dont add category/topic slug if user doesnt have read permission

or category is disabled etc.

src/controllers/categories.js

@@ -188,7 +188,7 @@ categoriesController.get = function(req, res, next) {
 				return helpers.notFound(req, res);
 			}
 
-			if (cid + '/' + req.params.slug !== results.categoryData.slug) {
+			if (req.params.slug && cid + '/' + req.params.slug !== results.categoryData.slug) {
 				return helpers.notFound(req, res);
 			}
 
@@ -196,6 +196,10 @@ categoriesController.get = function(req, res, next) {
 				return helpers.notAllowed(req, res);
 			}
 
+			if (!req.params.slug && results.categoryData.slug && results.categoryData.slug !== cid + '/') {
+				return helpers.redirect(res, '/category/' + encodeURI(results.categoryData.slug));
+			}
+
 			var topicIndex = utils.isNumber(req.params.topic_index) ? parseInt(req.params.topic_index, 10) - 1 : 0;
 			var topicCount = parseInt(results.categoryData.topic_count, 10);
 

src/controllers/topics.js

@@ -43,7 +43,7 @@ topicsController.get = function(req, res, next) {
 		function (results, next) {
 			userPrivileges = results.privileges;
 
-			if (userPrivileges.disabled || tid + '/' + req.params.slug !== results.topic.slug) {
+			if (userPrivileges.disabled || (req.params.slug && tid + '/' + req.params.slug !== results.topic.slug)) {
 				return helpers.notFound(req, res);
 			}
 
@@ -51,6 +51,10 @@ topicsController.get = function(req, res, next) {
 				return helpers.notAllowed(req, res);
 			}
 
+			if (!req.params.slug && results.topic.slug && results.topic.slug !== tid + '/') {
+				return helpers.redirect(res, '/topic/' + encodeURI(results.topic.slug));
+			}
+
 			var settings = results.settings;
 			var postCount = parseInt(results.topic.postcount, 10);
 			var pageCount = Math.max(1, Math.ceil((postCount - 1) / settings.postsPerPage));

src/middleware/middleware.js

@@ -84,27 +84,6 @@ middleware.redirectToLoginIfGuest = function(req, res, next) {
 	}
 };
 
-middleware.addSlug = function(req, res, next) {
-	function redirect(method, id, name) {
-		method(id, 'slug', function(err, slug) {
-			if (err || !slug || slug === id + '/') {
-				return next(err);
-			}
-
-			controllers.helpers.redirect(res, name + encodeURI(slug));
-		});
-	}
-
-	if (!req.params.slug) {
-		if (req.params.category_id) {
-			return redirect(categories.getCategoryField, req.params.category_id, '/category/');
-		} else if (req.params.topic_id) {
-			return redirect(topics.getTopicField, req.params.topic_id, '/topic/');
-		}
-	}
-	next();
-};
-
 middleware.validateFiles = function(req, res, next) {
 	if (!Array.isArray(req.files.files) || !req.files.files.length) {
 		return next(new Error(['[[error:invalid-files]]']));

src/routes/index.js

@@ -42,7 +42,7 @@ function topicRoutes(app, middleware, controllers) {
 	app.get('/api/topic/teaser/:topic_id', controllers.topics.teaser);
 
 	setupPageRoute(app, '/topic/:topic_id/:slug/:post_index?', middleware, [], controllers.topics.get);
-	setupPageRoute(app, '/topic/:topic_id/:slug?', middleware, [middleware.addSlug], controllers.topics.get);
+	setupPageRoute(app, '/topic/:topic_id/:slug?', middleware, [], controllers.topics.get);
 }
 
 function tagRoutes(app, middleware, controllers) {
@@ -58,7 +58,7 @@ function categoryRoutes(app, middleware, controllers) {
 	app.get('/api/unread/total', middleware.authenticate, controllers.categories.unreadTotal);
 
 	setupPageRoute(app, '/category/:category_id/:slug/:topic_index', middleware, [], controllers.categories.get);
-	setupPageRoute(app, '/category/:category_id/:slug?', middleware, [middleware.addSlug], controllers.categories.get);
+	setupPageRoute(app, '/category/:category_id/:slug?', middleware, [], controllers.categories.get);
 }
 
 function accountRoutes(app, middleware, controllers) {