The links being shown while a page is private is actually a 'feature'.
However, what's supposed to happen is that the sub-pages inherit the
permissions of the above page, and private pages that you don't have
access to aren't even supposed to show up in the link bar. So it's more of
a 'private pages can't show up in the link bar'.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Logged In: YES
user_id=1208250
The links being shown while a page is private is actually a 'feature'.
However, what's supposed to happen is that the sub-pages inherit the
permissions of the above page, and private pages that you don't have
access to aren't even supposed to show up in the link bar. So it's more of
a 'private pages can't show up in the link bar'.
Logged In: YES
user_id=937892
It's still a security vulnerability that it can be seen in
the first place, and as such, needs fixing.