Index: wp-admin/admin-ajax.php
===================================================================
--- wp-admin/admin-ajax.php	(revision 18660)
+++ wp-admin/admin-ajax.php	(working copy)
@@ -1025,7 +1025,7 @@
 
 	$page = isset( $_POST['page'] ) ? $_POST['page'] : '';
 
-	if ( !preg_match( '/^[a-z_-]+$/', $page ) )
+	if ( ! sanitize_key( $page ) )
 		die('-1');
 
 	if ( ! $user = wp_get_current_user() )
@@ -1047,7 +1047,7 @@
 	$hidden = explode( ',', $_POST['hidden'] );
 	$page = isset( $_POST['page'] ) ? $_POST['page'] : '';
 
-	if ( !preg_match( '/^[a-z_-]+$/', $page ) )
+	if ( ! sanitize_key( $page ) )
 		die('-1');
 
 	if ( ! $user = wp_get_current_user() )
@@ -1146,7 +1146,7 @@
 
 	$page = isset( $_POST['page'] ) ? $_POST['page'] : '';
 
-	if ( !preg_match( '/^[a-z_-]+$/', $page ) )
+	if ( ! sanitize_key( $page ) )
 		die('-1');
 
 	if ( ! $user = wp_get_current_user() )