From 1ab9cd0997b30eae24b0fc609d7d8598e5a549fc Mon Sep 17 00:00:00 2001
From: Melanie
Date: Sat, 8 Jan 2011 13:51:34 +0100
Subject: Fix a couple of security issues

---
 OpenSim/Region/Framework/Scenes/Scene.Inventory.cs          |  3 +++
 OpenSim/Region/Framework/Scenes/SceneObjectPartInventory.cs | 12 +++++++++---
 2 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/OpenSim/Region/Framework/Scenes/Scene.Inventory.cs b/OpenSim/Region/Framework/Scenes/Scene.Inventory.cs
index 682c36d..5658f90 100644
--- a/OpenSim/Region/Framework/Scenes/Scene.Inventory.cs
+++ b/OpenSim/Region/Framework/Scenes/Scene.Inventory.cs
@@ -2025,6 +2025,9 @@ namespace OpenSim.Region.Framework.Scenes
 
         public void SetScriptRunning(IClientAPI controllingClient, UUID objectID, UUID itemID, bool running)
         {
+            if (!Permissions.CanEditScript(itemID, objectID, controllingClient.AgentId))
+                return;
+
             SceneObjectPart part = GetSceneObjectPart(objectID);
             if (part == null)
                 return;
diff --git a/OpenSim/Region/Framework/Scenes/SceneObjectPartInventory.cs b/OpenSim/Region/Framework/Scenes/SceneObjectPartInventory.cs
index 970003a..5a39941 100644
--- a/OpenSim/Region/Framework/Scenes/SceneObjectPartInventory.cs
+++ b/OpenSim/Region/Framework/Scenes/SceneObjectPartInventory.cs
@@ -48,6 +48,7 @@ namespace OpenSim.Region.Framework.Scenes
         private string m_inventoryFileName = String.Empty;
         private byte[] m_inventoryFileData = new byte[0];
         private uint m_inventoryFileNameSerial = 0;
+        private bool m_inventoryPrivileged = false;
 
         private Dictionary<UUID, ArrayList> m_scriptErrors = new Dictionary<UUID, ArrayList>();
         
@@ -952,6 +953,13 @@ namespace OpenSim.Region.Framework.Scenes
         {
             bool changed = CreateInventoryFileName();
 
+            bool includeAssets = false;
+            if (m_part.ParentGroup.Scene.Permissions.CanEditObjectInventory(m_part.UUID, client.AgentId))
+                includeAssets = true;
+
+            if (m_inventoryPrivileged != includeAssets)
+                changed = true;
+
             InventoryStringBuilder invString = new InventoryStringBuilder(m_part.UUID, UUID.Zero);
 
             Items.LockItemsForRead(true);
@@ -977,9 +985,7 @@ namespace OpenSim.Region.Framework.Scenes
                 }
             }
 
-            bool includeAssets = false;
-            if (m_part.ParentGroup.Scene.Permissions.CanEditObjectInventory(m_part.UUID, client.AgentId))
-                includeAssets = true;
+            m_inventoryPrivileged = includeAssets;
 
             foreach (TaskInventoryItem item in m_items.Values)
             {
-- 
cgit v1.1