Is this a bug in secure frames SetFrameRef/GetFrameRef?

Duugu · 10-07-14, 11:09 AM

I've found some strange behavior within the Set/GetFrameRef() thing for secure frames.

Consider the following code:

Lua Code:

local header = CreateFrame("Frame", "testheader", UIParent, "SecureHandlerStateTemplate")
header:SetFrameRef("ActionButton1", _G["ActionButton1"]) 
 
local button = CreateFrame("CheckButton", "testbutton1", header, "SecureActionButtonTemplate, ActionButtonTemplate")
button:SetPoint("CENTER", UIParent, "CENTER")
    
header:WrapScript(button, "OnClick", [[
    print("ActionButton1.IsForbidden =", self:GetParent():GetFrameRef("ActionButton1").IsForbidden)
]])
 
print("ActionButton1.IsForbidden =", _G["ActionButton1"].IsForbidden, _G["ActionButton1"]:IsForbidden())

It prints:

ActionButton1.IsForbidden = function: <.....> false

Now click the test button.

It prints:

ActionButton1.IsForbidden = nil

Ehm?

Try again:

Lua Code:

print("ActionButton1.IsForbidden =", _G["ActionButton1"].IsForbidden, _G["ActionButton1"]:IsForbidden())

Result:

ActionButton1.IsForbidden = function: <.....> false

WTF??

So, is it me, or is GetFrameRef() returning something that is not equal to the original object that was passed to SetFrameRef()?
Could someone please verify if this is a bug or if I'm just stupid?

semlar · 10-07-14, 03:32 PM

Any frame in the restricted environment is restricted to restricted functions.

I don't know if you're using IsForbidden as an example or are actually trying to use it, but it wouldn't make any sense to need to call that from the restricted environment, that method basically tells you whether you can even look at a particular frame and is used pretty much exclusively for the blizzard shop.

I think you need to take a look at the wowpedia article on the restricted environment.

Duugu · 10-07-14, 03:46 PM

Hm. Well. I'm not trying to use it. I wouldn't care about it at all.

But I'm trying to use the frame handle to pass a frame reference with SetAttribute to use a type/click button.

My secure code is:

Lua Code:

local tbutton = self:GetFrameRef("BABHeader"):GetFrameRef("PetActionButton1")
self:SetAttribute("type2", "click")
self:SetAttribute("clickbutton2", tbutton)

(assuming that PetActionButton1 was set to the frame before and is valid)

A right click throws:

6x FrameXML\SecureTemplates.lua:542: attempt to call method "IsForbidden" (a nil value)

And the code from SecureTemplates is:

Lua Code:

SECURE_ACTIONS.click =
    function (self, unit, button)
        local delegate =
            SecureButton_GetModifiedAttribute(self, "clickbutton", button);
        if ( delegate and not delegate:IsForbidden() ) then
            delegate:Click(button);
        end
    end;

(http://www.wowinterface.com/forums/s...92&postcount=5)

So, my problem is not that I can't use IsForbidden but that Blizzards secure stuff can't access IsForbidden. :/

Resike · 10-07-14, 03:59 PM

What happens if you set the .IsForbidden to false, by yourself?

semlar · 10-07-14, 04:09 PM

I don't have time to look into it right now, but I'm sure you can just turn your button into a macro that calls "/click PetActionButton1 RightButton" or something along those lines.

Duugu · 10-07-14, 04:41 PM

Doing

Lua Code:

_G["PetActionButton1"].IsForbidden = false

unsecure sets IsForbidden to false for unsecure code.
Remains nil for secure code.

Doing it secure

Lua Code:

self:GetParent():GetFrameRef("PetActionButton1").IsForbidden = false

throws

1x FrameXML\RestrictedExecution.lua:397: Call failed: <string>:" print("PetActionButton1.IsForbidden =", se...":2: attempt to index a userdata value
<in C code>

which isn't exactly what I would expect.
"attempt to index a userdata value"?? oO

Digging deeper reveals

Lua Code:

function CallRestrictedClosure(signature, workingEnv, ctrlHandle, body, ...)
    if (not IsWritableRestrictedTable(workingEnv)) then
        error("Invalid working environment");
        return;
    end
 
    signature = tostring(signature);
    local factory = LOCAL_Closure_Factories[signature];
    if (not factory) then
        error("Invalid signature '" .. signature .. "'");
        return;
    end
 
    local closure = factory[body];
    if (not closure) then
        -- Expect factory to have thrown an error
        return;
    end
 
    if (not issecure()) then
        error("Cannot call restricted closure from insecure code");
        return;
    end
 
    if (type(ctrlHandle) ~= "userdata") then
        ctrlHandle = nil;
    end
 
    LOCAL_Function_Environment_Manager(true, workingEnv, ctrlHandle);
    return ReleaseAndReturn(workingEnv, ctrlHandle, pcall( closure, ... ) );
end

and

Lua Code:

local function ReleaseAndReturn(workingEnv, ctrlHandle, pcallFlag, ...)
    -- Tampering at this point will irrevocably taint the protected
    -- environment, for now that's a handy protective measure.
    LOCAL_Function_Environment_Manager(false, workingEnv, ctrlHandle);
    if (pcallFlag) then
        return ...;
    end
    error("Call failed: " .. tostring( (...) ) );
end

Duugu · 10-07-14, 04:43 PM

Originally Posted by semlar

I don't have time to look into it right now, but I'm sure you can just turn your button into a macro that calls "/click PetActionButton1 RightButton" or something along those lines.

Doh. Knowing that /click takes a button as a second argument would have been saved me 2 days full of tries, tests, and trouble. -.-

Thanks man.

kurapica.igas · 10-07-14, 10:45 PM

You can print the ActionButton1 in both restricted environment and _G, they are different objects, the "ActionButton1" in the restricted environment is an userdata, so any set/get behaviors would be checked to keep secure.

And the userdata can only access as little methods as blz wanted, you can find them in http://wowprogramming.com/utils/xmlb...ctedFrames.lua

like :

Lua Code:

function HANDLE:GetName()   return GetUnprotectedHandleFrame(self):GetName() end
 
function HANDLE:GetID()     return GetHandleFrame(self):GetID()     end
function HANDLE:IsShown()   return GetHandleFrame(self):IsShown()   end
function HANDLE:IsVisible() return GetHandleFrame(self):IsVisible() end

That's the methods what the userdata can use, like GetName, GetID, IsShown, IsVisible.

The "IsForbidden" isn't defined in the file, so you will get nil from "ActionButton1.IsForbidden".

Duugu · 10-08-14, 05:19 AM

Thanks for the explanation. I know I can't access it. That's ok. The problem is that Blizzards code can't access IsForbidden.
I would consider this as a design flaw in the secure system.