Skip to content
Permalink
Browse files

Remove debug.getupvalue from the Lua sandbox whitelist

This function could be used to steal insecure environments from trusted mods.
  • Loading branch information
ShadowNinja committed Mar 3, 2016
1 parent 8b006a1 commit abd4a79acbdfcea0bb661b8065ef3ac8f3e25e80
Showing with 0 additions and 1 deletion.
  1. +0 −1 src/script/cpp_api/s_security.cpp
@@ -116,7 +116,6 @@ void ScriptApiSecurity::initializeSecurity()
"upvaluejoin",
"sethook",
"debug",
"getupvalue",
"setlocal",
};
static const char *package_whitelist[] = {

0 comments on commit abd4a79

Please sign in to comment.