From 27212f0200d64c950bbc977189adfa76ee37a2d8 Mon Sep 17 00:00:00 2001
From: MichaelDaum <MichaelDaum@0b4bb1d4-4e5a-0410-9cc4-b2b747904278>
Date: Mon, 6 May 2013 17:02:56 +0000
Subject: [PATCH] Item12491: don't disclose topics a user doesn't have view
 rights on

git-svn-id: http://svn.foswiki.org/trunk@16706 0b4bb1d4-4e5a-0410-9cc4-b2b747904278
---
 core/lib/Foswiki/Macros/TOPICLIST.pm | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/core/lib/Foswiki/Macros/TOPICLIST.pm b/core/lib/Foswiki/Macros/TOPICLIST.pm
index fa5d67b508..e1a09b0ac4 100644
--- a/core/lib/Foswiki/Macros/TOPICLIST.pm
+++ b/core/lib/Foswiki/Macros/TOPICLIST.pm
@@ -31,6 +31,10 @@ sub TOPICLIST {
     my $it = $webObject->eachTopic();
     while ( $it->hasNext() ) {
         my $item = $it->next();
+
+        my $topicObject = Foswiki::Meta->new( $this, $web, $topic );
+        next unless $topicObject->haveAccess("VIEW");
+
         my $line = $format;
         $line =~ s/\$web\b/$web/g;
         $line =~ s/\$topic\b/$item/g;