diff options
author | Melanie | 2011-10-31 10:18:25 +0100 |
---|---|---|
committer | Melanie | 2011-10-31 10:18:25 +0100 |
commit | e431d5dae485e1ba9289548498b791a051f63e28 (patch) | |
tree | b804cb33ab0fa6a490c05a4f60ca4ebd8878b01a /OpenSim | |
parent | Merge branch 'master' into bigmerge (diff) | |
download | opensim-SC-e431d5dae485e1ba9289548498b791a051f63e28.zip opensim-SC-e431d5dae485e1ba9289548498b791a051f63e28.tar.gz opensim-SC-e431d5dae485e1ba9289548498b791a051f63e28.tar.bz2 opensim-SC-e431d5dae485e1ba9289548498b791a051f63e28.tar.xz |
Plug a security hole in the inventory service
Diffstat (limited to 'OpenSim')
-rw-r--r-- | OpenSim/Data/MySQL/MySQLInventoryData.cs | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/OpenSim/Data/MySQL/MySQLInventoryData.cs b/OpenSim/Data/MySQL/MySQLInventoryData.cs index 9d70acb..1a634e5 100644 --- a/OpenSim/Data/MySQL/MySQLInventoryData.cs +++ b/OpenSim/Data/MySQL/MySQLInventoryData.cs | |||
@@ -794,7 +794,8 @@ namespace OpenSim.Data.MySQL | |||
794 | { | 794 | { |
795 | dbcon.Open(); | 795 | dbcon.Open(); |
796 | 796 | ||
797 | using (MySqlCommand cmd = new MySqlCommand("DELETE FROM inventoryfolders WHERE folderID=?uuid", dbcon)) | 797 | // System folders can never be deleted. Period. |
798 | using (MySqlCommand cmd = new MySqlCommand("DELETE FROM inventoryfolders WHERE folderID=?uuid and type=-1", dbcon)) | ||
798 | { | 799 | { |
799 | cmd.Parameters.AddWithValue("?uuid", folderID.ToString()); | 800 | cmd.Parameters.AddWithValue("?uuid", folderID.ToString()); |
800 | 801 | ||