summaryrefslogtreecommitdiff
path: root/indra/newview
diff options
context:
space:
mode:
Diffstat (limited to 'indra/newview')
-rw-r--r--indra/newview/llfloaterregioninfo.cpp2
-rw-r--r--indra/newview/llviewermessage.cpp5
2 files changed, 7 insertions, 0 deletions
diff --git a/indra/newview/llfloaterregioninfo.cpp b/indra/newview/llfloaterregioninfo.cpp
index f6dab5391a..e5193b8314 100644
--- a/indra/newview/llfloaterregioninfo.cpp
+++ b/indra/newview/llfloaterregioninfo.cpp
@@ -1306,6 +1306,7 @@ void LLPanelRegionTerrainInfo::onClickDownloadRaw(void* data)
return;
}
std::string filepath = picker.getFirstFile();
+ gXferManager->expectFileForRequest(filepath);
LLPanelRegionTerrainInfo* self = (LLPanelRegionTerrainInfo*)data;
strings_t strings;
@@ -1325,6 +1326,7 @@ void LLPanelRegionTerrainInfo::onClickUploadRaw(void* data)
return;
}
std::string filepath = picker.getFirstFile();
+ gXferManager->expectFileForTransfer(filepath);
LLPanelRegionTerrainInfo* self = (LLPanelRegionTerrainInfo*)data;
strings_t strings;
diff --git a/indra/newview/llviewermessage.cpp b/indra/newview/llviewermessage.cpp
index b6c524065c..72bc991a24 100644
--- a/indra/newview/llviewermessage.cpp
+++ b/indra/newview/llviewermessage.cpp
@@ -5157,6 +5157,11 @@ void process_initiate_download(LLMessageSystem* msg, void**)
msg->getString("FileData", "SimFilename", sim_filename);
msg->getString("FileData", "ViewerFilename", viewer_filename);
+ if (!gXferManager->validateFileForRequest(viewer_filename))
+ {
+ llwarns << "SECURITY: Unauthorized download to local file " << viewer_filename << llendl;
+ return;
+ }
gXferManager->requestFile(viewer_filename,
sim_filename,
LL_PATH_NONE,
generated by cgit v1.2.3 (git 2.25.1) at 2025-02-17 01:09:41 +0000