minor changes on llSetContentType

author: UbitUmarov 2018-12-11 14:57:33 +0000
committer: UbitUmarov 2018-12-11 14:57:33 +0000
commit: 2059d548a694cd732b3f43eb8dd5b4426338bdb3 (patch)
tree: 1b63969041377d8c756f9ce75aab3a031e1d3592 /OpenSim/Region/ScriptEngine
parent: change osSetContentType threat level (diff)
download: opensim-SC-2059d548a694cd732b3f43eb8dd5b4426338bdb3.zip
opensim-SC-2059d548a694cd732b3f43eb8dd5b4426338bdb3.tar.gz
opensim-SC-2059d548a694cd732b3f43eb8dd5b4426338bdb3.tar.bz2
opensim-SC-2059d548a694cd732b3f43eb8dd5b4426338bdb3.tar.xz
1 files changed, 16 insertions, 9 deletions
diff --git a/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/LSL_Api.cs b/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/LSL_Api.cs
index a63ce64..bb8fb79 100644
--- a/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/LSL_Api.cs
+++ b/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/LSL_Api.cs
@@ -1974,23 +1974,27 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
            m_host.SetFaceColorAlpha(face, color, null);
        }
-        public void llSetContentType(LSL_Key id, LSL_Integer type)
+        public void llSetContentType(LSL_Key reqid, LSL_Integer type)
        {
            m_host.AddScriptLPS(1);
            if (m_UrlModule == null)
                return;
+            UUID id;
+            if(!UUID.TryParse(reqid, out id))
+                return;
            // Make sure the content type is text/plain to start with
-            m_UrlModule.HttpContentType(new UUID(id), "text/plain");
+            m_UrlModule.HttpContentType(id, "text/plain");
            // Is the object owner online and in the region
            ScenePresence agent = World.GetScenePresence(m_host.ParentGroup.OwnerID);
-            if (agent == null || agent.IsChildAgent)
+            if (agent == null || agent.IsChildAgent || agent.IsDeleted)
                return;  // Fail if the owner is not in the same region
            // Is it the embeded browser?
-            string userAgent = m_UrlModule.GetHttpHeader(new UUID(id), "user-agent");
+            string userAgent = m_UrlModule.GetHttpHeader(id, "user-agent");
            if (userAgent.IndexOf("SecondLife") < 0)
                return; // Not the embedded browser. Is this check good enough?
@@ -1998,15 +2002,18 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
            // seperate logins from the same IP will allow all of them to get non-text/plain as long
            // as the owner is in the region. Same as SL!
            string logonFromIPAddress = agent.ControllingClient.RemoteEndPoint.Address.ToString();
-            string requestFromIPAddress = m_UrlModule.GetHttpHeader(new UUID(id), "remote_addr");
+            if (string.IsNullOrEmpty(logonFromIPAddress))
-            //m_log.Debug("IP from header='" + requestFromIPAddress + "' IP from endpoint='" + logonFromIPAddress + "'");
-            if (requestFromIPAddress == null || requestFromIPAddress.Trim() == "")
                return;
-            if (logonFromIPAddress == null || logonFromIPAddress.Trim() == "")
+            string requestFromIPAddress = m_UrlModule.GetHttpHeader(id, "x-remote-ip");
+            //m_log.Debug("IP from header='" + requestFromIPAddress + "' IP from endpoint='" + logonFromIPAddress + "'");
+            if (requestFromIPAddress == null)
                return;
+            requestFromIPAddress = requestFromIPAddress.Trim();
            // If the request isnt from the same IP address then the request cannot be from the owner
-            if (!requestFromIPAddress.Trim().Equals(logonFromIPAddress.Trim()))
+            if (!requestFromIPAddress.Equals(logonFromIPAddress))
                return;
            switch (type)
author	UbitUmarov	2018-12-11 14:57:33 +0000
committer	UbitUmarov	2018-12-11 14:57:33 +0000
commit	2059d548a694cd732b3f43eb8dd5b4426338bdb3 (patch)
tree	1b63969041377d8c756f9ce75aab3a031e1d3592 /OpenSim/Region/ScriptEngine
parent	change osSetContentType threat level (diff)
download	opensim-SC-2059d548a694cd732b3f43eb8dd5b4426338bdb3.zip opensim-SC-2059d548a694cd732b3f43eb8dd5b4426338bdb3.tar.gz opensim-SC-2059d548a694cd732b3f43eb8dd5b4426338bdb3.tar.bz2 opensim-SC-2059d548a694cd732b3f43eb8dd5b4426338bdb3.tar.xz

diff --git a/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/LSL_Api.cs b/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/LSL_Api.cs index a63ce64..bb8fb79 100644 --- a/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/LSL_Api.cs +++ b/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/LSL_Api.cs
@@ -1974,23 +1974,27 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
1974	m_host.SetFaceColorAlpha(face, color, null);	1974	m_host.SetFaceColorAlpha(face, color, null);
1975	}	1975	}
1976		1976
1977	public void llSetContentType(LSL_Key id, LSL_Integer type)	1977	public void llSetContentType(LSL_Key reqid, LSL_Integer type)
1978	{	1978	{
1979	m_host.AddScriptLPS(1);	1979	m_host.AddScriptLPS(1);
1980		1980
1981	if (m_UrlModule == null)	1981	if (m_UrlModule == null)
1982	return;	1982	return;
1983		1983
		1984	UUID id;
		1985	if(!UUID.TryParse(reqid, out id))
		1986	return;
		1987
1984	// Make sure the content type is text/plain to start with	1988	// Make sure the content type is text/plain to start with
1985	m_UrlModule.HttpContentType(new UUID(id), "text/plain");	1989	m_UrlModule.HttpContentType(id, "text/plain");
1986		1990
1987	// Is the object owner online and in the region	1991	// Is the object owner online and in the region
1988	ScenePresence agent = World.GetScenePresence(m_host.ParentGroup.OwnerID);	1992	ScenePresence agent = World.GetScenePresence(m_host.ParentGroup.OwnerID);
1989	if (agent == null \|\| agent.IsChildAgent)	1993	if (agent == null \|\| agent.IsChildAgent \|\| agent.IsDeleted)
1990	return; // Fail if the owner is not in the same region	1994	return; // Fail if the owner is not in the same region
1991		1995
1992	// Is it the embeded browser?	1996	// Is it the embeded browser?
1993	string userAgent = m_UrlModule.GetHttpHeader(new UUID(id), "user-agent");	1997	string userAgent = m_UrlModule.GetHttpHeader(id, "user-agent");
1994	if (userAgent.IndexOf("SecondLife") < 0)	1998	if (userAgent.IndexOf("SecondLife") < 0)
1995	return; // Not the embedded browser. Is this check good enough?	1999	return; // Not the embedded browser. Is this check good enough?
1996		2000
@@ -1998,15 +2002,18 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
1998	// seperate logins from the same IP will allow all of them to get non-text/plain as long	2002	// seperate logins from the same IP will allow all of them to get non-text/plain as long
1999	// as the owner is in the region. Same as SL!	2003	// as the owner is in the region. Same as SL!
2000	string logonFromIPAddress = agent.ControllingClient.RemoteEndPoint.Address.ToString();	2004	string logonFromIPAddress = agent.ControllingClient.RemoteEndPoint.Address.ToString();
2001	string requestFromIPAddress = m_UrlModule.GetHttpHeader(new UUID(id), "remote_addr");	2005	if (string.IsNullOrEmpty(logonFromIPAddress))
2002	//m_log.Debug("IP from header='" + requestFromIPAddress + "' IP from endpoint='" + logonFromIPAddress + "'");
2003	if (requestFromIPAddress == null \|\| requestFromIPAddress.Trim() == "")
2004	return;	2006	return;
2005	if (logonFromIPAddress == null \|\| logonFromIPAddress.Trim() == "")	2007
		2008	string requestFromIPAddress = m_UrlModule.GetHttpHeader(id, "x-remote-ip");
		2009	//m_log.Debug("IP from header='" + requestFromIPAddress + "' IP from endpoint='" + logonFromIPAddress + "'");
		2010	if (requestFromIPAddress == null)
2006	return;	2011	return;
2007		2012
		2013	requestFromIPAddress = requestFromIPAddress.Trim();
		2014
2008	// If the request isnt from the same IP address then the request cannot be from the owner	2015	// If the request isnt from the same IP address then the request cannot be from the owner
2009	if (!requestFromIPAddress.Trim().Equals(logonFromIPAddress.Trim()))	2016	if (!requestFromIPAddress.Equals(logonFromIPAddress))
2010	return;	2017	return;
2011		2018
2012	switch (type)	2019	switch (type)