aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/OpenSim/Region
diff options
context:
space:
mode:
authorMelanie Thielker2016-03-16 20:04:52 +0100
committerMelanie Thielker2016-03-16 20:04:52 +0100
commite8b46023e47399e9dcc0057a4380ca4fe49908ee (patch)
treeaa384c79130605f8e5740f689a81226cc47f9335 /OpenSim/Region
parentImplement Access-Control-Allow-Origin for HTTP LSL server (diff)
downloadopensim-SC_OLD-e8b46023e47399e9dcc0057a4380ca4fe49908ee.zip
opensim-SC_OLD-e8b46023e47399e9dcc0057a4380ca4fe49908ee.tar.gz
opensim-SC_OLD-e8b46023e47399e9dcc0057a4380ca4fe49908ee.tar.bz2
opensim-SC_OLD-e8b46023e47399e9dcc0057a4380ca4fe49908ee.tar.xz
Add osRequestURL and osRequestSecureURL with an options list.
Only currently supported option is "allowXss" which will send the needed Access-control-allow-origin: * header to allow xss scripting against the LSL http server.
Diffstat (limited to 'OpenSim/Region')
-rw-r--r--OpenSim/Region/CoreModules/Scripting/LSLHttp/UrlModule.cs15
-rw-r--r--OpenSim/Region/Framework/Interfaces/IUrlModule.cs5
-rw-r--r--OpenSim/Region/ScriptEngine/Shared/Api/Implementation/LSL_Api.cs4
-rw-r--r--OpenSim/Region/ScriptEngine/Shared/Api/Implementation/OSSL_Api.cs36
-rw-r--r--OpenSim/Region/ScriptEngine/Shared/Api/Interface/IOSSL_Api.cs3
-rw-r--r--OpenSim/Region/ScriptEngine/Shared/Api/Runtime/OSSL_Stub.cs10
6 files changed, 66 insertions, 7 deletions
diff --git a/OpenSim/Region/CoreModules/Scripting/LSLHttp/UrlModule.cs b/OpenSim/Region/CoreModules/Scripting/LSLHttp/UrlModule.cs
index fffd640..f563c68 100644
--- a/OpenSim/Region/CoreModules/Scripting/LSLHttp/UrlModule.cs
+++ b/OpenSim/Region/CoreModules/Scripting/LSLHttp/UrlModule.cs
@@ -52,6 +52,7 @@ namespace OpenSim.Region.CoreModules.Scripting.LSLHttp
52 public Dictionary<UUID, RequestData> requests; 52 public Dictionary<UUID, RequestData> requests;
53 public bool isSsl; 53 public bool isSsl;
54 public Scene scene; 54 public Scene scene;
55 public bool allowXss;
55 } 56 }
56 57
57 public class RequestData 58 public class RequestData
@@ -192,7 +193,7 @@ namespace OpenSim.Region.CoreModules.Scripting.LSLHttp
192 { 193 {
193 } 194 }
194 195
195 public UUID RequestURL(IScriptModule engine, SceneObjectPart host, UUID itemID) 196 public UUID RequestURL(IScriptModule engine, SceneObjectPart host, UUID itemID, Hashtable options)
196 { 197 {
197 UUID urlcode = UUID.Random(); 198 UUID urlcode = UUID.Random();
198 199
@@ -214,6 +215,10 @@ namespace OpenSim.Region.CoreModules.Scripting.LSLHttp
214 urlData.isSsl = false; 215 urlData.isSsl = false;
215 urlData.requests = new Dictionary<UUID, RequestData>(); 216 urlData.requests = new Dictionary<UUID, RequestData>();
216 urlData.scene = host.ParentGroup.Scene; 217 urlData.scene = host.ParentGroup.Scene;
218 urlData.allowXss = false;
219
220 if (options != null && options["allowXss"] != null)
221 urlData.allowXss = true;
217 222
218 m_UrlMap[url] = urlData; 223 m_UrlMap[url] = urlData;
219 224
@@ -234,7 +239,7 @@ namespace OpenSim.Region.CoreModules.Scripting.LSLHttp
234 return urlcode; 239 return urlcode;
235 } 240 }
236 241
237 public UUID RequestSecureURL(IScriptModule engine, SceneObjectPart host, UUID itemID) 242 public UUID RequestSecureURL(IScriptModule engine, SceneObjectPart host, UUID itemID, Hashtable options)
238 { 243 {
239 UUID urlcode = UUID.Random(); 244 UUID urlcode = UUID.Random();
240 245
@@ -261,7 +266,10 @@ namespace OpenSim.Region.CoreModules.Scripting.LSLHttp
261 urlData.urlcode = urlcode; 266 urlData.urlcode = urlcode;
262 urlData.isSsl = true; 267 urlData.isSsl = true;
263 urlData.requests = new Dictionary<UUID, RequestData>(); 268 urlData.requests = new Dictionary<UUID, RequestData>();
269 urlData.allowXss = false;
264 270
271 if (options != null && options["allowXss"] != null)
272 urlData.allowXss = true;
265 273
266 m_UrlMap[url] = urlData; 274 m_UrlMap[url] = urlData;
267 275
@@ -559,7 +567,8 @@ namespace OpenSim.Region.CoreModules.Scripting.LSLHttp
559 response["keepalive"] = false; 567 response["keepalive"] = false;
560 response["reusecontext"] = false; 568 response["reusecontext"] = false;
561 569
562 response["access_control_allow_origin"] = "*"; 570 if (url.allowXss)
571 response["access_control_allow_origin"] = "*";
563 572
564 //remove from map 573 //remove from map
565 lock (url.requests) 574 lock (url.requests)
diff --git a/OpenSim/Region/Framework/Interfaces/IUrlModule.cs b/OpenSim/Region/Framework/Interfaces/IUrlModule.cs
index 79e9f9d..2987184 100644
--- a/OpenSim/Region/Framework/Interfaces/IUrlModule.cs
+++ b/OpenSim/Region/Framework/Interfaces/IUrlModule.cs
@@ -25,6 +25,7 @@
25 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 25 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26 */ 26 */
27 27
28using System.Collections;
28using System.Collections.Generic; 29using System.Collections.Generic;
29using OpenMetaverse; 30using OpenMetaverse;
30using OpenSim.Framework; 31using OpenSim.Framework;
@@ -35,8 +36,8 @@ namespace OpenSim.Region.Framework.Interfaces
35 public interface IUrlModule 36 public interface IUrlModule
36 { 37 {
37 string ExternalHostNameForLSL { get; } 38 string ExternalHostNameForLSL { get; }
38 UUID RequestURL(IScriptModule engine, SceneObjectPart host, UUID itemID); 39 UUID RequestURL(IScriptModule engine, SceneObjectPart host, UUID itemID, Hashtable options);
39 UUID RequestSecureURL(IScriptModule engine, SceneObjectPart host, UUID itemID); 40 UUID RequestSecureURL(IScriptModule engine, SceneObjectPart host, UUID itemID, Hashtable options);
40 void ReleaseURL(string url); 41 void ReleaseURL(string url);
41 void HttpResponse(UUID request, int status, string body); 42 void HttpResponse(UUID request, int status, string body);
42 void HttpContentType(UUID request, string type); 43 void HttpContentType(UUID request, string type);
diff --git a/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/LSL_Api.cs b/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/LSL_Api.cs
index a2abbeb..f48d42d 100644
--- a/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/LSL_Api.cs
+++ b/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/LSL_Api.cs
@@ -12039,7 +12039,7 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
12039 { 12039 {
12040 m_host.AddScriptLPS(1); 12040 m_host.AddScriptLPS(1);
12041 if (m_UrlModule != null) 12041 if (m_UrlModule != null)
12042 return m_UrlModule.RequestSecureURL(m_ScriptEngine.ScriptModule, m_host, m_item.ItemID).ToString(); 12042 return m_UrlModule.RequestSecureURL(m_ScriptEngine.ScriptModule, m_host, m_item.ItemID, null).ToString();
12043 return UUID.Zero.ToString(); 12043 return UUID.Zero.ToString();
12044 } 12044 }
12045 12045
@@ -12157,7 +12157,7 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
12157 m_host.AddScriptLPS(1); 12157 m_host.AddScriptLPS(1);
12158 12158
12159 if (m_UrlModule != null) 12159 if (m_UrlModule != null)
12160 return m_UrlModule.RequestURL(m_ScriptEngine.ScriptModule, m_host, m_item.ItemID).ToString(); 12160 return m_UrlModule.RequestURL(m_ScriptEngine.ScriptModule, m_host, m_item.ItemID, null).ToString();
12161 return UUID.Zero.ToString(); 12161 return UUID.Zero.ToString();
12162 } 12162 }
12163 12163
diff --git a/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/OSSL_Api.cs b/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/OSSL_Api.cs
index bda323a..7e88365 100644
--- a/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/OSSL_Api.cs
+++ b/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/OSSL_Api.cs
@@ -4134,5 +4134,41 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
4134 return 0; 4134 return 0;
4135 } 4135 }
4136 } 4136 }
4137
4138 public LSL_String osRequestURL(LSL_List options)
4139 {
4140 CheckThreatLevel(ThreatLevel.Moderate, "osRequestSecureURL");
4141 m_host.AddScriptLPS(1);
4142
4143 Hashtable opts = new Hashtable();
4144 for (int i = 0 ; i < options.Length ; i++)
4145 {
4146 object opt = options.Data[i];
4147 if (opt.ToString() == "allowXss")
4148 opts["allowXss"] = true;
4149 }
4150
4151 if (m_UrlModule != null)
4152 return m_UrlModule.RequestURL(m_ScriptEngine.ScriptModule, m_host, m_item.ItemID, opts).ToString();
4153 return UUID.Zero.ToString();
4154 }
4155
4156 public LSL_String osRequestSecureURL(LSL_List options)
4157 {
4158 CheckThreatLevel(ThreatLevel.Moderate, "osRequestSecureURL");
4159 m_host.AddScriptLPS(1);
4160
4161 Hashtable opts = new Hashtable();
4162 for (int i = 0 ; i < options.Length ; i++)
4163 {
4164 object opt = options.Data[i];
4165 if (opt.ToString() == "allowXss")
4166 opts["allowXss"] = true;
4167 }
4168
4169 if (m_UrlModule != null)
4170 return m_UrlModule.RequestSecureURL(m_ScriptEngine.ScriptModule, m_host, m_item.ItemID, opts).ToString();
4171 return UUID.Zero.ToString();
4172 }
4137 } 4173 }
4138} 4174}
diff --git a/OpenSim/Region/ScriptEngine/Shared/Api/Interface/IOSSL_Api.cs b/OpenSim/Region/ScriptEngine/Shared/Api/Interface/IOSSL_Api.cs
index 4e567e6..6fc5db4 100644
--- a/OpenSim/Region/ScriptEngine/Shared/Api/Interface/IOSSL_Api.cs
+++ b/OpenSim/Region/ScriptEngine/Shared/Api/Interface/IOSSL_Api.cs
@@ -468,5 +468,8 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api.Interfaces
468 /// <param name="regex">string to use as pattern</param> 468 /// <param name="regex">string to use as pattern</param>
469 /// <returns>boolean</returns> 469 /// <returns>boolean</returns>
470 LSL_Integer osRegexIsMatch(string input, string pattern); 470 LSL_Integer osRegexIsMatch(string input, string pattern);
471
472 LSL_String osRequestURL(LSL_List options);
473 LSL_String osRequestSecureURL(LSL_List options);
471 } 474 }
472} 475}
diff --git a/OpenSim/Region/ScriptEngine/Shared/Api/Runtime/OSSL_Stub.cs b/OpenSim/Region/ScriptEngine/Shared/Api/Runtime/OSSL_Stub.cs
index 31393bb..ee07eee 100644
--- a/OpenSim/Region/ScriptEngine/Shared/Api/Runtime/OSSL_Stub.cs
+++ b/OpenSim/Region/ScriptEngine/Shared/Api/Runtime/OSSL_Stub.cs
@@ -1054,5 +1054,15 @@ namespace OpenSim.Region.ScriptEngine.Shared.ScriptBase
1054 { 1054 {
1055 return m_OSSL_Functions.osRegexIsMatch(input, pattern); 1055 return m_OSSL_Functions.osRegexIsMatch(input, pattern);
1056 } 1056 }
1057
1058 public LSL_String osRequestURL(LSL_List options)
1059 {
1060 return m_OSSL_Functions.osRequestURL(options);
1061 }
1062
1063 public LSL_String osRequestSecureURL(LSL_List options)
1064 {
1065 return m_OSSL_Functions.osRequestSecureURL(options);
1066 }
1057 } 1067 }
1058} 1068}