diff options
Diffstat (limited to 'indra/newview/llcommandhandler.cpp')
| -rwxr-xr-x[-rw-r--r--] | indra/newview/llcommandhandler.cpp | 108 |
1 files changed, 84 insertions, 24 deletions
diff --git a/indra/newview/llcommandhandler.cpp b/indra/newview/llcommandhandler.cpp index 8c7e7bea83..19dba3f917 100644..100755 --- a/indra/newview/llcommandhandler.cpp +++ b/indra/newview/llcommandhandler.cpp @@ -4,31 +4,25 @@ * which manipulate user interface. For example, the command * "agent (uuid) about" will open the UI for an avatar's profile. * - * $LicenseInfo:firstyear=2007&license=viewergpl$ - * - * Copyright (c) 2007-2009, Linden Research, Inc. - * + * $LicenseInfo:firstyear=2007&license=viewerlgpl$ * Second Life Viewer Source Code - * The source code in this file ("Source Code") is provided by Linden Lab - * to you under the terms of the GNU General Public License, version 2.0 - * ("GPL"), unless you have obtained a separate licensing agreement - * ("Other License"), formally executed by you and Linden Lab. Terms of - * the GPL can be found in doc/GPL-license.txt in this distribution, or - * online at http://secondlifegrid.net/programs/open_source/licensing/gplv2 + * Copyright (C) 2010, Linden Research, Inc. * - * There are special exceptions to the terms and conditions of the GPL as - * it is applied to this Source Code. View the full text of the exception - * in the file doc/FLOSS-exception.txt in this software distribution, or - * online at - * http://secondlifegrid.net/programs/open_source/licensing/flossexception + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; + * version 2.1 of the License only. * - * By copying, modifying or distributing this software, you acknowledge - * that you have read and understood your obligations described above, - * and agree to abide by those obligations. + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. * - * ALL LINDEN LAB SOURCE CODE IS PROVIDED "AS IS." LINDEN LAB MAKES NO - * WARRANTIES, EXPRESS, IMPLIED OR OTHERWISE, REGARDING ITS ACCURACY, - * COMPLETENESS OR PERFORMANCE. + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + * + * Linden Research, Inc., 945 Battery Street, San Francisco, CA 94111 USA * $/LicenseInfo$ */ #include "llviewerprecompiledheaders.h" @@ -36,11 +30,12 @@ #include "llcommandhandler.h" #include "llnotificationsutil.h" #include "llcommanddispatcherlistener.h" +#include "stringize.h" // system includes #include <boost/tokenizer.hpp> -#define THROTTLE_PERIOD 15 // required secs between throttled commands +#define THROTTLE_PERIOD 5 // required seconds between throttled commands static LLCommandDispatcherListener sCommandDispatcherListener; @@ -64,9 +59,11 @@ public: const LLSD& params, const LLSD& query_map, LLMediaCtrl* web, + const std::string& nav_type, bool trusted_browser); private: + friend LLSD LLCommandDispatcher::enumerate(); std::map<std::string, LLCommandHandlerInfo> mMap; }; @@ -95,6 +92,7 @@ bool LLCommandHandlerRegistry::dispatch(const std::string& cmd, const LLSD& params, const LLSD& query_map, LLMediaCtrl* web, + const std::string& nav_type, bool trusted_browser) { static bool slurl_blocked = false; @@ -124,11 +122,19 @@ bool LLCommandHandlerRegistry::dispatch(const std::string& cmd, return true; case LLCommandHandler::UNTRUSTED_THROTTLE: + // if users actually click on a link, we don't need to throttle it + // (throttling mechanism is used to prevent an avalanche of clicks via + // javascript + if ( nav_type == "clicked" ) + { + break; + } + cur_time = LLTimer::getElapsedSeconds(); if (cur_time < last_throttle_time + THROTTLE_PERIOD) { // block request from external browser if it happened - // within THROTTLE_PERIOD secs of the last command + // within THROTTLE_PERIOD seconds of the last command LL_WARNS_ONCE("SLURL") << "Throttled SLURL command from untrusted browser" << LL_ENDL; if (! slurl_throttled) { @@ -170,8 +176,62 @@ bool LLCommandDispatcher::dispatch(const std::string& cmd, const LLSD& params, const LLSD& query_map, LLMediaCtrl* web, + const std::string& nav_type, bool trusted_browser) { return LLCommandHandlerRegistry::instance().dispatch( - cmd, params, query_map, web, trusted_browser); + cmd, params, query_map, web, nav_type, trusted_browser); +} + +static std::string lookup(LLCommandHandler::EUntrustedAccess value); + +LLSD LLCommandDispatcher::enumerate() +{ + LLSD response; + LLCommandHandlerRegistry& registry(LLCommandHandlerRegistry::instance()); + for (std::map<std::string, LLCommandHandlerInfo>::const_iterator chi(registry.mMap.begin()), + chend(registry.mMap.end()); + chi != chend; ++chi) + { + LLSD info; + info["untrusted"] = chi->second.mUntrustedBrowserAccess; + info["untrusted_str"] = lookup(chi->second.mUntrustedBrowserAccess); + response[chi->first] = info; + } + return response; +} + +/*------------------------------ lookup stuff ------------------------------*/ +struct symbol_info +{ + const char* name; + LLCommandHandler::EUntrustedAccess value; +}; + +#define ent(SYMBOL) \ + { \ + #SYMBOL + 28, /* skip "LLCommandHandler::UNTRUSTED_" prefix */ \ + SYMBOL \ + } + +symbol_info symbols[] = +{ + ent(LLCommandHandler::UNTRUSTED_ALLOW), // allow commands from untrusted browsers + ent(LLCommandHandler::UNTRUSTED_BLOCK), // ignore commands from untrusted browsers + ent(LLCommandHandler::UNTRUSTED_THROTTLE) // allow untrusted, but only a few per min. +}; + +#undef ent + +static std::string lookup(LLCommandHandler::EUntrustedAccess value) +{ + for (symbol_info *sii(symbols), *siend(symbols + (sizeof(symbols)/sizeof(symbols[0]))); + sii != siend; ++sii) + { + if (sii->value == value) + { + return sii->name; + } + } + return STRINGIZE("UNTRUSTED_" << value); } |