MantisBT - opensim
View Issue Details
0008856opensim[GRID] Grid Servicepublic2021-01-28 11:522021-02-01 05:05
patch includedopen 
Grid (1 Region per Sim) , Grid (Multiple Regions per Sim)
Mono / Linux64
0008856: Userprofiles does not sanitize classified input
The userprofileservice does not check validity of data it is sent, specifically for classifieds no defaults are assumed. Unfortunately some viewers do not send proper data when classifieds are set up.

This means the search system based around the valid data in the database fail to find classifieds with improper classifiedflags.

What is needed is a check in the userprofileservice to make sure the data passed to classifieds contains proper classifiedflags or default to int 2, which represents "General Content" no auto renew. Currently without a default set the database gets null seen as int 0, resulting in essentially faulty data.

For the unofficial ossearch to work these flags need to be proper else anything in General Content cannot be found.
Enable debug http all 6 on simulator console.

Create a classified set to "General Content" without the automatic renewal enabled.

Observe data being sent to userprofile service not containing Flag parameter for classifiedflags.

Check database classifieds table to see classifiedflags set to 0 instead of 2.
Apparently there are two parts to these flags.

A bit to set auto renew, represented as int 32

A bit to set maturity level, represented as 2,8 and 64

Apparently this is normally checked at the binary level, each bit, well you can work that out I lack sleep for binary conversion.

Currently cannot test other viewers, only checked Firestorm, but seeing as this is rather down basic avenue I suspect all viewers have this issue. While that means it is somewhat of a viewer bug, we should still always assume sane defaults if data is missing.

No tags attached.
patch 0052-Sanitize-classifiedflags-input.patch (2,502) 2021-02-01 05:05
Issue History
2021-01-28 11:52tampaNew Issue
2021-01-29 14:24tampaFile Added: 0052-Make-sure-Classifiedflags-are-proper.patch
2021-01-29 14:32tampaNote Added: 0037520
2021-01-29 14:32tampaStatusnew => patch included
2021-01-29 18:17tampaFile Deleted: 0052-Make-sure-Classifiedflags-are-proper.patch
2021-01-29 18:17tampaNote Deleted: 0037520
2021-01-31 03:47tampaNote Added: 0037528
2021-02-01 05:04tampaFile Added: 0052-Sanitize-classifiedflags-input.patch
2021-02-01 05:05tampaFile Deleted: 0052-Sanitize-classifiedflags-input.patch
2021-02-01 05:05tampaFile Added: 0052-Sanitize-classifiedflags-input.patch

2021-01-31 03:47   
So now on master it sets the correct flags, but nothing checks whether what's entered is within the possible values, it still just parses. While it does add overhead, making sure data entry is sane is important unless you want to risk bad data getting in there.