WoWInterface

WoWInterface (https://www.wowinterface.com/forums/index.php)
-   Lua/XML Help (https://www.wowinterface.com/forums/forumdisplay.php?f=16)
-   -   Taint problem with SpellBookFrame (https://www.wowinterface.com/forums/showthread.php?t=56286)

Voxem 06-14-18 06:57 AM
Taint problem with SpellBookFrame
 
Hi, I'm trying to write a small addon to enable the mouse wheel on the pet spellbook. The code works fine to navigate the pages, but I have a problem with taint. As soon as I use the mouse wheel on the pet spellbook, any action on the spell buttons in the pet or the normal spellbook is blocked, apart from dragging them to the action bar.
Lua Code:
  1. SpellBookFrame:HookScript("OnMouseWheel", function(self, value)
  2.     if self.bookType ~= BOOKTYPE_PET then return end
  3.  
  4.     local currentPage, maxPages = SpellBook_GetCurrentPage()
  5.  
  6.     if value > 0 then
  7.       if currentPage > 1 then
  8.         SpellBookPrevPageButton_OnClick()
  9.       end
  10.     elseif currentPage < maxPages then
  11.       SpellBookNextPageButton_OnClick()
  12.     end
  13.   end)

Here is the taint log I get when I right-click on a button to toggle autocast (no other addon loaded):

6/14 14:29:37.701 Global variable ON_BAR_HIGHLIGHT_MARKS tainted by MyAddon - Interface\FrameXML\ActionButton.lua:55 ClearOnBarHighlightMarks()
6/14 14:29:37.701 Interface\FrameXML\SpellBookFrame.lua:489 SpellButton_OnEnter()
6/14 14:29:37.701 SpellButton1:OnEnter()
6/14 14:29:37.701 Execution tainted by MyAddon while reading ON_BAR_HIGHLIGHT_MARKS - Interface\FrameXML\ActionButton.lua:59 GetOnBarHighlightMark()
6/14 14:29:37.701 Interface\FrameXML\ActionButton.lua:462 ActionButton_UpdateSpellHighlightMark()
6/14 14:29:37.701 Interface\FrameXML\ActionButton.lua:371 ActionButton_Update()
6/14 14:29:37.701 Interface\FrameXML\ActionButton.lua:334 ActionButton_UpdateAction()
6/14 14:29:37.701 Interface\FrameXML\ActionBarController.lua:151 ActionBarController_ResetToDefault()
6/14 14:29:37.701 Interface\FrameXML\ActionBarController.lua:140 ActionBarController_UpdateAll()
6/14 14:29:37.701 Interface\FrameXML\SpellBookFrame.lua:507 SpellButton_OnEnter()
6/14 14:29:37.701 SpellButton1:OnEnter()
6/14 14:29:37.701 Interface\FrameXML\SpellBookFrame.lua:1020 SpellBook_GetSpellBookSlot()
6/14 14:29:37.701 An action was blocked because of taint from MyAddon - ToggleSpellAutocast()
6/14 14:29:37.701 Interface\FrameXML\SpellBookFrame.lua:552 SpellButton_OnClick()
6/14 14:29:37.701 SpellButton1:OnClick()

myrroddin 06-14-18 01:22 PM
Try a secure hook instead, which is always the best course of action when tampering with a Blizzard frame. And not seeing your entire code, do you have an EnableMouse() call somewhere? Do you need one?

Ammako 06-14-18 04:18 PM
Quote:
Originally Posted by myrroddin (Post 328329)
Try a secure hook instead, which is always the best course of action when tampering with a Blizzard frame. And not seeing your entire code, do you have an EnableMouse() call somewhere? Do you need one?
Doesn't need one, SpellBookFrame is already mouse-enabled.

That being said, I can't even get this to work.

lua Code:
  1. hooksecurefunc("SpellBookFrame_OnMouseWheel", function(self, value, scrollBar)
  2.     print("test")
  3. end)

https://www.townlong-yak.com/framexm...kFrame.lua#960

I don't think I'm using it wrong, either. A non-secure hook works fine in that same scenario, but of course SpellBookPrevPageButton_OnClick() and SpellBookNextPageButton_OnClick() taint it if called from non-secure addon code.

Maybe they just don't want us being able to securely hook that.

Fizzlemizz 06-14-18 05:12 PM
hooksecurefunc replaces the function so OnMouswheel is now calling the old function.

You could try:
Code:
hooksecurefunc("SpellBook_GetCurrentPage",  function(self, value, scrollBar)
      print("test")
end)
Although that will call your function for the next/prev. page clicks as well as SpellBookFrame_UpdatePages().

Edit: That won't work because the function doesn't get called in the pet spellbook.

Last bullet point
Quote:
If you want to securely hook a frame's script handler, use Frame:HookScript:
Which brings us back to the OP.

Voxem 06-15-18 02:02 AM
Quote:
Originally Posted by myrroddin (Post 328329)
And not seeing your entire code
That's the entire code right here. It's basically the same function as SpellBookFrame_OnMouseWheel, but applied to the pet spellbook.

Quote:
Originally Posted by myrroddin (Post 328335)
hooksecurefunc replaces the function so OnMouswheel is now calling the old function.
Yeah that's the problem. I've also tried to hook both the script handler and the function, without success.
I don't really understand why it's tainting, seeing that I'm - correct me if I'm wrong - hooking securely. Am I missing something?

lightspark 06-15-18 02:29 AM
Quote:
Originally Posted by Voxem (Post 328347)
That's the entire code right here. It's basically the same function as SpellBookFrame_OnMouseWheel, but applied to the pet spellbook.


Yeah that's the problem. I've also tried to hook both the script handler and the function, without success.
I don't really understand why it's tainting, seeing that I'm - correct me if I'm wrong - hooking securely. Am I missing something?
You use SpellBookPrevPageButton_OnClick, SpellBookNextPageButton_OnClick, which taint a lot of stuff because they're called from insecure environment.

Try commenting out both calls, and see if the taint persists :p You'll be surprised how easy it's to taint stuff >_>

For instance, here's my taint w/ your code :p

Code:
1x [ADDON_ACTION_BLOCKED] AddOn 'ls_UI' tried to call the protected function 'PetActionButton1:Show()'.
!BugGrabber\BugGrabber.lua:573: in function <!BugGrabber\BugGrabber.lua:573>
[C]: in function `Show'
FrameXML\PetActionBarFrame.lua:198: in function `PetActionBar_Update'
FrameXML\SpellBookFrame.lua:499: in function `SpellButton_OnEnter'
[string "*:OnEnter"]:1: in function <[string "*:OnEnter"]:1>

Voxem 06-15-18 04:45 AM
Quote:
Originally Posted by lightspark (Post 328348)
You use SpellBookPrevPageButton_OnClick, SpellBookNextPageButton_OnClick, which taint a lot of stuff because they're called from insecure environment.

Try commenting out both calls, and see if the taint persists :p You'll be surprised how easy it's to taint stuff >_>
Yeah I reckoned these were responsible for the taint. I just thought that, being called like that, they shouldn't cause that much of a problem. Seems that I was wrong. :o

Oh well. I guess I'll abandon this idea and hope someone at Blizzard takes 2 minutes to change the function to work with the pet spellbook…

Thanks for your answers!

Cogwerkz 06-19-18 03:57 AM
The reason it causes taint is that the spellbook contains secure actionbuttons. You can mouse-click spells in the spellbook directly in combat. It's basically just like an actionbar.

How secure frames work, is that its parent and any frames above it in the parent/child hierarchy also becomes secure, meaning the whole spellbook is in fact a secure frame. Changing pages by clicking the prev/next buttons initiates actions that eventually hide and show the secure spellbuttons, and that is something normal Lua can not do while engaged in combat.

Think of it this way; if it contains clickable actionbuttons or clickable unitframes, normal Lua can't show, hide, move, resize or enable/disable mouse, change hit rectangles or do anything that would affect how the user interacts with it while engaged in combat. This is to avoid addons automating or exploiting the gameplay.

Not that physically using the mouse wheel to flip through the spellbook could really be exploited in any shape or form, but that's just how the system works! Go Blizz! ;)


All times are GMT -6. The time now is 08:21 AM.

vBulletin © 2024, Jelsoft Enterprises Ltd
© 2004 - 2022 MMOUI