Security issue: GUI file access, protected config values, and mods
|Reported by:||wraitii||Owned by:||Silier|
|Priority:||Must Have||Milestone:||Alpha 27|
As discussed on IRC.
We have protected config entries that can't be used by JS, such as
userreport.id. However, the gui can just `Engine.ReadFile('config/user.cfg') and get that data anyways.
Further, WriteJSONFile can overwrite any file.
These all seem like problems, particularly since we do prevent some access in the simulation ReadJSONFile for example.