diff options
| author | Roxie Linden <roxie@lindenlab.com> | 2010-04-23 12:15:22 -0700 |
|---|---|---|
| committer | Roxie Linden <roxie@lindenlab.com> | 2010-04-23 12:15:22 -0700 |
| commit | e1b3919a4fec68f57be6d6de2839dc31b654609f (patch) | |
| tree | 9505c74b11fdbb985b02c9ec3b4e5a38e3c06cd8 | |
| parent | e15f2b9197206d5714f62d1981ffbf984dead5f4 (diff) | |
DEV-49362 - SLE: Generic passing of settings up from the server allows attacker to overwrite saved settings when user logs into some other non secondlife grid.
We now do it the old-skool way, simply checking if the specific values exist
| -rw-r--r-- | indra/newview/llstartup.cpp | 55 |
1 files changed, 21 insertions, 34 deletions
diff --git a/indra/newview/llstartup.cpp b/indra/newview/llstartup.cpp index 8e2097762a..8157e7fe8b 100644 --- a/indra/newview/llstartup.cpp +++ b/indra/newview/llstartup.cpp @@ -3022,44 +3022,31 @@ bool process_login_success_response() //setup map of datetime strings to codes and slt & local time offset from utc LLStringOps::setupDatetimeInfo(pacific_daylight_time); } + + // set up the voice configuration. Ultimately, we should pass this up as part of each voice + // channel if we need to move to multiple voice servers per grid. + LLSD voice_config_info = response["voice-config"]; + if(voice_config_info.has("VoiceServerType")) + { + gSavedSettings.setString("VoiceServerType", voice_config_info["VoiceServerType"].asString()); + } - static const char* CONFIG_OPTIONS[] = {"voice-config", "newuser-config"}; - for (int i = 0; i < sizeof(CONFIG_OPTIONS)/sizeof(CONFIG_OPTIONS[0]); i++) + // Default male and female avatars allowing the user to choose their avatar on first login. + // These may be passed up by SLE to allow choice of enterprise avatars instead of the standard + // "new ruth." Not to be confused with 'initial-outfit' below + LLSD newuser_config = response["newuser-config"]; + if(newuser_config.has("DefaultFemaleAvatar")) { - LLSD options = response[CONFIG_OPTIONS[i]]; - if (!options.isArray() && (options.size() < 1) && !options[0].isMap()) - { - continue; - } - llinfos << "config option " << CONFIG_OPTIONS[i][0] << "response " << options << llendl; - for(LLSD::map_iterator option_it = options[0].beginMap(); - option_it != options[0].endMap(); - option_it++) - { - llinfos << "trying option " << option_it->first << llendl; - LLPointer<LLControlVariable> control = gSavedSettings.getControl(option_it->first); - if(control.notNull()) - { - if(control->isType(TYPE_BOOLEAN)) - { - llinfos << "Setting BOOL from login " << option_it->first << " " << option_it->second << llendl; - - gSavedSettings.setBOOL(option_it->first, !((option_it->second == "F") || - (option_it->second == "false") || - (!option_it->second))); - } - else if (control->isType(TYPE_STRING)) - { - llinfos << "Setting String from login " << option_it->first << " " << option_it->second << llendl; - gSavedSettings.setString(option_it->first, option_it->second); - } - // we don't support other types now - - } - - } + gSavedSettings.setString("DefaultFemaleAvatar", newuser_config["DefaultFemaleAvatar"].asString()); + } + if(newuser_config.has("DefaultMaleAvatar")) + { + gSavedSettings.setString("DefaultMaleAvatar", newuser_config["DefaultMaleAvatar"].asString()); } + // Initial outfit for the user. + // QUESTION: Why can't we simply simply set the users outfit directly + // from a web page into the user info on the server? - Roxie LLSD initial_outfit = response["initial-outfit"][0]; if(initial_outfit.size()) { |