Fix security so it correctly checks the OwnerUUID of an object which contains the script issuing a command
parent
1bdb12c558
commit
81b353c53c
|
@ -311,8 +311,19 @@ namespace Flocking
|
|||
protected void SimChatSent (Object x, OSChatMessage msg)
|
||||
{
|
||||
if (msg.Channel != m_chatChannel) return; // not for us
|
||||
if (m_allowedControllers.Count > 0)
|
||||
{
|
||||
bool reject = true;
|
||||
if (msg.SenderObject != null)
|
||||
{
|
||||
UUID ooUUID = ((SceneObjectPart)msg.SenderObject).OwnerID;
|
||||
//m_log.InfoFormat("[{0}]: Message from object {1} with OwnerID: {2}", m_name, msg.SenderUUID, ooUUID);
|
||||
if (m_allowedControllers.Contains(ooUUID)) reject = false;
|
||||
}
|
||||
if (m_allowedControllers.Contains(msg.SenderUUID)) reject = false;
|
||||
|
||||
if (m_allowedControllers.Count>0 & !m_allowedControllers.Contains(msg.SenderUUID)) return; // not for us
|
||||
if (reject) return; //not for us
|
||||
}
|
||||
|
||||
// try and parse a valid cmd from this msg
|
||||
string cmd = msg.Message; //.ToLower ();
|
||||
|
|
|
@ -123,7 +123,10 @@ By default anyone can send commands to the module from within a script or via th
|
|||
You should use a high negative value for channel if you want to allow script access, but not in-world chat. Further you can restrict
|
||||
which users are allowed to control the module using the 'BirdsAllowedControllers' setting. This is a comma separated list of user UUIDs,
|
||||
but it may also contain one of the pre-defined constants ESTATE_OWNER (evaluates to the UUID of the estate owner) and ESTATE_MANAGER
|
||||
(evaluates to a list of estate manager UUIDS).
|
||||
(evaluates to a list of estate manager UUIDS).
|
||||
|
||||
* For commands sent from in-world chat, it is the UUID of the avatar sending the command that is checked against the list.
|
||||
* For commands sent from a script it is the UUID of the owner of the prim in which the script resides that is checked against the list.
|
||||
|
||||
Bird prims:
|
||||
|
||||
|
|
Loading…
Reference in New Issue