From 0afe80fa2fd25132f16b3e2a6a31385df32cf00f Mon Sep 17 00:00:00 2001
From: Josh Yelon <jyelon@gmail.com>
Date: Sun, 28 Feb 2021 16:39:37 -0500
Subject: [PATCH] Nuke function 'loadfile' for sandboxing reasons'

---
 luprex/core/cpp/source.cpp | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/luprex/core/cpp/source.cpp b/luprex/core/cpp/source.cpp
index 2a51fdf1..76fd5730 100644
--- a/luprex/core/cpp/source.cpp
+++ b/luprex/core/cpp/source.cpp
@@ -70,14 +70,18 @@ static void load_builtin_class(lua_State *L, const char *name, lua_CFunction fun
 }
 
 static void source_install_builtins(lua_State *L) {
-    LuaVar nullstring, stringclass;
-    LuaStack LS(L, nullstring, stringclass);
+    LuaVar nullstring, stringclass, globtab;
+    LuaStack LS(L, nullstring, stringclass, globtab);
     luaopen_base(L);
     load_builtin_class(L, "table", luaopen_table);
     load_builtin_class(L, "string", luaopen_string);
     load_builtin_class(L, "math", luaopen_math);
     load_builtin_class(L, "debug", luaopen_debug);
 
+    // Nuke a few of the builtin functions for sandboxing reasons.
+    LS.getglobaltable(globtab);
+    LS.rawset(globtab, "loadfile", LuaNil);
+    
     // Set the metatable for strings.
     // Normally, this would be done by luaopen_string, but we're
     // messing with the tables so we have to redo it.