Wuzzy
/
BlockColor-Engine
1
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Remove debug.getupvalue from the Lua sandbox whitelist 

This function could be used to steal insecure environments from trusted mods.
This commit is contained in:
ShadowNinja 2016-03-02 23:59:42 -05:00
parent 8b006a154b
commit abd4a79acb
1 changed files with 0 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/script/cpp_api/s_security.cpp
View File

@ -116,7 +116,6 @@ void ScriptApiSecurity::initializeSecurity()
"upvaluejoin", "upvaluejoin",
"sethook", "sethook",
"debug", "debug",
"getupvalue",
"setlocal", "setlocal",
}; };
static const char *package_whitelist[] = { static const char *package_whitelist[] = {