Space permissions ignored in list of blog posts by date

Summary

Users have the ability to view a list of all blog posts, even from spaces in which they don't have permission to access.

Steps to Reproduce

1. Install Confluence 5.7.x
2. Create two spaces
   • Space A
   • Space B (remove all permissions for confluence-users)
3. Create a blog post in Space A
4. Create a blog post in Space B
5. Create and login as a new regular user
6. Goto the blog post in Space A
7. Click the Month in the page breadcrumbs

Expected Results

The user should only see the the blog post from Space A listed

Actual Results

The user will see both blog posts listed.

Notes

1. If the user attempts to view the blog post from Space B, it will give a Page Not Found message as expected
2. This behavior can also be achieved by going directly to http://<confluencehost>/display/<spacekey>/2015/05 (or any combination of year and day)
3. This behavior worked as expected in Confluence 5.6.x