mirror of
https://github.com/wesnoth/wesnoth
synced 2025-05-01 10:50:42 +00:00
21999b1fc9
Like @gfgtdf pointed out, loadstring() is still supported by Lua in the name of backwards compatibility, even though it was deprecated in Lua 5.2 and is no longer mentioned in Lua manual. Thus, as of committing this it's actually possible to load Lua bytecode. Let's unit test this to ensure that we don't reintroduce this vulnerability. (cherry-picked from commit aa73b836009ca98cade2d0dfca6b99cbf8d19e76)