[wp-trac] [WordPress Trac] #26077: check_ajax_referer $result from wp_verify_nonce should use identical comparison operator
WordPress Trac
noreply at wordpress.org
Sat Nov 16 23:39:09 UTC 2013
#26077: check_ajax_referer $result from wp_verify_nonce should use identical
comparison operator
--------------------------+-----------------------------
Reporter: toddlahman | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Plugins | Version:
Severity: normal | Keywords: has-patch
--------------------------+-----------------------------
In the check_ajax_referer() function it gets the following value:
{{{
$result = wp_verify_nonce( $nonce, $action );
}}}
The value is then tested as follows:
{{{
if ( $die && false == $result ) {
}}}
The correct test should use the identical comparison operator since
wp_verify_nonce returns false if it fails to verify:
{{{
if ( $die && false === $result ) {
}}}
--
Ticket URL: <http://core.trac.wordpress.org/ticket/26077>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list