From f850186eff7e9ba501c339d3edf921d2c7759452 Mon Sep 17 00:00:00 2001
From: John Blackbourn <johnbillion@git.wordpress.org>
Date: Tue, 18 Mar 2014 22:43:41 +0000
Subject: [PATCH] Introduce permission checks for post queries and edit links
 in the At a Glance dashboard widget. Fixes #27132. Props mattheu.

git-svn-id: https://develop.svn.wordpress.org/trunk@27596 602fd350-edb4-49c9-b593-d223f7449a82
---
 src/wp-admin/includes/dashboard.php | 24 +++++++++++++++++++-----
 1 file changed, 19 insertions(+), 5 deletions(-)

diff --git a/src/wp-admin/includes/dashboard.php b/src/wp-admin/includes/dashboard.php
index 0586299d03..107224bf53 100644
--- a/src/wp-admin/includes/dashboard.php
+++ b/src/wp-admin/includes/dashboard.php
@@ -429,9 +429,15 @@ function wp_dashboard_recent_drafts( $drafts = false ) {
 function _wp_dashboard_recent_comments_row( &$comment, $show_date = true ) {
 	$GLOBALS['comment'] =& $comment;
 
-	$comment_post_url = get_edit_post_link( $comment->comment_post_ID );
 	$comment_post_title = strip_tags(get_the_title( $comment->comment_post_ID ));
-	$comment_post_link = "<a href='$comment_post_url'>$comment_post_title</a>";
+
+	if ( current_user_can( 'edit_post', $comment->comment_post_ID ) ) {
+		$comment_post_url = get_edit_post_link( $comment->comment_post_ID );
+		$comment_post_link = "<a href='$comment_post_url'>$comment_post_title</a>";
+	} else {
+		$comment_post_link = $comment_post_title;
+	}
+
 	$comment_link = '<a class="comment-link" href="' . esc_url(get_comment_link()) . '">#</a>';
 
 	$actions_string = '';
@@ -580,7 +586,8 @@ function wp_dashboard_recent_posts( $args ) {
 		'order'          => $args['order'],
 		'posts_per_page' => intval( $args['max'] ),
 		'no_found_rows'  => true,
-		'cache_results'  => false
+		'cache_results'  => false,
+		'perm'           => ( 'future' === $args['status'] ) ? 'editable' : 'readable',
 	);
 	$posts = new WP_Query( $query_args );
 
@@ -609,9 +616,16 @@ function wp_dashboard_recent_posts( $args ) {
 				$relative = date_i18n( __( 'M jS' ), $time );
 			}
 
- 			$text = sprintf(
+			if ( current_user_can( 'edit_post', get_the_ID() ) ) {
+				/* translators: 1: relative date, 2: time, 3: post edit link, 4: post title */
+				$format = __( '<span>%1$s, %2$s</span> <a href="%3$s">%4$s</a>' );
+			} else {
 				/* translators: 1: relative date, 2: time, 4: post title */
- 				__( '<span>%1$s, %2$s</span> <a href="%3$s">%4$s</a>' ),
+				$format = __( '<span>%1$s, %2$s</span> %4$s' );
+			}
+
+ 			$text = sprintf(
+				$format,
   				$relative,
   				get_the_time(),
   				get_edit_post_link(),