Sign in
Bug
1

Pages under password protected categories show up in search

Steps to recreate:

  1. Password protect a category.
  2. Create a page under the password protected category.
  3. Search for content in this page and it's visible in the search results.

Expected results:

A page that exists within a password protected category should not show up in search results unless the user has already logged in.

  1. Sensitive information could leak through the search results.
  2. Sensitive information could leak through the page title unless "Hide in menu" is on. But then the page is not visible for logged in users.
  3. Even subcategories under password protected categories should not show in menu as they also may leak sensitive information in the title.
Comments

To leave a comment, please authenticate.

No comments yet
Voters
Status
Backlog
Board
Bug
Submitted
Gi