Difference between revisions of "LSL Protocol/Restrained Living Relay/Other Implementations/Maike Short's Relay"

From Second Life Wiki
Jump to navigation Jump to search
(reverted removal of change notes of version 1.040.d and added change notes for 1.040.e)
Line 1: Line 1:
<div style="border: 5px solid red; padding: 1em">
'''Note:''' [[User:Maike Short|Maike Short]] discovered a serious security bug that allows any website you visit to query for your avatar name while logged in. After Linden Lab ignored this bug for several weeks, Short considered the risk too high and posted a public warning. Instead of thanking her Linden Lab deleted the warning and banned all her accounts. So this page is likely not to be updated anymore in the future.
</div>
{{Restrained Life Relay Specs TOC}}
{{Restrained Life Relay Specs TOC}}


__NOTOC__
__NOTOC__


== Introduction ==
== Introduction ==
Line 30: Line 37:


== Changes ==
== Changes ==
=== 1.040.e ===
* workaround for a security issue causing the permission request dialog to be skipped or displayed twice because of a multi threading vulnerability. This issue did not occur in old versions of the Second Life Server software because processing of listen events used to be very slow compared to linked messages.
* [http://wiki.secondlife.com/w/index.php?title=LSL_Protocol%2FRestrained_Life_Relay%2FOther_Implementations%2FMaike_Short's_Relay%2FRelay_Manager&diff=422682&oldid=341282 my change]
=== 1.040.d ===
* added a filter option to ignore auto granting of permission. If you are sitting while under @acceptpermission a griefer who is not involved at all can get your animation permission while being several hundred meters away


=== 1.040.c ===
=== 1.040.c ===

Revision as of 09:14, 4 July 2009

Note: Maike Short discovered a serious security bug that allows any website you visit to query for your avatar name while logged in. After Linden Lab ignored this bug for several weeks, Short considered the risk too high and posted a public warning. Instead of thanking her Linden Lab deleted the warning and banned all her accounts. So this page is likely not to be updated anymore in the future.




Introduction

You can get this relay in MSM Restraints shop in Stonehaven: http://slurl.com/secondlife/Stonehaven%20Island/155/79/301

Note: The object and all the relay scripts are modifyable so you can easily pick it apart. Only the Help notecard and the update check script (which contains a password) are no-mod. Because of this the whole relay object may wrongly show no-mod. Please drag it into the world to work on it.

Found a bug or incompatiblitly? Please tell me.

Code

Multi Object Support


Old Single Object, Single Script version


Changes

1.040.e

  • workaround for a security issue causing the permission request dialog to be skipped or displayed twice because of a multi threading vulnerability. This issue did not occur in old versions of the Second Life Server software because processing of listen events used to be very slow compared to linked messages.
  • my change

1.040.d

  • added a filter option to ignore auto granting of permission. If you are sitting while under @acceptpermission a griefer who is not involved at all can get your animation permission while being several hundred meters away

1.040.c

  • fixed a !handover permission bug

1.040.b

  • added additional options to the filter (im, vision, windlight, avatar sex)
  • included permissionless tp in tp filter
  • included new rlv-commands in strip filter
  • clean up windlight settings on release if they have been messed with (does not reset daytime on every released, just when it is required)
  • some code cleanup

1.040.a

  • added support for multiple world objects
  • show world map with tp destination if force-tp is disabled

1.040

  • added support for !who which allows world objects to tell who controls them
  • added support for !handover to support inter-sim kidnappers leading directly into a trap and processing facilities that hand over the victim from one step to the next
  • added support for !vision script from the Think Kink PBA by Ilana Debevec and Chloe1982 Constantine)


1.030.c

  • Diff
  • fixed group check on parcels not set to a group (which matched objects set to (none), too (reported by Kitty Barnett)
  • fixed <0, 0, 0> pseudo object position in distance check (reported by Kitty Barnett).

1.030.b

  • Diff
  • fixed two faked avatar chat problems

1.030.a

  • Diff
  • Fixed the compatibility code for world objects that send @clear instead of !release broken by the security fix in 1.020.b

1.030

  • Diff
  • added "Temp Mute" in the ask dialog which will mute the object until the next time you login (in the extended controller script)
  • tell world objects if an active session is canceled by the relay.


1.020.c

  • Diff
  • Display position and distance in permission dialog

1.020.b

  • Diff
  • This is based on 1.015 and has all the fixed made there missing in Marine's 1.020 which is based on a very early version of 1.014
  • Filter automatic RLV replies on public chat channel 0 so that people cannot be tricked to say some foreign text out loud
  • Added "this-is-a-script-generated-message-beyond-the-control-of-the-agent/" at the beginning of @getstatus-replies on all channel
  • Note: Relays which do not add any restriction on their own (like @detach=n) may be abused using @gestatus to trigger dialog responses, gag talk or other scripts like "to buy as gift, say the name of the receiver on channel /x". Any version of the reference implementation smaller than (not including) 1.015 (but including 1.020 which is based on 1.014) are affected by this.

1.015