From be967880e21e3be588f6c3636175a0a0baead14e Mon Sep 17 00:00:00 2001
From: John Blackbourn <johnbillion@git.wordpress.org>
Date: Fri, 28 Feb 2014 23:29:14 +0000
Subject: [PATCH] Pass along preview query args only if they are already
 present. Avoids sloppily appending a preview nonce when there should not be
 one. See #17157. Built from https://develop.svn.wordpress.org/trunk@27334

git-svn-id: http://core.svn.wordpress.org/trunk@27186 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 wp-includes/post-template.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/wp-includes/post-template.php b/wp-includes/post-template.php
index 4aeae5d764..94b01eb484 100644
--- a/wp-includes/post-template.php
+++ b/wp-includes/post-template.php
@@ -719,10 +719,10 @@ function _wp_link_page( $i ) {
 			'preview' => 'true'
 		), $url );
 
-		if ( 'draft' !== $post->post_status ) {
+		if ( ( 'draft' !== $post->post_status ) && isset( $_GET['preview_id'], $_GET['preview_nonce'] ) ) {
 			$url = add_query_arg( array(
-				'preview_id'    => $post->ID,
-				'preview_nonce' => wp_create_nonce( 'post_preview_' . $post->ID )
+				'preview_id'    => wp_unslash( $_GET['preview_id'] ),
+				'preview_nonce' => wp_unslash( $_GET['preview_nonce'] )
 			), $url );
 		}
 	}