Fix a couple of security issues

avinationmerge
Melanie 2011-01-08 13:51:34 +01:00
parent de4eaab584
commit 1ab9cd0997
2 changed files with 12 additions and 3 deletions

View File

@ -2025,6 +2025,9 @@ namespace OpenSim.Region.Framework.Scenes
public void SetScriptRunning(IClientAPI controllingClient, UUID objectID, UUID itemID, bool running) public void SetScriptRunning(IClientAPI controllingClient, UUID objectID, UUID itemID, bool running)
{ {
if (!Permissions.CanEditScript(itemID, objectID, controllingClient.AgentId))
return;
SceneObjectPart part = GetSceneObjectPart(objectID); SceneObjectPart part = GetSceneObjectPart(objectID);
if (part == null) if (part == null)
return; return;

View File

@ -48,6 +48,7 @@ namespace OpenSim.Region.Framework.Scenes
private string m_inventoryFileName = String.Empty; private string m_inventoryFileName = String.Empty;
private byte[] m_inventoryFileData = new byte[0]; private byte[] m_inventoryFileData = new byte[0];
private uint m_inventoryFileNameSerial = 0; private uint m_inventoryFileNameSerial = 0;
private bool m_inventoryPrivileged = false;
private Dictionary<UUID, ArrayList> m_scriptErrors = new Dictionary<UUID, ArrayList>(); private Dictionary<UUID, ArrayList> m_scriptErrors = new Dictionary<UUID, ArrayList>();
@ -952,6 +953,13 @@ namespace OpenSim.Region.Framework.Scenes
{ {
bool changed = CreateInventoryFileName(); bool changed = CreateInventoryFileName();
bool includeAssets = false;
if (m_part.ParentGroup.Scene.Permissions.CanEditObjectInventory(m_part.UUID, client.AgentId))
includeAssets = true;
if (m_inventoryPrivileged != includeAssets)
changed = true;
InventoryStringBuilder invString = new InventoryStringBuilder(m_part.UUID, UUID.Zero); InventoryStringBuilder invString = new InventoryStringBuilder(m_part.UUID, UUID.Zero);
Items.LockItemsForRead(true); Items.LockItemsForRead(true);
@ -977,9 +985,7 @@ namespace OpenSim.Region.Framework.Scenes
} }
} }
bool includeAssets = false; m_inventoryPrivileged = includeAssets;
if (m_part.ParentGroup.Scene.Permissions.CanEditObjectInventory(m_part.UUID, client.AgentId))
includeAssets = true;
foreach (TaskInventoryItem item in m_items.Values) foreach (TaskInventoryItem item in m_items.Values)
{ {