Index: wp-blog-header.php
===================================================================
--- wp-blog-header.php	(revision 2520)
+++ wp-blog-header.php	(working copy)
@@ -167,6 +167,7 @@
 $query_string = apply_filters('query_string', $query_string);
 
 update_category_cache();
+get_currentuserinfo();
 
 // Call query posts to do the work.
 $posts = & query_posts($query_string);
Index: wp-includes/functions-post.php
===================================================================
--- wp-includes/functions-post.php	(revision 2520)
+++ wp-includes/functions-post.php	(working copy)
@@ -351,10 +351,10 @@
 /* returns true if $user_id can edit $post_id */
 function user_can_edit_post($user_id, $post_id, $blog_id = 1) {
 	$author_data = get_userdata($user_id);
-	$post_data   = get_postdata($post_id);
-	$post_author_data = get_userdata($post_data['Author_ID']);
+	$post = get_post($post_id);
+	$post_author_data = get_userdata($post->post_author);
 
-	if ( (($user_id == $post_author_data->ID) && !($post_data['post_status'] == 'publish' &&  $author_data->user_level < 2))
+	if ( (($user_id == $post_author_data->ID) && !($post->post_status == 'publish' &&  $author_data->user_level < 2))
 	     || ($author_data->user_level > $post_author_data->user_level)
 	     || ($author_data->user_level >= 10) ) {
 		return true;
Index: wp-includes/classes.php
===================================================================
--- wp-includes/classes.php	(revision 2520)
+++ wp-includes/classes.php	(working copy)
@@ -493,17 +493,18 @@
 		}
 
 		if ($this->is_page) {
-			$where .= ' AND (post_status = "static"';
+			$where .= ' AND (post_status = "static")';
+		} elseif ($this->is_single) {
+			$where .= ' AND (post_status != "static")';
 		} else {
 			$where .= ' AND (post_status = "publish"';
+
+			if (isset($user_ID) && ('' != intval($user_ID)))
+				$where .= " OR post_author = $user_ID AND post_status != 'draft' AND post_status != 'static')";
+			else
+				$where .= ')';				
 		}
 
-		// Get private posts
-		if (isset($user_ID) && ('' != intval($user_ID)))
-			$where .= " OR post_author = $user_ID AND post_status != 'draft' AND post_status != 'static')";
-		else
-			$where .= ')';
-
 		// Apply filters on where and join prior to paging so that any
 		// manipulations to them are reflected in the paging by day queries.
 		$where = apply_filters('posts_where', $where);
@@ -543,16 +544,27 @@
 		$orderby = apply_filters('posts_orderby', $orderby); 
 		$request = " SELECT $distinct * FROM $wpdb->posts $join WHERE 1=1".$where." ORDER BY " . $orderby . " $limits";
 
-		if ($q['preview']) {
-			$request = 'SELECT 1-1'; // dummy mysql query for the preview
-			// little funky fix for IEwin, rawk on that code
-			$is_winIE = ((preg_match('/MSIE/',$HTTP_USER_AGENT)) && (preg_match('/Win/',$HTTP_USER_AGENT)));
-			if (($is_winIE) && (!isset($IEWin_bookmarklet_fix))) {
-				$preview_content =  preg_replace('/\%u([0-9A-F]{4,4})/e',  "'&#'.base_convert('\\1',16,10).';'", $preview_content);
+		$this->posts = $wpdb->get_results($request);
+
+		// Check post status to determine if post should be displayed.
+		if ($this->is_single) {
+			if ('publish' != $this->posts[0]->post_status) {
+				if ( ! (isset($user_ID) && ('' != intval($user_ID))) ) {
+					// User must be logged in to view unpublished posts.
+					$this->posts = array();
+				} else {
+					if ('draft' == $this->posts[0]->post_status) {
+						// User must have edit permissions on the draft to preview.
+						if (! user_can_edit_post($user_ID, $this->posts[0]->ID))
+							$this->posts = array();
+					} elseif ('private' == $this->posts[0]->post_status) {
+						if ($this->posts[0]->post_author != $user_ID)
+							$this->posts = array();
+					}
+				}
 			}
 		}
 
-		$this->posts = $wpdb->get_results($request);
 		$this->posts = apply_filters('the_posts', $this->posts);
 		$this->post_count = count($this->posts);
 		if ($this->post_count > 0) {
Index: wp-includes/template-functions-links.php
===================================================================
--- wp-includes/template-functions-links.php	(revision 2520)
+++ wp-includes/template-functions-links.php	(working copy)
@@ -44,7 +44,7 @@
 
 	$permalink = get_settings('permalink_structure');
 
-	if ('' != $permalink) {
+	if ('' != $permalink && 'draft' != $post->post_status) {
 		$unixtime = strtotime($post->post_date);
 
 		$category = '';
Index: wp-includes/functions.php
===================================================================
--- wp-includes/functions.php	(revision 2520)
+++ wp-includes/functions.php	(working copy)
@@ -856,24 +856,11 @@
 
 // Setup global post data.
 function setup_postdata($post) {
-  global $id, $postdata, $authordata, $day, $preview, $page, $pages, $multipage, $more, $numpages, $wp_query;
+  global $id, $postdata, $authordata, $day, $page, $pages, $multipage, $more, $numpages, $wp_query;
 	global $pagenow;
 
-	if (!$preview) {
-		$id = $post->ID;
-	} else {
-		$id = 0;
-		$postdata = array (
-			'ID' => 0,
-			'Author_ID' => $_GET['preview_userid'],
-			'Date' => $_GET['preview_date'],
-			'Content' => $_GET['preview_content'],
-			'Excerpt' => $_GET['preview_excerpt'],
-			'Title' => $_GET['preview_title'],
-			'Category' => $_GET['preview_category'],
-			'Notify' => 1
-			);
-	}
+	$id = $post->ID;
+
 	$authordata = get_userdata($post->post_author);
 
 	$day = mysql2date('d.m.y', $post->post_date);
@@ -1158,7 +1145,7 @@
 	$comment_counts = $wpdb->get_results("SELECT ID, COUNT( comment_ID ) AS ccount
 	FROM $wpdb->posts
 	LEFT JOIN $wpdb->comments ON ( comment_post_ID = ID  AND comment_approved =  '1')
-	WHERE post_status =  'publish' AND ID IN ($post_id_list)
+	WHERE ID IN ($post_id_list)
 	GROUP BY ID");
 	
 	if ($comment_counts) {