 	$user = wp_get_current_user();
 	$uid = (int) $user->ID;
 	if ( ! $uid ) {
--- a/tests/phpunit/tests/auth.php
+++ b/tests/phpunit/tests/auth.php
@ -101,6 +101,13 @@ class Tests_Auth extends WP_UnitTestCase {
 		$this->assertFalse( wp_verify_nonce( null ) );
 	}

+	/**
+	 * @ticket 29542
+	 */
+	function test_wp_verify_nonce_with_integer_arg() {
+		$this->assertFalse( wp_verify_nonce( 1 ) );
+	}
+
 	function test_password_length_limit() {
 		$passwords = array(
 			str_repeat( 'a', 4095 ), // short