Changeset 27334 for trunk/src/wp-includes/post-template.php

Timestamp:

02/28/2014 11:28:44 PM (11 years ago)

Author:

johnbillion

Message:

Pass along preview query args only if they are already present. Avoids sloppily appending a preview nonce when there should not be one. See #17157.

File:

• trunk/src/wp-includes/post-template.php (modified) (1 diff)

trunk/src/wp-includes/post-template.php

@@ -720 +720 @@
         ), $url );
 
-        if ( 'draft' !== $post->post_status ) {
+        if ( ( 'draft' !== $post->post_status ) && isset( $_GET['preview_id'], $_GET['preview_nonce'] ) ) {
             $url = add_query_arg( array(
-                'preview_id'    => $post->ID,
-                'preview_nonce' => wp_create_nonce( 'post_preview_' . $post->ID )
+                'preview_id'    => wp_unslash( $_GET['preview_id'] ),
+                'preview_nonce' => wp_unslash( $_GET['preview_nonce'] )
             ), $url );
         }