correct information leak in page not found

app/controllers/application_controller.rb

@@ -278,9 +278,8 @@ class ApplicationController < ActionController::Base
     end
 
     def render_not_found_page(status=404)
-      f = Topic.where(deleted_at: nil, archetype: "regular")
+      @top_viewed = TopicQuery.top_viewed(10)
-      @latest = f.order('views desc').take(10)
+      @recent = TopicQuery.recent(10)
-      @recent = f.order('created_at desc').take(10)
       @slug =  params[:slug].class == String ? params[:slug] : ''
       @slug =  (params[:id].class == String ? params[:id] : '') if @slug.blank?
       @slug.gsub!('-',' ')

app/models/topic.rb

@@ -96,7 +96,7 @@ class Topic < ActiveRecord::Base
 
   scope :created_since, lambda { |time_ago| where('created_at > ?', time_ago) }
 
-  scope :secured, lambda {|guardian|
+  scope :secured, lambda {|guardian=nil|
     ids = guardian.secure_category_ids if guardian
 
     # Query conditions

app/views/exceptions/not_found.html.erb

@@ -4,8 +4,8 @@
 <table>
   <tr>
     <td style="vertical-align:top; padding:0 20px 20px 0;">
-      <h2><%= t 'page_not_found.latest_topics' %></h2>
+      <h2><%= t 'page_not_found.popular_topics' %></h2>
-      <% @latest.each do |t| %>
+      <% @top_viewed.each do |t| %>
         <%= link_to t.title, t.relative_url %><br/>
       <% end %>
       <br/>
@@ -17,7 +17,7 @@
         <%= link_to t.title, t.relative_url %><br/>
       <% end %>
       <br/>
-      <a href="/new" class="btn"><%= t 'page_not_found.see_more' %>&hellip;</a>
+      <a href="/latest" class="btn"><%= t 'page_not_found.see_more' %>&hellip;</a>
     </td>
   </tr>
 </table>

config/locales/server.en.yml

@@ -1007,7 +1007,7 @@ en:
 
   page_not_found:
     title: "The page you requested doesn't exist on this discussion forum. Perhaps we can help find it, or another topic like it:"
-    latest_topics: "Latest topics"
+    popular_topics: "Popular topics"
     recent_topics: "Recent topics"
     see_more: "See More"
     search_title: "Search for this topic"

lib/topic_query.rb

@@ -63,6 +63,14 @@ class TopicQuery
       "CASE WHEN (topics.pinned_at IS NOT NULL) THEN 0 ELSE 1 END, topics.bumped_at DESC"
     end
 
+    def top_viewed(max)
+      Topic.listable_topics.visible.secured.order('views desc').take(10)
+    end
+
+    def recent(max)
+      Topic.listable_topics.visible.secured.order('created_at desc').take(10)
+    end
+
   end
 
   def initialize(user=nil, opts={})

spec/components/topic_query_spec.rb

@@ -20,17 +20,22 @@ describe TopicQuery do
       category.save
 
       topic = Fabricate(:topic, category: category)
+      topic = Fabricate(:topic, visible: false)
 
       TopicQuery.new(nil).list_latest.topics.count.should == 0
       TopicQuery.new(user).list_latest.topics.count.should == 0
 
-      # mods can see every group
+      TopicQuery.top_viewed(10).count.should == 0
-      TopicQuery.new(moderator).list_latest.topics.count.should == 2
+      TopicQuery.recent(10).count.should == 0
+
+      # mods can see every group and hidden topics
+      TopicQuery.new(moderator).list_latest.topics.count.should == 3
 
       group.add(user)
       group.save
 
       TopicQuery.new(user).list_latest.topics.count.should == 2
+
     end
 
   end