Administration: Ensure that admin referer nonce is valid.

Coding standards, ensure that nonce is valid with identical, rather then equal operator.

Props vortfu, xknown, whyisjake.


git-svn-id: https://develop.svn.wordpress.org/trunk@46477 602fd350-edb4-49c9-b593-d223f7449a82

src/wp-includes/pluggable.php

@@ -1106,7 +1106,7 @@ if ( ! function_exists( 'check_admin_referer' ) ) :
 	 *                   0-12 hours ago, 2 if the nonce is valid and generated between 12-24 hours ago.
 	 */
 	function check_admin_referer( $action = -1, $query_arg = '_wpnonce' ) {
-		if ( -1 == $action ) {
+		if ( -1 === $action ) {
 			_doing_it_wrong( __FUNCTION__, __( 'You should specify a nonce action to be verified by using the first parameter.' ), '3.2.0' );
 		}
 
@@ -1125,7 +1125,7 @@ if ( ! function_exists( 'check_admin_referer' ) ) :
 		 */
 		do_action( 'check_admin_referer', $action, $result );
 
-		if ( ! $result && ! ( -1 == $action && strpos( $referer, $adminurl ) === 0 ) ) {
+		if ( ! $result && ! ( -1 === $action && strpos( $referer, $adminurl ) === 0 ) ) {
 			wp_nonce_ays( $action );
 			die();
 		}

tests/phpunit/tests/auth.php

@@ -24,7 +24,7 @@ class Tests_Auth extends WP_UnitTestCase {
 
 		self::$user_id = self::$_user->ID;
 
-		require_once( ABSPATH . WPINC . '/class-phpass.php' );
+		require_once ABSPATH . WPINC . '/class-phpass.php';
 		self::$wp_hasher = new PasswordHash( 8, true );
 	}
 
@@ -165,6 +165,16 @@ class Tests_Auth extends WP_UnitTestCase {
 		unset( $_REQUEST['_wpnonce'] );
 	}
 
+	public function test_check_admin_referer_with_default_action_as_string_not_doing_it_wrong() {
+		$this->setExpectedIncorrectUsage( 'check_admin_referer' );
+		// A valid nonce needs to be set so the check doesn't die()
+		$_REQUEST['_wpnonce'] = wp_create_nonce( '-1' );
+		$result               = check_admin_referer( '-1' );
+		$this->assertSame( 1, $result );
+
+		unset( $_REQUEST['_wpnonce'] );
+	}
+
 	/**
 	 * @ticket 36361
 	 */