aboutsummaryrefslogtreecommitdiffstatshomepage
diff options
context:
space:
mode:
authorSean Dague2008-05-27 22:25:14 +0000
committerSean Dague2008-05-27 22:25:14 +0000
commit46d91df2a8303087ff211a3366660a6bd6e799d9 (patch)
treeb18e6762a2209831144ca303869a7915dab70a0b
parent* Added new InstallPlugin interface to ITerrainModule. (diff)
downloadopensim-SC-46d91df2a8303087ff211a3366660a6bd6e799d9.zip
opensim-SC-46d91df2a8303087ff211a3366660a6bd6e799d9.tar.gz
opensim-SC-46d91df2a8303087ff211a3366660a6bd6e799d9.tar.bz2
opensim-SC-46d91df2a8303087ff211a3366660a6bd6e799d9.tar.xz
another take on the whole string cleansing, by adding specific poison
keywords in foo.bar strings. Add items to the poison array to block them.
-rw-r--r--OpenSim/Region/ScriptEngine/DotNetEngine/Compiler/LSL/LSL2CSConverter.cs7
1 files changed, 5 insertions, 2 deletions
diff --git a/OpenSim/Region/ScriptEngine/DotNetEngine/Compiler/LSL/LSL2CSConverter.cs b/OpenSim/Region/ScriptEngine/DotNetEngine/Compiler/LSL/LSL2CSConverter.cs
index d132f8c..5d51898 100644
--- a/OpenSim/Region/ScriptEngine/DotNetEngine/Compiler/LSL/LSL2CSConverter.cs
+++ b/OpenSim/Region/ScriptEngine/DotNetEngine/Compiler/LSL/LSL2CSConverter.cs
@@ -116,8 +116,11 @@ namespace OpenSim.Region.ScriptEngine.DotNetEngine.Compiler.LSL
116 // ignores alpha.x alpha.y, alpha.z for refering to vector components 116 // ignores alpha.x alpha.y, alpha.z for refering to vector components
117 Match SecurityM; 117 Match SecurityM;
118 118
119 // BROKEN: this check is very wrong. It block's any url in strings. 119 // Instead of blocking all foo.bar values, block only the ones that will hit
120 SecurityM = Regex.Match(checkscript, @"(?:[a-zA-Z])\.(?:[a-wA-Z]|[a-zA-Z][a-zA-Z])", RegexOptions.Compiled | RegexOptions.Multiline | RegexOptions.Singleline); 120 // namespaces we don't like. To add more of these bad namespaces at them
121 // to the poison array.
122 String[] poison = {"System"};
123 SecurityM = Regex.Match(checkscript, @"(" + String.Join("|", poison) + @")\.(?:[a-wA-Z]|[a-zA-Z][a-zA-Z])", RegexOptions.Compiled | RegexOptions.Multiline | RegexOptions.Singleline);
121 if (SecurityM.Success) 124 if (SecurityM.Success)
122 throw new Exception("CS0103: 'The . symbol cannot be used in LSL except in float values or vector components'"); 125 throw new Exception("CS0103: 'The . symbol cannot be used in LSL except in float values or vector components'");
123 126