From 73233a081e0d5cb28e962906f35cf0bd8e9bca90 Mon Sep 17 00:00:00 2001
From: Paul Bearne <pbearne@git.wordpress.org>
Date: Thu, 14 May 2026 17:06:04 -0400
Subject: [PATCH 1/2] Add unit tests for `wp_ajax_rest_nonce` functionality

---
 .../includes/ajax-actions/wpAjaxRestNonce.php | 68 +++++++++++++++++++
 1 file changed, 68 insertions(+)
 create mode 100644 tests/phpunit/tests/admin/includes/ajax-actions/wpAjaxRestNonce.php

diff --git a/tests/phpunit/tests/admin/includes/ajax-actions/wpAjaxRestNonce.php b/tests/phpunit/tests/admin/includes/ajax-actions/wpAjaxRestNonce.php
new file mode 100644
index 0000000000000..f8c1d4768a6bd
--- /dev/null
+++ b/tests/phpunit/tests/admin/includes/ajax-actions/wpAjaxRestNonce.php
@@ -0,0 +1,68 @@
+<?php
+
+/**
+ * Admin Ajax functions to be tested.
+ */
+require_once ABSPATH . 'wp-admin/includes/ajax-actions.php';
+
+/**
+ * Testing wp_ajax_rest_nonce() functionality.
+ *
+ * @package WordPress
+ * @subpackage UnitTests
+ * @since 5.3.0
+ *
+ * @group ajax
+ *
+ * @covers ::wp_ajax_rest_nonce
+ */
+class Tests_Ajax_wpAjaxRestNonce extends WP_Ajax_UnitTestCase {
+
+	public function set_up() {
+		parent::set_up();
+		add_action( 'wp_ajax_rest-nonce', 'wp_ajax_rest_nonce' );
+	}
+
+	/**
+	 * Tests the rest-nonce AJAX action.
+	 *
+	 * @ticket 65243
+	 */
+	public function test_wp_ajax_rest_nonce(): void {
+		// Become a subscriber.
+		$this->_setRole( 'subscriber' );
+
+		// Set up the request.
+		$_REQUEST['action'] = 'rest-nonce';
+
+		// Make the request.
+		try {
+			ob_start();
+			$this->_handleAjax( 'rest-nonce' );
+		} catch ( WPAjaxDieContinueException $e ) {
+			// Expected exception.
+			$this->_last_response = ob_get_clean();
+			unset( $e );
+		} catch ( WPAjaxDieStopException $e ) {
+			$this->_last_response = $e->getMessage();
+			ob_end_clean();
+		}
+
+		// The response should be a valid nonce for 'wp_rest'.
+		$this->assertNotEmpty( $this->_last_response, 'The response should not be empty' );
+		$this->assertSame( 1, wp_verify_nonce( $this->_last_response, 'wp_rest' ), 'The response should be a valid nonce for "wp_rest"' );
+	}
+
+	/**
+	 * Tests the rest-nonce AJAX action as a logged-out user.
+	 *
+	 * @ticket 65243
+	 */
+	public function test_wp_ajax_rest_nonce_logged_out(): void {
+		// Log out.
+		wp_set_current_user( 0 );
+
+		// To test the "logged-out" behavior properly, we should verify it DOES NOT have a nopriv handler.
+		$this->assertFalse( has_action( 'wp_ajax_nopriv_rest-nonce' ), 'Should not have a nopriv handler' );
+	}
+}

From c4549a5f7af1afd50508818f35793b1f5d7429cd Mon Sep 17 00:00:00 2001
From: Paul Bearne <pbearne@gmail.com>
Date: Fri, 15 May 2026 09:07:33 -0400
Subject: [PATCH 2/2] Update
 tests/phpunit/tests/admin/includes/ajax-actions/wpAjaxRestNonce.php

Co-authored-by: Mukesh Panchal <mukeshpanchal27@users.noreply.github.com>
---
 .../tests/admin/includes/ajax-actions/wpAjaxRestNonce.php        | 1 -
 1 file changed, 1 deletion(-)

diff --git a/tests/phpunit/tests/admin/includes/ajax-actions/wpAjaxRestNonce.php b/tests/phpunit/tests/admin/includes/ajax-actions/wpAjaxRestNonce.php
index f8c1d4768a6bd..cc66dfe715a20 100644
--- a/tests/phpunit/tests/admin/includes/ajax-actions/wpAjaxRestNonce.php
+++ b/tests/phpunit/tests/admin/includes/ajax-actions/wpAjaxRestNonce.php
@@ -10,7 +10,6 @@
  *
  * @package WordPress
  * @subpackage UnitTests
- * @since 5.3.0
  *
  * @group ajax
  *