diff -Npur blender-2.60a.orig/source/blender/blenkernel/intern/blender.c blender-2.60a/source/blender/blenkernel/intern/blender.c --- blender-2.60a.orig/source/blender/blenkernel/intern/blender.c 2011-11-09 20:56:11.905602401 +0100 +++ blender-2.60a/source/blender/blenkernel/intern/blender.c 2011-11-09 20:56:42.827601857 +0100 @@ -145,6 +145,7 @@ void initglobals(void) G.f |= G_SCRIPT_AUTOEXEC; #else G.f &= ~G_SCRIPT_AUTOEXEC; + G.f |= G_SCRIPT_OVERRIDE_PREF; /* Disables turning G_SCRIPT_AUTOEXEC on from user prefs */ #endif } diff -Npur blender-2.60a.orig/source/blender/makesrna/intern/rna_userdef.c blender-2.60a/source/blender/makesrna/intern/rna_userdef.c --- blender-2.60a.orig/source/blender/makesrna/intern/rna_userdef.c 2011-11-09 20:56:12.003602399 +0100 +++ blender-2.60a/source/blender/makesrna/intern/rna_userdef.c 2011-11-09 21:02:43.204595484 +0100 @@ -116,9 +116,17 @@ static void rna_userdef_show_manipulator static void rna_userdef_script_autoexec_update(Main *UNUSED(bmain), Scene *UNUSED(scene), PointerRNA *ptr) { - UserDef *userdef = (UserDef*)ptr->data; - if (userdef->flag & USER_SCRIPT_AUTOEXEC_DISABLE) G.f &= ~G_SCRIPT_AUTOEXEC; - else G.f |= G_SCRIPT_AUTOEXEC; + if ((G.f & G_SCRIPT_OVERRIDE_PREF) == 0) { + /* Blender run with --enable-autoexec */ + UserDef *userdef = (UserDef*)ptr->data; + if (userdef->flag & USER_SCRIPT_AUTOEXEC_DISABLE) G.f &= ~G_SCRIPT_AUTOEXEC; + else G.f |= G_SCRIPT_AUTOEXEC; + } +} + +static int rna_userdef_script_autoexec_editable(Main *bmain, Scene *scene, PointerRNA *ptr) { + /* Disable "Auto Run Python Scripts" checkbox unless Blender run with --enable-autoexec */ + return !(G.f & G_SCRIPT_OVERRIDE_PREF); } static void rna_userdef_mipmap_update(Main *bmain, Scene *scene, PointerRNA *ptr) @@ -2630,6 +2638,8 @@ static void rna_def_userdef_system(Blend "Allow any .blend file to run scripts automatically " "(unsafe with blend files from an untrusted source)"); RNA_def_property_update(prop, 0, "rna_userdef_script_autoexec_update"); + /* Disable "Auto Run Python Scripts" checkbox unless Blender run with --enable-autoexec */ + RNA_def_property_editable_func(prop, "rna_userdef_script_autoexec_editable"); prop= RNA_def_property(srna, "use_tabs_as_spaces", PROP_BOOLEAN, PROP_NONE); RNA_def_property_boolean_negative_sdna(prop, NULL, "flag", USER_TXT_TABSTOSPACES_DISABLE); diff -Npur blender-2.60a.orig/source/blender/windowmanager/intern/wm_files.c blender-2.60a/source/blender/windowmanager/intern/wm_files.c --- blender-2.60a.orig/source/blender/windowmanager/intern/wm_files.c 2011-11-09 20:56:12.458602413 +0100 +++ blender-2.60a/source/blender/windowmanager/intern/wm_files.c 2011-11-09 21:05:16.768592770 +0100 @@ -285,12 +285,17 @@ static void wm_init_userdef(bContext *C) /* set the python auto-execute setting from user prefs */ /* enabled by default, unless explicitly enabled in the command line which overrides */ - if((G.f & G_SCRIPT_OVERRIDE_PREF) == 0) { + if (! G.background && ((G.f & G_SCRIPT_OVERRIDE_PREF) == 0)) { + /* Blender run with --enable-autoexec */ if ((U.flag & USER_SCRIPT_AUTOEXEC_DISABLE) == 0) G.f |= G_SCRIPT_AUTOEXEC; else G.f &= ~G_SCRIPT_AUTOEXEC; } /* update tempdir from user preferences */ BLI_where_is_temp(btempdir, FILE_MAX, 1); + + /* Workaround to fix default of "Auto Run Python Scripts" checkbox */ + if ((G.f & G_SCRIPT_OVERRIDE_PREF) && !(G.f & G_SCRIPT_AUTOEXEC)) + U.flag |= USER_SCRIPT_AUTOEXEC_DISABLE; } diff -Npur blender-2.60a.orig/source/blender/windowmanager/intern/wm_operators.c blender-2.60a/source/blender/windowmanager/intern/wm_operators.c --- blender-2.60a.orig/source/blender/windowmanager/intern/wm_operators.c 2011-11-09 20:56:12.458602413 +0100 +++ blender-2.60a/source/blender/windowmanager/intern/wm_operators.c 2011-11-09 21:07:09.746590772 +0100 @@ -1583,12 +1583,13 @@ static int wm_open_mainfile_exec(bContex G.fileflags &= ~G_FILE_NO_UI; else G.fileflags |= G_FILE_NO_UI; - - if(RNA_boolean_get(op->ptr, "use_scripts")) + + /* Restrict "Trusted Source" mode to Blender in --enable-autoexec mode */ + if(RNA_boolean_get(op->ptr, "use_scripts") && (!(G.f & G_SCRIPT_OVERRIDE_PREF))) G.f |= G_SCRIPT_AUTOEXEC; else G.f &= ~G_SCRIPT_AUTOEXEC; - + // XXX wm in context is not set correctly after WM_read_file -> crash // do it before for now, but is this correct with multiple windows? WM_event_add_notifier(C, NC_WINDOW, NULL); @@ -1600,6 +1601,8 @@ static int wm_open_mainfile_exec(bContex static void WM_OT_open_mainfile(wmOperatorType *ot) { + PropertyRNA * use_scripts_checkbox = NULL; + ot->name= "Open Blender File"; ot->idname= "WM_OT_open_mainfile"; ot->description="Open a Blender file"; @@ -1611,7 +1614,12 @@ static void WM_OT_open_mainfile(wmOperat WM_operator_properties_filesel(ot, FOLDERFILE|BLENDERFILE, FILE_BLENDER, FILE_OPENFILE, WM_FILESEL_FILEPATH); RNA_def_boolean(ot->srna, "load_ui", 1, "Load UI", "Load user interface setup in the .blend file"); - RNA_def_boolean(ot->srna, "use_scripts", 1, "Trusted Source", "Allow blend file execute scripts automatically, default available from system preferences"); + use_scripts_checkbox = RNA_def_boolean(ot->srna, "use_scripts", + !!(G.f & G_SCRIPT_AUTOEXEC), "Trusted Source", + "Allow blend file execute scripts automatically, default available from system preferences"); + /* Disable "Trusted Source" checkbox unless Blender run with --enable-autoexec */ + if (use_scripts_checkbox && (G.f & G_SCRIPT_OVERRIDE_PREF)) + RNA_def_property_clear_flag(use_scripts_checkbox, PROP_EDITABLE); } /* **************** link/append *************** */ diff -Npur blender-2.60a.orig/source/creator/creator.c blender-2.60a/source/creator/creator.c --- blender-2.60a.orig/source/creator/creator.c 2011-11-09 20:56:11.899602401 +0100 +++ blender-2.60a/source/creator/creator.c 2011-11-09 21:17:22.278579932 +0100 @@ -258,6 +258,7 @@ static int print_help(int UNUSED(argc), printf("\n"); + BLI_argsPrintArgDoc(ba, "-666"); BLI_argsPrintArgDoc(ba, "--enable-autoexec"); BLI_argsPrintArgDoc(ba, "--disable-autoexec"); @@ -326,14 +327,14 @@ static int end_arguments(int UNUSED(argc static int enable_python(int UNUSED(argc), const char **UNUSED(argv), void *UNUSED(data)) { G.f |= G_SCRIPT_AUTOEXEC; - G.f |= G_SCRIPT_OVERRIDE_PREF; + G.f &= ~G_SCRIPT_OVERRIDE_PREF; /* Enables turning G_SCRIPT_AUTOEXEC off from user prefs */ return 0; } static int disable_python(int UNUSED(argc), const char **UNUSED(argv), void *UNUSED(data)) { G.f &= ~G_SCRIPT_AUTOEXEC; - G.f |= G_SCRIPT_OVERRIDE_PREF; + G.f |= G_SCRIPT_OVERRIDE_PREF; /* Disables turning G_SCRIPT_AUTOEXEC on from user prefs */ return 0; } @@ -1055,8 +1056,9 @@ static void setupArguments(bContext *C, # define PY_DISABLE_AUTO ", (compiled as non-standard default)" #endif - BLI_argsAdd(ba, 1, "-y", "--enable-autoexec", "\n\tEnable automatic python script execution" PY_ENABLE_AUTO, enable_python, NULL); - BLI_argsAdd(ba, 1, "-Y", "--disable-autoexec", "\n\tDisable automatic python script execution (pydrivers, pyconstraints, pynodes)" PY_DISABLE_AUTO, disable_python, NULL); + BLI_argsAdd(ba, 1, NULL, "-666", "\n\tEnable automatic python script execution (port from CVE-2009-3850 patch to Blender 2.60a)" PY_ENABLE_AUTO, enable_python, NULL); + BLI_argsAdd(ba, 1, "-y", "--enable-autoexec", "\n\tEnable automatic python script execution" PY_ENABLE_AUTO, enable_python, NULL); + BLI_argsAdd(ba, 1, "-Y", "--disable-autoexec", "\n\tDisable automatic python script execution (pydrivers, pyconstraints, pynodes)" PY_DISABLE_AUTO, disable_python, NULL); #undef PY_ENABLE_AUTO #undef PY_DISABLE_AUTO