Security: Trigger a _doing_it_wrong() when check_ajax_referer() is called without its first parameter. This brings it inline with check_admin_referer().

Fixes #36361 Built from https://develop.svn.wordpress.org/trunk@38420 git-svn-id: http://core.svn.wordpress.org/trunk@38361 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2025-03-09 07:00:01 +00:00 · 2016-08-28 17:15:28 +00:00 · 2016-08-28 17:15:28 +00:00 · b85e322e35
commit b85e322e35
parent 6b3a3713fd
2 changed files with 5 additions and 1 deletions
--- a/wp-includes/pluggable.php
+++ b/wp-includes/pluggable.php
@ -1080,6 +1080,10 @@ if ( !function_exists('check_ajax_referer') ) :
 *                   0-12 hours ago, 2 if the nonce is valid and generated between 12-24 hours ago.
 */
 function check_ajax_referer( $action = -1, $query_arg = false, $die = true ) {
+	if ( -1 == $action ) {
+		_doing_it_wrong( __FUNCTION__, __( 'You should specify a nonce action to be verified by using the first parameter.' ), '4.7' );
+	}
+
 	$nonce = '';

 	if ( $query_arg && isset( $_REQUEST[ $query_arg ] ) )
--- a/wp-includes/version.php
+++ b/wp-includes/version.php
@ -4,7 +4,7 @@
 *
 * @global string $wp_version
 */
-$wp_version = '4.7-alpha-38419';
+$wp_version = '4.7-alpha-38420';

 /**
 * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.