Vulnerability in EPiServer.Forms
We are using PageSearch (4.62) for our site-wide search. When a page is unpublished, we don't want that page or any of its subpages to be included in the search results. What happens however, is that we get a login prompt on the search page because subpages of an unpublished page are included in the search results, and the unpublished parent page makes the subpages inaccessible to users that aren't logged in. I've tried using a filter to omit unpublished pages from the search results, but obviously that doesn't work on the subpages.
Any suggestions on how to get around this without unpublishing all subpages as well?