5 files changed, 62 insertions, 5 deletions
diff --git a/OpenSim/Region/CoreModules/Avatar/Inventory/Archiver/InventoryArchiverModule.cs b/OpenSim/Region/CoreModules/Avatar/Inventory/Archiver/InventoryArchiverModule.cs
index cf87010..7d1fe68 100644
--- a/OpenSim/Region/CoreModules/Avatar/Inventory/Archiver/InventoryArchiverModule.cs
+++ b/OpenSim/Region/CoreModules/Avatar/Inventory/Archiver/InventoryArchiverModule.cs
@@ -492,6 +492,8 @@ namespace OpenSim.Region.CoreModules.Avatar.Inventory.Archiver
                return null;
            }
+            return account;
+            /*
            try
            {
                string encpass = Util.Md5Hash(pass);
@@ -512,6 +514,7 @@ namespace OpenSim.Region.CoreModules.Avatar.Inventory.Archiver
                m_log.ErrorFormat("[INVENTORY ARCHIVER]: Could not authenticate password, {0}", e.Message);
                return null;
            }
+            */
        }
        /// <summary>
diff --git a/OpenSim/Region/CoreModules/Scripting/LSLHttp/UrlModule.cs b/OpenSim/Region/CoreModules/Scripting/LSLHttp/UrlModule.cs
index f4a89bd..e0e358a 100644
--- a/OpenSim/Region/CoreModules/Scripting/LSLHttp/UrlModule.cs
+++ b/OpenSim/Region/CoreModules/Scripting/LSLHttp/UrlModule.cs
@@ -80,7 +80,7 @@ namespace OpenSim.Region.CoreModules.Scripting.LSLHttp
        /// <summary>
        /// Maximum number of external urls that can be set up by this module.
        /// </summary>
-        private int m_TotalUrls = 5000;
+        private int m_TotalUrls = 15000;
        private uint https_port = 0;
        private IHttpServer m_HttpServer = null;
diff --git a/OpenSim/Region/Framework/Scenes/ScenePresence.cs b/OpenSim/Region/Framework/Scenes/ScenePresence.cs
index 5cff3f0..628fd20 100644
--- a/OpenSim/Region/Framework/Scenes/ScenePresence.cs
+++ b/OpenSim/Region/Framework/Scenes/ScenePresence.cs
@@ -3817,6 +3817,9 @@ namespace OpenSim.Region.Framework.Scenes
            if (p == null)
                return;
+            ControllingClient.SendTakeControls(controls, false, false);
+            ControllingClient.SendTakeControls(controls, true, false);
            ScriptControllers obj = new ScriptControllers();
            obj.ignoreControls = ScriptControlled.CONTROL_ZERO;
            obj.eventControls = ScriptControlled.CONTROL_ZERO;
diff --git a/OpenSim/Region/Physics/UbitOdePlugin/OdeScene.cs b/OpenSim/Region/Physics/UbitOdePlugin/OdeScene.cs
index a554897..f3ac3ca 100644
--- a/OpenSim/Region/Physics/UbitOdePlugin/OdeScene.cs
+++ b/OpenSim/Region/Physics/UbitOdePlugin/OdeScene.cs
@@ -1027,7 +1027,7 @@ namespace OpenSim.Region.Physics.OdePlugin
                                    {
                                        d.AABB aabb;
                                        d.GeomGetAABB(g2, out aabb);
-                                        float tmp = vtmp.Z - sz * .25f;
+                                        float tmp = vtmp.Z - sz * .18f;
                                        if (aabb.MaxZ < tmp)
                                        {
@@ -1057,7 +1057,7 @@ namespace OpenSim.Region.Physics.OdePlugin
                                    {
                                        d.AABB aabb;
                                        d.GeomGetAABB(g1, out aabb);
-                                        float tmp = vtmp.Z - sz * .25f;
+                                        float tmp = vtmp.Z - sz * .18f;
                                        if (aabb.MaxZ < tmp)
                                        {
diff --git a/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/LSL_Api.cs b/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/LSL_Api.cs
index b75260b..ce1c364 100644
--- a/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/LSL_Api.cs
+++ b/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/LSL_Api.cs
@@ -3315,8 +3315,6 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
                    {
                        // Unregister controls from Presence
                        presence.UnRegisterControlEventsToScript(m_host.LocalId, m_item.ItemID);
-                        // Remove Take Control permission.
-                        m_item.PermsMask &= ~ScriptBaseClass.PERMISSION_TAKE_CONTROLS;
                    }
                }
            }
@@ -11471,6 +11469,59 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
            if (userAgent != null)
                httpHeaders["User-Agent"] = userAgent;
+            // See if the URL contains any header hacks
+            string[] urlParts = url.Split(new char[] {'\n'});
+            if (urlParts.Length > 1)
+            {
+                // Iterate the passed headers and parse them
+                for (int i = 1 ; i < urlParts.Length ; i++ )
+                {
+                    // The rest of those would be added to the body in SL.
+                    // Let's not do that.
+                    if (urlParts[i] == String.Empty)
+                        break;
+                    // See if this could be a valid header
+                    string[] headerParts = urlParts[i].Split(new char[] {':'}, 2);
+                    if (headerParts.Length != 2)
+                        continue;
+                    string headerName = headerParts[0].Trim();
+                    string headerValue = headerParts[1].Trim();
+                    // Filter out headers that could be used to abuse
+                    // another system or cloak the request
+                    if (headerName.ToLower() == "x-secondlife-shard" ||
+                        headerName.ToLower() == "x-secondlife-object-name" ||
+                        headerName.ToLower() == "x-secondlife-object-key" ||
+                        headerName.ToLower() == "x-secondlife-region" ||
+                        headerName.ToLower() == "x-secondlife-local-position" ||
+                        headerName.ToLower() == "x-secondlife-local-velocity" ||
+                        headerName.ToLower() == "x-secondlife-local-rotation" ||
+                        headerName.ToLower() == "x-secondlife-owner-name" ||
+                        headerName.ToLower() == "x-secondlife-owner-key" ||
+                        headerName.ToLower() == "connection" ||
+                        headerName.ToLower() == "content-length" ||
+                        headerName.ToLower() == "from" ||
+                        headerName.ToLower() == "host" ||
+                        headerName.ToLower() == "proxy-authorization" ||
+                        headerName.ToLower() == "referer" ||
+                        headerName.ToLower() == "trailer" ||
+                        headerName.ToLower() == "transfer-encoding" ||
+                        headerName.ToLower() == "via" ||
+                        headerName.ToLower() == "authorization")
+                        continue;
+                    httpHeaders[headerName] = headerValue;
+                }
+                // Finally, strip any protocol specifier from the URL
+                url = urlParts[0].Trim();
+                int idx = url.IndexOf(" HTTP/");
+                if (idx != -1)
+                    url = url.Substring(0, idx);
+            }
            string authregex = @"^(https?:\/\/)(\w+):(\w+)@(.*)$";
            Regex r = new Regex(authregex);
            int[] gnums = r.GetGroupNumbers();

diff --git a/OpenSim/Region/CoreModules/Avatar/Inventory/Archiver/InventoryArchiverModule.cs b/OpenSim/Region/CoreModules/Avatar/Inventory/Archiver/InventoryArchiverModule.cs index cf87010..7d1fe68 100644 --- a/OpenSim/Region/CoreModules/Avatar/Inventory/Archiver/InventoryArchiverModule.cs +++ b/OpenSim/Region/CoreModules/Avatar/Inventory/Archiver/InventoryArchiverModule.cs
@@ -492,6 +492,8 @@ namespace OpenSim.Region.CoreModules.Avatar.Inventory.Archiver
492	return null;	492	return null;
493	}	493	}
494		494
		495	return account;
		496	/*
495	try	497	try
496	{	498	{
497	string encpass = Util.Md5Hash(pass);	499	string encpass = Util.Md5Hash(pass);
@@ -512,6 +514,7 @@ namespace OpenSim.Region.CoreModules.Avatar.Inventory.Archiver
512	m_log.ErrorFormat("[INVENTORY ARCHIVER]: Could not authenticate password, {0}", e.Message);	514	m_log.ErrorFormat("[INVENTORY ARCHIVER]: Could not authenticate password, {0}", e.Message);
513	return null;	515	return null;
514	}	516	}
		517	*/
515	}	518	}
516		519
517	/// <summary>	520	/// <summary>


diff --git a/OpenSim/Region/CoreModules/Scripting/LSLHttp/UrlModule.cs b/OpenSim/Region/CoreModules/Scripting/LSLHttp/UrlModule.cs index f4a89bd..e0e358a 100644 --- a/OpenSim/Region/CoreModules/Scripting/LSLHttp/UrlModule.cs +++ b/OpenSim/Region/CoreModules/Scripting/LSLHttp/UrlModule.cs
@@ -80,7 +80,7 @@ namespace OpenSim.Region.CoreModules.Scripting.LSLHttp
80	/// <summary>	80	/// <summary>
81	/// Maximum number of external urls that can be set up by this module.	81	/// Maximum number of external urls that can be set up by this module.
82	/// </summary>	82	/// </summary>
83	private int m_TotalUrls = 5000;	83	private int m_TotalUrls = 15000;
84		84
85	private uint https_port = 0;	85	private uint https_port = 0;
86	private IHttpServer m_HttpServer = null;	86	private IHttpServer m_HttpServer = null;


diff --git a/OpenSim/Region/Framework/Scenes/ScenePresence.cs b/OpenSim/Region/Framework/Scenes/ScenePresence.cs index 5cff3f0..628fd20 100644 --- a/OpenSim/Region/Framework/Scenes/ScenePresence.cs +++ b/OpenSim/Region/Framework/Scenes/ScenePresence.cs
@@ -3817,6 +3817,9 @@ namespace OpenSim.Region.Framework.Scenes
3817	if (p == null)	3817	if (p == null)
3818	return;	3818	return;
3819		3819
		3820	ControllingClient.SendTakeControls(controls, false, false);
		3821	ControllingClient.SendTakeControls(controls, true, false);
		3822
3820	ScriptControllers obj = new ScriptControllers();	3823	ScriptControllers obj = new ScriptControllers();
3821	obj.ignoreControls = ScriptControlled.CONTROL_ZERO;	3824	obj.ignoreControls = ScriptControlled.CONTROL_ZERO;
3822	obj.eventControls = ScriptControlled.CONTROL_ZERO;	3825	obj.eventControls = ScriptControlled.CONTROL_ZERO;


diff --git a/OpenSim/Region/Physics/UbitOdePlugin/OdeScene.cs b/OpenSim/Region/Physics/UbitOdePlugin/OdeScene.cs index a554897..f3ac3ca 100644 --- a/OpenSim/Region/Physics/UbitOdePlugin/OdeScene.cs +++ b/OpenSim/Region/Physics/UbitOdePlugin/OdeScene.cs
@@ -1027,7 +1027,7 @@ namespace OpenSim.Region.Physics.OdePlugin
1027	{	1027	{
1028	d.AABB aabb;	1028	d.AABB aabb;
1029	d.GeomGetAABB(g2, out aabb);	1029	d.GeomGetAABB(g2, out aabb);
1030	float tmp = vtmp.Z - sz * .25f;	1030	float tmp = vtmp.Z - sz * .18f;
1031		1031
1032	if (aabb.MaxZ < tmp)	1032	if (aabb.MaxZ < tmp)
1033	{	1033	{
@@ -1057,7 +1057,7 @@ namespace OpenSim.Region.Physics.OdePlugin
1057	{	1057	{
1058	d.AABB aabb;	1058	d.AABB aabb;
1059	d.GeomGetAABB(g1, out aabb);	1059	d.GeomGetAABB(g1, out aabb);
1060	float tmp = vtmp.Z - sz * .25f;	1060	float tmp = vtmp.Z - sz * .18f;
1061		1061
1062	if (aabb.MaxZ < tmp)	1062	if (aabb.MaxZ < tmp)
1063	{	1063	{


diff --git a/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/LSL_Api.cs b/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/LSL_Api.cs index b75260b..ce1c364 100644 --- a/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/LSL_Api.cs +++ b/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/LSL_Api.cs
@@ -3315,8 +3315,6 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
3315	{	3315	{
3316	// Unregister controls from Presence	3316	// Unregister controls from Presence
3317	presence.UnRegisterControlEventsToScript(m_host.LocalId, m_item.ItemID);	3317	presence.UnRegisterControlEventsToScript(m_host.LocalId, m_item.ItemID);
3318	// Remove Take Control permission.
3319	m_item.PermsMask &= ~ScriptBaseClass.PERMISSION_TAKE_CONTROLS;
3320	}	3318	}
3321	}	3319	}
3322	}	3320	}
@@ -11471,6 +11469,59 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
11471	if (userAgent != null)	11469	if (userAgent != null)
11472	httpHeaders["User-Agent"] = userAgent;	11470	httpHeaders["User-Agent"] = userAgent;
11473		11471
		11472	// See if the URL contains any header hacks
		11473	string[] urlParts = url.Split(new char[] {'\n'});
		11474	if (urlParts.Length > 1)
		11475	{
		11476	// Iterate the passed headers and parse them
		11477	for (int i = 1 ; i < urlParts.Length ; i++ )
		11478	{
		11479	// The rest of those would be added to the body in SL.
		11480	// Let's not do that.
		11481	if (urlParts[i] == String.Empty)
		11482	break;
		11483
		11484	// See if this could be a valid header
		11485	string[] headerParts = urlParts[i].Split(new char[] {':'}, 2);
		11486	if (headerParts.Length != 2)
		11487	continue;
		11488
		11489	string headerName = headerParts[0].Trim();
		11490	string headerValue = headerParts[1].Trim();
		11491
		11492	// Filter out headers that could be used to abuse
		11493	// another system or cloak the request
		11494	if (headerName.ToLower() == "x-secondlife-shard" \|\|
		11495	headerName.ToLower() == "x-secondlife-object-name" \|\|
		11496	headerName.ToLower() == "x-secondlife-object-key" \|\|
		11497	headerName.ToLower() == "x-secondlife-region" \|\|
		11498	headerName.ToLower() == "x-secondlife-local-position" \|\|
		11499	headerName.ToLower() == "x-secondlife-local-velocity" \|\|
		11500	headerName.ToLower() == "x-secondlife-local-rotation" \|\|
		11501	headerName.ToLower() == "x-secondlife-owner-name" \|\|
		11502	headerName.ToLower() == "x-secondlife-owner-key" \|\|
		11503	headerName.ToLower() == "connection" \|\|
		11504	headerName.ToLower() == "content-length" \|\|
		11505	headerName.ToLower() == "from" \|\|
		11506	headerName.ToLower() == "host" \|\|
		11507	headerName.ToLower() == "proxy-authorization" \|\|
		11508	headerName.ToLower() == "referer" \|\|
		11509	headerName.ToLower() == "trailer" \|\|
		11510	headerName.ToLower() == "transfer-encoding" \|\|
		11511	headerName.ToLower() == "via" \|\|
		11512	headerName.ToLower() == "authorization")
		11513	continue;
		11514
		11515	httpHeaders[headerName] = headerValue;
		11516	}
		11517
		11518	// Finally, strip any protocol specifier from the URL
		11519	url = urlParts[0].Trim();
		11520	int idx = url.IndexOf(" HTTP/");
		11521	if (idx != -1)
		11522	url = url.Substring(0, idx);
		11523	}
		11524
11474	string authregex = @"^(https?:\/\/)(\w+):(\w+)@(.*)$";	11525	string authregex = @"^(https?:\/\/)(\w+):(\w+)@(.*)$";
11475	Regex r = new Regex(authregex);	11526	Regex r = new Regex(authregex);
11476	int[] gnums = r.GetGroupNumbers();	11527	int[] gnums = r.GetGroupNumbers();