How to reproduce:
- with some admin, create a page called Sandbox.SecretPage (terminal in my example, but probably reproduces with non-terminal as well)
- put some content in it, for example "Secret content. If you see this it's bad."
- edit rights on the page, give view rights only to the admin group on the page
Switch to a regular user
- Access the Sandbox.SecretPage the page displays this:
- use a creation like URL that uses Sandbox.SecretPage as template:
- the content of Sandbox.SecretPage is not displayed
- the content of Sandbox.SecretPage is copied into the newly created page and displayed to the user that "uses" it as template, even if they don't have the right to see the page:
If, at this point, the page is saved, the resulting page (Sandbox.NewPage) is not actually visible to the user that has just created it.