diff --git a/CHANGELOG b/CHANGELOG
index 8a4e411a..56225b6b 100755
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -8,6 +8,9 @@
           "textile link":LinkToSomePlace will not look insane.
           RSS feeds accept query parameters, sush as 
           http://localhost:2500/wiki/rss_with_headlines?start=2005-02-18&end=2005-02-19&limit=10
+          RSS feed wiuth page contents for a password-protected web behaves as follows:
+            if the web is published, RSS feed links to the published version of the web
+            otherwise, the feed is not available
           Madeleine will check every hour if there are new commands in the log or 24 hours have 
           passed since last snapshot, and take snapshot if either of these conditions is true
           Madeleine will also not log read-only operations, resulting in a better performance
diff --git a/app/controllers/application.rb b/app/controllers/application.rb
index abf82902..f56a185d 100644
--- a/app/controllers/application.rb
+++ b/app/controllers/application.rb
@@ -28,10 +28,8 @@ class ApplicationController < ActionController::Base
   end
 
   def check_authorization
-    if in_a_web? and 
-        not authorized? and 
-        not %w( login authenticate published ).include?(@action_name)
-      redirect_to :action => 'login', :web => @web_name
+    if in_a_web? and needs_authorization?(@action_name) and not authorized? and 
+      redirect_to :controller => 'wiki', :action => 'login', :web => @web_name
       return false
     end
   end
@@ -126,4 +124,8 @@ class ApplicationController < ActionController::Base
     $instiki_wiki_service
   end
 
+  def needs_authorization?(action)
+    not %w( login authenticate published rss_with_content rss_with_headlines ).include?(action)
+  end
+
 end
diff --git a/app/controllers/wiki_controller.rb b/app/controllers/wiki_controller.rb
index c084c030..06448c2a 100644
--- a/app/controllers/wiki_controller.rb
+++ b/app/controllers/wiki_controller.rb
@@ -75,6 +75,7 @@ class WikiController < ApplicationController
   end
 
   def feeds
+    @rss_with_content_allowed = rss_with_content_allowed?
     # show the template
   end
 
@@ -91,7 +92,12 @@ class WikiController < ApplicationController
   end
 
   def rss_with_content
-    render_rss(hide_description = false, *parse_rss_params)
+    if rss_with_content_allowed?
+      render_rss(hide_description = false, *parse_rss_params)
+    else
+      render_text 'RSS feed with content for this web is blocked for security reasons. ' +
+        'The web is password-protected and not published', '403 Forbidden'
+    end
   end
 
   def rss_with_headlines
@@ -326,6 +332,8 @@ class WikiController < ApplicationController
     
     @hide_description = hide_description
     @response.headers['Content-Type'] = 'text/xml'
+    @link_action = @web.password ? 'published' : 'show'
+    
     render 'wiki/rss_feed'
   end
 
@@ -343,6 +351,10 @@ class WikiController < ApplicationController
     @template.render_file(template_name)
   end
   
+  def rss_with_content_allowed?
+    @web.password.nil? or @web.published
+  end
+  
   def truncate(text, length = 30, truncate_string = '...')
     if text.length > length then text[0..(length - 3)] + truncate_string else text end
   end
diff --git a/app/views/wiki/feeds.rhtml b/app/views/wiki/feeds.rhtml
index 46b79b69..389d6983 100644
--- a/app/views/wiki/feeds.rhtml
+++ b/app/views/wiki/feeds.rhtml
@@ -4,7 +4,7 @@
 
 <ul id="feedsList">
   <li>
-    <% unless @web.password and not @web.published %>
+    <% if @rss_with_content_allowed %>
       <%= link_to 'Full content (RSS 2.0)', :web => @web.address, :action => :rss_with_content %>
     <% end %>
   </li>
diff --git a/app/views/wiki/rss_feed.rhtml b/app/views/wiki/rss_feed.rhtml
index 542490ae..dcefd4a0 100644
--- a/app/views/wiki/rss_feed.rhtml
+++ b/app/views/wiki/rss_feed.rhtml
@@ -2,7 +2,7 @@
 <rss version="2.0" xmlns:dc="http://purl.org/dc/elements/1.1/">
 	<channel>
 		<title><%= @web.name %></title>
-		<link><%= url_for :only_path => false, :web => @web_name, :action => 'show', :id => 'HomePage' %></link>
+		<link><%= url_for :only_path => false, :web => @web_name, :action => @link_action, :id => 'HomePage' %></link>
 		<description>An Instiki wiki</description>
 		<language>en-us</language>
 		<ttl>40</ttl>
@@ -10,11 +10,11 @@
 		<item>
       <title><%= page.plain_name %></title>
     <% unless @hide_description %>
-      <description><%= CGI.escapeHTML(page.display_content) %></description>
+      <description><%= h page.display_content %></description>
     <% end %>
       <pubDate><%= page.created_at.strftime "%a, %e %b %Y %H:%M:%S %Z" %></pubDate>
-      <guid><%= url_for :only_path => false, :web => @web_name, :action => 'show', :id => page.name %></guid>
-      <link><%= url_for :only_path => false, :web => @web_name, :action => 'show', :id => page.name %></link>
+      <guid><%= url_for :only_path => false, :web => @web_name, :action => @link_action, :id => page.name %></guid>
+      <link><%= url_for :only_path => false, :web => @web_name, :action => @link_action, :id => page.name %></link>
       <dc:creator><%= WikiWords.separate(page.author) %></dc:creator>
     </item>
   <% end %>
diff --git a/test/functional/wiki_controller_test.rb b/test/functional/wiki_controller_test.rb
index c8559118..7227879a 100755
--- a/test/functional/wiki_controller_test.rb
+++ b/test/functional/wiki_controller_test.rb
@@ -369,6 +369,16 @@ class WikiControllerTest < Test::Unit::TestCase
     assert !r.template_objects['hide_description']
   end
 
+  def test_rss_with_content_when_blocked
+    setup_wiki_with_three_pages
+    @web.password = 'aaa'
+    @web.published = false
+    
+    r = process 'rss_with_content', 'web' => 'wiki1'
+    
+    assert_equal 403, r.response_code
+  end
+  
 
   def test_rss_with_headlines
     setup_wiki_with_three_pages
@@ -400,6 +410,30 @@ class WikiControllerTest < Test::Unit::TestCase
     assert_template_xpath_match '/rss/channel/item/link', expected_page_links
   end
 
+  def test_rss_switch_links_to_published
+    setup_wiki_with_three_pages
+    @web.password = 'aaa'
+    @web.published = true
+    
+    @request.host = 'foo.bar.info'
+    @request.port = 80
+
+    r = process 'rss_with_headlines', 'web' => 'wiki1'
+
+    assert_success
+    xml = REXML::Document.new(r.body)
+
+    expected_page_links =
+        ['http://foo.bar.info/wiki1/published/HomePage',
+         'http://foo.bar.info/wiki1/published/Oak',
+         'http://foo.bar.info/wiki1/published/Elephant']
+    
+    assert_template_xpath_match '/rss/channel/link', 
+        'http://foo.bar.info/wiki1/published/HomePage'
+    assert_template_xpath_match '/rss/channel/item/guid', expected_page_links
+    assert_template_xpath_match '/rss/channel/item/link', expected_page_links
+  end
+
   def test_rss_with_params
     setup_wiki_with_30_pages