diff --git a/readme.html b/readme.html
index 3eb6d9d58c2da862e5d921d2f845d61d1532003f..c4897a991a5db2ec1738af1b862d26f639a745c9 100644
--- a/readme.html
+++ b/readme.html
@@ -8,7 +8,7 @@
 <body>
 <h1 id="logo">
 	<a href="http://wordpress.org/"><img alt="WordPress" src="wp-admin/images/wordpress-logo.png" width="250" height="68" /></a>
-	<br /> Version 3.0.2
+	<br /> Version 3.0.3
 </h1>
 <p style="text-align: center">Semantic Personal Publishing Platform</p>
 
diff --git a/wp-admin/includes/update-core.php b/wp-admin/includes/update-core.php
index 1576765ad604b6e04fcd68cdbc42f91735150977..1855ce26f2161fcf2ee45d8f3975492e83ffc7ab 100644
--- a/wp-admin/includes/update-core.php
+++ b/wp-admin/includes/update-core.php
@@ -274,7 +274,7 @@ function update_core($from, $to) {
 	$mysql_version  = $wpdb->db_version();
 	$required_php_version = '4.3';
 	$required_mysql_version = '4.1.2';
-	$wp_version = '3.0.2';
+	$wp_version = '3.0.3';
 	$php_compat     = version_compare( $php_version, $required_php_version, '>=' );
 	$mysql_compat   = version_compare( $mysql_version, $required_mysql_version, '>=' ) || file_exists( WP_CONTENT_DIR . '/db.php' );
 
diff --git a/wp-includes/version.php b/wp-includes/version.php
index 150a31cd61494dd822e30aadd32c8e7c471821bf..00fe1c8fcaa9e97645d0dc97f6c54a186341a526 100644
--- a/wp-includes/version.php
+++ b/wp-includes/version.php
@@ -8,7 +8,7 @@
  *
  * @global string $wp_version
  */
-$wp_version = '3.0.2';
+$wp_version = '3.0.3';
 
 /**
  * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.
diff --git a/xmlrpc.php b/xmlrpc.php
index fdd670e233970b324c90ccf3a1dae9bac3689e29..5ec072b09e02d591d4eec4af814c1e548c8ddbc8 100644
--- a/xmlrpc.php
+++ b/xmlrpc.php
@@ -1156,9 +1156,12 @@ class wp_xmlrpc_server extends IXR_Server {
 
 		do_action('xmlrpc_call', 'wp.deleteComment');
 
-		if ( ! get_comment($comment_ID) )
+		if ( !$comment = get_comment( $comment_ID ) )
 			return new IXR_Error( 404, __( 'Invalid comment ID.' ) );
 
+		if ( !current_user_can( 'edit_post', $comment->comment_post_ID ) )
+			return new IXR_Error( 403, __( 'You are not allowed to moderate comments on this site.' ) );
+
 		return wp_delete_comment($comment_ID);
 	}
 
@@ -1185,11 +1188,14 @@ class wp_xmlrpc_server extends IXR_Server {
 		if ( !current_user_can( 'moderate_comments' ) )
 			return new IXR_Error( 403, __( 'You are not allowed to moderate comments on this site.' ) );
 
-		do_action('xmlrpc_call', 'wp.editComment');
-
-		if ( ! get_comment($comment_ID) )
+		if ( !$comment = get_comment( $comment_ID ) )
 			return new IXR_Error( 404, __( 'Invalid comment ID.' ) );
 
+		if ( !current_user_can( 'edit_post', $comment->comment_post_ID ) )
+			return new IXR_Error( 403, __( 'You are not allowed to moderate comments on this site.' ) );
+
+		do_action('xmlrpc_call', 'wp.editComment');
+
 		if ( isset($content_struct['status']) ) {
 			$statuses = get_comment_statuses();
 			$statuses = array_keys($statuses);
@@ -1417,7 +1423,7 @@ class wp_xmlrpc_server extends IXR_Server {
 		if ( !$user = $this->login($username, $password) )
 			return $this->error;
 
-		if ( !current_user_can( 'edit_posts' ) )
+		if ( !current_user_can( 'edit_pages' ) )
 			return new IXR_Error( 403, __( 'You are not allowed access to details about this site.' ) );
 
 		do_action('xmlrpc_call', 'wp.getPageStatusList');
@@ -1957,7 +1963,7 @@ class wp_xmlrpc_server extends IXR_Server {
 		if ( !$actual_post || $actual_post['post_type'] != 'post' )
 			return new IXR_Error(404, __('Sorry, no such post.'));
 
-		if ( !current_user_can('edit_post', $post_ID) )
+		if ( !current_user_can('delete_post', $post_ID) )
 			return new IXR_Error(401, __('Sorry, you do not have the right to delete this post.'));
 
 		$result = wp_delete_post($post_ID);
@@ -1987,30 +1993,42 @@ class wp_xmlrpc_server extends IXR_Server {
 		$username  = $args[1];
 		$password   = $args[2];
 		$content_struct = $args[3];
-		$publish     = $args[4];
+		$publish     = isset( $args[4] ) ? $args[4] : 0;
 
 		if ( !$user = $this->login($username, $password) )
 			return $this->error;
 
 		do_action('xmlrpc_call', 'metaWeblog.newPost');
 
-		$cap = ( $publish ) ? 'publish_posts' : 'edit_posts';
-		$error_message = __( 'Sorry, you are not allowed to publish posts on this site.' );
-		$post_type = 'post';
 		$page_template = '';
 		if ( !empty( $content_struct['post_type'] ) ) {
 			if ( $content_struct['post_type'] == 'page' ) {
-				$cap = ( $publish ) ? 'publish_pages' : 'edit_pages';
+				if ( $publish || 'publish' == $content_struct['page_status'])
+					$cap  = 'publish_pages';
+				else
+					$cap = 'edit_pages';
 				$error_message = __( 'Sorry, you are not allowed to publish pages on this site.' );
 				$post_type = 'page';
 				if ( !empty( $content_struct['wp_page_template'] ) )
 					$page_template = $content_struct['wp_page_template'];
 			} elseif ( $content_struct['post_type'] == 'post' ) {
-				// This is the default, no changes needed
+				if ( $publish || 'publish' == $content_struct['post_status'])
+					$cap  = 'publish_posts';
+				else
+					$cap = 'edit_posts';
+				$error_message = __( 'Sorry, you are not allowed to publish posts on this site.' );
+				$post_type = 'post';
 			} else {
 				// No other post_type values are allowed here
 				return new IXR_Error( 401, __( 'Invalid post type.' ) );
 			}
+		} else {
+			if ( $publish || 'publish' == $content_struct['post_status'])
+				$cap  = 'publish_posts';
+			else
+				$cap = 'edit_posts';
+			$error_message = __( 'Sorry, you are not allowed to publish posts on this site.' );
+			$post_type = 'post';
 		}
 
 		if ( !current_user_can( $cap ) )
@@ -2275,17 +2293,32 @@ class wp_xmlrpc_server extends IXR_Server {
 		$page_template = '';
 		if ( !empty( $content_struct['post_type'] ) ) {
 			if ( $content_struct['post_type'] == 'page' ) {
-				$cap = ( $publish ) ? 'publish_pages' : 'edit_pages';
+				if ( $publish || 'publish' == $content_struct['page_status'] )
+					$cap  = 'publish_pages';
+				else
+					$cap = 'edit_pages';
 				$error_message = __( 'Sorry, you are not allowed to publish pages on this site.' );
 				$post_type = 'page';
 				if ( !empty( $content_struct['wp_page_template'] ) )
 					$page_template = $content_struct['wp_page_template'];
 			} elseif ( $content_struct['post_type'] == 'post' ) {
-				// This is the default, no changes needed
+				if ( $publish || 'publish' == $content_struct['post_status'] )
+					$cap  = 'publish_posts';
+				else
+					$cap = 'edit_posts';
+				$error_message = __( 'Sorry, you are not allowed to publish posts on this site.' );
+				$post_type = 'post';
 			} else {
 				// No other post_type values are allowed here
 				return new IXR_Error( 401, __( 'Invalid post type.' ) );
 			}
+		} else {
+			if ( $publish || 'publish' == $content_struct['post_status'] )
+				$cap  = 'publish_posts';
+			else
+				$cap = 'edit_posts';
+			$error_message = __( 'Sorry, you are not allowed to publish posts on this site.' );
+			$post_type = 'post';
 		}
 
 		if ( !current_user_can( $cap ) )
@@ -3101,7 +3134,7 @@ class wp_xmlrpc_server extends IXR_Server {
 
 		do_action('xmlrpc_call', 'mt.publishPost');
 
-		if ( !current_user_can('edit_post', $post_ID) )
+		if ( !current_user_can('publish_posts') || !current_user_can('edit_post', $post_ID) )
 			return new IXR_Error(401, __('Sorry, you cannot edit this post.'));
 
 		$postdata = wp_get_single_post($post_ID,ARRAY_A);
@@ -3339,4 +3372,4 @@ class wp_xmlrpc_server extends IXR_Server {
 
 $wp_xmlrpc_server = new wp_xmlrpc_server();
 $wp_xmlrpc_server->serve_request();
-?>
+?>
\ No newline at end of file