Remove setlocal and setupvalue from debug table whitelist

It's likely that these could be used trick mods into revealing the insecure environment even if they do everything right (which is already hard enough).
2021-12-17 18:35:30 +01:00 · 2021-12-17 18:35:30 +01:00 · f405459548
commit f405459548
parent 8c99f2232b
1 changed files with 0 additions and 2 deletions
--- a/src/script/cpp_api/s_security.cpp
+++ b/src/script/cpp_api/s_security.cpp
@ -129,12 +129,10 @@ void ScriptApiSecurity::initializeSecurity()
 		"traceback",
 		"getinfo",
 		"getmetatable",
-		"setupvalue",
 		"setmetatable",
 		"upvalueid",
 		"sethook",
 		"debug",
-		"setlocal",
 	};
 	static const char *package_whitelist[] = {
 		"config",