[Bf-blender-cvs] [f2df5206987] master: Preferences: disable reading preferences for regular file loading
Campbell Barton
noreply at git.blender.org
Fri Jul 12 07:06:54 CEST 2019
Commit: f2df5206987f691f245c929a7d3b9086d2020c66
Author: Campbell Barton
Date: Fri Jul 12 14:58:37 2019 +1000
Branches: master
https://developer.blender.org/rBf2df5206987f691f245c929a7d3b9086d2020c66
Preferences: disable reading preferences for regular file loading
Although the Auto-Run Python Scripts flag isn't used,
this is still a security risk since exclude paths list is.
Further this isn't what users would expect when loading a file &
only some preferences were being loaded so it's not useful.
===================================================================
M source/blender/windowmanager/intern/wm_files.c
===================================================================
diff --git a/source/blender/windowmanager/intern/wm_files.c b/source/blender/windowmanager/intern/wm_files.c
index ef957fa03c5..d517622645c 100644
--- a/source/blender/windowmanager/intern/wm_files.c
+++ b/source/blender/windowmanager/intern/wm_files.c
@@ -634,7 +634,17 @@ bool WM_file_read(bContext *C, const char *filepath, ReportList *reports)
/* confusing this global... */
G.relbase_valid = 1;
- retval = BKE_blendfile_read(C, filepath, &(const struct BlendFileReadParams){0}, reports);
+ retval = BKE_blendfile_read(
+ C,
+ filepath,
+ /* Loading preferences when the user intended to load a regular file is a security risk,
+ * because the excluded path list is also loaded.
+ * Further it's just confusing if a user loads a file and various preferences change. */
+ &(const struct BlendFileReadParams){
+ .is_startup = false,
+ .skip_flags = BLO_READ_SKIP_USERDEF,
+ },
+ reports);
/* BKE_file_read sets new Main into context. */
Main *bmain = CTX_data_main(C);
More information about the Bf-blender-cvs
mailing list