Coding Standards: Cast $expired to an integer in `wp_validate_auth_…

…cookie()`. This resolves an issue where the string `$expired` value is used both in a comparison and addition with integer values. Follow-up to [6387], [28424], [45590]. Props justlevine. See #52217. git-svn-id: https://develop.svn.wordpress.org/trunk@59459 602fd350-edb4-49c9-b593-d223f7449a82
WordPress · Nov 25, 2024 · 75c587f · 75c587f
1 parent 1aa41de
commit 75c587f
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/src/wp-includes/pluggable.php b/src/wp-includes/pluggable.php
@@ -710,9 +710,10 @@ function wp_validate_auth_cookie( $cookie = '', $scheme = '' ) {
 		$username   = $cookie_elements['username'];
 		$hmac       = $cookie_elements['hmac'];
 		$token      = $cookie_elements['token'];
-		$expired    = $cookie_elements['expiration'];
 		$expiration = $cookie_elements['expiration'];
 
+		$expired = (int) $expiration;
+
 		// Allow a grace period for POST and Ajax requests.
 		if ( wp_doing_ajax() || 'POST' === $_SERVER['REQUEST_METHOD'] ) {
 			$expired += HOUR_IN_SECONDS;