Quantcast Remind me, is table itself tainted when you insecurely add/replace key/value pair? - WoWInterface
 
Thread Tools Display Modes
10-13-16, 07:43 AM   #1
rowaasr13
A Fallenroot Satyr
AddOn Author - Click to view addons
Join Date: Jun 2007
Posts: 26
Remind me, is table itself tainted when you insecurely add/replace key/value pair?

I just noticed this familiar UI panel "click" every time I used AP item and since I was also working with Artifact API at the time, I immideately thought that someone is obviously scanning artifact on each update without disabling panel as they should. Search for SocketInventoryItem found that ExRT (Exorsus Raid Tools) was the culprit, but I also found following piece of code there:

Lua Code:
  1. do
  2.     --Fix Blizzard Errors
  3.     local def = C_ArtifactUI.GetTotalPurchasedRanks
  4.     C_ArtifactUI.GetTotalPurchasedRanks = function(...)
  5.         local arg1,arg2,arg3 = def(...)
  6.         if not arg1 then
  7.             return 0
  8.         end
  9.         return arg1,arg2,arg3
  10.     end
  11. end

So, as subject says, would that make any access to C_ArtifactUI itself tainted and bring all kind of funky errors in combat?
__________________
Garrison Mission Manager
 
10-13-16, 09:00 AM   #2
Kanegasi
An Onyxian Warder
 
Kanegasi's Avatar
AddOn Author - Click to view addons
Join Date: Apr 2007
Posts: 396
As far as I know, only things directly used in combat can be tainted. Since Artifact data isn't normally called on during combat, changing that table wouldn't cause a taint. That particular function replacement is to fix a Blizzard issue where arg1 returns nil upon startup, causing errors to any addon that loads and wants Artifact info due to the Artifact frame comparing the returns of that function to a number.
 
10-13-16, 09:23 AM   #3
rowaasr13
A Fallenroot Satyr
AddOn Author - Click to view addons
Join Date: Jun 2007
Posts: 26
Taint spreads and does so no matter if you're in combat or not. Combat only makes problem visible - that's why I'm interested if it affects entire table or only GetTotalPurchasedRanks.

I'm not a fan of modyfing Blizzard functions at all, but If there's problem in UI function, why not monkey-patch that instead of data function?
__________________
Garrison Mission Manager
 
10-13-16, 09:30 AM   #4
Lombra
A Molten Giant
 
Lombra's Avatar
AddOn Author - Click to view addons
Join Date: Nov 2006
Posts: 554
Don't know, but I would guess not. Seems like insecurely hooking global functions would cause a whole lot of issues if that were the case. Unless maybe _G is treated differently somehow, and/or it would only be relevant if you explicitly use the _G variable. Frame methods are commonly replaced, as well. It just seems like there should have been a lot more issues going on.
__________________
Grab your sword and fight the Horde!
 
10-13-16, 01:40 PM   #5
SDPhantom
A Pyroguard Emberseer
 
SDPhantom's Avatar
AddOn Author - Click to view addons
Join Date: Jul 2006
Posts: 1,839
You can test it by checking issecurevariable("C_ArtifactUI").
__________________
ESOUI AddOns | WoWInterface AddOns
"All I want is a pretty girl, a decent meal, and the right to shoot lightning at fools."
-Anders (Dragon Age: Origins - Awakening)
 
 

WoWInterface » Site Forums » Archived Beta Forums » Legion Beta archived threads » Remind me, is table itself tainted when you insecurely add/replace key/value pair?

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off