ESOUI - More 'insecure code' errors, now in my addons!

ESOUI (https://www.esoui.com/forums/index.php)

- Lua/XML Help (https://www.esoui.com/forums/forumdisplay.php?f=175)

- - More 'insecure code' errors, now in my addons! (https://www.esoui.com/forums/showthread.php?t=6803)

Quote:

Originally Posted by Phinix (Post 29783)

I have confirmed that to generate this error you must follow a specific sequence:

1) Reload the game with Map Coordinates and Minimap loaded (and the above setting at 100).
2) Hit your keybind to open the map. The map MUST be the FIRST scene that you activate after reloading.
3) Click the bag icon at the top bar after the map is shown to move to the inventory.
4) Drag an item.

Ok, next test:
Locate WORLD_MAP_SCENE:AddFragment(ZO_FadeSceneFragment:New(MAP_COORDINATES.control))
in Garkin's addon.
Change to:
WORLD_MAP_SCENE:AddFragment(ZO_HUDFadeSceneFragment:New(MAP_COORDINATES.control))

Quote:

Originally Posted by votan (Post 29784)

This also seems to solve the errors. I set your previous test back to 100, made the above change, and after reloading there was no error. Set the above back to the original, reloaded, followed the same sequence, errors.

I also tried with both edits set, and going straight to the inventory instead of going to the map first, and either way it seems either or both of these changes together avoid the error in half a dozen tests so far.

Quote:

Originally Posted by Phinix (Post 29785)

Yes, the problem is that Garkin's original fragment has a 200ms fade, which is borderline (if it is the last fragment, it will be the cause of the error)
One could change the fade duration of an other build-in fragment to be greather than 200ms to solve the problem, too.

@Chip: Any chance, that build-in code is always the "last" one in the scene change transition? (Even if a custom fragment has a fade duration of 5000?)

Nice work tracking this down, Votan. I do have just a couple questions.

First I suppose would be, what changed? Obviously this fade time you mention wasn't a problem before the update. Also, and this could just be my own lack of understanding how scene fragments work clearly, why should the time it takes a fragment to fade in/out (presumably between scene transitions?) move it from secure to insecure code?

As I understood it, scenes were just like UI container tables with fragments being the pool of sub-objects that get built on the fly when the scene fires. Unless a fragment is firing off some code in a local context that then makes reference to a protected function, I don't really understand how the whole scene could be poisoned by the time it takes a fragment to appear.

It sounds like the game needs to end on a built-in scene or it panics. So perhaps it's not so much that the time it takes changes its security, but perhaps the last one to fade (typically a built-in, which is secure) is the one it checks for security reasons? That looks like what Votan was saying but why it'd be like that is puzzling.

Quote:

Originally Posted by Phinix (Post 29792)

Good question. Maybe the hijack of the world map fragment :o

Look at these posts. Especially the last one. And look at the date.
http://www.esoui.com/forums/showpost...5&postcount=50
http://www.esoui.com/forums/showpost...31&postcount=3
http://www.esoui.com/forums/showpost...74&postcount=9