WoWInterface

WoWInterface (https://www.wowinterface.com/forums/index.php)
-   Legion Beta archived threads (https://www.wowinterface.com/forums/forumdisplay.php?f=177)
-   -   Remind me, is table itself tainted when you insecurely add/replace key/value pair? (https://www.wowinterface.com/forums/showthread.php?t=54641)

rowaasr13 10-13-16 07:43 AM

Remind me, is table itself tainted when you insecurely add/replace key/value pair?
 
I just noticed this familiar UI panel "click" every time I used AP item and since I was also working with Artifact API at the time, I immideately thought that someone is obviously scanning artifact on each update without disabling panel as they should. Search for SocketInventoryItem found that ExRT (Exorsus Raid Tools) was the culprit, but I also found following piece of code there:

Lua Code:
  1. do
  2.     --Fix Blizzard Errors
  3.     local def = C_ArtifactUI.GetTotalPurchasedRanks
  4.     C_ArtifactUI.GetTotalPurchasedRanks = function(...)
  5.         local arg1,arg2,arg3 = def(...)
  6.         if not arg1 then
  7.             return 0
  8.         end
  9.         return arg1,arg2,arg3
  10.     end
  11. end

So, as subject says, would that make any access to C_ArtifactUI itself tainted and bring all kind of funky errors in combat?

Kanegasi 10-13-16 09:00 AM

As far as I know, only things directly used in combat can be tainted. Since Artifact data isn't normally called on during combat, changing that table wouldn't cause a taint. That particular function replacement is to fix a Blizzard issue where arg1 returns nil upon startup, causing errors to any addon that loads and wants Artifact info due to the Artifact frame comparing the returns of that function to a number.

rowaasr13 10-13-16 09:23 AM

Taint spreads and does so no matter if you're in combat or not. Combat only makes problem visible - that's why I'm interested if it affects entire table or only GetTotalPurchasedRanks.

I'm not a fan of modyfing Blizzard functions at all, but If there's problem in UI function, why not monkey-patch that instead of data function?

Lombra 10-13-16 09:30 AM

Don't know, but I would guess not. Seems like insecurely hooking global functions would cause a whole lot of issues if that were the case. Unless maybe _G is treated differently somehow, and/or it would only be relevant if you explicitly use the _G variable. Frame methods are commonly replaced, as well. It just seems like there should have been a lot more issues going on.

SDPhantom 10-13-16 01:40 PM

You can test it by checking issecurevariable("C_ArtifactUI").


All times are GMT -6. The time now is 09:55 PM.

vBulletin © 2020, Jelsoft Enterprises Ltd
© 2004 - 2019 MMOUI