diff options
author | Campbell Barton <ideasman42@gmail.com> | 2015-01-19 16:58:32 +0300 |
---|---|---|
committer | Campbell Barton <ideasman42@gmail.com> | 2015-01-19 16:58:32 +0300 |
commit | 45dfb3b74231dcaffcc8677435488b6eb18132de (patch) | |
tree | 6804c28796d17e83967c09d655c5e1ef5f8b3f7e /source/blender/blenkernel/intern/blender.c | |
parent | 4c74fb24a2b2229d11954c70ad8f29b5c943cd1d (diff) |
Fix for security issue loading blend's
Auto-Execute option could be overridden by opening a startup.blend
Diffstat (limited to 'source/blender/blenkernel/intern/blender.c')
-rw-r--r-- | source/blender/blenkernel/intern/blender.c | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/source/blender/blenkernel/intern/blender.c b/source/blender/blenkernel/intern/blender.c index 96f769587d9..be72fe29d82 100644 --- a/source/blender/blenkernel/intern/blender.c +++ b/source/blender/blenkernel/intern/blender.c @@ -271,6 +271,17 @@ static void setup_app_data(bContext *C, BlendFileData *bfd, const char *filepath BKE_userdef_free(); U = *bfd->user; + + /* Security issue: any blend file could include a USER block. + * + * Currently we load prefs from BLENDER_STARTUP_FILE and later on load BLENDER_USERPREF_FILE, + * to load the preferences defined in the users home dir. + * + * This means we will never accidentally (or maliciously) + * enable scripts auto-execution by loading a '.blend' file. + */ + U.flag |= USER_SCRIPT_AUTOEXEC_DISABLE; + MEM_freeN(bfd->user); } |