extensions/urho3d: Fix exploit revealed by extensions/sandbox_test caused by a stupid mistake

doc/client_api.txt

@@ -134,8 +134,11 @@ Unsafe interfaces of built-in extensions
 
 urho3d
 ------
-The default unsafe interface is the same as the safe interface. It is so to
-enforce interoperability between modules and extensions.
+The unsafe interface consists of the namespace tables "safe" and "unsafe". Use
+the safe interface unless the unsafe one is specifically needed:
+  require("buildat/extension/urho3d").safe
+
+This enforces interoperability between modules and extensions.
 
 If you get an error like this:
   'Disallowed type: "userdata"; Allowed types: ...'
@@ -152,9 +155,9 @@ sandboxed version in order to make interfacing possible between all of them.
 The unsafe version of the urho3d extension actually just wraps to the global
 environment, except for the additions to the API documented here.
 
-Note that due to technical reasons Urho3D's API is currently always globally
-defined in the extension environment, but this will not be supported in the
-future.
+Note that due to technical reasons Urho3D's non-sandboxed API is currently
+always globally defined in the extension environment, but this will not be
+supported in the future.
 
 Additions to regular Urho3D:
 

extensions/__menu/init.lua

@@ -2,7 +2,7 @@
 -- http://www.apache.org/licenses/LICENSE-2.0
 -- Copyright 2014 Perttu Ahola <celeron55@gmail.com>
 local log = buildat.Logger("extension/__menu")
-local magic = require("buildat/extension/urho3d")
+local magic = require("buildat/extension/urho3d").safe
 local uistack = require("buildat/extension/uistack")
 local dump = buildat.dump
 local M = {safe = nil}

extensions/sandbox_test/try_exploit.lua

@@ -2,7 +2,7 @@
 -- http://www.apache.org/licenses/LICENSE-2.0
 -- Copyright 2014 Perttu Ahola <celeron55@gmail.com>
 local log = buildat.Logger("try_exploit.lua")
-local magic = require("buildat/extension/urho3d")
+local magic = require("buildat/extension/urho3d").safe
 local uistack = require("buildat/extension/uistack")
 local dump = buildat.dump
 local M = {}

extensions/uistack/init.lua

@@ -3,7 +3,7 @@
 -- Copyright 2014 Perttu Ahola <celeron55@gmail.com>
 local log = buildat.Logger("extension/uistack")
 local magic_sandbox = require("buildat/extension/magic_sandbox")
-local magic = require("buildat/extension/urho3d")
+local magic = require("buildat/extension/urho3d").safe
 local dump = buildat.dump
 local M = {safe = {}}
 log:info("extension/uistack/init.lua: Loading")

extensions/urho3d/init.lua

@@ -372,10 +372,8 @@ end
 -- Create the final interface
 --
 
-local M = Safe
-
-M.safe = M
-
+local M = {}
+M.safe = Safe
 M.unsafe = Unsafe
 
 return M