Index: wp-admin/admin-ajax.php
===================================================================
--- wp-admin/admin-ajax.php	(revision 6787)
+++ wp-admin/admin-ajax.php	(working copy)
@@ -525,7 +525,7 @@
 	update_usermeta($current_user->ID, 'closedpostboxes_'.$page, $closed);
 break;
 case 'sample-permalink':
-	check_ajax_referer( $action );
+	check_ajax_referer( 'samplepermalink', 'samplepermalinknonce' );
 	$post_id = isset($_POST['post_id'])? intval($_POST['post_id']) : 0;
 	die(get_sample_permalink_html($post_id, $_POST['new_slug']));
 break;
Index: wp-admin/js/slug.js
===================================================================
--- wp-admin/js/slug.js	(revision 6787)
+++ wp-admin/js/slug.js	(working copy)
@@ -14,7 +14,7 @@
 			action: 'sample-permalink',
 			post_id: post_id,
 			new_slug: new_slug,
-			cookie: document.cookie}, function(data) {
+			samplepermalinknonce: jQuery('#samplepermalinknonce').val()}, function(data) {
 				jQuery('#sample-permalink').html(data);
 				b.html(revert_b);
 				real_slug.attr('value', new_slug);	
Index: wp-admin/edit-form-advanced.php
===================================================================
--- wp-admin/edit-form-advanced.php	(revision 6787)
+++ wp-admin/edit-form-advanced.php	(working copy)
@@ -90,6 +90,7 @@
 <?php the_editor($post->post_content); ?>
 <?php wp_nonce_field( 'autosave', 'autosavenonce', false ); ?>
 <?php wp_nonce_field( 'closedpostboxes', 'closedpostboxesnonce', false ); ?>
+<?php wp_nonce_field( 'samplepermalink', 'samplepermalinknonce', false ); ?>
 </div>
 
 <?php echo $form_pingback ?>