From 1d038f7c24d617560cb0b62f453dfc630ade6410 Mon Sep 17 00:00:00 2001
From: Ryan Boren <ryan@git.wordpress.org>
Date: Mon, 11 Feb 2008 17:40:16 +0000
Subject: [PATCH] Fix edit slug ajax nonce. props nbachiyski. see #5816

git-svn-id: https://develop.svn.wordpress.org/trunk@6788 602fd350-edb4-49c9-b593-d223f7449a82
---
 wp-admin/admin-ajax.php         | 2 +-
 wp-admin/edit-form-advanced.php | 1 +
 wp-admin/js/slug.js             | 2 +-
 3 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/wp-admin/admin-ajax.php b/wp-admin/admin-ajax.php
index 61979a461c..fdb584dcea 100644
--- a/wp-admin/admin-ajax.php
+++ b/wp-admin/admin-ajax.php
@@ -525,7 +525,7 @@ case 'closed-postboxes' :
 	update_usermeta($current_user->ID, 'closedpostboxes_'.$page, $closed);
 break;
 case 'sample-permalink':
-	check_ajax_referer( $action );
+	check_ajax_referer( 'samplepermalink', 'samplepermalinknonce' );
 	$post_id = isset($_POST['post_id'])? intval($_POST['post_id']) : 0;
 	die(get_sample_permalink_html($post_id, $_POST['new_slug']));
 break;
diff --git a/wp-admin/edit-form-advanced.php b/wp-admin/edit-form-advanced.php
index 80cffd8dd6..1d92e767b1 100644
--- a/wp-admin/edit-form-advanced.php
+++ b/wp-admin/edit-form-advanced.php
@@ -90,6 +90,7 @@ addLoadEvent(focusit);
 <?php the_editor($post->post_content); ?>
 <?php wp_nonce_field( 'autosave', 'autosavenonce', false ); ?>
 <?php wp_nonce_field( 'closedpostboxes', 'closedpostboxesnonce', false ); ?>
+<?php wp_nonce_field( 'samplepermalink', 'samplepermalinknonce', false ); ?>
 </div>
 
 <?php echo $form_pingback ?>
diff --git a/wp-admin/js/slug.js b/wp-admin/js/slug.js
index a0a81af0f4..1851914ef5 100644
--- a/wp-admin/js/slug.js
+++ b/wp-admin/js/slug.js
@@ -14,7 +14,7 @@ function edit_permalink(post_id) {
 			action: 'sample-permalink',
 			post_id: post_id,
 			new_slug: new_slug,
-			cookie: document.cookie}, function(data) {
+			samplepermalinknonce: jQuery('#samplepermalinknonce').val()}, function(data) {
 				jQuery('#sample-permalink').html(data);
 				b.html(revert_b);
 				real_slug.attr('value', new_slug);