From 54a8eff27a1bf3b9db0431bb21fff66b6b840b3c Mon Sep 17 00:00:00 2001
From: John Blackbourn <johnbillion@git.wordpress.org>
Date: Fri, 28 Feb 2014 23:28:44 +0000
Subject: [PATCH] Pass along preview query args only if they are already
 present. Avoids sloppily appending a preview nonce when there should not be
 one. See #17157.

git-svn-id: https://develop.svn.wordpress.org/trunk@27334 602fd350-edb4-49c9-b593-d223f7449a82
---
 src/wp-includes/post-template.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/wp-includes/post-template.php b/src/wp-includes/post-template.php
index 4aeae5d764..94b01eb484 100644
--- a/src/wp-includes/post-template.php
+++ b/src/wp-includes/post-template.php
@@ -719,10 +719,10 @@ function _wp_link_page( $i ) {
 			'preview' => 'true'
 		), $url );
 
-		if ( 'draft' !== $post->post_status ) {
+		if ( ( 'draft' !== $post->post_status ) && isset( $_GET['preview_id'], $_GET['preview_nonce'] ) ) {
 			$url = add_query_arg( array(
-				'preview_id'    => $post->ID,
-				'preview_nonce' => wp_create_nonce( 'post_preview_' . $post->ID )
+				'preview_id'    => wp_unslash( $_GET['preview_id'] ),
+				'preview_nonce' => wp_unslash( $_GET['preview_nonce'] )
 			), $url );
 		}
 	}