Add nonce protection for setting/removing featured post image. fixes #13438

git-svn-id: http://svn.automattic.com/wordpress/trunk@14730 1a063a9b-81f0-0310-95a4-ce76da25c4cd

wp-admin/js/post.dev.js

@@ -218,9 +218,9 @@ WPSetThumbnailID = function(id){
 	}
 };
 
-WPRemoveThumbnail = function(){
+WPRemoveThumbnail = function(nonce){
 	$.post(ajaxurl, {
-		action:"set-post-thumbnail", post_id: $('#post_ID').val(), thumbnail_id: -1, cookie: encodeURIComponent(document.cookie)
+		action:"set-post-thumbnail", post_id: $('#post_ID').val(), thumbnail_id: -1, _ajax_nonce: nonce, cookie: encodeURIComponent(document.cookie)
 	}, function(str){
 		if ( str == '0' ) {
 			alert( setPostThumbnailL10n.error );