From cb926640b72afc5f4cad3919222acaefdd090c92 Mon Sep 17 00:00:00 2001 From: Martin Reddy Date: Mon, 14 Sep 2009 17:09:45 +0000 Subject: DEV-15182 VWR-5474 SEC-20: re-enabled support for clicking on the following SLAPP URL types in an untrusted browser: secondlife:///app/agent/... secondlife:///app/group/... secondlife:///app/parcel/... In order to find a compromise between supporting these commands and security concerns over potential griefing vectors, we use a throttling solution when these commands are issued by untrusted web browsers. That is, we only process one command per 15 seconds. This applies to external browsers, like Firefox, as well as the internal SL browser. Notably, we continue to block secondlife:///app/teleport URLs. Reviewed by james. --- indra/newview/llcommandhandler.h | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) (limited to 'indra/newview/llcommandhandler.h') diff --git a/indra/newview/llcommandhandler.h b/indra/newview/llcommandhandler.h index 5cb3ee73d4..1bae6d9414 100644 --- a/indra/newview/llcommandhandler.h +++ b/indra/newview/llcommandhandler.h @@ -43,7 +43,7 @@ public: // Inform the system you handle commands starting // with "foo" and they are only allowed from // "trusted" (pointed at Linden content) browsers - LLFooHandler() : LLCommandHandler("foo", true) { } + LLFooHandler() : LLCommandHandler("foo", UNTRUSTED_BLOCK) { } // Your code here bool handle(const LLSD& tokens, const LLSD& query_map, @@ -65,7 +65,14 @@ class LLMediaCtrl; class LLCommandHandler { public: - LLCommandHandler(const char* command, bool allow_from_untrusted_browser); + enum EUntrustedAccess + { + UNTRUSTED_ALLOW, // allow commands from untrusted browsers + UNTRUSTED_BLOCK, // ignore commands from untrusted browsers + UNTRUSTED_THROTTLE // allow untrusted, but only a few per min. + }; + + LLCommandHandler(const char* command, EUntrustedAccess untrusted_access); // Automatically registers object to get called when // command is executed. All commands can be processed // in links from LLMediaCtrl, but some (like teleport) -- cgit v1.2.3