Index: openacs-4/packages/dotlrn/dotlrn.info
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/dotlrn/dotlrn.info,v
diff -u -N -r1.118.2.3.4.18 -r1.118.2.3.4.19
--- openacs-4/packages/dotlrn/dotlrn.info 3 Sep 2005 21:51:08 -0000 1.118.2.3.4.18
+++ openacs-4/packages/dotlrn/dotlrn.info 6 Feb 2006 20:08:43 -0000 1.118.2.3.4.19
@@ -7,14 +7,14 @@
f
f
-
+
OpenACS
A Course Management System
2005-09-03
OpenACS
Course Management
-
+
Index: openacs-4/packages/dotlrn/tcl/apm-callback-procs.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/dotlrn/tcl/apm-callback-procs.tcl,v
diff -u -N -r1.1.2.4 -r1.1.2.5
--- openacs-4/packages/dotlrn/tcl/apm-callback-procs.tcl 22 Oct 2004 19:31:23 -0000 1.1.2.4
+++ openacs-4/packages/dotlrn/tcl/apm-callback-procs.tcl 6 Feb 2006 20:08:43 -0000 1.1.2.5
@@ -137,8 +137,17 @@
}
}
}
+ 2.1.3 2.1.4a1 {
+ # This fixes a security hole opened up when cloning
+ # communities/classes
+ db_foreach get_communities_with_inherit {
+ select community_id
+ from dotlrn_communities_all c, acs_objects o
+ where c.community_id = o.object_id
+ and o.security_inherit_p = 't'
+ } {
+ permission::set_not_inherit -object_id $community_id
+ }
}
-}
-
-
-
+ }
+}
\ No newline at end of file
Index: openacs-4/packages/dotlrn/tcl/community-procs.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/dotlrn/tcl/community-procs.tcl,v
diff -u -N -r1.183.2.3.4.14 -r1.183.2.3.4.15
--- openacs-4/packages/dotlrn/tcl/community-procs.tcl 13 Jun 2005 20:47:00 -0000 1.183.2.3.4.14
+++ openacs-4/packages/dotlrn/tcl/community-procs.tcl 6 Feb 2006 20:08:43 -0000 1.183.2.3.4.15
@@ -1783,6 +1783,13 @@
db_dml copy_customizations_if_any {}
}
+ # This new community should _not_ inherit it's permissions
+ # from the root dotlrn instance. Why? All dotlrn users
+ # can read the root dotlrn instance, but only members of
+ # this community should be able to read this instance (and
+ # it's children)
+ permission::set_not_inherit -object_id $clone_id
+
# Grant read_private_data permission to "non guest" users.
dotlrn_privacy::grant_read_private_data_to_non_guests -object_id $clone_id