From 6bbf4fdc0fccd0496e06d45dc5e6b28e344e4b09 Mon Sep 17 00:00:00 2001
From: Melanie <melanie@t-data.com>
Date: Mon, 31 Oct 2011 10:18:25 +0100
Subject: [PATCH] Plug a security hole in the inventory service

---
 OpenSim/Data/MySQL/MySQLInventoryData.cs | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/OpenSim/Data/MySQL/MySQLInventoryData.cs b/OpenSim/Data/MySQL/MySQLInventoryData.cs
index 9d70acbeeb..1a634e5eb6 100644
--- a/OpenSim/Data/MySQL/MySQLInventoryData.cs
+++ b/OpenSim/Data/MySQL/MySQLInventoryData.cs
@@ -794,7 +794,8 @@ namespace OpenSim.Data.MySQL
                 {
                     dbcon.Open();
 
-                    using (MySqlCommand cmd = new MySqlCommand("DELETE FROM inventoryfolders WHERE folderID=?uuid", dbcon))
+                    // System folders can never be deleted. Period.
+                    using (MySqlCommand cmd = new MySqlCommand("DELETE FROM inventoryfolders WHERE folderID=?uuid and type=-1", dbcon))
                     {
                         cmd.Parameters.AddWithValue("?uuid", folderID.ToString());