diff --git a/wp-blog-header.php b/wp-blog-header.php index cd53ce9cf3..f34d6835bb 100644 --- a/wp-blog-header.php +++ b/wp-blog-header.php @@ -85,7 +85,7 @@ if ((isset($_GET['error']) && $_GET['error'] == '404') || } } -$wpvarstoreset = array('m','p','posts','w', 'cat','withcomments','s','search','exact', 'sentence','preview','debug', 'calendar','page','paged','more','tb', 'pb','author','order','orderby', 'year', 'monthnum', 'day', 'hour', 'minute', 'second', 'name', 'category_name', 'feed', 'author_name', 'static', 'pagename', 'page_id', 'error', 'comments_popup'); +$wpvarstoreset = array('m','p','posts','w', 'cat','withcomments','s','search','exact', 'sentence', 'debug', 'calendar','page','paged','more','tb', 'pb','author','order','orderby', 'year', 'monthnum', 'day', 'hour', 'minute', 'second', 'name', 'category_name', 'feed', 'author_name', 'static', 'pagename', 'page_id', 'error', 'comments_popup'); $wpvarstoreset = apply_filters('query_vars', $wpvarstoreset); @@ -167,6 +167,7 @@ foreach (array_merge($wpvarstoreset, $more_wpvars) as $wpvar) { $query_string = apply_filters('query_string', $query_string); update_category_cache(); +get_currentuserinfo(); // Call query posts to do the work. $posts = & query_posts($query_string); diff --git a/wp-includes/classes.php b/wp-includes/classes.php index 125d43868a..fa8bffc2d0 100644 --- a/wp-includes/classes.php +++ b/wp-includes/classes.php @@ -493,16 +493,17 @@ class WP_Query { } if ($this->is_page) { - $where .= ' AND (post_status = "static"'; + $where .= ' AND (post_status = "static")'; + } elseif ($this->is_single) { + $where .= ' AND (post_status != "static")'; } else { $where .= ' AND (post_status = "publish"'; - } - // Get private posts - if (isset($user_ID) && ('' != intval($user_ID))) - $where .= " OR post_author = $user_ID AND post_status != 'draft' AND post_status != 'static')"; - else - $where .= ')'; + if (isset($user_ID) && ('' != intval($user_ID))) + $where .= " OR post_author = $user_ID AND post_status != 'draft' AND post_status != 'static')"; + else + $where .= ')'; + } // Apply filters on where and join prior to paging so that any // manipulations to them are reflected in the paging by day queries. @@ -543,16 +544,27 @@ class WP_Query { $orderby = apply_filters('posts_orderby', $orderby); $request = " SELECT $distinct * FROM $wpdb->posts $join WHERE 1=1".$where." ORDER BY " . $orderby . " $limits"; - if ($q['preview']) { - $request = 'SELECT 1-1'; // dummy mysql query for the preview - // little funky fix for IEwin, rawk on that code - $is_winIE = ((preg_match('/MSIE/',$HTTP_USER_AGENT)) && (preg_match('/Win/',$HTTP_USER_AGENT))); - if (($is_winIE) && (!isset($IEWin_bookmarklet_fix))) { - $preview_content = preg_replace('/\%u([0-9A-F]{4,4})/e', "'&#'.base_convert('\\1',16,10).';'", $preview_content); + $this->posts = $wpdb->get_results($request); + + // Check post status to determine if post should be displayed. + if ($this->is_single) { + if ('publish' != $this->posts[0]->post_status) { + if ( ! (isset($user_ID) && ('' != intval($user_ID))) ) { + // User must be logged in to view unpublished posts. + $this->posts = array(); + } else { + if ('draft' == $this->posts[0]->post_status) { + // User must have edit permissions on the draft to preview. + if (! user_can_edit_post($user_ID, $this->posts[0]->ID)) + $this->posts = array(); + } elseif ('private' == $this->posts[0]->post_status) { + if ($this->posts[0]->post_author != $user_ID) + $this->posts = array(); + } + } } } - $this->posts = $wpdb->get_results($request); $this->posts = apply_filters('the_posts', $this->posts); $this->post_count = count($this->posts); if ($this->post_count > 0) { diff --git a/wp-includes/functions-post.php b/wp-includes/functions-post.php index b7fdd3d7ac..2e5f7d6c67 100644 --- a/wp-includes/functions-post.php +++ b/wp-includes/functions-post.php @@ -351,10 +351,10 @@ function user_can_create_draft($user_id, $blog_id = 1, $category_id = 'None') { /* returns true if $user_id can edit $post_id */ function user_can_edit_post($user_id, $post_id, $blog_id = 1) { $author_data = get_userdata($user_id); - $post_data = get_postdata($post_id); - $post_author_data = get_userdata($post_data['Author_ID']); + $post = get_post($post_id); + $post_author_data = get_userdata($post->post_author); - if ( (($user_id == $post_author_data->ID) && !($post_data['post_status'] == 'publish' && $author_data->user_level < 2)) + if ( (($user_id == $post_author_data->ID) && !($post->post_status == 'publish' && $author_data->user_level < 2)) || ($author_data->user_level > $post_author_data->user_level) || ($author_data->user_level >= 10) ) { return true; diff --git a/wp-includes/functions.php b/wp-includes/functions.php index 0cfc9caec6..17eddf3f0c 100644 --- a/wp-includes/functions.php +++ b/wp-includes/functions.php @@ -856,24 +856,11 @@ function start_wp() { // Setup global post data. function setup_postdata($post) { - global $id, $postdata, $authordata, $day, $preview, $page, $pages, $multipage, $more, $numpages, $wp_query; + global $id, $postdata, $authordata, $day, $page, $pages, $multipage, $more, $numpages, $wp_query; global $pagenow; - if (!$preview) { - $id = $post->ID; - } else { - $id = 0; - $postdata = array ( - 'ID' => 0, - 'Author_ID' => $_GET['preview_userid'], - 'Date' => $_GET['preview_date'], - 'Content' => $_GET['preview_content'], - 'Excerpt' => $_GET['preview_excerpt'], - 'Title' => $_GET['preview_title'], - 'Category' => $_GET['preview_category'], - 'Notify' => 1 - ); - } + $id = $post->ID; + $authordata = get_userdata($post->post_author); $day = mysql2date('d.m.y', $post->post_date); @@ -1158,7 +1145,7 @@ function update_post_caches(&$posts) { $comment_counts = $wpdb->get_results("SELECT ID, COUNT( comment_ID ) AS ccount FROM $wpdb->posts LEFT JOIN $wpdb->comments ON ( comment_post_ID = ID AND comment_approved = '1') - WHERE post_status = 'publish' AND ID IN ($post_id_list) + WHERE ID IN ($post_id_list) GROUP BY ID"); if ($comment_counts) { diff --git a/wp-includes/template-functions-links.php b/wp-includes/template-functions-links.php index 9eec371563..d25a064c8a 100644 --- a/wp-includes/template-functions-links.php +++ b/wp-includes/template-functions-links.php @@ -44,7 +44,7 @@ function get_permalink($id = 0) { $permalink = get_settings('permalink_structure'); - if ('' != $permalink) { + if ('' != $permalink && 'draft' != $post->post_status) { $unixtime = strtotime($post->post_date); $category = '';