diff --git a/OpenSim/Region/CoreModules/Avatar/Inventory/Archiver/InventoryArchiverModule.cs b/OpenSim/Region/CoreModules/Avatar/Inventory/Archiver/InventoryArchiverModule.cs index cf870100a4..7d1fe68e8c 100644 --- a/OpenSim/Region/CoreModules/Avatar/Inventory/Archiver/InventoryArchiverModule.cs +++ b/OpenSim/Region/CoreModules/Avatar/Inventory/Archiver/InventoryArchiverModule.cs @@ -492,6 +492,8 @@ namespace OpenSim.Region.CoreModules.Avatar.Inventory.Archiver return null; } + return account; + /* try { string encpass = Util.Md5Hash(pass); @@ -512,6 +514,7 @@ namespace OpenSim.Region.CoreModules.Avatar.Inventory.Archiver m_log.ErrorFormat("[INVENTORY ARCHIVER]: Could not authenticate password, {0}", e.Message); return null; } + */ } /// diff --git a/OpenSim/Region/CoreModules/Scripting/LSLHttp/UrlModule.cs b/OpenSim/Region/CoreModules/Scripting/LSLHttp/UrlModule.cs index f4a89bd4f2..e0e358a613 100644 --- a/OpenSim/Region/CoreModules/Scripting/LSLHttp/UrlModule.cs +++ b/OpenSim/Region/CoreModules/Scripting/LSLHttp/UrlModule.cs @@ -80,7 +80,7 @@ namespace OpenSim.Region.CoreModules.Scripting.LSLHttp /// /// Maximum number of external urls that can be set up by this module. /// - private int m_TotalUrls = 5000; + private int m_TotalUrls = 15000; private uint https_port = 0; private IHttpServer m_HttpServer = null; diff --git a/OpenSim/Region/Framework/Scenes/ScenePresence.cs b/OpenSim/Region/Framework/Scenes/ScenePresence.cs index 5cff3f0c11..628fd20907 100644 --- a/OpenSim/Region/Framework/Scenes/ScenePresence.cs +++ b/OpenSim/Region/Framework/Scenes/ScenePresence.cs @@ -3817,6 +3817,9 @@ namespace OpenSim.Region.Framework.Scenes if (p == null) return; + ControllingClient.SendTakeControls(controls, false, false); + ControllingClient.SendTakeControls(controls, true, false); + ScriptControllers obj = new ScriptControllers(); obj.ignoreControls = ScriptControlled.CONTROL_ZERO; obj.eventControls = ScriptControlled.CONTROL_ZERO; diff --git a/OpenSim/Region/Physics/UbitOdePlugin/OdeScene.cs b/OpenSim/Region/Physics/UbitOdePlugin/OdeScene.cs index a554897e53..f3ac3ca3c1 100644 --- a/OpenSim/Region/Physics/UbitOdePlugin/OdeScene.cs +++ b/OpenSim/Region/Physics/UbitOdePlugin/OdeScene.cs @@ -1027,7 +1027,7 @@ namespace OpenSim.Region.Physics.OdePlugin { d.AABB aabb; d.GeomGetAABB(g2, out aabb); - float tmp = vtmp.Z - sz * .25f; + float tmp = vtmp.Z - sz * .18f; if (aabb.MaxZ < tmp) { @@ -1057,7 +1057,7 @@ namespace OpenSim.Region.Physics.OdePlugin { d.AABB aabb; d.GeomGetAABB(g1, out aabb); - float tmp = vtmp.Z - sz * .25f; + float tmp = vtmp.Z - sz * .18f; if (aabb.MaxZ < tmp) { diff --git a/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/LSL_Api.cs b/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/LSL_Api.cs index b75260b28b..ce1c36470c 100644 --- a/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/LSL_Api.cs +++ b/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/LSL_Api.cs @@ -3315,8 +3315,6 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api { // Unregister controls from Presence presence.UnRegisterControlEventsToScript(m_host.LocalId, m_item.ItemID); - // Remove Take Control permission. - m_item.PermsMask &= ~ScriptBaseClass.PERMISSION_TAKE_CONTROLS; } } } @@ -11471,6 +11469,59 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api if (userAgent != null) httpHeaders["User-Agent"] = userAgent; + // See if the URL contains any header hacks + string[] urlParts = url.Split(new char[] {'\n'}); + if (urlParts.Length > 1) + { + // Iterate the passed headers and parse them + for (int i = 1 ; i < urlParts.Length ; i++ ) + { + // The rest of those would be added to the body in SL. + // Let's not do that. + if (urlParts[i] == String.Empty) + break; + + // See if this could be a valid header + string[] headerParts = urlParts[i].Split(new char[] {':'}, 2); + if (headerParts.Length != 2) + continue; + + string headerName = headerParts[0].Trim(); + string headerValue = headerParts[1].Trim(); + + // Filter out headers that could be used to abuse + // another system or cloak the request + if (headerName.ToLower() == "x-secondlife-shard" || + headerName.ToLower() == "x-secondlife-object-name" || + headerName.ToLower() == "x-secondlife-object-key" || + headerName.ToLower() == "x-secondlife-region" || + headerName.ToLower() == "x-secondlife-local-position" || + headerName.ToLower() == "x-secondlife-local-velocity" || + headerName.ToLower() == "x-secondlife-local-rotation" || + headerName.ToLower() == "x-secondlife-owner-name" || + headerName.ToLower() == "x-secondlife-owner-key" || + headerName.ToLower() == "connection" || + headerName.ToLower() == "content-length" || + headerName.ToLower() == "from" || + headerName.ToLower() == "host" || + headerName.ToLower() == "proxy-authorization" || + headerName.ToLower() == "referer" || + headerName.ToLower() == "trailer" || + headerName.ToLower() == "transfer-encoding" || + headerName.ToLower() == "via" || + headerName.ToLower() == "authorization") + continue; + + httpHeaders[headerName] = headerValue; + } + + // Finally, strip any protocol specifier from the URL + url = urlParts[0].Trim(); + int idx = url.IndexOf(" HTTP/"); + if (idx != -1) + url = url.Substring(0, idx); + } + string authregex = @"^(https?:\/\/)(\w+):(\w+)@(.*)$"; Regex r = new Regex(authregex); int[] gnums = r.GetGroupNumbers();