diff --git a/engine/client/cl_game.c b/engine/client/cl_game.c
index 7a2493f7..c5e260bf 100644
--- a/engine/client/cl_game.c
+++ b/engine/client/cl_game.c
@@ -1754,8 +1754,17 @@ static int GAME_EXPORT pfnFilteredClientCmd( const char *szCmdString )
 	if( !COM_CheckString( szCmdString ))
 		return 0;
 
+	// a1ba:
+	// there should be stufftext validator, that checks
+	// hardcoded commands and disallows them before passing to
+	// filtered buffer, returning 0
+	// I've replaced it by hooking potentially exploitable
+	// commands and variables(motd_write, motdfile, etc) in client interfaces
+
 	Cbuf_AddFilteredText( szCmdString );
 	Cbuf_AddFilteredText( "\n" );
+
+	return 1;
 }
 
 /*
diff --git a/engine/common/cvar.c b/engine/common/cvar.c
index 89584bad..48a3d6e9 100644
--- a/engine/common/cvar.c
+++ b/engine/common/cvar.c
@@ -769,21 +769,12 @@ static qboolean Cvar_ShouldSetCvar( convar_t *v, qboolean isPrivileged )
 	if( isPrivileged )
 		return true;
 
-	// TODO: figure this out
-	//if( v->flags & FCVAR_SERVER )
-	//	return false;
+	if( v->flags & FCVAR_LOCALONLY )
+		return false;
 
 	if( cl_filterstuffcmd.value <= 0.0f )
 		return true;
 
-	// TODO: figure this out too
-	//if( v->flags & FCVAR_EXTDLL )
-	//	return false;
-
-	// a1ba: xash3d-fwgs extension
-	if( v->flags & FCVAR_LOCALONLY )
-		return false;
-
 	for( i = 0; i < ARRAYSIZE( prefixes ); i++ )
 	{
 		if( Q_stricmp( v->name, prefixes[i] ))