engine: common: allow cvar substituion in privileged mode only to prevent leaking sensitive data

2 years ago · cb0f513bf0
1 changed files with 1 additions and 1 deletions
--- a/engine/common/cmd.c
+++ b/engine/common/cmd.c
@ -984,7 +984,7 @@ static void Cmd_ExecuteStringWithPrivilegeCheck( const char *text, qboolean isPr
				@@ -984,7 +984,7 @@ static void Cmd_ExecuteStringWithPrivilegeCheck( const char *text, qboolean isPr
 	cmd_condlevel = 0;

 	// cvar value substitution
-	if( CVAR_TO_BOOL( cmd_scripting ))
+	if( CVAR_TO_BOOL( cmd_scripting ) && isPrivileged )
 	{
 		while( *text )
 		{