Commit: 45dfb3b74231dcaffcc8677435488b6eb18132de Author: Campbell Barton Date: Tue Jan 20 00:58:32 2015 +1100 Branches: master https://developer.blender.org/rB45dfb3b74231dcaffcc8677435488b6eb18132de
Fix for security issue loading blend's Auto-Execute option could be overridden by opening a startup.blend =================================================================== M source/blender/blenkernel/intern/blender.c =================================================================== diff --git a/source/blender/blenkernel/intern/blender.c b/source/blender/blenkernel/intern/blender.c index 96f7695..be72fe2 100644 --- a/source/blender/blenkernel/intern/blender.c +++ b/source/blender/blenkernel/intern/blender.c @@ -271,6 +271,17 @@ static void setup_app_data(bContext *C, BlendFileData *bfd, const char *filepath BKE_userdef_free(); U = *bfd->user; + + /* Security issue: any blend file could include a USER block. + * + * Currently we load prefs from BLENDER_STARTUP_FILE and later on load BLENDER_USERPREF_FILE, + * to load the preferences defined in the users home dir. + * + * This means we will never accidentally (or maliciously) + * enable scripts auto-execution by loading a '.blend' file. + */ + U.flag |= USER_SCRIPT_AUTOEXEC_DISABLE; + MEM_freeN(bfd->user); } _______________________________________________ Bf-blender-cvs mailing list Bf-blender-cvs@blender.org http://lists.blender.org/mailman/listinfo/bf-blender-cvs