Added check for PRIVATE_WIKI in search fuction. Without this there would be information disclosure.

realms/modules/search/views.py

@@ -1,4 +1,5 @@
-from flask import render_template, request, Blueprint
+from flask import render_template, request, Blueprint, current_app
+from flask.ext.login import current_user
 from realms import search as search_engine
 
 blueprint = Blueprint('search', __name__)
@@ -6,5 +7,8 @@ blueprint = Blueprint('search', __name__)
 
 @blueprint.route('/_search')
 def search():
+    if current_app.config.get('PRIVATE_WIKI') and current_user.is_anonymous():
+        return current_app.login_manager.unauthorized()
+
     results = search_engine.wiki(request.args.get('q'))
     return render_template('search/search.html', results=results)