Slouken, SecureTemplates Bug

by Nymbia | 23/05/2007 13:22:35

From the 2.1 changes thread:

Q u o t e:
* For "item" buttons, name can be an item ID or item link.

This doesn't work with item ids. The reason is that SecureCmdItemParse on line 1326 of ChatFrame.lua is not designed with itemids in mind.

function SecureCmdItemParse(item)
	if ( not item ) then
		return nil, nil, nil;
	end
	local bag, slot = strmatch(item, "^(%d+)%s+(%d+)$");
	if ( not bag ) then
		slot = strmatch(item, "^(%d+)$");
	end
	if ( bag ) then
		item = GetContainerItemLink(bag, slot);
	elseif ( slot ) then
		item = GetInventoryItemLink("player", slot);
	end
	return item, bag, slot;
end

When an item link is fed through that function, it simply fails both matches and returns back the item link, but that doesn't matter, since UseItemByName can accept an item link (which is where the execution path lands in SecureCmdUseItem).

On the other hand, when you feed a number or pure number string in as the attribute, it gets caught in the second match:
slot = strmatch(item, "^(%d+)$");
and it explodes quite spectacularly, thinking your itemid is a player equip slot:

Interface\FrameXML\ChatFrame.lua:1337: GetInventoryItemLink(): Invalid inventory slot:
Interface\FrameXML\ChatFrame.lua:1337: in function `SecureCmdItemParse':
Interface\FrameXML\SecureTemplates.lua:243: in function `SecureActionButton_OnClick':
<string>:"*:OnClick":1: in function <[string "*:OnClick"]:1>

The kicker is that you can trick the pattern match into failing with a tailing space.

frame:SetAttribute("item", itemid) -- explodes spectacularly

frame:SetAttribute("item", itemid..' ') -- works beautifully

A check on the bound of the captured number should solve this easily.

[ Post edited by Nymbia ]

Nymbia is a cheater.

by Slouken | 23/05/2007 13:33:18

View original thread

It's not supposed to work with item ids. Numbers are inventory slots. If you want it to work with item ids, prefix them with "item:"

by Slouken | 23/05/2007 14:01:38

View original thread

No problem! :)

Official Forum

Bump

News or

Spam?

Hot: Grab one of our RSS feeds to stay updated with what's happening with your class!

Recently Bumped Threads

Rogue Bugs and Nerfs - A Compilation Part 2!by bowdinonbladesedge - 01/07/2008 17:55:45(Rogue)
Watch out guys: Email Scam!!!by pixiestix - 04/06/2008 14:13:10(Technical Support)
"WorldOfWarcraft.Ink.Temporary" Folderby pixiestix - 04/06/2008 14:11:47(Wow Technical Support)
What the hell are you thinking?by helpme - 25/05/2008 20:10:01(Suggestions)

Recent Blizzard Announcements

___ - In-Game Knowledge Baseby Eilanai - 06/12/2006 16:08:13(In-game Customer Support)
Farewell to the forums.by Hortus - 18/07/2008 13:18:00(Bug Report Forum)
Realm Restart - Ysondre - 7/19/2008by Zechthal - 22 hours, 17 minutes ago.(Realm Status)
18/07/2008 - Latency Submission threadby Gelmkar - 18/07/2008 18:42:09(Technical Support)
Welcome: Please Readby Eyonix - 18/07/2008 11:43:14(Quest Discussion)

We suggest

Create Account or Login |

Slouken, SecureTemplates Bug

Recently Bumped Threads

Most Viewed

Recent Blizzard Announcements

We suggest

Slouken, SecureTemplates Bug