aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/OpenSim
diff options
context:
space:
mode:
authorMelanie Thielker2010-07-15 20:28:18 +0200
committerMelanie2010-07-20 21:01:14 +0100
commitea51bea508a966420bab82dfc2af3c240095e427 (patch)
tree47d9ca9f337bacd9f3894fa9ff5800b3a4527a5f /OpenSim
parentFix a few permissions vulnerability. Owners could cause permissions (diff)
downloadopensim-SC_OLD-ea51bea508a966420bab82dfc2af3c240095e427.zip
opensim-SC_OLD-ea51bea508a966420bab82dfc2af3c240095e427.tar.gz
opensim-SC_OLD-ea51bea508a966420bab82dfc2af3c240095e427.tar.bz2
opensim-SC_OLD-ea51bea508a966420bab82dfc2af3c240095e427.tar.xz
prevent hacked viewers from being able to delete arbitrary items from any
prim. Allow friends with perms and shared group members to move or copy things out of prims
Diffstat (limited to 'OpenSim')
-rw-r--r--OpenSim/Region/Framework/Scenes/Scene.Inventory.cs21
1 files changed, 18 insertions, 3 deletions
diff --git a/OpenSim/Region/Framework/Scenes/Scene.Inventory.cs b/OpenSim/Region/Framework/Scenes/Scene.Inventory.cs
index 1bb7075..953dd56 100644
--- a/OpenSim/Region/Framework/Scenes/Scene.Inventory.cs
+++ b/OpenSim/Region/Framework/Scenes/Scene.Inventory.cs
@@ -916,6 +916,9 @@ namespace OpenSim.Region.Framework.Scenes
916 SceneObjectGroup group = part.ParentGroup; 916 SceneObjectGroup group = part.ParentGroup;
917 if (group != null) 917 if (group != null)
918 { 918 {
919 if (!Permissions.CanEditObjectInventory(part.UUID, remoteClient.AgentId))
920 return;
921
919 TaskInventoryItem item = group.GetInventoryItem(localID, itemID); 922 TaskInventoryItem item = group.GetInventoryItem(localID, itemID);
920 if (item == null) 923 if (item == null)
921 return; 924 return;
@@ -1055,9 +1058,21 @@ namespace OpenSim.Region.Framework.Scenes
1055 return; 1058 return;
1056 } 1059 }
1057 1060
1058 // Only owner can copy 1061 TaskInventoryItem item = part.Inventory.GetInventoryItem(itemId);
1059 if (remoteClient.AgentId != taskItem.OwnerID) 1062 if ((item.CurrentPermissions & (uint)PermissionMask.Copy) == 0)
1060 return; 1063 {
1064 // If the item to be moved is no copy, we need to be able to
1065 // edit the prim.
1066 if (!Permissions.CanEditObjectInventory(part.UUID, remoteClient.AgentId))
1067 return;
1068 }
1069 else
1070 {
1071 // If the item is copiable, then we just need to have perms
1072 // on it. The delete check is a pure rights check
1073 if (!Permissions.CanDeleteObject(part.UUID, remoteClient.AgentId))
1074 return;
1075 }
1061 1076
1062 MoveTaskInventoryItem(remoteClient, folderId, part, itemId); 1077 MoveTaskInventoryItem(remoteClient, folderId, part, itemId);
1063 } 1078 }