Item12491: don't disclose topics a user doesn't have view rights on

git-svn-id: http://svn.foswiki.org/trunk@16706 0b4bb1d4-4e5a-0410-9cc4-b2b747904278

core/lib/Foswiki/Macros/TOPICLIST.pm

@@ -31,6 +31,10 @@ sub TOPICLIST {
     my $it = $webObject->eachTopic();
     while ( $it->hasNext() ) {
         my $item = $it->next();
+
+        my $topicObject = Foswiki::Meta->new( $this, $web, $topic );
+        next unless $topicObject->haveAccess("VIEW");
+
         my $line = $format;
         $line =~ s/\$web\b/$web/g;
         $line =~ s/\$topic\b/$item/g;