Please report next time security issues directory to the MOD author or a MOD teammember.
Apologies Paul, but as the MOD is so old, and because the Demo links placed in the early posts by the author no longer work, I assumed the author was no longer contactable. As your MOD report guidelines state that one should contact the author and then wait a week before contacting the phpBB mod team, I thought I'd compromise and post something on the thread to see if anyone else had experienced this.
I have looked at the code of the MOD and cant find any thing that looks like it allows guests (if permissions are set correctly) to view it. Please provide by PM a topic what's private but can be viewed by the this MOD.
So far I've spent 2 days examining this issue, attempting to explain the cached copy I found on Google of a 'private' topic and, like Captain Flint, I've spent ages trying to replicate the problem with other posts which I know to be 'private'. I can't replicate it, but neither can I deny the presence of the cached copy on Google. However, just as I was about to copy/paste the Google cached-copy into a PM to you, I had a flash of a further idea and just went off to investigate it. My idea concerned the date on the cached copy I saw on Google. This topic was actually a netiquette breach (it was a 'disguised' advert) which was moved to the moderators forum within minutes of being reported to a moderator on April 15th, but comparison of the dates shows that Google visited our forum that day and could
have indexed the 'printer-friendly' copy literally seconds before it was moved from 'public' to 'private'. Although hugely coincidental, is this a more likely explanation of why it is now in the public domain, considering that your examination of the code suggests that the MOD treats 'private' pages in the same way as phpBB does normally?
I'll PM you the link anyway