diff options
author | Melanie Thielker | 2010-07-15 20:28:18 +0200 |
---|---|---|
committer | Melanie | 2010-07-20 21:01:14 +0100 |
commit | ea51bea508a966420bab82dfc2af3c240095e427 (patch) | |
tree | 47d9ca9f337bacd9f3894fa9ff5800b3a4527a5f /OpenSim/Region/Framework/Scenes | |
parent | Fix a few permissions vulnerability. Owners could cause permissions (diff) | |
download | opensim-SC-ea51bea508a966420bab82dfc2af3c240095e427.zip opensim-SC-ea51bea508a966420bab82dfc2af3c240095e427.tar.gz opensim-SC-ea51bea508a966420bab82dfc2af3c240095e427.tar.bz2 opensim-SC-ea51bea508a966420bab82dfc2af3c240095e427.tar.xz |
prevent hacked viewers from being able to delete arbitrary items from any
prim. Allow friends with perms and shared group members to move or copy
things out of prims
Diffstat (limited to 'OpenSim/Region/Framework/Scenes')
-rw-r--r-- | OpenSim/Region/Framework/Scenes/Scene.Inventory.cs | 21 |
1 files changed, 18 insertions, 3 deletions
diff --git a/OpenSim/Region/Framework/Scenes/Scene.Inventory.cs b/OpenSim/Region/Framework/Scenes/Scene.Inventory.cs index 1bb7075..953dd56 100644 --- a/OpenSim/Region/Framework/Scenes/Scene.Inventory.cs +++ b/OpenSim/Region/Framework/Scenes/Scene.Inventory.cs | |||
@@ -916,6 +916,9 @@ namespace OpenSim.Region.Framework.Scenes | |||
916 | SceneObjectGroup group = part.ParentGroup; | 916 | SceneObjectGroup group = part.ParentGroup; |
917 | if (group != null) | 917 | if (group != null) |
918 | { | 918 | { |
919 | if (!Permissions.CanEditObjectInventory(part.UUID, remoteClient.AgentId)) | ||
920 | return; | ||
921 | |||
919 | TaskInventoryItem item = group.GetInventoryItem(localID, itemID); | 922 | TaskInventoryItem item = group.GetInventoryItem(localID, itemID); |
920 | if (item == null) | 923 | if (item == null) |
921 | return; | 924 | return; |
@@ -1055,9 +1058,21 @@ namespace OpenSim.Region.Framework.Scenes | |||
1055 | return; | 1058 | return; |
1056 | } | 1059 | } |
1057 | 1060 | ||
1058 | // Only owner can copy | 1061 | TaskInventoryItem item = part.Inventory.GetInventoryItem(itemId); |
1059 | if (remoteClient.AgentId != taskItem.OwnerID) | 1062 | if ((item.CurrentPermissions & (uint)PermissionMask.Copy) == 0) |
1060 | return; | 1063 | { |
1064 | // If the item to be moved is no copy, we need to be able to | ||
1065 | // edit the prim. | ||
1066 | if (!Permissions.CanEditObjectInventory(part.UUID, remoteClient.AgentId)) | ||
1067 | return; | ||
1068 | } | ||
1069 | else | ||
1070 | { | ||
1071 | // If the item is copiable, then we just need to have perms | ||
1072 | // on it. The delete check is a pure rights check | ||
1073 | if (!Permissions.CanDeleteObject(part.UUID, remoteClient.AgentId)) | ||
1074 | return; | ||
1075 | } | ||
1061 | 1076 | ||
1062 | MoveTaskInventoryItem(remoteClient, folderId, part, itemId); | 1077 | MoveTaskInventoryItem(remoteClient, folderId, part, itemId); |
1063 | } | 1078 | } |