Implement the linefeed URL hack for ShoutCast and other services

2012-07-27 12:10:04 +02:00 · 2012-07-27 12:10:04 +02:00 · 9f6236f5bf
parent be22e3599c
commit 9f6236f5bf
1 changed files with 53 additions and 0 deletions
--- a/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/LSL_Api.cs
+++ b/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/LSL_Api.cs
@ -11471,6 +11471,59 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
            if (userAgent != null)
                httpHeaders["User-Agent"] = userAgent;
            // See if the URL contains any header hacks
            string[] urlParts = url.Split(new char[] {'\n'});
            if (urlParts.Length > 1)
            {
                // Iterate the passed headers and parse them
                for (int i = 1 ; i < urlParts.Length ; i++ )
                {
                    // The rest of those would be added to the body in SL.
                    // Let's not do that.
                    if (urlParts[i] == String.Empty)
                        break;
                    // See if this could be a valid header
                    string[] headerParts = urlParts[i].Split(new char[] {':'}, 2);
                    if (headerParts.Length != 2)
                        continue;
                    string headerName = headerParts[0].Trim();
                    string headerValue = headerParts[1].Trim();
                    // Filter out headers that could be used to abuse
                    // another system or cloak the request
                    if (headerName.ToLower() == "x-secondlife-shard" ||
                        headerName.ToLower() == "x-secondlife-object-name" ||
                        headerName.ToLower() == "x-secondlife-object-key" ||
                        headerName.ToLower() == "x-secondlife-region" ||
                        headerName.ToLower() == "x-secondlife-local-position" ||
                        headerName.ToLower() == "x-secondlife-local-velocity" ||
                        headerName.ToLower() == "x-secondlife-local-rotation" ||
                        headerName.ToLower() == "x-secondlife-owner-name" ||
                        headerName.ToLower() == "x-secondlife-owner-key" ||
                        headerName.ToLower() == "connection" ||
                        headerName.ToLower() == "content-length" ||
                        headerName.ToLower() == "from" ||
                        headerName.ToLower() == "host" ||
                        headerName.ToLower() == "proxy-authorization" ||
                        headerName.ToLower() == "referer" ||
                        headerName.ToLower() == "trailer" ||
                        headerName.ToLower() == "transfer-encoding" ||
                        headerName.ToLower() == "via" ||
                        headerName.ToLower() == "authorization")
                        continue;
                    httpHeaders[headerName] = headerValue;
                }
                // Finally, strip any protocol specifier from the URL
                url = urlParts[0].Trim();
                int idx = url.IndexOf(" HTTP/");
                if (idx != -1)
                    url = url.Substring(0, idx);
            }
            string authregex = @"^(https?:\/\/)(\w+):(\w+)@(.*)$";
            Regex r = new Regex(authregex);
            int[] gnums = r.GetGroupNumbers();