attempt to access a private function 'UseItem' from insecure code
I finally took the time to investigate the old "attempt to access a private function 'UseItem' from insecure code" error.
The issue can be reliably reproduced when opening a container via the keybind, closing it and then reopening it again without moving the mouse away from the item while AdvancedFilters is active. I picked the code apart and disabled it part by part, line by line and finally found that the issue happens when PLAYER_INVENTORY:UpdateList is called from an addon. More precisly it happens when self:ApplySort is called inside that method. My guess is that ZO_ScrollList_Commit breaks the secure context for the keybind when it autoselects the inventory item entry. Maybe ZOS could add a new method RequestPlayerInventoryUpdate or something which allows us to call this from a secure context. Until a better solution is found, I suggest addon authors use the following method instead of directly calling PLAYER_INVENTORY:UpdateList. Lua Code:
|
Thanks for your time and the workaround.
Will implement this function into my inventory updating addons. If I understand your workaround function right it won't update the inventory if the mouse is currently over any control of an item in the inventory? I guess this would break addons like FCOItemSaver as you right click an item to show the context menu, choose an entry and afterwards the inventory will be updated. The mouse is above any inventory item after the context menu closes... And thus the inventory update won't happen anymore. I'll test this if the control is the context menu, as the update fires, or the inventory line again. And if you mark an item via keybinding it will definately be the inventory item control.. |
You are right. It won't help in situations where you do need the mouse over an item.
Right now I do not have a better idea how to solve this, but I will think a bit more about it during the week. |
I thought this was generally known already. Remember we've discussed this in so many threads... and then wondered why it's so hard to find more info. Apparently there's no sane way to search addon comments.
Edit: and also no working way to link to a specific comment. You have to switch to the #comments tab by hand and then paste the link to the address bar :rolleyes: |
yes, merlight that is the current known workaround.
It also does not break if you simply double click to use the item rather than pressing the primary keybind (default: 'E'). Siri's solution pretty much only fixes the "rapid writ container opening" case and sets up an expected result that libFilters and addons which leverage it or their own inventory updating methods will no longer have issues. At least for libFilters, this now produces unexpected functionality when an addon keybind is used on an inventory slot. Baertram has been working on a solution involving passing the "initiating control" as an optional argument to the updater and still updating the list if the initiator matches the current mouse over control (thereby negating siri's fix for another specific situation). I'm still thinking about these proposed changes. Right now I'm somewhere around thinking it's adding unneeded complexity for us to a long standing API issue with two solid and easy user workarounds (moving cursor or double clicking to use). There is a high possibility that addons implementing libFilters and a keybind can accomplish their tasks without a list update, as Siri suggested this morning. This would be ideal since then the library could implement the safe list update and addons could use better practice for their tasks. I'm going to really dive into this on Tuesday, as I have a good deal of schoolwork to do tonight and tomorrow. In the meantime, please correct any of my assumptions and further work if it still tickles your fancy :) |
Quote:
Jokes aside, it looks like Randactyl has found an even better solution: Lua Code:
I would suggest to use this in the following way: Lua Code:
Btw. you should come and visit our gitter chat sometime. We discuss most problems over there and it would be awesome to have your input from time to time. ;) |
I'm not immediately clear on how refreshing the list triggers a UseItem. What is that code path?
|
Quote:
This happens quite often when I try to open several crafting writ containers one after another. I usually press E to open them and R to take the content and won't move the mouse inbetween. |
@Chip
The surefire way to reproduce this is to 1. Install Advanced Filters version 1.3.3.0 2. Get a container in your inventory (writ box, PTS template item distribution, etc.) 3. Hover over the container and do not move the mouse at all 4. press 'E' or double-click to open the container inventory 5. Press alt to close the container inventory 6. Press 'E', not double-click, to open the container inventory again 7. Error displays Between steps 5 and 6 is when an addon call to PLAYER_INVENTORY:UpdateList is triggered with the cursor over an item slot (thereby causing that control to become untrusted somehow) My fix cycles the mouse's state after the inventory update. This apparently allows the moused over control's integrity to be re-verified. |
Disclaimer: I haven't tried running ESO since TG PTS, and am pulling stuff off a very unreliable medium.
Quote:
Here: https://github.com/esoui/esoui/blob/...ates.lua#L1209 Keybinds are registered in OnMouseEnter, so if the refresh is invoked from an addon, they become "insecure". I think it should be possible to trigger this even without addons. Try Lua Code:
Quote:
Quote:
|
Quote:
Quote:
|
Ah yeah, I see the problem. The closure we're passing in to the menu system is tainted after the addon does the commit. We could fix it by passing data in to the closure call instead of closing over it so we don't regenerate it every time we recreate the actions list. This would require modifying the menu system to accept some params to feed into the callback. I can put it on the list, but it's not a super quick fix.
|
Sounds good. If you ever get to change the menu system, maybe you could also make it a bit easier for addons to change the behavior of an existing entry.
In the current system this is the simplest way I could come up with to change the primary action of the craft bag item actions for AGS' direct selling feature :D Lua Code:
|
All times are GMT -6. The time now is 04:55 AM. |
vBulletin © 2024, Jelsoft Enterprises Ltd
© 2014 - 2022 MMOUI