- added second round of security sandboxing for lua scripts (disable a number of other potentially dangerous functions)

source/glest_game/game/script_manager.cpp

@@ -1404,7 +1404,7 @@ Vec2i ScriptManager::getUnitPosition(int unitId) {
 	ScriptManager_STREFLOP_Wrapper streflopWrapper;
 	Vec2i result = world->getUnitPosition(unitId);
 
-	printf("In [%s] unitId = %d, pos [%s]\n",__FUNCTION__,unitId,result.getString().c_str());
+	if(SystemFlags::getSystemSettingType(SystemFlags::debugLUA).enabled) SystemFlags::OutputDebug(SystemFlags::debugLUA,"In [%s] unitId = %d, pos [%s]\n",__FUNCTION__,unitId,result.getString().c_str());
 
 	return result;
 }

source/shared_lib/sources/lua/lua_script.cpp

@@ -74,6 +74,33 @@ LuaScript::LuaScript() {
 		lua_setfield(luaState, -2, "remove");
 		lua_pushnil(luaState);
 		lua_setfield(luaState, -2, "exit");
+
+		lua_pushnil(luaState);
+		lua_setglobal(luaState, "loadfile");
+		lua_pushnil(luaState);
+		lua_setglobal(luaState, "dofile");
+		lua_pushnil(luaState);
+		lua_setglobal(luaState, "getfenv");
+		lua_pushnil(luaState);
+		lua_setglobal(luaState, "getmetatable");
+		lua_pushnil(luaState);
+		lua_setglobal(luaState, "load");
+		lua_pushnil(luaState);
+		lua_setglobal(luaState, "loadfile");
+		lua_pushnil(luaState);
+		lua_setglobal(luaState, "loadstring");
+		lua_pushnil(luaState);
+		lua_setglobal(luaState, "rawequal");
+		lua_pushnil(luaState);
+		lua_setglobal(luaState, "rawget");
+		lua_pushnil(luaState);
+		lua_setglobal(luaState, "rawset");
+		lua_pushnil(luaState);
+		lua_setglobal(luaState, "setfenv");
+		lua_pushnil(luaState);
+		lua_setglobal(luaState, "setmetatable");
+
+
 		lua_pop(luaState, 1);
 	}
 }