elcontraption · November 3, 2014 22:30 · ZaheerAbbasAghani · Feb 15, 2016
diff --git a/gistfile1.txt b/gistfile1.txt
 <?php
 /*
 Plugin Name:  Patch wp_verify_nonce
 Description:  Fixes Advanced Custom Fields bug: http://support.advancedcustomfields.com/forums/topic/warnings-with-clean-install-of-acf-pro-5-0-9-and-wp-4/
 Version:      1.0.0
 Author:       Darin Reid
 Author URI:   http://elcontraption.com/
 */

 if ( !function_exists('wp_verify_nonce') ) :
 /**
 * Verify that correct nonce was used with time limit.
 *
 * The user is given an amount of time to use the token, so therefore, since the
 * UID and $action remain the same, the independent variable is the time.
 *
 * @since 2.0.3
 *
 * @param string $nonce Nonce that was used in the form to verify
 * @param string|int $action Should give context to what is taking place and be the same when nonce was created.
 * @return bool Whether the nonce check passed or failed.
 */
 function wp_verify_nonce($nonce, $action = -1) {

    // Fix: Typecast $nonce as a string
    $nonce = (string) $nonce;

    $user = wp_get_current_user();
    $uid = (int) $user->ID;
    if ( ! $uid ) {
        /**
         * Filter whether the user who generated the nonce is logged out.
         *
         * @since 3.5.0
         *
         * @param int    $uid    ID of the nonce-owning user.
         * @param string $action The nonce action.
         */
        $uid = apply_filters( 'nonce_user_logged_out', $uid, $action );
    }

    if ( empty( $nonce ) ) {
        return false;
    }

    $token = wp_get_session_token();
    $i = wp_nonce_tick();

    // Nonce generated 0-12 hours ago
    $expected = substr( wp_hash( $i . '|' . $action . '|' . $uid . '|' . $token, 'nonce'), -12, 10 );
    if ( hash_equals( $expected, $nonce ) ) {
        return 1;
    }

    // Nonce generated 12-24 hours ago
    $expected = substr( wp_hash( ( $i - 1 ) . '|' . $action . '|' . $uid . '|' . $token, 'nonce' ), -12, 10 );
    if ( hash_equals( $expected, $nonce ) ) {
        return 2;
    }

    // Invalid nonce
    return false;
 }
 endif;
	<?php
	/*
	Plugin Name: Patch wp_verify_nonce
	Description: Fixes Advanced Custom Fields bug: http://support.advancedcustomfields.com/forums/topic/warnings-with-clean-install-of-acf-pro-5-0-9-and-wp-4/
	Version: 1.0.0
	Author: Darin Reid
	Author URI: http://elcontraption.com/
	*/

	if ( !function_exists('wp_verify_nonce') ) :
	/**
	* Verify that correct nonce was used with time limit.
	*
	* The user is given an amount of time to use the token, so therefore, since the
	* UID and $action remain the same, the independent variable is the time.
	*
	* @since 2.0.3
	*
	* @param string $nonce Nonce that was used in the form to verify
	* @param string\|int $action Should give context to what is taking place and be the same when nonce was created.
	* @return bool Whether the nonce check passed or failed.
	*/
	function wp_verify_nonce($nonce, $action = -1) {

	// Fix: Typecast $nonce as a string
	$nonce = (string) $nonce;

	$user = wp_get_current_user();
	$uid = (int) $user->ID;
	if ( ! $uid ) {
	/**
	* Filter whether the user who generated the nonce is logged out.
	*
	* @since 3.5.0
	*
	* @param int $uid ID of the nonce-owning user.
	* @param string $action The nonce action.
	*/
	$uid = apply_filters( 'nonce_user_logged_out', $uid, $action );
	}

	if ( empty( $nonce ) ) {
	return false;
	}

	$token = wp_get_session_token();
	$i = wp_nonce_tick();

	// Nonce generated 0-12 hours ago
	$expected = substr( wp_hash( $i . '\|' . $action . '\|' . $uid . '\|' . $token, 'nonce'), -12, 10 );
	if ( hash_equals( $expected, $nonce ) ) {
	return 1;
	}

	// Nonce generated 12-24 hours ago
	$expected = substr( wp_hash( ( $i - 1 ) . '\|' . $action . '\|' . $uid . '\|' . $token, 'nonce' ), -12, 10 );
	if ( hash_equals( $expected, $nonce ) ) {
	return 2;
	}

	// Invalid nonce
	return false;
	}
	endif;