From 854a8b91723afb98dc29dbd3afacaa895e58ea73 Mon Sep 17 00:00:00 2001 From: Melanie Thielker Date: Tue, 22 Jun 2010 17:35:00 +0200 Subject: Security fix: Allow only textures to be fetched using HTTP texture cap --- OpenSim/Region/CoreModules/Avatar/Assets/GetTextureModule.cs | 12 ++++++++++++ 1 file changed, 12 insertions(+) (limited to 'OpenSim/Region/CoreModules') diff --git a/OpenSim/Region/CoreModules/Avatar/Assets/GetTextureModule.cs b/OpenSim/Region/CoreModules/Avatar/Assets/GetTextureModule.cs index f8e3d59..75efb79 100644 --- a/OpenSim/Region/CoreModules/Avatar/Assets/GetTextureModule.cs +++ b/OpenSim/Region/CoreModules/Avatar/Assets/GetTextureModule.cs @@ -131,6 +131,12 @@ namespace OpenSim.Region.CoreModules.Avatar.ObjectCaps if (texture != null) { + if (texture.Type != (sbyte)AssetType.Texture) + { + httpResponse.StatusCode = (int)System.Net.HttpStatusCode.NotFound; + httpResponse.Send(); + return null; + } SendTexture(httpRequest, httpResponse, texture); } else @@ -147,6 +153,12 @@ namespace OpenSim.Region.CoreModules.Avatar.ObjectCaps if (texture != null) { + if (texture.Type != (sbyte)AssetType.Texture) + { + httpResponse.StatusCode = (int)System.Net.HttpStatusCode.NotFound; + httpResponse.Send(); + return null; + } SendTexture(httpRequest, httpResponse, texture); } else -- cgit v1.1 From a4a808818f32b937a4228e9311e3e3b413a1b1d7 Mon Sep 17 00:00:00 2001 From: Justin Clark-Casey (justincc) Date: Fri, 25 Jun 2010 21:48:19 +0100 Subject: don't report the null uuid as a missing asset on saving oars/iars --- OpenSim/Region/CoreModules/World/Archiver/AssetsRequest.cs | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) (limited to 'OpenSim/Region/CoreModules') diff --git a/OpenSim/Region/CoreModules/World/Archiver/AssetsRequest.cs b/OpenSim/Region/CoreModules/World/Archiver/AssetsRequest.cs index a1451ce..4d360f6 100644 --- a/OpenSim/Region/CoreModules/World/Archiver/AssetsRequest.cs +++ b/OpenSim/Region/CoreModules/World/Archiver/AssetsRequest.cs @@ -134,7 +134,8 @@ namespace OpenSim.Region.CoreModules.World.Archiver foreach (KeyValuePair kvp in m_uuids) { - m_assetService.Get(kvp.Key.ToString(), kvp.Value, PreAssetRequestCallback); + if (kvp.Key != UUID.Zero) + m_assetService.Get(kvp.Key.ToString(), kvp.Value, PreAssetRequestCallback); } m_requestCallbackTimer.Enabled = true; @@ -269,7 +270,7 @@ namespace OpenSim.Region.CoreModules.World.Archiver } catch (Exception e) { - m_log.ErrorFormat("[ARCHIVER]: AssetRequestCallback failed with {0}", e); + m_log.ErrorFormat("[ARCHIVER]: AssetRequestCallback failed with {0}{1}", e.Message, e.StackTrace); } } @@ -285,7 +286,8 @@ namespace OpenSim.Region.CoreModules.World.Archiver catch (Exception e) { m_log.ErrorFormat( - "[ARCHIVER]: Terminating archive creation since asset requster callback failed with {0}", e); + "[ARCHIVER]: Terminating archive creation since asset requester callback failed with {0}{1}", + e.Message, e.StackTrace); } } } -- cgit v1.1 From 0a82d10fc4827d4c537b5d23f0654d80ba89a2a3 Mon Sep 17 00:00:00 2001 From: Melanie Thielker Date: Mon, 28 Jun 2010 02:30:36 +0200 Subject: Change the way IRegionModule us referenced by IEmailModule to allow later conversion to new style --- OpenSim/Region/CoreModules/Scripting/EMailModules/EmailModule.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'OpenSim/Region/CoreModules') diff --git a/OpenSim/Region/CoreModules/Scripting/EMailModules/EmailModule.cs b/OpenSim/Region/CoreModules/Scripting/EMailModules/EmailModule.cs index 83f004d..c0975ea 100644 --- a/OpenSim/Region/CoreModules/Scripting/EMailModules/EmailModule.cs +++ b/OpenSim/Region/CoreModules/Scripting/EMailModules/EmailModule.cs @@ -40,7 +40,7 @@ using OpenSim.Region.Framework.Scenes; namespace OpenSim.Region.CoreModules.Scripting.EmailModules { - public class EmailModule : IEmailModule + public class EmailModule : IRegionModule, IEmailModule { // // Log -- cgit v1.1 From d1233501648d4c76abb259faf2a30095bc99b3f6 Mon Sep 17 00:00:00 2001 From: Diva Canto Date: Mon, 28 Jun 2010 16:04:12 -0700 Subject: One more bug fix in FriendsModule: GrantRights. One of the caches was not being updated. --- OpenSim/Region/CoreModules/Avatar/Friends/FriendsModule.cs | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'OpenSim/Region/CoreModules') diff --git a/OpenSim/Region/CoreModules/Avatar/Friends/FriendsModule.cs b/OpenSim/Region/CoreModules/Avatar/Friends/FriendsModule.cs index 5552be7..6f044cb 100644 --- a/OpenSim/Region/CoreModules/Avatar/Friends/FriendsModule.cs +++ b/OpenSim/Region/CoreModules/Avatar/Friends/FriendsModule.cs @@ -768,8 +768,15 @@ namespace OpenSim.Region.CoreModules.Avatar.Friends bool canEditObjectsChanged = ((rights ^ userFlags) & (int)FriendRights.CanModifyObjects) != 0; if (canEditObjectsChanged) friendClient.SendChangeUserRights(userID, friendID, rights); + } + // update local cache + //m_Friends[friendID].Friends = m_FriendsService.GetFriends(friendID); + foreach (FriendInfo finfo in m_Friends[friendID].Friends) + if (finfo.Friend == userID.ToString()) + finfo.TheirFlags = rights; + return true; } -- cgit v1.1 From 9fde9085a0fcd2e78b01724e0b7e826156d23f53 Mon Sep 17 00:00:00 2001 From: Diva Canto Date: Tue, 29 Jun 2010 02:07:10 -0700 Subject: Bug fix in HG standalone: wrong handler in the in module. Fixed a few broken comments in InventoryAccessModule. --- .../Framework/InventoryAccess/InventoryAccessModule.cs | 13 ++----------- .../Inventory/InventoryServiceInConnectorModule.cs | 2 +- 2 files changed, 3 insertions(+), 12 deletions(-) (limited to 'OpenSim/Region/CoreModules') diff --git a/OpenSim/Region/CoreModules/Framework/InventoryAccess/InventoryAccessModule.cs b/OpenSim/Region/CoreModules/Framework/InventoryAccess/InventoryAccessModule.cs index 3035d88..12b6aa0 100644 --- a/OpenSim/Region/CoreModules/Framework/InventoryAccess/InventoryAccessModule.cs +++ b/OpenSim/Region/CoreModules/Framework/InventoryAccess/InventoryAccessModule.cs @@ -286,23 +286,15 @@ namespace OpenSim.Region.CoreModules.Framework.InventoryAccess { // Deleting someone else's item // - - if (remoteClient == null || objectGroup.OwnerID != remoteClient.AgentId) { - // Folder skeleton may not be loaded and we - // have to wait for the inventory to find - // the destination folder - // + folder = m_Scene.InventoryService.GetFolderForType(userID, AssetType.LostAndFoundFolder); } else { - // Assume inventory skeleton was loaded during login - // and all folders can be found - // - folder = m_Scene.InventoryService.GetFolderForType(userID, AssetType.TrashFolder); + folder = m_Scene.InventoryService.GetFolderForType(userID, AssetType.TrashFolder); } } else if (action == DeRezAction.Return) @@ -332,7 +324,6 @@ namespace OpenSim.Region.CoreModules.Framework.InventoryAccess if (folder == null) // None of the above { - //folder = userInfo.RootFolder.FindFolder(folderID); folder = new InventoryFolderBase(folderID); if (folder == null) // Nowhere to put it diff --git a/OpenSim/Region/CoreModules/ServiceConnectorsIn/Inventory/InventoryServiceInConnectorModule.cs b/OpenSim/Region/CoreModules/ServiceConnectorsIn/Inventory/InventoryServiceInConnectorModule.cs index ae03cdf..209cf0d 100644 --- a/OpenSim/Region/CoreModules/ServiceConnectorsIn/Inventory/InventoryServiceInConnectorModule.cs +++ b/OpenSim/Region/CoreModules/ServiceConnectorsIn/Inventory/InventoryServiceInConnectorModule.cs @@ -96,7 +96,7 @@ namespace OpenSim.Region.CoreModules.ServiceConnectorsIn.Inventory Object[] args = new Object[] { m_Config, MainServer.Instance, "HGInventoryService" }; - ServerUtils.LoadPlugin("OpenSim.Server.Handlers.dll:HGInventoryServiceInConnector", args); + ServerUtils.LoadPlugin("OpenSim.Server.Handlers.dll:XInventoryInConnector", args); } } -- cgit v1.1 From 08e338979062268aa6c82fbe83903de5bcd77f30 Mon Sep 17 00:00:00 2001 From: Diva Canto Date: Tue, 29 Jun 2010 04:38:15 -0700 Subject: Buglet fix in HG inventory. Make sure that GetRootFolder for non-HG xinventory is the folder "My Inventory". Also changed the Suitcase folder name to "My Suitcase". --- .../CoreModules/Framework/InventoryAccess/HGInventoryAccessModule.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'OpenSim/Region/CoreModules') diff --git a/OpenSim/Region/CoreModules/Framework/InventoryAccess/HGInventoryAccessModule.cs b/OpenSim/Region/CoreModules/Framework/InventoryAccess/HGInventoryAccessModule.cs index 2ab46aa..58c396c 100644 --- a/OpenSim/Region/CoreModules/Framework/InventoryAccess/HGInventoryAccessModule.cs +++ b/OpenSim/Region/CoreModules/Framework/InventoryAccess/HGInventoryAccessModule.cs @@ -131,7 +131,7 @@ namespace OpenSim.Region.CoreModules.Framework.InventoryAccess return ret; } - public virtual UUID DeleteToInventory(DeRezAction action, UUID folderID, + public override UUID DeleteToInventory(DeRezAction action, UUID folderID, SceneObjectGroup objectGroup, IClientAPI remoteClient) { UUID assetID = base.DeleteToInventory(action, folderID, new List() {objectGroup}, remoteClient); -- cgit v1.1