Fire the `check_ajax_referer` action on failure as well as success.

See [33017] for `check_admin_referer`. props egill. fixes #33342. Built from https://develop.svn.wordpress.org/trunk@33743 git-svn-id: http://core.svn.wordpress.org/trunk@33711 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-08-25 23:25:21 +00:00 · 2015-08-25 23:25:21 +00:00 · b34af5586a
parent d75453cc7c
commit b34af5586a
2 changed files with 9 additions and 8 deletions
--- a/wp-includes/pluggable.php
+++ b/wp-includes/pluggable.php
@ -1139,13 +1139,6 @@ function check_ajax_referer( $action = -1, $query_arg = false, $die = true ) {

 	$result = wp_verify_nonce( $nonce, $action );

-	if ( $die && false === $result ) {
-		if ( defined( 'DOING_AJAX' ) && DOING_AJAX )
-			wp_die( -1 );
-		else
-			die( '-1' );
-	}
-
 	/**
 	 * Fires once the AJAX request has been validated or not.
 	 *
@ -1157,6 +1150,14 @@ function check_ajax_referer( $action = -1, $query_arg = false, $die = true ) {
 	 */
 	do_action( 'check_ajax_referer', $action, $result );

+	if ( $die && false === $result ) {
+		if ( defined( 'DOING_AJAX' ) && DOING_AJAX ) {
+			wp_die( -1 );
+		} else {
+			die( '-1' );
+		}
+	}
+
 	return $result;
 }
 endif;
--- a/wp-includes/version.php
+++ b/wp-includes/version.php
@ -4,7 +4,7 @@
 *
 * @global string $wp_version
 */
-$wp_version = '4.4-alpha-33742';
+$wp_version = '4.4-alpha-33743';

 /**
 * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.