Ticket #5816: slug-ajax-nonce.diff

wp-admin/admin-ajax.php

@@ -525 +525 @@
         update_usermeta($current_user->ID, 'closedpostboxes_'.$page, $closed);
 break;
 case 'sample-permalink':
-        check_ajax_referer( $action );
+        check_ajax_referer( 'samplepermalink', 'samplepermalinknonce' );
         $post_id = isset($_POST['post_id'])? intval($_POST['post_id']) : 0;
         die(get_sample_permalink_html($post_id, $_POST['new_slug']));
 break;

wp-admin/js/slug.js

@@ -14 +14 @@
                         action: 'sample-permalink',
                         post_id: post_id,
                         new_slug: new_slug,
-                        cookie: document.cookie}, function(data) {
+                        samplepermalinknonce: jQuery('#samplepermalinknonce').val()}, function(data) {
                                 jQuery('#sample-permalink').html(data);
                                 b.html(revert_b);
                                 real_slug.attr('value', new_slug);      

wp-admin/edit-form-advanced.php

@@ -90 +90 @@
 <?php the_editor($post->post_content); ?>
 <?php wp_nonce_field( 'autosave', 'autosavenonce', false ); ?>
 <?php wp_nonce_field( 'closedpostboxes', 'closedpostboxesnonce', false ); ?>
+<?php wp_nonce_field( 'samplepermalink', 'samplepermalinknonce', false ); ?>
 </div>
 
 <?php echo $form_pingback ?>