diff --git a/wp-includes/comment.php b/wp-includes/comment.php
index 9751c362c5..ee28fe7e74 100644
--- a/wp-includes/comment.php
+++ b/wp-includes/comment.php
@@ -436,85 +436,9 @@ function wp_update_comment_count($post_id) {
 	return true;
 }
 
-function pingback($content, $post_ID) {
-	global $wp_version, $wpdb;
-	include_once (ABSPATH . WPINC . '/class-IXR.php');
-
-	// original code by Mort (http://mort.mine.nu:8080)
-	$log = debug_fopen(ABSPATH . '/pingback.log', 'a');
-	$post_links = array();
-	debug_fwrite($log, 'BEGIN '.date('YmdHis', time())."\n");
-
-	$pung = get_pung($post_ID);
-
-	// Variables
-	$ltrs = '\w';
-	$gunk = '/#~:.?+=&%@!\-';
-	$punc = '.:?\-';
-	$any = $ltrs . $gunk . $punc;
-
-	// Step 1
-	// Parsing the post, external links (if any) are stored in the $post_links array
-	// This regexp comes straight from phpfreaks.com
-	// http://www.phpfreaks.com/quickcode/Extract_All_URLs_on_a_Page/15.php
-	preg_match_all("{\b http : [$any] +? (?= [$punc] * [^$any] | $)}x", $content, $post_links_temp);
-
-	// Debug
-	debug_fwrite($log, 'Post contents:');
-	debug_fwrite($log, $content."\n");
-
-	// Step 2.
-	// Walking thru the links array
-	// first we get rid of links pointing to sites, not to specific files
-	// Example:
-	// http://dummy-weblog.org
-	// http://dummy-weblog.org/
-	// http://dummy-weblog.org/post.php
-	// We don't wanna ping first and second types, even if they have a valid <link/>
-
-	foreach($post_links_temp[0] as $link_test) :
-		if ( !in_array($link_test, $pung) && (url_to_postid($link_test) != $post_ID) // If we haven't pung it already and it isn't a link to itself
-				&& !is_local_attachment($link_test) ) : // Also, let's never ping local attachments.
-			$test = parse_url($link_test);
-			if (isset($test['query']))
-				$post_links[] = $link_test;
-			elseif(($test['path'] != '/') && ($test['path'] != ''))
-				$post_links[] = $link_test;
-		endif;
-	endforeach;
-
-	do_action('pre_ping',  array(&$post_links, &$pung));
-
-	foreach ($post_links as $pagelinkedto){
-		debug_fwrite($log, "Processing -- $pagelinkedto\n");
-		$pingback_server_url = discover_pingback_server_uri($pagelinkedto, 2048);
-
-		if ($pingback_server_url) {
-			@ set_time_limit( 60 ); 
-			 // Now, the RPC call
-			debug_fwrite($log, "Page Linked To: $pagelinkedto \n");
-			debug_fwrite($log, 'Page Linked From: ');
-			$pagelinkedfrom = get_permalink($post_ID);
-			debug_fwrite($log, $pagelinkedfrom."\n");
-
-			// using a timeout of 3 seconds should be enough to cover slow servers
-			$client = new IXR_Client($pingback_server_url);
-			$client->timeout = 3;
-			$client->useragent .= ' -- WordPress/' . $wp_version;
-
-			// when set to true, this outputs debug messages by itself
-			$client->debug = false;
-
-			if ( $client->query('pingback.ping', $pagelinkedfrom, $pagelinkedto ) )
-				add_ping( $post_ID, $pagelinkedto );
-			else
-				debug_fwrite($log, "Error.\n Fault code: ".$client->getErrorCode()." : ".$client->getErrorMessage()."\n");
-		}
-	}
-
-	debug_fwrite($log, "\nEND: ".time()."\n****************************\n");
-	debug_fclose($log);
-}
+//
+// Ping and trackback functions.
+//
 
 function discover_pingback_server_uri($url, $timeout_bytes = 2048) {
 	global $wp_version;
@@ -606,17 +530,226 @@ function discover_pingback_server_uri($url, $timeout_bytes = 2048) {
 	return false;
 }
 
-function is_local_attachment($url) {
-	if ( !strstr($url, get_bloginfo('home') ) )
-		return false;
-	if ( strstr($url, get_bloginfo('home') . '/?attachment_id=') )
-		return true;
-	if ( $id = url_to_postid($url) ) {
-		$post = & get_post($id);
-		if ( 'attachment' == $post->post_type )
-			return true;
+function do_all_pings() {
+	global $wpdb;
+
+	// Do pingbacks
+	while ($ping = $wpdb->get_row("SELECT * FROM {$wpdb->posts}, {$wpdb->postmeta} WHERE {$wpdb->posts}.ID = {$wpdb->postmeta}.post_id AND {$wpdb->postmeta}.meta_key = '_pingme' LIMIT 1")) {
+		$wpdb->query("DELETE FROM {$wpdb->postmeta} WHERE post_id = {$ping->ID} AND meta_key = '_pingme';");
+		pingback($ping->post_content, $ping->ID);
 	}
-	return false;
+	
+	// Do Enclosures
+	while ($enclosure = $wpdb->get_row("SELECT * FROM {$wpdb->posts}, {$wpdb->postmeta} WHERE {$wpdb->posts}.ID = {$wpdb->postmeta}.post_id AND {$wpdb->postmeta}.meta_key = '_encloseme' LIMIT 1")) {
+		$wpdb->query("DELETE FROM {$wpdb->postmeta} WHERE post_id = {$enclosure->ID} AND meta_key = '_encloseme';");
+		do_enclose($enclosure->post_content, $enclosure->ID);
+	}
+
+	// Do Trackbacks
+	$trackbacks = $wpdb->get_results("SELECT ID FROM $wpdb->posts WHERE CHAR_LENGTH(TRIM(to_ping)) > 7 AND post_status = 'publish'");
+	if ( is_array($trackbacks) ) {
+		foreach ( $trackbacks as $trackback ) {
+			do_trackbacks($trackback->ID);
+		}
+	}
+
+	//Do Update Services/Generic Pings
+	generic_ping();
+}
+
+function do_trackbacks($post_id) {
+	global $wpdb;
+
+	$post = $wpdb->get_row("SELECT * FROM $wpdb->posts WHERE ID = $post_id");
+	$to_ping = get_to_ping($post_id);
+	$pinged  = get_pung($post_id);
+	if ( empty($to_ping) ) {
+		$wpdb->query("UPDATE $wpdb->posts SET to_ping = '' WHERE ID = '$post_id'");
+		return;
+	}
+
+	if (empty($post->post_excerpt))
+		$excerpt = apply_filters('the_content', $post->post_content);
+	else
+		$excerpt = apply_filters('the_excerpt', $post->post_excerpt);
+	$excerpt = str_replace(']]>', ']]&gt;', $excerpt);
+	$excerpt = strip_tags($excerpt);
+	if ( function_exists('mb_strcut') ) // For international trackbacks
+    	$excerpt = mb_strcut($excerpt, 0, 252, get_settings('blog_charset')) . '...';
+	else
+		$excerpt = substr($excerpt, 0, 252) . '...';
+
+	$post_title = apply_filters('the_title', $post->post_title);
+	$post_title = strip_tags($post_title);
+
+	if ($to_ping) : foreach ($to_ping as $tb_ping) :
+		$tb_ping = trim($tb_ping);
+		if ( !in_array($tb_ping, $pinged) ) {
+			trackback($tb_ping, $post_title, $excerpt, $post_id);
+			$pinged[] = $tb_ping;
+		} else {
+			$wpdb->query("UPDATE $wpdb->posts SET to_ping = TRIM(REPLACE(to_ping, '$tb_ping', '')) WHERE ID = '$post_id'");
+		}
+	endforeach; endif;
+}
+
+function generic_ping($post_id = 0) {
+	$services = get_settings('ping_sites');
+	$services = preg_replace("|(\s)+|", '$1', $services); // Kill dupe lines
+	$services = trim($services);
+	if ( '' != $services ) {
+		$services = explode("\n", $services);
+		foreach ($services as $service) {
+			weblog_ping($service);
+		}
+	}
+
+	return $post_id;
+}
+
+function pingback($content, $post_ID) {
+	global $wp_version, $wpdb;
+	include_once (ABSPATH . WPINC . '/class-IXR.php');
+
+	// original code by Mort (http://mort.mine.nu:8080)
+	$log = debug_fopen(ABSPATH . '/pingback.log', 'a');
+	$post_links = array();
+	debug_fwrite($log, 'BEGIN '.date('YmdHis', time())."\n");
+
+	$pung = get_pung($post_ID);
+
+	// Variables
+	$ltrs = '\w';
+	$gunk = '/#~:.?+=&%@!\-';
+	$punc = '.:?\-';
+	$any = $ltrs . $gunk . $punc;
+
+	// Step 1
+	// Parsing the post, external links (if any) are stored in the $post_links array
+	// This regexp comes straight from phpfreaks.com
+	// http://www.phpfreaks.com/quickcode/Extract_All_URLs_on_a_Page/15.php
+	preg_match_all("{\b http : [$any] +? (?= [$punc] * [^$any] | $)}x", $content, $post_links_temp);
+
+	// Debug
+	debug_fwrite($log, 'Post contents:');
+	debug_fwrite($log, $content."\n");
+
+	// Step 2.
+	// Walking thru the links array
+	// first we get rid of links pointing to sites, not to specific files
+	// Example:
+	// http://dummy-weblog.org
+	// http://dummy-weblog.org/
+	// http://dummy-weblog.org/post.php
+	// We don't wanna ping first and second types, even if they have a valid <link/>
+
+	foreach($post_links_temp[0] as $link_test) :
+		if ( !in_array($link_test, $pung) && (url_to_postid($link_test) != $post_ID) // If we haven't pung it already and it isn't a link to itself
+				&& !is_local_attachment($link_test) ) : // Also, let's never ping local attachments.
+			$test = parse_url($link_test);
+			if (isset($test['query']))
+				$post_links[] = $link_test;
+			elseif(($test['path'] != '/') && ($test['path'] != ''))
+				$post_links[] = $link_test;
+		endif;
+	endforeach;
+
+	do_action('pre_ping',  array(&$post_links, &$pung));
+
+	foreach ($post_links as $pagelinkedto){
+		debug_fwrite($log, "Processing -- $pagelinkedto\n");
+		$pingback_server_url = discover_pingback_server_uri($pagelinkedto, 2048);
+
+		if ($pingback_server_url) {
+			@ set_time_limit( 60 ); 
+			 // Now, the RPC call
+			debug_fwrite($log, "Page Linked To: $pagelinkedto \n");
+			debug_fwrite($log, 'Page Linked From: ');
+			$pagelinkedfrom = get_permalink($post_ID);
+			debug_fwrite($log, $pagelinkedfrom."\n");
+
+			// using a timeout of 3 seconds should be enough to cover slow servers
+			$client = new IXR_Client($pingback_server_url);
+			$client->timeout = 3;
+			$client->useragent .= ' -- WordPress/' . $wp_version;
+
+			// when set to true, this outputs debug messages by itself
+			$client->debug = false;
+
+			if ( $client->query('pingback.ping', $pagelinkedfrom, $pagelinkedto ) )
+				add_ping( $post_ID, $pagelinkedto );
+			else
+				debug_fwrite($log, "Error.\n Fault code: ".$client->getErrorCode()." : ".$client->getErrorMessage()."\n");
+		}
+	}
+
+	debug_fwrite($log, "\nEND: ".time()."\n****************************\n");
+	debug_fclose($log);
+}
+
+function privacy_ping_filter( $sites ) {
+	if ( '0' != get_option('blog_public') )
+		return $sites;
+	else
+		return '';
+}
+
+// Send a Trackback
+function trackback($trackback_url, $title, $excerpt, $ID) {
+	global $wpdb, $wp_version;
+
+	if ( empty($trackback_url) )
+		return;
+
+	$title = urlencode($title);
+	$excerpt = urlencode($excerpt);
+	$blog_name = urlencode(get_settings('blogname'));
+	$tb_url = $trackback_url;
+	$url = urlencode(get_permalink($ID));
+	$query_string = "title=$title&url=$url&blog_name=$blog_name&excerpt=$excerpt";
+	$trackback_url = parse_url($trackback_url);
+	$http_request = 'POST ' . $trackback_url['path'] . ($trackback_url['query'] ? '?'.$trackback_url['query'] : '') . " HTTP/1.0\r\n";
+	$http_request .= 'Host: '.$trackback_url['host']."\r\n";
+	$http_request .= 'Content-Type: application/x-www-form-urlencoded; charset='.get_settings('blog_charset')."\r\n";
+	$http_request .= 'Content-Length: '.strlen($query_string)."\r\n";
+	$http_request .= "User-Agent: WordPress/" . $wp_version;
+	$http_request .= "\r\n\r\n";
+	$http_request .= $query_string;
+	if ( '' == $trackback_url['port'] )
+		$trackback_url['port'] = 80;
+	$fs = @fsockopen($trackback_url['host'], $trackback_url['port'], $errno, $errstr, 4);
+	@fputs($fs, $http_request);
+/*
+	$debug_file = 'trackback.log';
+	$fp = fopen($debug_file, 'a');
+	fwrite($fp, "\n*****\nRequest:\n\n$http_request\n\nResponse:\n\n");
+	while(!@feof($fs)) {
+		fwrite($fp, @fgets($fs, 4096));
+	}
+	fwrite($fp, "\n\n");
+	fclose($fp);
+*/
+	@fclose($fs);
+
+	$tb_url = addslashes( $tb_url );
+	$wpdb->query("UPDATE $wpdb->posts SET pinged = CONCAT(pinged, '\n', '$tb_url') WHERE ID = '$ID'");
+	return $wpdb->query("UPDATE $wpdb->posts SET to_ping = TRIM(REPLACE(to_ping, '$tb_url', '')) WHERE ID = '$ID'");
+}
+
+function weblog_ping($server = '', $path = '') {
+	global $wp_version;
+	include_once (ABSPATH . WPINC . '/class-IXR.php');
+
+	// using a timeout of 3 seconds should be enough to cover slow servers
+	$client = new IXR_Client($server, ((!strlen(trim($path)) || ('/' == $path)) ? false : $path));
+	$client->timeout = 3;
+	$client->useragent .= ' -- WordPress/'.$wp_version;
+
+	// when set to true, this outputs debug messages by itself
+	$client->debug = false;
+	$home = trailingslashit( get_option('home') );
+	if ( !$client->query('weblogUpdates.extendedPing', get_settings('blogname'), $home, get_bloginfo('rss2_url') ) ) // then try a normal ping
+		$client->query('weblogUpdates.ping', get_settings('blogname'), $home);
 }
 
 ?>
diff --git a/wp-includes/functions.php b/wp-includes/functions.php
index 2b2849c573..c7e257a5c8 100644
--- a/wp-includes/functions.php
+++ b/wp-includes/functions.php
@@ -319,78 +319,6 @@ function timer_stop($display = 0, $precision = 3) { //if called like timer_stop(
 	return $timetotal;
 }
 
-function weblog_ping($server = '', $path = '') {
-	global $wp_version;
-	include_once (ABSPATH . WPINC . '/class-IXR.php');
-
-	// using a timeout of 3 seconds should be enough to cover slow servers
-	$client = new IXR_Client($server, ((!strlen(trim($path)) || ('/' == $path)) ? false : $path));
-	$client->timeout = 3;
-	$client->useragent .= ' -- WordPress/'.$wp_version;
-
-	// when set to true, this outputs debug messages by itself
-	$client->debug = false;
-	$home = trailingslashit( get_option('home') );
-	if ( !$client->query('weblogUpdates.extendedPing', get_settings('blogname'), $home, get_bloginfo('rss2_url') ) ) // then try a normal ping
-		$client->query('weblogUpdates.ping', get_settings('blogname'), $home);
-}
-
-function generic_ping($post_id = 0) {
-	$services = get_settings('ping_sites');
-	$services = preg_replace("|(\s)+|", '$1', $services); // Kill dupe lines
-	$services = trim($services);
-	if ( '' != $services ) {
-		$services = explode("\n", $services);
-		foreach ($services as $service) {
-			weblog_ping($service);
-		}
-	}
-
-	return $post_id;
-}
-
-// Send a Trackback
-function trackback($trackback_url, $title, $excerpt, $ID) {
-	global $wpdb, $wp_version;
-
-	if ( empty($trackback_url) )
-		return;
-
-	$title = urlencode($title);
-	$excerpt = urlencode($excerpt);
-	$blog_name = urlencode(get_settings('blogname'));
-	$tb_url = $trackback_url;
-	$url = urlencode(get_permalink($ID));
-	$query_string = "title=$title&url=$url&blog_name=$blog_name&excerpt=$excerpt";
-	$trackback_url = parse_url($trackback_url);
-	$http_request = 'POST ' . $trackback_url['path'] . ($trackback_url['query'] ? '?'.$trackback_url['query'] : '') . " HTTP/1.0\r\n";
-	$http_request .= 'Host: '.$trackback_url['host']."\r\n";
-	$http_request .= 'Content-Type: application/x-www-form-urlencoded; charset='.get_settings('blog_charset')."\r\n";
-	$http_request .= 'Content-Length: '.strlen($query_string)."\r\n";
-	$http_request .= "User-Agent: WordPress/" . $wp_version;
-	$http_request .= "\r\n\r\n";
-	$http_request .= $query_string;
-	if ( '' == $trackback_url['port'] )
-		$trackback_url['port'] = 80;
-	$fs = @fsockopen($trackback_url['host'], $trackback_url['port'], $errno, $errstr, 4);
-	@fputs($fs, $http_request);
-/*
-	$debug_file = 'trackback.log';
-	$fp = fopen($debug_file, 'a');
-	fwrite($fp, "\n*****\nRequest:\n\n$http_request\n\nResponse:\n\n");
-	while(!@feof($fs)) {
-		fwrite($fp, @fgets($fs, 4096));
-	}
-	fwrite($fp, "\n\n");
-	fclose($fp);
-*/
-	@fclose($fs);
-
-	$tb_url = addslashes( $tb_url );
-	$wpdb->query("UPDATE $wpdb->posts SET pinged = CONCAT(pinged, '\n', '$tb_url') WHERE ID = '$ID'");
-	return $wpdb->query("UPDATE $wpdb->posts SET to_ping = TRIM(REPLACE(to_ping, '$tb_url', '')) WHERE ID = '$ID'");
-}
-
 function make_url_footnote($content) {
 	preg_match_all('/<a(.+?)href=\"(.+?)\"(.*?)>(.+?)<\/a>/', $content, $matches);
 	$j = 0;
@@ -820,13 +748,6 @@ function get_num_queries() {
 	return $wpdb->num_queries;
 }
 
-function privacy_ping_filter( $sites ) {
-	if ( '0' != get_option('blog_public') )
-		return $sites;
-	else
-		return '';
-}
-
 function bool_from_yn($yn) {
     if ($yn == 'Y') return 1;
     return 0;
@@ -1068,69 +989,6 @@ function wp_check_filetype($filename, $mimes = null) {
 	return compact('ext', 'type');
 }
 
-function do_trackbacks($post_id) {
-	global $wpdb;
-
-	$post = $wpdb->get_row("SELECT * FROM $wpdb->posts WHERE ID = $post_id");
-	$to_ping = get_to_ping($post_id);
-	$pinged  = get_pung($post_id);
-	if ( empty($to_ping) ) {
-		$wpdb->query("UPDATE $wpdb->posts SET to_ping = '' WHERE ID = '$post_id'");
-		return;
-	}
-
-	if (empty($post->post_excerpt))
-		$excerpt = apply_filters('the_content', $post->post_content);
-	else
-		$excerpt = apply_filters('the_excerpt', $post->post_excerpt);
-	$excerpt = str_replace(']]>', ']]&gt;', $excerpt);
-	$excerpt = strip_tags($excerpt);
-	if ( function_exists('mb_strcut') ) // For international trackbacks
-    	$excerpt = mb_strcut($excerpt, 0, 252, get_settings('blog_charset')) . '...';
-	else
-		$excerpt = substr($excerpt, 0, 252) . '...';
-
-	$post_title = apply_filters('the_title', $post->post_title);
-	$post_title = strip_tags($post_title);
-
-	if ($to_ping) : foreach ($to_ping as $tb_ping) :
-		$tb_ping = trim($tb_ping);
-		if ( !in_array($tb_ping, $pinged) ) {
-			trackback($tb_ping, $post_title, $excerpt, $post_id);
-			$pinged[] = $tb_ping;
-		} else {
-			$wpdb->query("UPDATE $wpdb->posts SET to_ping = TRIM(REPLACE(to_ping, '$tb_ping', '')) WHERE ID = '$post_id'");
-		}
-	endforeach; endif;
-}
-
-function do_all_pings() {
-	global $wpdb;
-
-	// Do pingbacks
-	while ($ping = $wpdb->get_row("SELECT * FROM {$wpdb->posts}, {$wpdb->postmeta} WHERE {$wpdb->posts}.ID = {$wpdb->postmeta}.post_id AND {$wpdb->postmeta}.meta_key = '_pingme' LIMIT 1")) {
-		$wpdb->query("DELETE FROM {$wpdb->postmeta} WHERE post_id = {$ping->ID} AND meta_key = '_pingme';");
-		pingback($ping->post_content, $ping->ID);
-	}
-	
-	// Do Enclosures
-	while ($enclosure = $wpdb->get_row("SELECT * FROM {$wpdb->posts}, {$wpdb->postmeta} WHERE {$wpdb->posts}.ID = {$wpdb->postmeta}.post_id AND {$wpdb->postmeta}.meta_key = '_encloseme' LIMIT 1")) {
-		$wpdb->query("DELETE FROM {$wpdb->postmeta} WHERE post_id = {$enclosure->ID} AND meta_key = '_encloseme';");
-		do_enclose($enclosure->post_content, $enclosure->ID);
-	}
-
-	// Do Trackbacks
-	$trackbacks = $wpdb->get_results("SELECT ID FROM $wpdb->posts WHERE CHAR_LENGTH(TRIM(to_ping)) > 7 AND post_status = 'publish'");
-	if ( is_array($trackbacks) ) {
-		foreach ( $trackbacks as $trackback ) {
-			do_trackbacks($trackback->ID);
-		}
-	}
-
-	//Do Update Services/Generic Pings
-	generic_ping();
-}
-
 function wp_proxy_check($ipnum) {
 	if ( get_option('open_proxy_check') && isset($ipnum) ) {
 		$rev_ip = implode( '.', array_reverse( explode( '.', $ipnum ) ) );
diff --git a/wp-includes/post-template.php b/wp-includes/post-template.php
index 1c18980e18..fcd3f8995b 100644
--- a/wp-includes/post-template.php
+++ b/wp-includes/post-template.php
@@ -34,6 +34,8 @@ function get_the_title($id = 0) {
 	$title = $post->post_title;
 	if ( !empty($post->post_password) )
 		$title = sprintf(__('Protected: %s'), $title);
+	else if ( 'private' == $post->post_status )
+		$title = sprintf(__('Private: %s'), $title);
 
 	return $title;
 }
diff --git a/wp-includes/post.php b/wp-includes/post.php
index ce1a22732d..b29d0d2b69 100644
--- a/wp-includes/post.php
+++ b/wp-includes/post.php
@@ -1118,6 +1118,19 @@ function generate_page_uri_index() {
 // Attachment functions
 //
 
+function is_local_attachment($url) {
+	if ( !strstr($url, get_bloginfo('home') ) )
+		return false;
+	if ( strstr($url, get_bloginfo('home') . '/?attachment_id=') )
+		return true;
+	if ( $id = url_to_postid($url) ) {
+		$post = & get_post($id);
+		if ( 'attachment' == $post->post_type )
+			return true;
+	}
+	return false;
+}
+
 function wp_insert_attachment($object, $file = false, $post_parent = 0) {
 	global $wpdb, $user_ID;
 
diff --git a/wp-includes/query.php b/wp-includes/query.php
index b7eba2ce76..8c4c6f2994 100644
--- a/wp-includes/query.php
+++ b/wp-includes/query.php
@@ -850,20 +850,19 @@ class WP_Query {
 		} else {
 			$where .= " AND (post_type = '$post_type' AND (post_status = 'publish'";
 
-			if ( is_admin() ) {
+			if ( is_admin() )
 				$where .= " OR post_status = 'future' OR post_status = 'draft'";
 	
-				if ( is_user_logged_in() ) {
-					if ( 'post' == $post_type )
-						$cap = 'edit_private_posts';
-					else
-						$cap = 'edit_private_pages';
+			if ( is_user_logged_in() ) {
+				if ( 'post' == $post_type )
+					$cap = 'edit_private_posts';
+				else
+					$cap = 'edit_private_pages';
 
-					if ( current_user_can($cap) )
-						$where .= "OR post_status = 'private'";
-					else
-					$where .= " OR post_author = $user_ID AND post_status = 'private'";
-				}
+				if ( current_user_can($cap) )
+					$where .= " OR post_status = 'private'";
+				else
+				$where .= " OR post_author = $user_ID AND post_status = 'private'";
 			}
 
 			$where .= '))';