aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/OpenSim/Region/ScriptEngine/Shared/Api/Implementation
diff options
context:
space:
mode:
Diffstat (limited to 'OpenSim/Region/ScriptEngine/Shared/Api/Implementation')
-rw-r--r--OpenSim/Region/ScriptEngine/Shared/Api/Implementation/LSL_Api.cs55
1 files changed, 53 insertions, 2 deletions
diff --git a/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/LSL_Api.cs b/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/LSL_Api.cs
index b75260b..ce1c364 100644
--- a/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/LSL_Api.cs
+++ b/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/LSL_Api.cs
@@ -3315,8 +3315,6 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
3315 { 3315 {
3316 // Unregister controls from Presence 3316 // Unregister controls from Presence
3317 presence.UnRegisterControlEventsToScript(m_host.LocalId, m_item.ItemID); 3317 presence.UnRegisterControlEventsToScript(m_host.LocalId, m_item.ItemID);
3318 // Remove Take Control permission.
3319 m_item.PermsMask &= ~ScriptBaseClass.PERMISSION_TAKE_CONTROLS;
3320 } 3318 }
3321 } 3319 }
3322 } 3320 }
@@ -11471,6 +11469,59 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
11471 if (userAgent != null) 11469 if (userAgent != null)
11472 httpHeaders["User-Agent"] = userAgent; 11470 httpHeaders["User-Agent"] = userAgent;
11473 11471
11472 // See if the URL contains any header hacks
11473 string[] urlParts = url.Split(new char[] {'\n'});
11474 if (urlParts.Length > 1)
11475 {
11476 // Iterate the passed headers and parse them
11477 for (int i = 1 ; i < urlParts.Length ; i++ )
11478 {
11479 // The rest of those would be added to the body in SL.
11480 // Let's not do that.
11481 if (urlParts[i] == String.Empty)
11482 break;
11483
11484 // See if this could be a valid header
11485 string[] headerParts = urlParts[i].Split(new char[] {':'}, 2);
11486 if (headerParts.Length != 2)
11487 continue;
11488
11489 string headerName = headerParts[0].Trim();
11490 string headerValue = headerParts[1].Trim();
11491
11492 // Filter out headers that could be used to abuse
11493 // another system or cloak the request
11494 if (headerName.ToLower() == "x-secondlife-shard" ||
11495 headerName.ToLower() == "x-secondlife-object-name" ||
11496 headerName.ToLower() == "x-secondlife-object-key" ||
11497 headerName.ToLower() == "x-secondlife-region" ||
11498 headerName.ToLower() == "x-secondlife-local-position" ||
11499 headerName.ToLower() == "x-secondlife-local-velocity" ||
11500 headerName.ToLower() == "x-secondlife-local-rotation" ||
11501 headerName.ToLower() == "x-secondlife-owner-name" ||
11502 headerName.ToLower() == "x-secondlife-owner-key" ||
11503 headerName.ToLower() == "connection" ||
11504 headerName.ToLower() == "content-length" ||
11505 headerName.ToLower() == "from" ||
11506 headerName.ToLower() == "host" ||
11507 headerName.ToLower() == "proxy-authorization" ||
11508 headerName.ToLower() == "referer" ||
11509 headerName.ToLower() == "trailer" ||
11510 headerName.ToLower() == "transfer-encoding" ||
11511 headerName.ToLower() == "via" ||
11512 headerName.ToLower() == "authorization")
11513 continue;
11514
11515 httpHeaders[headerName] = headerValue;
11516 }
11517
11518 // Finally, strip any protocol specifier from the URL
11519 url = urlParts[0].Trim();
11520 int idx = url.IndexOf(" HTTP/");
11521 if (idx != -1)
11522 url = url.Substring(0, idx);
11523 }
11524
11474 string authregex = @"^(https?:\/\/)(\w+):(\w+)@(.*)$"; 11525 string authregex = @"^(https?:\/\/)(\w+):(\w+)@(.*)$";
11475 Regex r = new Regex(authregex); 11526 Regex r = new Regex(authregex);
11476 int[] gnums = r.GetGroupNumbers(); 11527 int[] gnums = r.GetGroupNumbers();