From cb0f513bf0bd3198d657a37a5d6b5e8c0d0e9f51 Mon Sep 17 00:00:00 2001 From: Alibek Omarov Date: Mon, 12 Dec 2022 08:14:01 +0300 Subject: [PATCH] engine: common: allow cvar substituion in privileged mode only to prevent leaking sensitive data --- engine/common/cmd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/engine/common/cmd.c b/engine/common/cmd.c index 9eeb1c68..02775d63 100644 --- a/engine/common/cmd.c +++ b/engine/common/cmd.c @@ -984,7 +984,7 @@ static void Cmd_ExecuteStringWithPrivilegeCheck( const char *text, qboolean isPr cmd_condlevel = 0; // cvar value substitution - if( CVAR_TO_BOOL( cmd_scripting )) + if( CVAR_TO_BOOL( cmd_scripting ) && isPrivileged ) { while( *text ) {