From 79dea16d7f67e7a6f0d4c6f8d292e1235456cf52 Mon Sep 17 00:00:00 2001
From: dd32 <dd32@1a063a9b-81f0-0310-95a4-ce76da25c4cd>
Date: Sat, 24 Apr 2010 06:04:05 +0000
Subject: [PATCH] Ignore sticky posts which the current user cannot read,
 Ignore sticky posts which have been explicitly excluded with 'post__not_in'.
 Fixes #11197

git-svn-id: http://svn.automattic.com/wordpress/trunk@14217 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 wp-includes/query.php | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/wp-includes/query.php b/wp-includes/query.php
index 1590418c3..f2c42f6a9 100644
--- a/wp-includes/query.php
+++ b/wp-includes/query.php
@@ -2465,6 +2465,10 @@ class WP_Query {
 				}
 			}
 
+			// If any posts have been excluded specifically, Ignore those that are sticky.
+			if ( !empty($sticky_posts) && !empty($q['post__not_in']) )
+				$sticky_posts = array_diff($sticky_posts, $q['post__not_in']);
+
 			// Fetch sticky posts that weren't in the query results
 			if ( !empty($sticky_posts) ) {
 				$stickies__in = implode(',', array_map( 'absint', $sticky_posts ));
@@ -2478,10 +2482,11 @@ class WP_Query {
 					}
 					$stickies_where = "AND $wpdb->posts.post_type IN ('" . $post_types . "')";
 				}
+
 				$stickies = $wpdb->get_results( "SELECT * FROM $wpdb->posts WHERE $wpdb->posts.ID IN ($stickies__in) $stickies_where" );
-				/** @todo Make sure post is published or viewable by the current user */
 				foreach ( $stickies as $sticky_post ) {
-					if ( 'publish' != $sticky_post->post_status )
+					// Ignore sticky posts the current user cannot read or are not published.
+					if ( !current_user_can('read_post', $sticky_post->ID) || 'publish' != $sticky_post->post_status ) 
 						continue;
 					array_splice($this->posts, $sticky_offset, 0, array($sticky_post));
 					$sticky_offset++;