From e431d5dae485e1ba9289548498b791a051f63e28 Mon Sep 17 00:00:00 2001 From: Melanie Date: Mon, 31 Oct 2011 10:18:25 +0100 Subject: Plug a security hole in the inventory service --- OpenSim/Data/MySQL/MySQLInventoryData.cs | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'OpenSim') diff --git a/OpenSim/Data/MySQL/MySQLInventoryData.cs b/OpenSim/Data/MySQL/MySQLInventoryData.cs index 9d70acb..1a634e5 100644 --- a/OpenSim/Data/MySQL/MySQLInventoryData.cs +++ b/OpenSim/Data/MySQL/MySQLInventoryData.cs @@ -794,7 +794,8 @@ namespace OpenSim.Data.MySQL { dbcon.Open(); - using (MySqlCommand cmd = new MySqlCommand("DELETE FROM inventoryfolders WHERE folderID=?uuid", dbcon)) + // System folders can never be deleted. Period. + using (MySqlCommand cmd = new MySqlCommand("DELETE FROM inventoryfolders WHERE folderID=?uuid and type=-1", dbcon)) { cmd.Parameters.AddWithValue("?uuid", folderID.ToString()); -- cgit v1.1