Plug a security hole in the inventory service

0.7.2-post-fixes
Melanie 2011-10-31 10:18:25 +01:00 committed by Justin Clark-Casey (justincc)
parent 10aee2f0ec
commit 6bbf4fdc0f
1 changed files with 2 additions and 1 deletions

View File

@ -794,7 +794,8 @@ namespace OpenSim.Data.MySQL
{ {
dbcon.Open(); dbcon.Open();
using (MySqlCommand cmd = new MySqlCommand("DELETE FROM inventoryfolders WHERE folderID=?uuid", dbcon)) // System folders can never be deleted. Period.
using (MySqlCommand cmd = new MySqlCommand("DELETE FROM inventoryfolders WHERE folderID=?uuid and type=-1", dbcon))
{ {
cmd.Parameters.AddWithValue("?uuid", folderID.ToString()); cmd.Parameters.AddWithValue("?uuid", folderID.ToString());