Steps to recreate:
- Password protect a category.
- Create a page under the password protected category.
- Search for content in this page and it's visible in the search results.
Expected results:
A page that exists within a password protected category should not show up in search results unless the user has already logged in.
- Sensitive information could leak through the search results.
- Sensitive information could leak through the page title unless "Hide in menu" is on. But then the page is not visible for logged in users.
- Even subcategories under password protected categories should not show in menu as they also may leak sensitive information in the title.