81 namespace declarations and 100 using directives converted via sed,
plus two FQN-aliases (ChatTwoPartyFinderPayload in PayloadHandler.cs and
ModifierFlag in KeybindManager.cs) updated. Critical: Language.Designer.cs
and HellionStrings.Designer.cs ResourceManager string arguments updated
synchronously — these are runtime reflection lookups not caught by the
C# compiler.
Two intentional ChatTwo references remain: the legacy migration path
'ChatTwo.json' in Plugin.cs (still points to upstream Chat 2's config
file by design) and the InternalsVisibleTo declaration in
AssemblyInfo.cs (handled in the upcoming repo-folder rename task).
The local alias names 'ChatTwoPartyFinderPayload' and 'ChatTwoConflictDetector'
are preserved as local symbols; only their target namespaces and references
changed.
The pointer-arithmetic CodeQL alert kept re-firing on each shape of
the previous shallow fix because Encoding.GetBytes is virtual and
every length value derived from its return inherited the taint.
Refactor the routine to thread int offsets through index-based
control flow and only compute pointers inside two small helpers
(CalcWordWrap and DrawText) that take an already-pinned base pointer
plus offsets sourced from local logic, not from any virtual return.
Buffer is now allocated against Encoding.UTF8.GetMaxByteCount via
ArrayPool with a real 16 KiB upper bound, and the encoded length
returned by GetBytes is validated against that ceiling before
anything touches the pointer. Behaviour is byte-identical to v0.5.3,
verified locally with the same input shapes the previous code path
handled.
Slim changelog: trimmed the per-version blocks down to v0.5.1-v0.5.4
plus a link to GitHub releases for older history. The previous block
ran ~9000 characters and was dragging the manifest payload down for
no benefit; users see the latest release block first anyway.
CodeQL re-opened the unvalidated-pointer-arithmetic alert at the new
textEnd line because Encoding.GetBytes is a virtual method on
Encoding and the returned array's Length is therefore tracked as
untrusted input for pointer arithmetic.
Compute the expected byte count from the same encoder via
GetByteCount and bail out if the actual buffer length does not match.
That is a real consistency check that would catch a maliciously
swapped Encoding.UTF8 instance, not a dead defensive guard. The
empty-split early-out from the previous fix is folded into the same
condition.
Two CodeQL alerts opened against the codeql-manual-build workflow's
first scan. Both real, both small fixes.
#1 Medium / Workflow does not contain permissions
build.yml runs read-only against the repo (no push, no release
creation, no API mutations) but never declared a permissions
block, so the default GITHUB_TOKEN scope applied. Pin to
contents: read at workflow level. Release and CodeQL workflows
already have their explicit minimal scopes.
#2 Critical / Unvalidated local pointer arithmetic
ImGuiUtil.WrappedTextWithPos splits its input on newlines and
passes each part through Encoding.UTF8.GetBytes inside a fixed
block. Empty splits (consecutive newlines, blank lines) produced
a zero-length byte array, fixed gave us a valid pointer, and
textEnd = text + bytes.Length collapsed onto text. The downstream
ImGuiNative.CalcWordWrapPositionA calls received identical start
and end pointers, which is undefined behaviour at the native
boundary even if it happens to no-op on the current ImGui build.
Bail before entering the fixed block when bytes.Length == 0 and
render an empty line for the gap, which is what the original
text == null guard was trying to do but could never reach inside
a fixed block over a non-null array.
Three real-world adjustments to the default config that ships with a
fresh install:
- HellionThemeWindowOpacity 0.92 -> 0.5 so a fresh install lands at
the more glass-like default the maintainer uses daily
- Use24HourClock false -> true to match a German / European locale.
Works correctly thanks to the v0.5.1 strict-format fix that uses
CultureInfo.InvariantCulture instead of the host culture
- HellionParty preset Channel: InputChannel.Party -> null. Auto-
routing /party into a tab that also collects /alliance and /pvpteam
surprises the user when they wanted to type into the other ones;
the tab stays as a read surface
LoadPreviousSession and FilterIncludePreviousSessions stay false to
keep the privacy-strict 'every session starts fresh' line. The
maintainer's personal settings flip them on, but that's an
opt-in choice, not a default we should ship to every fresh install.
RetentionEnabled also stays false for the same opt-in reason.
Split the technical/notification streams (System, Error, Echo, Debug,
NPC announcements, login/logout, retainer sales, gathering system,
glamour notifications, sign messages, alarms, orchestrion, message
book, random number, progress) out of the General tab into their own
System tab. General now shows player conversation plus the active
gameplay events (loot rolls, crafting, gathering, NPC dialogue, party
finder pings) without burying chat under technical chatter.
Drop the channels that already live in dedicated themed tabs (Tells,
emotes, Novice Network, FC and PvP announcements, Sign and Glamour
notifications) so the General tab is the public-chat catch-all instead
of a duplicate of every themed tab. NpcDialogue moves in because the
maintainer reads it alongside system messages.
Spawn six themed tabs out of the box instead of one General catch-all:
General (everything), Free Company (FC chat plus FC announcements and
login/logout), Party (Party, CrossParty, Alliance, PvP team plus loot
rolls), Beginner (Novice Network only when ShowNoviceNetwork is on),
Linkshell (all eight regular and cross-world linkshells together) and
Tell Exclusive (TellIncoming/TellOutgoing as a safety-net catch-all in
case Auto-Tell-Tabs misses one).
Tab names live in HellionStrings (EN/DE). The Tabs settings tab gains a
help-text hint above the list recommending one tab per linkshell when
the user is in multiple, since a single combined Linkshell tab gets
noisy fast for active users.
Drops the entire ChatTwo/Http/ tree (ServerCore, HostContext,
RouteController, Processing, SSEConnection, the message protocol DTOs
and the bundled Svelte frontend) plus WebinterfaceUtil. Also removes
every ServerCore.Send* call site that fed the SSE stream:
- MessageManager.ProcessMessage no longer broadcasts new messages
- Chat.cs no longer notifies on login
- PayloadHandler no longer rebroadcasts on screenshot-mode toggle
- ChatLogWindow no longer announces tab and channel switches
The Plugin class drops the ServerCore field, the auto-start branch and
the Dispose hook. The DbViewer still imported a stale namespace from
the message protocol; the using is removed.
Language.resx and its generated Designer file keep the Webinterface
string keys for now so future upstream cherry-picks do not break on
missing resources. They are dead code from our perspective but harmless.
- Plugin commands trigger the command helper window now
- Fix auto translation with empty text appearing
- Switch up all dalamud payload usage to ROSS if possible
- Prepare 7.5 changes
- Cleanup
- Adds new setting "Enable inactivity hide during battle" (default:
true) which determines whether autohide should apply during battle
(thanks @aurieh)
- Adds new setting "Chat channels considered for activity" which allows
customizing which channels incoming messages must match to "bump" the
inactivity timer
- Adds new per-tab setting "Unhide the chat window on activity" to
configure whether it will be considered for "bumping" the inactivity
timer when receiving messages that match the new channel filter. Note
that the foreground tab is currently always considered.
- Extends autohide code to apply to poped-out tabs as well. Each popout
window has its own inactivity timer, but focusing the main window will
restore all popped out windows.
Co-authored-by: Auri <me@aurieh.me>
Adds two configurable hotkeys (plus the required code infrastructure to
handle configurable hotkeys) for cycling the active chat tab forward by
one and backwards by one.
JonKazama-Hellion
Infi
RedworkDE
Dean Sheather