[sldev] Patch to Address Debit Permission Spoofing
Able Whitman
able.whitman at gmail.com
Thu May 24 20:37:19 PDT 2007
Skipped content of type multipart/alternative-------------- next part --------------
diff -ur -X diff-excludes.txt linden-base/indra/newview/app_settings/colors_base.xml linden/indra/newview/app_settings/colors_base.xml
--- linden-base/indra/newview/app_settings/colors_base.xml 2007-05-23 11:56:00.000000000 -0400
+++ linden/indra/newview/app_settings/colors_base.xml 2007-05-24 21:41:21.390625000 -0400
@@ -10,8 +10,10 @@
<!-- usually be left as opaque white. -->
<ButtonColor value="255, 255, 255, 255"/>
<ButtonImageColor value="255, 255, 255, 255"/>
+<!-- This will shade the blue dialog buttons so they appear redish in a caution dialog, more or less -->
+<ButtonCautionImageColor value="127, 127, 127, 191"/>
-<!-- Text labels for buttons, like the "OK" text -->
+ <!-- Text labels for buttons, like the "OK" text -->
<ButtonLabelColor value="220, 220, 220, 255"/>
<ButtonLabelSelectedColor value="220, 220, 220, 255"/>
<ButtonLabelDisabledColor value="147, 169, 213, 200"/>
@@ -95,6 +97,7 @@
<!-- top-right of the screen. -->
<NotifyBoxColor value="58, 147, 242, 255"/>
<NotifyTextColor value="0, 0, 0, 255"/>
+<NotifyCautionBoxColor value="242, 58, 73, 255"/>
<!-- Background color of focused floaters -->
<FocusBackgroundColor value="62, 62, 62, 255"/>
<GroupNotifyBoxColor value="70, 170, 255, 255"/>
diff -ur -X diff-excludes.txt linden-base/indra/newview/llcontroldef.cpp linden/indra/newview/llcontroldef.cpp
--- linden-base/indra/newview/llcontroldef.cpp 2007-05-23 11:56:00.000000000 -0400
+++ linden/indra/newview/llcontroldef.cpp 2007-05-24 21:49:42.515625000 -0400
@@ -240,6 +240,9 @@
// Other....
//------------------------------------------------------------------------
+ gSavedSettings.declareBOOL("PermissionsCautionPrompt", TRUE, "When TRUE, displays script prompts for certain permissions (like the debit permission) in a different style to warn the user", TRUE);
+ gSavedSettings.declareBOOL("PermissionsCautionAutoDecline", FALSE, "Automatically decline permission requests from scripts that ask for permissions that would raise a caution, such as the debit permission", TRUE);
+
gSavedSettings.declareBOOL("ScriptHelpFollowsCursor", FALSE, "Scripting help window updates contents based on script editor contents under text cursor");
gSavedSettings.declareS32("LastFeatureVersion", 0, "[DO NOT MODIFY] Version number for tracking hardware changes", TRUE);
diff -ur -X diff-excludes.txt linden-base/indra/newview/llnotify.cpp linden/indra/newview/llnotify.cpp
--- linden-base/indra/newview/llnotify.cpp 2007-05-23 11:56:00.000000000 -0400
+++ linden/indra/newview/llnotify.cpp 2007-05-24 20:19:00.812500000 -0400
@@ -71,11 +71,15 @@
return showXml(xml_desc, LLString::format_map_t(), callback, user_data);
}
+
//static
void LLNotifyBox::showXml( const LLString& xml_desc, const LLString::format_map_t& args,
- notify_callback_t callback, void *user_data)
+ notify_callback_t callback, void *user_data, BOOL is_caution)
{
- LLNotifyBox* notify = new LLNotifyBox(xml_desc, args, callback, user_data);
+ // need to pass is_caution along to the LLNotifyBox c'tor,
+ // so pass the defaults for extra_options and layout_script_dialog
+ // explicitly here
+ LLNotifyBox* notify = new LLNotifyBox(xml_desc, args, callback, user_data, option_list_t(), FALSE, is_caution);
gNotifyBoxView->addChild(notify);
}
@@ -94,10 +98,12 @@
LLNotifyBox::LLNotifyBox(const LLString& xml_desc, const LLString::format_map_t& args,
notify_callback_t callback, void* user_data,
const option_list_t& extra_options,
- BOOL layout_script_dialog)
+ BOOL layout_script_dialog,
+ BOOL is_caution)
: LLPanel("notify", LLRect(), BORDER_NO),
LLEventTimer(gSavedSettings.getF32("NotifyTipDuration")),
mIsTip(FALSE),
+ mIsCaution(FALSE),
mAnimating(TRUE),
mTimer(),
mNextBtn(NULL),
@@ -141,7 +147,11 @@
options.insert(options.end(), extra_options.begin(), extra_options.end());
// initialize
-
+
+ // caution flag can be set explicitly by specifying it in the
+ // call to the c'tor, or it can be set implicitly if the
+ // notify xml template specifies that it is a caution
+ mIsCaution = gSavedSettings.getBOOL("PermissionsCautionPrompt") & (xml_template->mIsCaution | is_caution);
mIsTip = xml_template->mIsTip;
mIsFocusRoot = !mIsTip;
mAnimating = TRUE;
@@ -260,6 +270,13 @@
btn = new LLButton(options[i], btn_rect, "", onClickButton, userdata);
btn->setFont(font);
+
+ if (mIsCaution)
+ {
+ btn->setImageColor(LLUI::sColorsGroup->getColor("ButtonCautionImageColor"));
+ btn->setDisabledImageColor(LLUI::sColorsGroup->getColor("ButtonCautionImageColor"));
+ }
+
addChild(btn, -1);
if (i == mDefaultOption)
@@ -363,7 +380,8 @@
{
LLGLSTexture texture_enabled;
LLViewerImage::bindTexture(imagep);
- LLColor4 color = gColors.getColor("NotifyBoxColor");
+ // set proper background color depending on whether notify box is a caution or not
+ LLColor4 color = mIsCaution? gColors.getColor("NotifyCautionBoxColor") : gColors.getColor("NotifyBoxColor");
if(gFocusMgr.childHasKeyboardFocus( this ))
{
const S32 focus_width = 2;
@@ -376,7 +394,7 @@
color = gColors.getColor("ColorDropShadow");
glColor4fv(color.mV);
gl_segmented_rect_2d_tex(0, mRect.getHeight(), mRect.getWidth(), 0, imagep->getWidth(), imagep->getHeight(), 16, mIsTip ? ROUNDED_RECT_TOP : ROUNDED_RECT_BOTTOM);
- color = gColors.getColor("NotifyBoxColor");
+ color = mIsCaution? gColors.getColor("NotifyCautionBoxColor") : gColors.getColor("NotifyBoxColor");
glColor4fv(color.mV);
gl_segmented_rect_2d_tex(1, mRect.getHeight()-1, mRect.getWidth()-1, 1, imagep->getWidth(), imagep->getHeight(), 16, mIsTip ? ROUNDED_RECT_TOP : ROUNDED_RECT_BOTTOM);
}
@@ -609,6 +627,20 @@
}
}
+// method to check whether a given notify template show as a caution or not
+const BOOL LLNotifyBox::getTemplateIsCaution(const LLString& xml_desc)
+{
+ BOOL is_caution = FALSE;
+
+ template_map_t::iterator iter = sNotifyTemplates.find(xml_desc);
+ if (iter != sNotifyTemplates.end())
+ {
+ is_caution = iter->second->mIsCaution;
+ }
+
+ return is_caution;
+}
+
//static
bool LLNotifyBox::parseNotify(const LLString& xml_filename)
{
@@ -656,6 +688,18 @@
xml_template->mIsTip = tip;
}
}
+
+ // parse a bool attribute named "caution" to determine
+ // whether this notification gets cautionary special handling
+ BOOL caution = FALSE;
+ if (notify->getAttributeBOOL("caution", caution))
+ {
+ if (xml_template)
+ {
+ xml_template->mIsCaution = caution;
+ }
+ }
+
S32 btn_idx = 0;
for (LLXMLNode* child = notify->getFirstChild();
diff -ur -X diff-excludes.txt linden-base/indra/newview/llnotify.h linden/indra/newview/llnotify.h
--- linden-base/indra/newview/llnotify.h 2007-05-23 11:56:00.000000000 -0400
+++ linden/indra/newview/llnotify.h 2007-05-24 00:50:57.984375000 -0400
@@ -46,9 +46,9 @@
static void showXml( const LLString& xml_desc,
notify_callback_t callback = NULL, void *user_data = NULL);
-
static void showXml( const LLString& xml_desc, const LLString::format_map_t& args,
- notify_callback_t callback = NULL, void *user_data = NULL);
+ notify_callback_t callback = NULL, void *user_data = NULL,
+ BOOL is_caution = FALSE);
// For script notifications:
static void showXml( const LLString& xml_desc, const LLString::format_map_t& args,
notify_callback_t callback, void *user_data,
@@ -57,15 +57,18 @@
static bool parseNotify(const LLString& xml_filename);
static const LLString& getTemplateMessage(const LLString& xml_desc);
+ static const BOOL LLNotifyBox::getTemplateIsCaution(const LLString& xml_desc);
BOOL isTip() const { return mIsTip; }
+ BOOL isCaution() const { return mIsCaution; }
/*virtual*/ void setVisible(BOOL visible);
protected:
LLNotifyBox(const LLString& xml_desc, const LLString::format_map_t& args,
notify_callback_t callback, void* user_data,
const option_list_t& extra_options = option_list_t(),
- BOOL layout_script_dialog = FALSE);
+ BOOL layout_script_dialog = FALSE,
+ BOOL is_caution = FALSE);
/*virtual*/ ~LLNotifyBox();
@@ -95,6 +98,7 @@
protected:
BOOL mIsTip;
+ BOOL mIsCaution; // is this a caution notification?
BOOL mAnimating; // Are we sliding onscreen?
// Time since this notification was displayed.
@@ -142,7 +146,7 @@
class LLNotifyBoxTemplate : public LLRefCount
{
public:
- LLNotifyBoxTemplate() : mIsTip(FALSE), mDefaultOption(0) {}
+ LLNotifyBoxTemplate() : mIsTip(FALSE), mIsCaution(FALSE), mDefaultOption(0) {}
void setMessage(const LLString& message)
{
@@ -162,6 +166,9 @@
LLString mLabel; // Handle for access from code, etc
LLString mMessage; // Message to display
BOOL mIsTip;
+ // flag whether to use special caution dialog when a script permission
+ // request includes a notification marked as a caution in notify.xml
+ BOOL mIsCaution;
LLNotifyBox::option_list_t mOptions;
S32 mDefaultOption;
};
diff -ur -X diff-excludes.txt linden-base/indra/newview/llviewermessage.cpp linden/indra/newview/llviewermessage.cpp
--- linden-base/indra/newview/llviewermessage.cpp 2007-05-23 11:56:00.000000000 -0400
+++ linden/indra/newview/llviewermessage.cpp 2007-05-24 18:07:15.593750000 -0400
@@ -154,6 +154,22 @@
const U32 OFFER_THROTTLE_MAX_COUNT=5; //number of items per time period
const F32 OFFER_THROTTLE_TIME=10.f; //time period in seconds
+//script permissions
+const LLString SCRIPT_QUESTIONS[SCRIPT_PERMISSION_EOF] =
+ {
+ "ScriptTakeMoney",
+ "ActOnControlInputs",
+ "RemapControlInputs",
+ "AnimateYourAvatar",
+ "AttachToYourAvatar",
+ "ReleaseOwnership",
+ "LinkAndDelink",
+ "AddAndRemoveJoints",
+ "ChangePermissions",
+ "TrackYourCamera",
+ "ControlYourCamera"
+ };
+
struct LLFriendshipOffer
{
LLUUID mFromID;
@@ -4273,8 +4289,8 @@
class LLScriptQuestionCBData
{
public:
- LLScriptQuestionCBData(const LLUUID &taskid, const LLUUID &itemid, const LLHost &sender, S32 questions)
- : mTaskID(taskid), mItemID(itemid), mSender(sender), mQuestions(questions)
+ LLScriptQuestionCBData(const LLUUID &taskid, const LLUUID &itemid, const LLHost &sender, S32 questions, const char *object_name, const char *owner_name)
+ : mTaskID(taskid), mItemID(itemid), mSender(sender), mQuestions(questions), mObjectName(object_name), mOwnerName(owner_name)
{
}
@@ -4282,17 +4298,91 @@
LLUUID mItemID;
LLHost mSender;
S32 mQuestions;
+ LLString mObjectName;
+ LLString mOwnerName;
};
+void notify_cautioned_script_question(LLScriptQuestionCBData* cbdata, S32 orig_questions, BOOL allowed)
+{
+ if (orig_questions)
+ {
+ LLString notice("'");
+ notice.append(cbdata->mObjectName);
+ notice.append("', an object owned by '");
+ notice.append(cbdata->mOwnerName);
+
+ if (allowed)
+ {
+ notice.append("', has been granted permission to: ");
+ }
+ else
+ {
+ notice.append("', has been denied permission to: ");
+ }
+
+ BOOL caution = FALSE;
+ S32 count = 0;
+ for (S32 i = 0; i < SCRIPT_PERMISSION_EOF; i++)
+ {
+ if ((orig_questions & LSCRIPTRunTimePermissionBits[i]) && LLNotifyBox::getTemplateIsCaution(SCRIPT_QUESTIONS[i]))
+ {
+ count++;
+ caution = TRUE;
+
+ if ((count > 1) && (i < SCRIPT_PERMISSION_EOF))
+ {
+ notice.append(", ");
+ }
+
+ notice.append(LLNotifyBox::getTemplateMessage(SCRIPT_QUESTIONS[i]));
+ }
+ }
+
+ notice.append(".");
+
+ if (caution)
+ {
+ LLChat chat(notice);
+ LLFloaterChat::addChat(chat, FALSE, FALSE);
+ }
+ }
+}
+
+void script_question_decline_cb(S32 option, void* user_data)
+{
+ LLMessageSystem *msg = gMessageSystem;
+ LLScriptQuestionCBData *cbdata = (LLScriptQuestionCBData *)user_data;
+
+ // this callback will always decline all permissions requested
+ S32 orig = cbdata->mQuestions;
+ cbdata->mQuestions = 0;
+
+ msg->newMessageFast(_PREHASH_ScriptAnswerYes);
+ msg->nextBlockFast(_PREHASH_AgentData);
+ msg->addUUIDFast(_PREHASH_AgentID, gAgent.getID());
+ msg->addUUIDFast(_PREHASH_SessionID, gAgent.getSessionID());
+ msg->nextBlockFast(_PREHASH_Data);
+ msg->addUUIDFast(_PREHASH_TaskID, cbdata->mTaskID);
+ msg->addUUIDFast(_PREHASH_ItemID, cbdata->mItemID);
+ msg->addS32Fast(_PREHASH_Questions, cbdata->mQuestions);
+ msg->sendReliable(cbdata->mSender);
+
+ notify_cautioned_script_question(cbdata, orig, FALSE);
+
+ delete cbdata;
+}
void script_question_cb(S32 option, void* user_data)
{
LLMessageSystem *msg = gMessageSystem;
LLScriptQuestionCBData *cbdata = (LLScriptQuestionCBData *)user_data;
+ S32 orig = cbdata->mQuestions;
+ BOOL allowed = TRUE;
if (option != 0)
{
cbdata->mQuestions = 0;
- }
+ allowed = FALSE;
+ }
msg->newMessageFast(_PREHASH_ScriptAnswerYes);
msg->nextBlockFast(_PREHASH_AgentData);
msg->addUUIDFast(_PREHASH_AgentID, gAgent.getID());
@@ -4302,27 +4392,15 @@
msg->addUUIDFast(_PREHASH_ItemID, cbdata->mItemID);
msg->addS32Fast(_PREHASH_Questions, cbdata->mQuestions);
msg->sendReliable(cbdata->mSender);
+
+ notify_cautioned_script_question(cbdata, orig, allowed);
+
delete cbdata;
}
-
void process_script_question(LLMessageSystem *msg, void **user_data)
{
// XUI:translate owner name -> [FIRST] [LAST]
- const LLString script_questions[SCRIPT_PERMISSION_EOF] =
- {
- "ScriptTakeMoney",
- "ActOnControlInputs",
- "RemapControlInputs",
- "AnimateYourAvatar",
- "AttachToYourAvatar",
- "ReleaseOwnership",
- "LinkAndDelink",
- "AddAndRemoveJoints",
- "ChangePermissions",
- "TrackYourCamera",
- "ControlYourCamera"
- };
LLHost sender = msg->getSender();
@@ -4341,6 +4419,7 @@
LLString script_question;
if (questions)
{
+ BOOL caution = FALSE;
S32 count = 0;
LLString::format_map_t args;
args["[OBJECTNAME]"] = object_name;
@@ -4350,14 +4429,26 @@
if (questions & LSCRIPTRunTimePermissionBits[i])
{
count++;
- script_question += " " + LLNotifyBox::getTemplateMessage(script_questions[i]) + "\n";
+ script_question += " " + LLNotifyBox::getTemplateMessage(SCRIPT_QUESTIONS[i]) + "\n";
+
+ // check whether permission question should cause special caution dialog
+ caution |= LLNotifyBox::getTemplateIsCaution(SCRIPT_QUESTIONS[i]);
}
}
args["[QUESTIONS]"] = script_question;
- LLScriptQuestionCBData *cbdata = new LLScriptQuestionCBData(taskid, itemid, sender, questions);
+ LLScriptQuestionCBData *cbdata = new LLScriptQuestionCBData(taskid, itemid, sender, questions, object_name, owner_name);
- LLNotifyBox::showXml("ScriptQuestion", args, script_question_cb, cbdata);
+ if (caution && gSavedSettings.getBOOL("PermissionsCautionAutoDecline"))
+ {
+ // automatically decline the request for permissions that would otherwise raise a caution prompt
+ LLNotifyBox::showXml("ScriptQuestionDecline", args, script_question_decline_cb, cbdata, caution);
+ }
+ else
+ {
+ // display the permissions request normally, with or without a caution
+ LLNotifyBox::showXml("ScriptQuestion", args, script_question_cb, cbdata, caution);
+ }
}
}
diff -ur -X diff-excludes.txt linden-base/indra/newview/skins/xui/en-us/notify.xml linden/indra/newview/skins/xui/en-us/notify.xml
--- linden-base/indra/newview/skins/xui/en-us/notify.xml 2007-05-23 11:56:02.000000000 -0400
+++ linden/indra/newview/skins/xui/en-us/notify.xml 2007-05-24 20:19:00.703125000 -0400
@@ -634,7 +634,7 @@
Failed to find [TYPE] named [DESC] in database.
</message>
</notify>
- <notify name="ScriptTakeMoney" tip="false">
+ <notify name="ScriptTakeMoney" tip="false" caution="true">
<message name="message">
Take Linden dollars (L$) from you
</message>
@@ -703,7 +703,15 @@
No
</option>
</notify>
- <notify name="ScriptDialog" tip="false">
+ <notify name="ScriptQuestionDecline" tip="false" caution="true">
+ <message name="message">
+ '[OBJECTNAME]', an object owned by '[NAME]', would like to:
+
+[QUESTIONS]
+This request will be automatically declined.
+ </message>
+ </notify>
+ <notify name="ScriptDialog" tip="false">
<message name="message">
[FIRST] [LAST]'s '[TITLE]'
[MESSAGE]
diff -ur -X diff-excludes.txt linden-base/indra/newview/skins/xui/en-us/panel_settings_msgbox.xml linden/indra/newview/skins/xui/en-us/panel_settings_msgbox.xml
--- linden-base/indra/newview/skins/xui/en-us/panel_settings_msgbox.xml 2007-05-23 11:56:02.000000000 -0400
+++ linden/indra/newview/skins/xui/en-us/panel_settings_msgbox.xml 2007-05-24 21:33:02.375000000 -0400
@@ -11,7 +11,13 @@
Show popups:
</text>
<scroll_list follows="top|left" height="100" left="12" name="enabled_popups" width="480" />
- <button bottom_delta="-45" follows="top|left" height="20"
+ <button bottom_delta="-45" follows="top|left" height="20"
label="Reset 'Show next time' Dialogs..." left="12"
name="reset_dialogs_btn" width="210" />
+ <text bottom_delta="-40" follows="top|left" left="12" width="200">
+ Script Debit Permissions:
+ </text>
+ <check_box follows="top|left" height="16" name="caution_auto_decline" width="480" left="12"
+ control_name="PermissionsCautionAutoDecline" initial_value="false"
+ label="Automatically decline script requests for permission to debit money (L$) from you" />
</panel>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: debit-perm-caution-prompt.PNG
Type: image/png
Size: 13188 bytes
Desc: not available
Url : http://lists.secondlife.com/pipermail/sldev/attachments/20070524/fffca596/debit-perm-caution-prompt-0001.png
-------------- next part --------------
A non-text attachment was scrubbed...
Name: debit-perm-deny-prompt.PNG
Type: image/png
Size: 13191 bytes
Desc: not available
Url : http://lists.secondlife.com/pipermail/sldev/attachments/20070524/fffca596/debit-perm-deny-prompt-0001.png
-------------- next part --------------
A non-text attachment was scrubbed...
Name: debit-perm-deny-chat.jpg
Type: image/jpeg
Size: 16721 bytes
Desc: not available
Url : http://lists.secondlife.com/pipermail/sldev/attachments/20070524/fffca596/debit-perm-deny-chat-0001.jpg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: debit-perm-debit-autodeny-pref.jpg
Type: image/jpeg
Size: 22979 bytes
Desc: not available
Url : http://lists.secondlife.com/pipermail/sldev/attachments/20070524/fffca596/debit-perm-debit-autodeny-pref-0001.jpg
More information about the SLDev
mailing list