[wp-trac] [WordPress Trac] #26077: check_ajax_referer $result from wp_verify_nonce should use identical comparison operator
WordPress Trac
noreply at wordpress.org
Sun Nov 17 00:13:45 UTC 2013
#26077: check_ajax_referer $result from wp_verify_nonce should use identical
comparison operator
--------------------------+----------------------
Reporter: toddlahman | Owner:
Type: defect (bug) | Status: closed
Priority: normal | Milestone:
Component: Plugins | Version:
Severity: normal | Resolution: invalid
Keywords: has-patch |
--------------------------+----------------------
Changes (by dd32):
* status: new => closed
* resolution: => invalid
* milestone: Awaiting Review =>
Comment:
As the core `wp_verify_nonce()` only returns `false`, `1`, or, `2` as a
return value, the identical comparator isn't needed here, as it's
impossible for the function to return another falsey value that would be
valid.
As the function is pluggable, changing this can also introduce a security
issue, as a pluggable version of the function may only return falsey in
the event of failure (ie. `return 0;`).
--
Ticket URL: <http://core.trac.wordpress.org/ticket/26077#comment:1>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list