Skip to content

Commit

Permalink
Require a non-empty $nonce value in wp_verify_nonce().
Browse files Browse the repository at this point in the history 
props ocean90.
fixes #29217.

Built from https://develop.svn.wordpress.org/trunk@29620


git-svn-id: http://core.svn.wordpress.org/trunk@29394 1a063a9b-81f0-0310-95a4-ce76da25c4cd
  • Loading branch information
@nacin
nacin committed Aug 26, 2014
1 parent 67b0e36 commit 3951d96
Showing 1 changed file with 4 additions and 0 deletions.
4 changes: 4 additions & 0 deletions wp-includes/pluggable.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1707,6 +1707,10 @@ function wp_verify_nonce($nonce, $action = -1) {
$uid = apply_filters( 'nonce_user_logged_out', $uid, $action );
}

if ( empty( $nonce ) ) {
return false;
}

$token = wp_get_session_token();
$i = wp_nonce_tick();

Expand Down

0 comments on commit 3951d96

Please sign in to comment.