Skip to content

Commit

Permalink
Remove debug.getupvalue from the Lua sandbox whitelist
Browse files Browse the repository at this point in the history 
This function could be used to steal insecure environments from trusted mods.
  • Loading branch information
@ShadowNinja
ShadowNinja committed Mar 3, 2016
1 parent 8b006a1 commit abd4a79
Showing 1 changed file with 0 additions and 1 deletion.
1 change: 0 additions & 1 deletion src/script/cpp_api/s_security.cpp
View file
Expand Up @@ -116,7 +116,6 @@ void ScriptApiSecurity::initializeSecurity()
"upvaluejoin",
"sethook",
"debug",
"getupvalue",
"setlocal",
};
static const char *package_whitelist[] = {
Expand Down

0 comments on commit abd4a79

Please sign in to comment.