diff --git a/wp-admin/includes/class-wp-comments-list-table.php b/wp-admin/includes/class-wp-comments-list-table.php
index e3c332e765..122a719450 100644
--- a/wp-admin/includes/class-wp-comments-list-table.php
+++ b/wp-admin/includes/class-wp-comments-list-table.php
@@ -638,8 +638,23 @@ class WP_Comments_List_Table extends WP_List_Table {
public function single_row( $item ) {
global $post, $comment;
+ // Restores the more descriptive, specific name for use within this method.
$comment = $item;
+ if ( $comment->comment_post_ID > 0 ) {
+ $post = get_post( $comment->comment_post_ID );
+ }
+
+ $edit_post_cap = $post ? 'edit_post' : 'edit_posts';
+
+ if ( ! current_user_can( $edit_post_cap, $comment->comment_post_ID )
+ && ( ! empty( $post->post_password )
+ || ! current_user_can( 'read_post', $comment->comment_post_ID ) )
+ ) {
+ // The user has no access to the post and thus cannot see the comments.
+ return false;
+ }
+
$the_comment_class = wp_get_comment_status( $comment );
if ( ! $the_comment_class ) {
@@ -648,25 +663,8 @@ class WP_Comments_List_Table extends WP_List_Table {
$the_comment_class = implode( ' ', get_comment_class( $the_comment_class, $comment, $comment->comment_post_ID ) );
- if ( $comment->comment_post_ID > 0 ) {
- $post = get_post( $comment->comment_post_ID );
- }
-
$this->user_can = current_user_can( 'edit_comment', $comment->comment_ID );
- $edit_post_cap = $post ? 'edit_post' : 'edit_posts';
- if (
- current_user_can( $edit_post_cap, $comment->comment_post_ID ) ||
- (
- empty( $post->post_password ) &&
- current_user_can( 'read_post', $comment->comment_post_ID )
- )
- ) {
- // The user has access to the post and thus can see comments.
- } else {
- return false;
- }
-
echo "
\n";
diff --git a/wp-admin/includes/class-wp-list-table.php b/wp-admin/includes/class-wp-list-table.php
index d4cb589051..31168803d9 100644
--- a/wp-admin/includes/class-wp-list-table.php
+++ b/wp-admin/includes/class-wp-list-table.php
@@ -828,6 +828,17 @@ class WP_List_Table {
* @param int $pending_comments Number of pending comments.
*/
protected function comments_bubble( $post_id, $pending_comments ) {
+ $post_object = get_post( $post_id );
+ $edit_post_cap = $post_object ? 'edit_post' : 'edit_posts';
+
+ if ( ! current_user_can( $edit_post_cap, $post_id )
+ && ( ! empty( $post_object->post_password )
+ || ! current_user_can( 'read_post', $post_id ) )
+ ) {
+ // The user has no access to the post and thus cannot see the comments.
+ return false;
+ }
+
$approved_comments = get_comments_number();
$approved_comments_number = number_format_i18n( $approved_comments );
@@ -851,20 +862,6 @@ class WP_List_Table {
$pending_comments_number
);
- $post_object = get_post( $post_id );
- $edit_post_cap = $post_object ? 'edit_post' : 'edit_posts';
- if (
- current_user_can( $edit_post_cap, $post_id ) ||
- (
- empty( $post_object->post_password ) &&
- current_user_can( 'read_post', $post_id )
- )
- ) {
- // The user has access to the post and thus can see comments.
- } else {
- return false;
- }
-
if ( ! $approved_comments && ! $pending_comments ) {
// No comments at all.
printf(
diff --git a/wp-admin/includes/dashboard.php b/wp-admin/includes/dashboard.php
index 5b50423949..bbbeb0b855 100644
--- a/wp-admin/includes/dashboard.php
+++ b/wp-admin/includes/dashboard.php
@@ -1088,7 +1088,13 @@ function wp_dashboard_recent_comments( $total_items = 5 ) {
}
foreach ( $possible as $comment ) {
- if ( ! current_user_can( 'read_post', $comment->comment_post_ID ) ) {
+ $comment_post = get_post( $comment->comment_post_ID );
+
+ if ( ! current_user_can( 'edit_post', $comment->comment_post_ID )
+ && ( ! empty( $comment_post->post_password )
+ || ! current_user_can( 'read_post', $comment->comment_post_ID ) )
+ ) {
+ // The user has no access to the post and thus cannot see the comments.
continue;
}
@@ -1109,16 +1115,7 @@ function wp_dashboard_recent_comments( $total_items = 5 ) {
echo '';
diff --git a/wp-includes/version.php b/wp-includes/version.php
index 932fb13fdd..94733ead5c 100644
--- a/wp-includes/version.php
+++ b/wp-includes/version.php
@@ -16,7 +16,7 @@
*
* @global string $wp_version
*/
-$wp_version = '6.5-alpha-57122';
+$wp_version = '6.5-alpha-57123';
/**
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.