Mantis Bug Tracker

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0008856opensim[GRID] Grid Servicepublic2021-01-28 11:522021-02-01 05:05
Assigned To 
Statuspatch includedResolutionopen 
PlatformOperating SystemOperating System Version
Product Version 
Target VersionFixed in Version 
Summary0008856: Userprofiles does not sanitize classified input
DescriptionThe userprofileservice does not check validity of data it is sent, specifically for classifieds no defaults are assumed. Unfortunately some viewers do not send proper data when classifieds are set up.

This means the search system based around the valid data in the database fail to find classifieds with improper classifiedflags.

What is needed is a check in the userprofileservice to make sure the data passed to classifieds contains proper classifiedflags or default to int 2, which represents "General Content" no auto renew. Currently without a default set the database gets null seen as int 0, resulting in essentially faulty data.

For the unofficial ossearch to work these flags need to be proper else anything in General Content cannot be found.
Steps To ReproduceEnable debug http all 6 on simulator console.

Create a classified set to "General Content" without the automatic renewal enabled.

Observe data being sent to userprofile service not containing Flag parameter for classifiedflags.

Check database classifieds table to see classifiedflags set to 0 instead of 2.
Additional InformationApparently there are two parts to these flags.

A bit to set auto renew, represented as int 32

A bit to set maturity level, represented as 2,8 and 64

Apparently this is normally checked at the binary level, each bit, well you can work that out I lack sleep for binary conversion.

Currently cannot test other viewers, only checked Firestorm, but seeing as this is rather down basic avenue I suspect all viewers have this issue. While that means it is somewhat of a viewer bug, we should still always assume sane defaults if data is missing.

TagsNo tags attached.
Git Revision or version number
Run Mode Grid (1 Region per Sim) , Grid (Multiple Regions per Sim)
Physics EngineBulletSim
Script EngineXEngine
EnvironmentMono / Linux64
Mono Version6.x
Attached Filespatch file icon 0052-Sanitize-classifiedflags-input.patch [^] (2,502 bytes) 2021-02-01 05:05 [Show Content]

- Relationships

-  Notes
tampa (reporter)
2021-01-31 03:47

So now on master it sets the correct flags, but nothing checks whether what's entered is within the possible values, it still just parses. While it does add overhead, making sure data entry is sane is important unless you want to risk bad data getting in there.

- Issue History
Date Modified Username Field Change
2021-01-28 11:52 tampa New Issue
2021-01-29 14:24 tampa File Added: 0052-Make-sure-Classifiedflags-are-proper.patch
2021-01-29 14:32 tampa Note Added: 0037520
2021-01-29 14:32 tampa Status new => patch included
2021-01-29 18:17 tampa File Deleted: 0052-Make-sure-Classifiedflags-are-proper.patch
2021-01-29 18:17 tampa Note Deleted: 0037520
2021-01-31 03:47 tampa Note Added: 0037528
2021-02-01 05:04 tampa File Added: 0052-Sanitize-classifiedflags-input.patch
2021-02-01 05:05 tampa File Deleted: 0052-Sanitize-classifiedflags-input.patch
2021-02-01 05:05 tampa File Added: 0052-Sanitize-classifiedflags-input.patch

Copyright © 2000 - 2012 MantisBT Group
Powered by Mantis Bugtracker