Index: vendor/plugins/classic_pagination/test/pagination_helper_test.rb
===================================================================
--- vendor/plugins/classic_pagination/test/pagination_helper_test.rb	(revision 5236)
+++ vendor/plugins/classic_pagination/test/pagination_helper_test.rb	(working copy)
@@ -10,7 +10,7 @@
   def setup
     @controller = Class.new do
       attr_accessor :url, :request
-      def url_for(options, *parameters_for_method_reference)
+      def url_for(options)
         url
       end
     end
Index: app/helpers/application_helper.rb
===================================================================
--- app/helpers/application_helper.rb	(revision 5236)
+++ app/helpers/application_helper.rb	(working copy)
@@ -26,9 +26,9 @@
   extend Forwardable
   def_delegators :wiki_helper, :wikitoolbar_for, :heads_for_wiki_formatter
 
-  # Return true if user is authorized for controller/action, otherwise false
-  def authorize_for(controller, action)
-    User.current.allowed_to?({:controller => controller, :action => action}, @project)
+  # Return true if user is authorized for controller/action in context, otherwise false
+  def authorize_for(controller, action, context = @project)
+    User.current.allowed_to?({:controller => controller, :action => action}, context)
   end
 
   # Display a link if user is authorized
@@ -36,15 +36,15 @@
   # @param [String] name Anchor text (passed to link_to)
   # @param [Hash] options Hash params. This will checked by authorize_for to see if the user is authorized
   # @param [optional, Hash] html_options Options passed to link_to
-  # @param [optional, Hash] parameters_for_method_reference Extra parameters for link_to
-  def link_to_if_authorized(name, options = {}, html_options = nil, *parameters_for_method_reference)
-    link_to(name, options, html_options, *parameters_for_method_reference) if authorize_for(options[:controller] || params[:controller], options[:action])
+  # @param [optional, Object] context Context object
+  def link_to_if_authorized(name, options = {}, html_options = nil, context = @project)
+    link_to(name, options, html_options) if authorize_for(options[:controller] || params[:controller], options[:action], context)
   end
 
   # Display a link to remote if user is authorized
-  def link_to_remote_if_authorized(name, options = {}, html_options = nil)
+  def link_to_remote_if_authorized(name, options = {}, html_options = nil, context = @project)
     url = options[:url] || {}
-    link_to_remote(name, options, html_options) if authorize_for(url[:controller] || params[:controller], url[:action])
+    link_to_remote(name, options, html_options) if authorize_for(url[:controller] || params[:controller], url[:action], context)
   end
 
   # Displays a link to user's account page if active
Index: app/views/projects/settings/_versions.rhtml
===================================================================
--- app/views/projects/settings/_versions.rhtml	(revision 5236)
+++ app/views/projects/settings/_versions.rhtml	(working copy)
@@ -17,7 +17,7 @@
     <td class="description"><%=h version.description %></td>
     <td class="status"><%= l("version_status_#{version.status}") %></td>
     <td class="sharing"><%=h format_version_sharing(version.sharing) %></td>
-    <td><%= link_to_if_authorized(h(version.wiki_page_title), {:controller => 'wiki', :action => 'show', :project_id => version.project, :id => Wiki.titleize(version.wiki_page_title)}) || h(version.wiki_page_title) unless version.wiki_page_title.blank? || version.project.wiki.nil? %></td>
+    <td><%= link_to_if_authorized(h(version.wiki_page_title), {:controller => 'wiki', :action => 'show', :project_id => version.project, :id => Wiki.titleize(version.wiki_page_title)}, nil, version.project) || h(version.wiki_page_title) unless version.wiki_page_title.blank? || version.project.wiki.nil? %></td>
     <td class="buttons">
     	<% if version.project == @project %>
     		<%= link_to_if_authorized l(:button_edit),   {:controller => 'versions', :action => 'edit', :id => version }, :class => 'icon icon-edit' %>
Index: test/unit/helpers/application_helper_test.rb
===================================================================
--- test/unit/helpers/application_helper_test.rb	(revision 5236)
+++ test/unit/helpers/application_helper_test.rb	(working copy)
@@ -48,9 +48,27 @@
                                        {:controller => 'issues', :action => 'edit', :id => Issue.first.id})
       assert_match /href/, response
     end
-    
+
+    should "not allow using the :controller and :action for the private parent project version wiki page link" do
+      User.current = User.anonymous
+
+      parent_project = Project.generate!( :is_public => false )
+
+      version = Version.generate!( :project_id => parent_project, :sharing => 'hierarchy', :wiki_page_title => 'MyVersionWikiPage' )
+
+      @project = Project.generate!( :is_public => true )
+      @project.set_parent! parent_project
+
+      response = link_to_if_authorized("By controller/action",
+                                       {:controller => 'wiki', :action => 'show', :id => version.wiki_page_title, :project_id => version.project },
+                                        nil,
+                                        parent_project)
+
+      assert_equal nil, response
+    end
+
   end
-  
+
   def test_auto_links
     to_test = {
       'http://foo.bar' => '<a class="external" href="http://foo.bar">http://foo.bar</a>',