Remove debug.getupvalue from the Lua sandbox whitelist

This function could be used to steal insecure environments from trusted mods.
This commit is contained in:
ShadowNinja 2016-03-02 23:59:42 -05:00
parent 8b006a154b
commit abd4a79acb

@ -116,7 +116,6 @@ void ScriptApiSecurity::initializeSecurity()
"upvaluejoin", "upvaluejoin",
"sethook", "sethook",
"debug", "debug",
"getupvalue",
"setlocal", "setlocal",
}; };
static const char *package_whitelist[] = { static const char *package_whitelist[] = {