From f4054595482bf4573075f45d3ca56076a0d6113e Mon Sep 17 00:00:00 2001
From: sfan5 <sfan5@live.de>
Date: Fri, 17 Dec 2021 18:35:30 +0100
Subject: [PATCH] Remove setlocal and setupvalue from `debug` table whitelist

It's likely that these could be used trick mods into revealing the insecure
environment even if they do everything right (which is already hard enough).
---
 src/script/cpp_api/s_security.cpp | 2 --
 1 file changed, 2 deletions(-)

diff --git a/src/script/cpp_api/s_security.cpp b/src/script/cpp_api/s_security.cpp
index 5faf8cc80..11c277839 100644
--- a/src/script/cpp_api/s_security.cpp
+++ b/src/script/cpp_api/s_security.cpp
@@ -129,12 +129,10 @@ void ScriptApiSecurity::initializeSecurity()
 		"traceback",
 		"getinfo",
 		"getmetatable",
-		"setupvalue",
 		"setmetatable",
 		"upvalueid",
 		"sethook",
 		"debug",
-		"setlocal",
 	};
 	static const char *package_whitelist[] = {
 		"config",