Plug a security hole in the inventory service

author: Melanie 2011-10-31 10:18:25 +0100
committer: Melanie 2011-10-31 11:11:36 +0000
commit: a9a24062a5622350cd26203f58f14a209d3b6e72 (patch)
tree: 1f5748e7eb588ff872129356187a99592463abf0
parent: Fix line endings (diff)
download: opensim-SC_OLD-a9a24062a5622350cd26203f58f14a209d3b6e72.zip
opensim-SC_OLD-a9a24062a5622350cd26203f58f14a209d3b6e72.tar.gz
opensim-SC_OLD-a9a24062a5622350cd26203f58f14a209d3b6e72.tar.bz2
opensim-SC_OLD-a9a24062a5622350cd26203f58f14a209d3b6e72.tar.xz
1 files changed, 2 insertions, 1 deletions
diff --git a/OpenSim/Data/MySQL/MySQLInventoryData.cs b/OpenSim/Data/MySQL/MySQLInventoryData.cs
index 9d70acb..1a634e5 100644
--- a/OpenSim/Data/MySQL/MySQLInventoryData.cs
+++ b/OpenSim/Data/MySQL/MySQLInventoryData.cs
@@ -794,7 +794,8 @@ namespace OpenSim.Data.MySQL
                {
                    dbcon.Open();
-                    using (MySqlCommand cmd = new MySqlCommand("DELETE FROM inventoryfolders WHERE folderID=?uuid", dbcon))
+                    // System folders can never be deleted. Period.
+                    using (MySqlCommand cmd = new MySqlCommand("DELETE FROM inventoryfolders WHERE folderID=?uuid and type=-1", dbcon))
                    {
                        cmd.Parameters.AddWithValue("?uuid", folderID.ToString());
author	Melanie	2011-10-31 10:18:25 +0100
committer	Melanie	2011-10-31 11:11:36 +0000
commit	a9a24062a5622350cd26203f58f14a209d3b6e72 (patch)
tree	1f5748e7eb588ff872129356187a99592463abf0
parent	Fix line endings (diff)
download	opensim-SC_OLD-a9a24062a5622350cd26203f58f14a209d3b6e72.zip opensim-SC_OLD-a9a24062a5622350cd26203f58f14a209d3b6e72.tar.gz opensim-SC_OLD-a9a24062a5622350cd26203f58f14a209d3b6e72.tar.bz2 opensim-SC_OLD-a9a24062a5622350cd26203f58f14a209d3b6e72.tar.xz

diff --git a/OpenSim/Data/MySQL/MySQLInventoryData.cs b/OpenSim/Data/MySQL/MySQLInventoryData.cs index 9d70acb..1a634e5 100644 --- a/OpenSim/Data/MySQL/MySQLInventoryData.cs +++ b/OpenSim/Data/MySQL/MySQLInventoryData.cs
@@ -794,7 +794,8 @@ namespace OpenSim.Data.MySQL
794	{	794	{
795	dbcon.Open();	795	dbcon.Open();
796		796
797	using (MySqlCommand cmd = new MySqlCommand("DELETE FROM inventoryfolders WHERE folderID=?uuid", dbcon))	797	// System folders can never be deleted. Period.
		798	using (MySqlCommand cmd = new MySqlCommand("DELETE FROM inventoryfolders WHERE folderID=?uuid and type=-1", dbcon))
798	{	799	{
799	cmd.Parameters.AddWithValue("?uuid", folderID.ToString());	800	cmd.Parameters.AddWithValue("?uuid", folderID.ToString());
800		801