From a3f990818d649d16c0a26be4e18845d540875af8 Mon Sep 17 00:00:00 2001
From: antirez <antirez@gmail.com>
Date: Mon, 23 Apr 2012 10:43:24 +0200
Subject: [PATCH] Remove loadfile() access from the scripting engine.

---
 src/scripting.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/src/scripting.c b/src/scripting.c
index 4c7de33bf..a5f5683e1 100644
--- a/src/scripting.c
+++ b/src/scripting.c
@@ -412,6 +412,13 @@ void luaLoadLibraries(lua_State *lua) {
 #endif
 }
 
+/* Remove a functions that we don't want to expose to the Redis scripting
+ * environment. */
+void luaRemoveUnsupportedFunctions(lua_State *lua) {
+    lua_pushnil(lua);
+    lua_setglobal(lua,"loadfile");
+}
+
 /* This function installs metamethods in the global table _G that prevent
  * the creation of globals accidentally.
  *
@@ -455,7 +462,9 @@ void scriptingEnableGlobalsProtection(lua_State *lua) {
  * See scriptingReset() for more information. */
 void scriptingInit(void) {
     lua_State *lua = lua_open();
+
     luaLoadLibraries(lua);
+    luaRemoveUnsupportedFunctions(lua);
 
     /* Initialize a dictionary we use to map SHAs to scripts.
      * This is useful for replication, as we need to replicate EVALSHA