diff options
author | Melanie Thielker | 2016-03-16 20:04:52 +0100 |
---|---|---|
committer | Melanie Thielker | 2016-03-16 20:04:52 +0100 |
commit | e8b46023e47399e9dcc0057a4380ca4fe49908ee (patch) | |
tree | aa384c79130605f8e5740f689a81226cc47f9335 | |
parent | Implement Access-Control-Allow-Origin for HTTP LSL server (diff) | |
download | opensim-SC_OLD-e8b46023e47399e9dcc0057a4380ca4fe49908ee.zip opensim-SC_OLD-e8b46023e47399e9dcc0057a4380ca4fe49908ee.tar.gz opensim-SC_OLD-e8b46023e47399e9dcc0057a4380ca4fe49908ee.tar.bz2 opensim-SC_OLD-e8b46023e47399e9dcc0057a4380ca4fe49908ee.tar.xz |
Add osRequestURL and osRequestSecureURL with an options list.
Only currently supported option is "allowXss" which will send the needed
Access-control-allow-origin: * header to allow xss scripting against
the LSL http server.
6 files changed, 66 insertions, 7 deletions
diff --git a/OpenSim/Region/CoreModules/Scripting/LSLHttp/UrlModule.cs b/OpenSim/Region/CoreModules/Scripting/LSLHttp/UrlModule.cs index fffd640..f563c68 100644 --- a/OpenSim/Region/CoreModules/Scripting/LSLHttp/UrlModule.cs +++ b/OpenSim/Region/CoreModules/Scripting/LSLHttp/UrlModule.cs | |||
@@ -52,6 +52,7 @@ namespace OpenSim.Region.CoreModules.Scripting.LSLHttp | |||
52 | public Dictionary<UUID, RequestData> requests; | 52 | public Dictionary<UUID, RequestData> requests; |
53 | public bool isSsl; | 53 | public bool isSsl; |
54 | public Scene scene; | 54 | public Scene scene; |
55 | public bool allowXss; | ||
55 | } | 56 | } |
56 | 57 | ||
57 | public class RequestData | 58 | public class RequestData |
@@ -192,7 +193,7 @@ namespace OpenSim.Region.CoreModules.Scripting.LSLHttp | |||
192 | { | 193 | { |
193 | } | 194 | } |
194 | 195 | ||
195 | public UUID RequestURL(IScriptModule engine, SceneObjectPart host, UUID itemID) | 196 | public UUID RequestURL(IScriptModule engine, SceneObjectPart host, UUID itemID, Hashtable options) |
196 | { | 197 | { |
197 | UUID urlcode = UUID.Random(); | 198 | UUID urlcode = UUID.Random(); |
198 | 199 | ||
@@ -214,6 +215,10 @@ namespace OpenSim.Region.CoreModules.Scripting.LSLHttp | |||
214 | urlData.isSsl = false; | 215 | urlData.isSsl = false; |
215 | urlData.requests = new Dictionary<UUID, RequestData>(); | 216 | urlData.requests = new Dictionary<UUID, RequestData>(); |
216 | urlData.scene = host.ParentGroup.Scene; | 217 | urlData.scene = host.ParentGroup.Scene; |
218 | urlData.allowXss = false; | ||
219 | |||
220 | if (options != null && options["allowXss"] != null) | ||
221 | urlData.allowXss = true; | ||
217 | 222 | ||
218 | m_UrlMap[url] = urlData; | 223 | m_UrlMap[url] = urlData; |
219 | 224 | ||
@@ -234,7 +239,7 @@ namespace OpenSim.Region.CoreModules.Scripting.LSLHttp | |||
234 | return urlcode; | 239 | return urlcode; |
235 | } | 240 | } |
236 | 241 | ||
237 | public UUID RequestSecureURL(IScriptModule engine, SceneObjectPart host, UUID itemID) | 242 | public UUID RequestSecureURL(IScriptModule engine, SceneObjectPart host, UUID itemID, Hashtable options) |
238 | { | 243 | { |
239 | UUID urlcode = UUID.Random(); | 244 | UUID urlcode = UUID.Random(); |
240 | 245 | ||
@@ -261,7 +266,10 @@ namespace OpenSim.Region.CoreModules.Scripting.LSLHttp | |||
261 | urlData.urlcode = urlcode; | 266 | urlData.urlcode = urlcode; |
262 | urlData.isSsl = true; | 267 | urlData.isSsl = true; |
263 | urlData.requests = new Dictionary<UUID, RequestData>(); | 268 | urlData.requests = new Dictionary<UUID, RequestData>(); |
269 | urlData.allowXss = false; | ||
264 | 270 | ||
271 | if (options != null && options["allowXss"] != null) | ||
272 | urlData.allowXss = true; | ||
265 | 273 | ||
266 | m_UrlMap[url] = urlData; | 274 | m_UrlMap[url] = urlData; |
267 | 275 | ||
@@ -559,7 +567,8 @@ namespace OpenSim.Region.CoreModules.Scripting.LSLHttp | |||
559 | response["keepalive"] = false; | 567 | response["keepalive"] = false; |
560 | response["reusecontext"] = false; | 568 | response["reusecontext"] = false; |
561 | 569 | ||
562 | response["access_control_allow_origin"] = "*"; | 570 | if (url.allowXss) |
571 | response["access_control_allow_origin"] = "*"; | ||
563 | 572 | ||
564 | //remove from map | 573 | //remove from map |
565 | lock (url.requests) | 574 | lock (url.requests) |
diff --git a/OpenSim/Region/Framework/Interfaces/IUrlModule.cs b/OpenSim/Region/Framework/Interfaces/IUrlModule.cs index 79e9f9d..2987184 100644 --- a/OpenSim/Region/Framework/Interfaces/IUrlModule.cs +++ b/OpenSim/Region/Framework/Interfaces/IUrlModule.cs | |||
@@ -25,6 +25,7 @@ | |||
25 | * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 25 | * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
26 | */ | 26 | */ |
27 | 27 | ||
28 | using System.Collections; | ||
28 | using System.Collections.Generic; | 29 | using System.Collections.Generic; |
29 | using OpenMetaverse; | 30 | using OpenMetaverse; |
30 | using OpenSim.Framework; | 31 | using OpenSim.Framework; |
@@ -35,8 +36,8 @@ namespace OpenSim.Region.Framework.Interfaces | |||
35 | public interface IUrlModule | 36 | public interface IUrlModule |
36 | { | 37 | { |
37 | string ExternalHostNameForLSL { get; } | 38 | string ExternalHostNameForLSL { get; } |
38 | UUID RequestURL(IScriptModule engine, SceneObjectPart host, UUID itemID); | 39 | UUID RequestURL(IScriptModule engine, SceneObjectPart host, UUID itemID, Hashtable options); |
39 | UUID RequestSecureURL(IScriptModule engine, SceneObjectPart host, UUID itemID); | 40 | UUID RequestSecureURL(IScriptModule engine, SceneObjectPart host, UUID itemID, Hashtable options); |
40 | void ReleaseURL(string url); | 41 | void ReleaseURL(string url); |
41 | void HttpResponse(UUID request, int status, string body); | 42 | void HttpResponse(UUID request, int status, string body); |
42 | void HttpContentType(UUID request, string type); | 43 | void HttpContentType(UUID request, string type); |
diff --git a/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/LSL_Api.cs b/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/LSL_Api.cs index a2abbeb..f48d42d 100644 --- a/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/LSL_Api.cs +++ b/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/LSL_Api.cs | |||
@@ -12039,7 +12039,7 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api | |||
12039 | { | 12039 | { |
12040 | m_host.AddScriptLPS(1); | 12040 | m_host.AddScriptLPS(1); |
12041 | if (m_UrlModule != null) | 12041 | if (m_UrlModule != null) |
12042 | return m_UrlModule.RequestSecureURL(m_ScriptEngine.ScriptModule, m_host, m_item.ItemID).ToString(); | 12042 | return m_UrlModule.RequestSecureURL(m_ScriptEngine.ScriptModule, m_host, m_item.ItemID, null).ToString(); |
12043 | return UUID.Zero.ToString(); | 12043 | return UUID.Zero.ToString(); |
12044 | } | 12044 | } |
12045 | 12045 | ||
@@ -12157,7 +12157,7 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api | |||
12157 | m_host.AddScriptLPS(1); | 12157 | m_host.AddScriptLPS(1); |
12158 | 12158 | ||
12159 | if (m_UrlModule != null) | 12159 | if (m_UrlModule != null) |
12160 | return m_UrlModule.RequestURL(m_ScriptEngine.ScriptModule, m_host, m_item.ItemID).ToString(); | 12160 | return m_UrlModule.RequestURL(m_ScriptEngine.ScriptModule, m_host, m_item.ItemID, null).ToString(); |
12161 | return UUID.Zero.ToString(); | 12161 | return UUID.Zero.ToString(); |
12162 | } | 12162 | } |
12163 | 12163 | ||
diff --git a/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/OSSL_Api.cs b/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/OSSL_Api.cs index bda323a..7e88365 100644 --- a/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/OSSL_Api.cs +++ b/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/OSSL_Api.cs | |||
@@ -4134,5 +4134,41 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api | |||
4134 | return 0; | 4134 | return 0; |
4135 | } | 4135 | } |
4136 | } | 4136 | } |
4137 | |||
4138 | public LSL_String osRequestURL(LSL_List options) | ||
4139 | { | ||
4140 | CheckThreatLevel(ThreatLevel.Moderate, "osRequestSecureURL"); | ||
4141 | m_host.AddScriptLPS(1); | ||
4142 | |||
4143 | Hashtable opts = new Hashtable(); | ||
4144 | for (int i = 0 ; i < options.Length ; i++) | ||
4145 | { | ||
4146 | object opt = options.Data[i]; | ||
4147 | if (opt.ToString() == "allowXss") | ||
4148 | opts["allowXss"] = true; | ||
4149 | } | ||
4150 | |||
4151 | if (m_UrlModule != null) | ||
4152 | return m_UrlModule.RequestURL(m_ScriptEngine.ScriptModule, m_host, m_item.ItemID, opts).ToString(); | ||
4153 | return UUID.Zero.ToString(); | ||
4154 | } | ||
4155 | |||
4156 | public LSL_String osRequestSecureURL(LSL_List options) | ||
4157 | { | ||
4158 | CheckThreatLevel(ThreatLevel.Moderate, "osRequestSecureURL"); | ||
4159 | m_host.AddScriptLPS(1); | ||
4160 | |||
4161 | Hashtable opts = new Hashtable(); | ||
4162 | for (int i = 0 ; i < options.Length ; i++) | ||
4163 | { | ||
4164 | object opt = options.Data[i]; | ||
4165 | if (opt.ToString() == "allowXss") | ||
4166 | opts["allowXss"] = true; | ||
4167 | } | ||
4168 | |||
4169 | if (m_UrlModule != null) | ||
4170 | return m_UrlModule.RequestSecureURL(m_ScriptEngine.ScriptModule, m_host, m_item.ItemID, opts).ToString(); | ||
4171 | return UUID.Zero.ToString(); | ||
4172 | } | ||
4137 | } | 4173 | } |
4138 | } | 4174 | } |
diff --git a/OpenSim/Region/ScriptEngine/Shared/Api/Interface/IOSSL_Api.cs b/OpenSim/Region/ScriptEngine/Shared/Api/Interface/IOSSL_Api.cs index 4e567e6..6fc5db4 100644 --- a/OpenSim/Region/ScriptEngine/Shared/Api/Interface/IOSSL_Api.cs +++ b/OpenSim/Region/ScriptEngine/Shared/Api/Interface/IOSSL_Api.cs | |||
@@ -468,5 +468,8 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api.Interfaces | |||
468 | /// <param name="regex">string to use as pattern</param> | 468 | /// <param name="regex">string to use as pattern</param> |
469 | /// <returns>boolean</returns> | 469 | /// <returns>boolean</returns> |
470 | LSL_Integer osRegexIsMatch(string input, string pattern); | 470 | LSL_Integer osRegexIsMatch(string input, string pattern); |
471 | |||
472 | LSL_String osRequestURL(LSL_List options); | ||
473 | LSL_String osRequestSecureURL(LSL_List options); | ||
471 | } | 474 | } |
472 | } | 475 | } |
diff --git a/OpenSim/Region/ScriptEngine/Shared/Api/Runtime/OSSL_Stub.cs b/OpenSim/Region/ScriptEngine/Shared/Api/Runtime/OSSL_Stub.cs index 31393bb..ee07eee 100644 --- a/OpenSim/Region/ScriptEngine/Shared/Api/Runtime/OSSL_Stub.cs +++ b/OpenSim/Region/ScriptEngine/Shared/Api/Runtime/OSSL_Stub.cs | |||
@@ -1054,5 +1054,15 @@ namespace OpenSim.Region.ScriptEngine.Shared.ScriptBase | |||
1054 | { | 1054 | { |
1055 | return m_OSSL_Functions.osRegexIsMatch(input, pattern); | 1055 | return m_OSSL_Functions.osRegexIsMatch(input, pattern); |
1056 | } | 1056 | } |
1057 | |||
1058 | public LSL_String osRequestURL(LSL_List options) | ||
1059 | { | ||
1060 | return m_OSSL_Functions.osRequestURL(options); | ||
1061 | } | ||
1062 | |||
1063 | public LSL_String osRequestSecureURL(LSL_List options) | ||
1064 | { | ||
1065 | return m_OSSL_Functions.osRequestSecureURL(options); | ||
1066 | } | ||
1057 | } | 1067 | } |
1058 | } | 1068 | } |