Only give necessary permissions to new pause menu env

src/script/scripting_mainmenu.h

@@ -40,8 +40,7 @@ public:
 
 protected:
 	bool checkPathInternal(const std::string &abs_path, bool write_required,
-			bool *write_allowed) override
-	{
+		bool *write_allowed) override {
 		return checkPathAccess(abs_path, write_required, write_allowed);
 	}
 

src/script/scripting_pause_menu.cpp

@@ -50,6 +50,18 @@ void PauseMenuScripting::initializeModApi(lua_State *L, int top)
 
 void PauseMenuScripting::loadBuiltin()
 {
-	loadScript(porting::path_share + DIR_DELIM + "builtin" + DIR_DELIM + "init.lua");
+	loadScript(porting::path_share + DIR_DELIM "builtin" DIR_DELIM "init.lua");
 	checkSetByBuiltin();
 }
+
+bool PauseMenuScripting::checkPathInternal(const std::string &abs_path, bool write_required,
+		bool *write_allowed)
+{
+	// NOTE: The pause menu env is on the same level of trust as the mainmenu env.
+	// However, since it doesn't need anything else at the moment, there's no
+	// reason to give it access to anything else.
+
+	std::string path_share = fs::AbsolutePathPartial(porting::path_share);
+	return !write_required &&
+			fs::PathStartsWith(abs_path, path_share + DIR_DELIM "builtin");
+}

src/script/scripting_pause_menu.h

@@ -8,7 +8,6 @@
 #include "cpp_api/s_client_common.h"
 #include "cpp_api/s_pause_menu.h"
 #include "cpp_api/s_security.h"
-#include "scripting_mainmenu.h"
 
 class PauseMenuScripting:
 		virtual public ScriptApiBase,
@@ -22,10 +21,7 @@ public:
 
 protected:
 	bool checkPathInternal(const std::string &abs_path, bool write_required,
-			bool *write_allowed) override
-	{
-		return MainMenuScripting::checkPathAccess(abs_path, write_required, write_allowed);
-	}
+			bool *write_allowed) override;
 
 private:
 	void initializeModApi(lua_State *L, int top);