ESOUI - View Single Post - Malicious code in latest ATLAS (1.32)
View Single Post
12/04/14, 07:45 PM   #14
AddOn Author - Click to view addons
Join Date: Apr 2014
Posts: 241
Best solution would be a confirmation on send instead of attach. It'd kick in whenever the mail being sent has gold attached. The dialog would also have to be protected from any addon access (so it can't be automated).

This could potentially be extended to items, but that's not as critical from two fronts: 1) it's more difficult to send high-value items than a bunch of gold and 2) people do use it for inventory management. I'm not sure the risk/impact warrants it, unless it's implemented as optional from the settings. In which case, each user would decide for themselves whether it's worth the risk.

If functions do need to be made private, the SendMail() function itself would be plenty to stop it. That way the addon could prepare the mail and let the user hit send, similar to how chat is blocked off. This would have the most impact on fully automated addons like Wykkyd's mail return and the GuildMail addons. Both of those are fairly well-used to save a lot of time, so it'd probably annoy a few people.
  Reply With Quote