diff options
author | Sean Dague | 2008-05-27 22:25:14 +0000 |
---|---|---|
committer | Sean Dague | 2008-05-27 22:25:14 +0000 |
commit | 46d91df2a8303087ff211a3366660a6bd6e799d9 (patch) | |
tree | b18e6762a2209831144ca303869a7915dab70a0b /OpenSim/Region/ScriptEngine/DotNetEngine/Compiler/LSL/LSL2CSConverter.cs | |
parent | * Added new InstallPlugin interface to ITerrainModule. (diff) | |
download | opensim-SC-46d91df2a8303087ff211a3366660a6bd6e799d9.zip opensim-SC-46d91df2a8303087ff211a3366660a6bd6e799d9.tar.gz opensim-SC-46d91df2a8303087ff211a3366660a6bd6e799d9.tar.bz2 opensim-SC-46d91df2a8303087ff211a3366660a6bd6e799d9.tar.xz |
another take on the whole string cleansing, by adding specific poison
keywords in foo.bar strings. Add items to the poison array to block them.
Diffstat (limited to 'OpenSim/Region/ScriptEngine/DotNetEngine/Compiler/LSL/LSL2CSConverter.cs')
-rw-r--r-- | OpenSim/Region/ScriptEngine/DotNetEngine/Compiler/LSL/LSL2CSConverter.cs | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/OpenSim/Region/ScriptEngine/DotNetEngine/Compiler/LSL/LSL2CSConverter.cs b/OpenSim/Region/ScriptEngine/DotNetEngine/Compiler/LSL/LSL2CSConverter.cs index d132f8c..5d51898 100644 --- a/OpenSim/Region/ScriptEngine/DotNetEngine/Compiler/LSL/LSL2CSConverter.cs +++ b/OpenSim/Region/ScriptEngine/DotNetEngine/Compiler/LSL/LSL2CSConverter.cs | |||
@@ -116,8 +116,11 @@ namespace OpenSim.Region.ScriptEngine.DotNetEngine.Compiler.LSL | |||
116 | // ignores alpha.x alpha.y, alpha.z for refering to vector components | 116 | // ignores alpha.x alpha.y, alpha.z for refering to vector components |
117 | Match SecurityM; | 117 | Match SecurityM; |
118 | 118 | ||
119 | // BROKEN: this check is very wrong. It block's any url in strings. | 119 | // Instead of blocking all foo.bar values, block only the ones that will hit |
120 | SecurityM = Regex.Match(checkscript, @"(?:[a-zA-Z])\.(?:[a-wA-Z]|[a-zA-Z][a-zA-Z])", RegexOptions.Compiled | RegexOptions.Multiline | RegexOptions.Singleline); | 120 | // namespaces we don't like. To add more of these bad namespaces at them |
121 | // to the poison array. | ||
122 | String[] poison = {"System"}; | ||
123 | SecurityM = Regex.Match(checkscript, @"(" + String.Join("|", poison) + @")\.(?:[a-wA-Z]|[a-zA-Z][a-zA-Z])", RegexOptions.Compiled | RegexOptions.Multiline | RegexOptions.Singleline); | ||
121 | if (SecurityM.Success) | 124 | if (SecurityM.Success) |
122 | throw new Exception("CS0103: 'The . symbol cannot be used in LSL except in float values or vector components'"); | 125 | throw new Exception("CS0103: 'The . symbol cannot be used in LSL except in float values or vector components'"); |
123 | 126 | ||