Add osRequestURL and osRequestSecureURL with an options list.

Only currently supported option is "allowXss" which will send the needed
Access-control-allow-origin: * header to allow xss scripting against
the LSL http server.
LSLKeyTest
Melanie Thielker 2016-03-16 20:04:52 +01:00
parent efa21156f3
commit e8b46023e4
6 changed files with 66 additions and 7 deletions

View File

@ -52,6 +52,7 @@ namespace OpenSim.Region.CoreModules.Scripting.LSLHttp
public Dictionary<UUID, RequestData> requests;
public bool isSsl;
public Scene scene;
public bool allowXss;
}
public class RequestData
@ -192,7 +193,7 @@ namespace OpenSim.Region.CoreModules.Scripting.LSLHttp
{
}
public UUID RequestURL(IScriptModule engine, SceneObjectPart host, UUID itemID)
public UUID RequestURL(IScriptModule engine, SceneObjectPart host, UUID itemID, Hashtable options)
{
UUID urlcode = UUID.Random();
@ -214,6 +215,10 @@ namespace OpenSim.Region.CoreModules.Scripting.LSLHttp
urlData.isSsl = false;
urlData.requests = new Dictionary<UUID, RequestData>();
urlData.scene = host.ParentGroup.Scene;
urlData.allowXss = false;
if (options != null && options["allowXss"] != null)
urlData.allowXss = true;
m_UrlMap[url] = urlData;
@ -234,7 +239,7 @@ namespace OpenSim.Region.CoreModules.Scripting.LSLHttp
return urlcode;
}
public UUID RequestSecureURL(IScriptModule engine, SceneObjectPart host, UUID itemID)
public UUID RequestSecureURL(IScriptModule engine, SceneObjectPart host, UUID itemID, Hashtable options)
{
UUID urlcode = UUID.Random();
@ -261,7 +266,10 @@ namespace OpenSim.Region.CoreModules.Scripting.LSLHttp
urlData.urlcode = urlcode;
urlData.isSsl = true;
urlData.requests = new Dictionary<UUID, RequestData>();
urlData.allowXss = false;
if (options != null && options["allowXss"] != null)
urlData.allowXss = true;
m_UrlMap[url] = urlData;
@ -559,7 +567,8 @@ namespace OpenSim.Region.CoreModules.Scripting.LSLHttp
response["keepalive"] = false;
response["reusecontext"] = false;
response["access_control_allow_origin"] = "*";
if (url.allowXss)
response["access_control_allow_origin"] = "*";
//remove from map
lock (url.requests)

View File

@ -25,6 +25,7 @@
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
using System.Collections;
using System.Collections.Generic;
using OpenMetaverse;
using OpenSim.Framework;
@ -35,8 +36,8 @@ namespace OpenSim.Region.Framework.Interfaces
public interface IUrlModule
{
string ExternalHostNameForLSL { get; }
UUID RequestURL(IScriptModule engine, SceneObjectPart host, UUID itemID);
UUID RequestSecureURL(IScriptModule engine, SceneObjectPart host, UUID itemID);
UUID RequestURL(IScriptModule engine, SceneObjectPart host, UUID itemID, Hashtable options);
UUID RequestSecureURL(IScriptModule engine, SceneObjectPart host, UUID itemID, Hashtable options);
void ReleaseURL(string url);
void HttpResponse(UUID request, int status, string body);
void HttpContentType(UUID request, string type);

View File

@ -12039,7 +12039,7 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
{
m_host.AddScriptLPS(1);
if (m_UrlModule != null)
return m_UrlModule.RequestSecureURL(m_ScriptEngine.ScriptModule, m_host, m_item.ItemID).ToString();
return m_UrlModule.RequestSecureURL(m_ScriptEngine.ScriptModule, m_host, m_item.ItemID, null).ToString();
return UUID.Zero.ToString();
}
@ -12157,7 +12157,7 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
m_host.AddScriptLPS(1);
if (m_UrlModule != null)
return m_UrlModule.RequestURL(m_ScriptEngine.ScriptModule, m_host, m_item.ItemID).ToString();
return m_UrlModule.RequestURL(m_ScriptEngine.ScriptModule, m_host, m_item.ItemID, null).ToString();
return UUID.Zero.ToString();
}

View File

@ -4134,5 +4134,41 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
return 0;
}
}
public LSL_String osRequestURL(LSL_List options)
{
CheckThreatLevel(ThreatLevel.Moderate, "osRequestSecureURL");
m_host.AddScriptLPS(1);
Hashtable opts = new Hashtable();
for (int i = 0 ; i < options.Length ; i++)
{
object opt = options.Data[i];
if (opt.ToString() == "allowXss")
opts["allowXss"] = true;
}
if (m_UrlModule != null)
return m_UrlModule.RequestURL(m_ScriptEngine.ScriptModule, m_host, m_item.ItemID, opts).ToString();
return UUID.Zero.ToString();
}
public LSL_String osRequestSecureURL(LSL_List options)
{
CheckThreatLevel(ThreatLevel.Moderate, "osRequestSecureURL");
m_host.AddScriptLPS(1);
Hashtable opts = new Hashtable();
for (int i = 0 ; i < options.Length ; i++)
{
object opt = options.Data[i];
if (opt.ToString() == "allowXss")
opts["allowXss"] = true;
}
if (m_UrlModule != null)
return m_UrlModule.RequestSecureURL(m_ScriptEngine.ScriptModule, m_host, m_item.ItemID, opts).ToString();
return UUID.Zero.ToString();
}
}
}

View File

@ -468,5 +468,8 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api.Interfaces
/// <param name="regex">string to use as pattern</param>
/// <returns>boolean</returns>
LSL_Integer osRegexIsMatch(string input, string pattern);
LSL_String osRequestURL(LSL_List options);
LSL_String osRequestSecureURL(LSL_List options);
}
}

View File

@ -1054,5 +1054,15 @@ namespace OpenSim.Region.ScriptEngine.Shared.ScriptBase
{
return m_OSSL_Functions.osRegexIsMatch(input, pattern);
}
public LSL_String osRequestURL(LSL_List options)
{
return m_OSSL_Functions.osRequestURL(options);
}
public LSL_String osRequestSecureURL(LSL_List options)
{
return m_OSSL_Functions.osRequestSecureURL(options);
}
}
}