UIFrameFlash can lead to blocked action errors when opening the Encounter Journal #434
Labels
Bug
Something isn't working
High Priority
This issue is considered to be impactful.
Mainline
This issue affects the current live Retail client
In patch 10.1.0 a new C_EncounterJournal.OnOpen function was added with protections applied to prevent it being called from an insecure call path. Unfortunately just before this function is called EncounterJournal_OnShow takes a scenic route through the MicroButton animation code which relies on UIFrameFlash.
UIFrameFlash has been historically reported as being a taint swamp (#183, #309) that needs to be purged with searing flame and as such it's trivial to run into cases where taint leeching into UIFrameFlash from other unrelated parts of the UI are breaking the calls to this new shiny and probably-rather-important function.
Test case
/run UIFrameFlash(CreateFrame("Frame"), 1, 1, 2^32)
As an alternative test case not involving UIFrameFlash but rather the help tips managed by the microbuttons, the following will also result in a blocked action error.
/run MainMenuMicroButton_ShowAlert(SpellbookMicroButton, "Boo")
Quick patch
Rather than altering the security requirements of the new functions we can probably hopefully just avoid any issues if their calls occurred as the very first thing in the script handler before taking a trip through functions dealing with potentially tainted data.
I've adjusted both the OnShow and OnHide calls with this patch just to preventatively deal with someone else coming along in three months time and adding protections to OnHide, as it would also be impacted by this same issue if it were to change.
The text was updated successfully, but these errors were encountered: