[wp-trac] [WordPress Trac] #29217: HHVM Fatal error with hash_equals() on WordPress 3.9.2
WordPress Trac
noreply at wordpress.org
Fri Aug 15 12:00:52 UTC 2014
#29217: HHVM Fatal error with hash_equals() on WordPress 3.9.2
---------------------------+--------------------
Reporter: kinstahosting | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: 4.0
Component: General | Version: 3.9.2
Severity: normal | Resolution:
Keywords: has-patch | Focuses:
---------------------------+--------------------
Changes (by ocean90):
* keywords: => has-patch
* milestone: Awaiting Review => 4.0
Comment:
The error comes from `wp_verify_nonce()`, see [source:tags/3.9.2/src/wp-
includes/pluggable.php#L1662], where `$nonce` seems to be null.
Before [29384] `$nonce` was used inside the condition and is now passed to
`hash_equals()`. I think we should bail earlier, when `$nonce` is empty,
see [attachment:29217.patch].
--
Ticket URL: <https://core.trac.wordpress.org/ticket/29217#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list