Two CodeQL alerts opened against the codeql-manual-build workflow's
first scan. Both real, both small fixes.
#1 Medium / Workflow does not contain permissions
build.yml runs read-only against the repo (no push, no release
creation, no API mutations) but never declared a permissions
block, so the default GITHUB_TOKEN scope applied. Pin to
contents: read at workflow level. Release and CodeQL workflows
already have their explicit minimal scopes.
#2 Critical / Unvalidated local pointer arithmetic
ImGuiUtil.WrappedTextWithPos splits its input on newlines and
passes each part through Encoding.UTF8.GetBytes inside a fixed
block. Empty splits (consecutive newlines, blank lines) produced
a zero-length byte array, fixed gave us a valid pointer, and
textEnd = text + bytes.Length collapsed onto text. The downstream
ImGuiNative.CalcWordWrapPositionA calls received identical start
and end pointers, which is undefined behaviour at the native
boundary even if it happens to no-op on the current ImGui build.
Bail before entering the fixed block when bytes.Length == 0 and
render an empty line for the gap, which is what the original
text == null guard was trying to do but could never reach inside
a fixed block over a non-null array.
- Plugin commands trigger the command helper window now
- Fix auto translation with empty text appearing
- Switch up all dalamud payload usage to ROSS if possible
- Prepare 7.5 changes
- Cleanup
- Adds new setting "Enable inactivity hide during battle" (default:
true) which determines whether autohide should apply during battle
(thanks @aurieh)
- Adds new setting "Chat channels considered for activity" which allows
customizing which channels incoming messages must match to "bump" the
inactivity timer
- Adds new per-tab setting "Unhide the chat window on activity" to
configure whether it will be considered for "bumping" the inactivity
timer when receiving messages that match the new channel filter. Note
that the foreground tab is currently always considered.
- Extends autohide code to apply to poped-out tabs as well. Each popout
window has its own inactivity timer, but focusing the main window will
restore all popped out windows.
Co-authored-by: Auri <me@aurieh.me>
Adds two configurable hotkeys (plus the required code infrastructure to
handle configurable hotkeys) for cycling the active chat tab forward by
one and backwards by one.
Shows path to database (click to copy), database size, database log
size, message count.
Also adds a Ctrl+Shift button to wipe the database permanently. This is
performed by clearing the Messages collection and then rebuilding the
database, which brings it down to around 48KB on my machine (even with
many messages).
Adds a parsing step when constructing `Message` objects that scans the
message content for anything that looks URL-like, and inserts new
`TextChunk`s into the message content with a URIPayload set.
Hovering over a URL shows an on-hover effect. Clicking a URL opens it in
the default browser. Right clicking shows the hostname, with an option
to open and an option to copy the URL to the clipboard.
JonKazama-Hellion
Infi
Dean Sheather
Harold Iedema
Anna