From 072e11130a2f96642972b0d4ac7ad2a9cd19fbf2 Mon Sep 17 00:00:00 2001
From: Sebastian Pipping <sebastian@pipping.org>
Date: Wed, 20 Apr 2011 16:42:17 +0200
Subject: [PATCH] Flip default of "Auto Run Python Scripts" to disabled 
 (CVE-2009-3850)

Manual overriding through new parameter -666 is supported
---
 source/blender/blenkernel/intern/blender.c  |   11 ++++++++++-
 source/blender/python/api2_2x/sceneRender.c |    3 ++-
 source/creator/creator.c                    |   14 ++++++++++----
 3 files changed, 22 insertions(+), 6 deletions(-)

diff --git a/source/blender/blenkernel/intern/blender.c b/source/blender/blenkernel/intern/blender.c
index bf208c8..029b7cf 100644
--- a/source/blender/blenkernel/intern/blender.c
+++ b/source/blender/blenkernel/intern/blender.c
@@ -388,7 +388,16 @@ static void setup_app_data(BlendFileData *bfd, char *filename)
 	if (G.f & G_DEBUG) bfd->globalf |= G_DEBUG;
 	else bfd->globalf &= ~G_DEBUG;
 
-	if ((U.flag & USER_DONT_DOSCRIPTLINKS)) bfd->globalf &= ~G_DOSCRIPTLINKS;
+	if (G.f & G_DOSCRIPTLINKS) {
+		/* Blender running in -666 mode */
+		/* NOTE: In background mode U.flag has not been initialized from ~/.B.blend */
+		if (! G.background && (U.flag & USER_DONT_DOSCRIPTLINKS))
+			/* Prefer disabled "Auto Run Python Scripts" over -666 */
+			bfd->globalf &= ~G_DOSCRIPTLINKS;
+	} else {
+		/* Blender NOT running in -666 mode, deny pulling G_DOSCRIPTLINKS in */
+		bfd->globalf &= ~G_DOSCRIPTLINKS;
+	}
 
 	G.f= bfd->globalf;
 
diff --git a/source/blender/python/api2_2x/sceneRender.c b/source/blender/python/api2_2x/sceneRender.c
index 1bf2b75..e34a361 100644
--- a/source/blender/python/api2_2x/sceneRender.c
+++ b/source/blender/python/api2_2x/sceneRender.c
@@ -498,7 +498,8 @@ static PyObject *RenderData_Render( BPy_RenderData * self )
 
 		RE_BlenderFrame(re, G.scene, G.scene->r.cfra);
 
-		BPY_do_all_scripts(SCRIPT_POSTRENDER, 0);
+		if (G.f & G_DOSCRIPTLINKS)
+			BPY_do_all_scripts(SCRIPT_POSTRENDER, 0);
 
 		set_scene_bg( oldsce );
 	}
diff --git a/source/creator/creator.c b/source/creator/creator.c
index a562fc3..994180d 100644
--- a/source/creator/creator.c
+++ b/source/creator/creator.c
@@ -232,7 +232,8 @@ static void print_help(void)
 	printf ("  -nojoystick\tDisable joystick support\n");
 	printf ("  -noglsl\tDisable GLSL shading\n");
 	printf ("  -h\t\tPrint this help text\n");
-	printf ("  -y\t\tDisable automatic python script execution (scriptlinks, pydrivers, pyconstraints, pynodes)\n");
+	printf ("  -666\t\tEnables automatic python script execution (scriptlinks, pydrivers, pyconstraints, pynodes)\n");
+	printf ("  -y\t\tDisable automatic python script execution (scriptlinks, pydrivers, pyconstraints, pynodes) (default)\n");
 	printf ("  -P <filename>\tRun the given Python script (filename or Blender Text)\n");
 #ifdef WIN32
 	printf ("  -R\t\tRegister .blend extension\n");
@@ -366,7 +367,7 @@ int main(int argc, char **argv)
 
 	/* first test for background */
 
-	G.f |= G_DOSCRIPTLINKS; /* script links enabled by default */
+	G.f &= ~G_DOSCRIPTLINKS; /* script links disabled by default */
 
 	for(a=1; a<argc; a++) {
 
@@ -388,6 +389,10 @@ int main(int argc, char **argv)
 			exit(0);
 		}
 
+		if (!strcmp(argv[a], "-666")){
+			G.f |= G_DOSCRIPTLINKS;
+		}
+
 		/* Handle -* switches */
 		else if(argv[a][0] == '-') {
 			switch(argv[a][1]) {
@@ -405,7 +410,7 @@ int main(int argc, char **argv)
 				a= argc;
 				break;
 
-			case 'y':
+			case 'y':  /* NOTE: -y works the exact opposite way in version 2.57! */
 				G.f &= ~G_DOSCRIPTLINKS;
 				break;
 
@@ -680,7 +685,8 @@ int main(int argc, char **argv)
 #endif
 						RE_BlenderAnim(re, G.scene, frame, frame, G.scene->frame_step);
 #ifndef DISABLE_PYTHON
-						BPY_do_all_scripts(SCRIPT_POSTRENDER, 0);
+						if (G.f & G_DOSCRIPTLINKS)
+							BPY_do_all_scripts(SCRIPT_POSTRENDER, 0);
 #endif
 					}
 				} else {
-- 
1.7.5.rc1