CMake build option for security report: CVE-2009-3850
[blender-staging.git] / source / blender / windowmanager / intern / wm_files.c
index f5fe98ae4d447f633874d13c9b9f847bfffc2873..05cf71fcd8325e5df88e6ca4c25937451e1033dc 100644 (file)
@@ -418,6 +418,12 @@ int WM_read_homefile(bContext *C, ReportList *reports, short from_memory)
        if(success==0) {
                success = BKE_read_file_from_memory(C, datatoc_startup_blend, datatoc_startup_blend_size, NULL);
                if (wmbase.first == NULL) wm_clear_default_size(C);
+
+#ifdef WITH_PYTHON_SECURITY /* not default */
+               /* use alternative setting for security nuts
+                * otherwise we'd need to patch the binary blob - startup.blend.c */
+               U.flag |= USER_SCRIPT_AUTOEXEC_DISABLE;
+#endif
        }
        
        /* prevent buggy files that had G_FILE_RELATIVE_REMAP written out by mistake. Screws up autosaves otherwise