Index: openacs-4/packages/dotlrn/dotlrn.info
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/dotlrn/dotlrn.info,v
diff -u -N -r1.118.2.3.4.18 -r1.118.2.3.4.19
--- openacs-4/packages/dotlrn/dotlrn.info	3 Sep 2005 21:51:08 -0000	1.118.2.3.4.18
+++ openacs-4/packages/dotlrn/dotlrn.info	6 Feb 2006 20:08:43 -0000	1.118.2.3.4.19
@@ -7,14 +7,14 @@
     <initial-install-p>f</initial-install-p>
     <singleton-p>f</singleton-p>
     
-    <version name="2.1.3" url="http://openacs.org/repository/download/apm/dotlrn-2.1.3">
+    <version name="2.1.4a1" url="http://openacs.org/repository/download/apm/dotlrn-2.1.4a1">
         <owner url="http://openacs.org">OpenACS</owner>
         <summary>A Course Management System</summary>
         <release-date>2005-09-03</release-date>
         <vendor url="http://openacs.org">OpenACS</vendor>
         <description format="text/html">Course Management</description>
 
-        <provides url="dotlrn" version="2.1.3"/>
+        <provides url="dotlrn" version="2.1.4a1"/>
         <requires url="acs-kernel" version="5.0.0b4"/>
         <requires url="acs-lang" version="5.1.2d1"/>
         <requires url="attachments" version="0.5"/>
Index: openacs-4/packages/dotlrn/tcl/apm-callback-procs.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/dotlrn/tcl/apm-callback-procs.tcl,v
diff -u -N -r1.1.2.4 -r1.1.2.5
--- openacs-4/packages/dotlrn/tcl/apm-callback-procs.tcl	22 Oct 2004 19:31:23 -0000	1.1.2.4
+++ openacs-4/packages/dotlrn/tcl/apm-callback-procs.tcl	6 Feb 2006 20:08:43 -0000	1.1.2.5
@@ -137,8 +137,17 @@
 		    }
 	         }
 	      }
+	    2.1.3 2.1.4a1 {
+		# This fixes a security hole opened up when cloning
+		# communities/classes
+		db_foreach get_communities_with_inherit {
+		    select community_id
+		    from dotlrn_communities_all c, acs_objects o
+		    where c.community_id = o.object_id
+		    and o.security_inherit_p = 't'
+		} {
+		    permission::set_not_inherit -object_id $community_id
+		}	
 	    }
-}
-
-
-
+	}
+}
\ No newline at end of file
Index: openacs-4/packages/dotlrn/tcl/community-procs.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/dotlrn/tcl/community-procs.tcl,v
diff -u -N -r1.183.2.3.4.14 -r1.183.2.3.4.15
--- openacs-4/packages/dotlrn/tcl/community-procs.tcl	13 Jun 2005 20:47:00 -0000	1.183.2.3.4.14
+++ openacs-4/packages/dotlrn/tcl/community-procs.tcl	6 Feb 2006 20:08:43 -0000	1.183.2.3.4.15
@@ -1783,6 +1783,13 @@
                 db_dml copy_customizations_if_any {}
             }
 
+	    # This new community should _not_ inherit it's permissions
+	    # from the root dotlrn instance. Why? All dotlrn users
+	    # can read the root dotlrn instance, but only members of
+	    # this community should be able to read this instance (and
+	    # it's children)
+	    permission::set_not_inherit -object_id $clone_id
+
             # Grant read_private_data permission to "non guest" users.
             dotlrn_privacy::grant_read_private_data_to_non_guests -object_id $clone_id