aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/OpenSim
diff options
context:
space:
mode:
authorMelanie2011-10-31 10:18:25 +0100
committerMelanie2011-10-31 10:18:25 +0100
commite431d5dae485e1ba9289548498b791a051f63e28 (patch)
treeb804cb33ab0fa6a490c05a4f60ca4ebd8878b01a /OpenSim
parentMerge branch 'master' into bigmerge (diff)
downloadopensim-SC-e431d5dae485e1ba9289548498b791a051f63e28.zip
opensim-SC-e431d5dae485e1ba9289548498b791a051f63e28.tar.gz
opensim-SC-e431d5dae485e1ba9289548498b791a051f63e28.tar.bz2
opensim-SC-e431d5dae485e1ba9289548498b791a051f63e28.tar.xz
Plug a security hole in the inventory service
Diffstat (limited to 'OpenSim')
-rw-r--r--OpenSim/Data/MySQL/MySQLInventoryData.cs3
1 files changed, 2 insertions, 1 deletions
diff --git a/OpenSim/Data/MySQL/MySQLInventoryData.cs b/OpenSim/Data/MySQL/MySQLInventoryData.cs
index 9d70acb..1a634e5 100644
--- a/OpenSim/Data/MySQL/MySQLInventoryData.cs
+++ b/OpenSim/Data/MySQL/MySQLInventoryData.cs
@@ -794,7 +794,8 @@ namespace OpenSim.Data.MySQL
794 { 794 {
795 dbcon.Open(); 795 dbcon.Open();
796 796
797 using (MySqlCommand cmd = new MySqlCommand("DELETE FROM inventoryfolders WHERE folderID=?uuid", dbcon)) 797 // System folders can never be deleted. Period.
798 using (MySqlCommand cmd = new MySqlCommand("DELETE FROM inventoryfolders WHERE folderID=?uuid and type=-1", dbcon))
798 { 799 {
799 cmd.Parameters.AddWithValue("?uuid", folderID.ToString()); 800 cmd.Parameters.AddWithValue("?uuid", folderID.ToString());
800 801