--- mini-posts_old.php	2006-09-17 11:28:10.000000000 +0530
+++ mini-posts.php	2007-08-10 23:50:15.000000000 +0530
@@ -44,6 +44,8 @@
        - Changed all references to the plugin's filename to basename(__FILE__), to avoid file naming issues
        - Added aliases to JOIN and WHERE clauses to avoid collisions with other plugins
         (thanks, Jerome and Mark!)
+0.5.3  - Vish: Fix for mini-posts metadata delete on comment creation. See 
+         http://markjaquith.wordpress.com/2007/01/28/authorization-and-intentionorigination-verification-when-using-the-edit_post-hook/
 
 */
 
@@ -339,10 +341,17 @@
 		$check = $is_mini ? 'checked="checked" ' : '';
 		
 		echo '<fieldset><legend><a href="http://doocy.net/mini-posts/help/" title="Help with MiniPosts">' . __('MiniPosts', 'MiniPosts') . '</a></legend>';
-		echo '<label for="is_mini_post"><input type="checkbox" name="is_mini_post" id="is_mini_post" value="1" '. $check . '/> '. __('This is a mini post', 'MiniPosts') . '</label></fieldset>';
+		echo '<label for="is_mini_post"><input type="checkbox" name="is_mini_post" id="is_mini_post" value="1" '. $check . '/> '. __('This is a mini post', 'MiniPosts') . '</label>';
+		echo '<input type="hidden" name="mini-posts-verify-key" id="mini-posts-verify-key" value="' . wp_create_nonce('mini-posts') . '" /></fieldset>';
 	}
 	
 	function mini_update_post($id) {
+	  //authorization
+	  if (!current_user_can('edit_post', $id))
+      return $id;
+    // origination and intention
+  	if (!wp_verify_nonce($_POST['mini-posts-verify-key'], 'mini-posts'))
+  		return $id;
 		delete_post_meta($id, '_mini_post');
 		$setting = (isset($_POST["is_mini_post"]) && $_POST["is_mini_post"] == "1") ? 1 : 0;
 		add_post_meta($id, '_mini_post', $setting);