Remove debug.getupvalue from the Lua sandbox whitelist

This function could be used to steal insecure environments from trusted mods.
2016-03-02 23:59:42 -05:00 · 2016-03-02 23:59:42 -05:00 · abd4a79acb
parent 8b006a154b
commit abd4a79acb
1 changed files with 0 additions and 1 deletions
--- a/src/script/cpp_api/s_security.cpp
+++ b/src/script/cpp_api/s_security.cpp
@ -116,7 +116,6 @@ void ScriptApiSecurity::initializeSecurity()
 		"upvaluejoin",
 		"sethook",
 		"debug",
-		"getupvalue",
 		"setlocal",
 	};
 	static const char *package_whitelist[] = {