Remove setlocal and setupvalue from debug table whitelist

sfan5 · sfan5 · commit f4054595482b · 2021-12-18T20:37:13.000+01:00
It's likely that these could be used trick mods into revealing the insecure
environment even if they do everything right (which is already hard enough).
diff --git a/src/script/cpp_api/s_security.cpp b/src/script/cpp_api/s_security.cpp
@@ -129,12 +129,10 @@ void ScriptApiSecurity::initializeSecurity()
 		"traceback",
 		"getinfo",
 		"getmetatable",
-		"setupvalue",
 		"setmetatable",
 		"upvalueid",
 		"sethook",
 		"debug",
-		"setlocal",
 	};
 	static const char *package_whitelist[] = {
 		"config",
