@@ -, +, @@ 

 --enable-autoexec|-y|-666  (CVE-2009-3850)

 source/blender/blenkernel/intern/blender.c     |    3 ++-

 source/blender/makesrna/intern/rna_userdef.c   |    9 ++++++---

 source/blender/windowmanager/intern/wm_files.c |    3 ++-

 source/creator/creator.c                       |   10 ++++++----

 4 files changed, 16 insertions(+), 9 deletions(-)

--- a/source/blender/blenkernel/intern/blender.c	

+++ a/source/blender/blenkernel/intern/blender.c	

@@ -141,7 +141,8 @@ void initglobals(void)

 	G.charmin = 0x0000;

 	G.charmax = 0xffff;

-	G.f |= G_SCRIPT_AUTOEXEC;

+	G.f &= ~G_SCRIPT_AUTOEXEC;

+	G.f |= G_SCRIPT_OVERRIDE_PREF;  /* Disables turning G_SCRIPT_AUTOEXEC on from user prefs */

 }

 /***/

--- a/source/blender/makesrna/intern/rna_userdef.c	

+++ a/source/blender/makesrna/intern/rna_userdef.c	

@@ -99,9 +99,12 @@ static void rna_userdef_show_manipulator_update(Main *bmain, Scene *scene, Point

 static void rna_userdef_script_autoexec_update(Main *bmain, Scene *scene, PointerRNA *ptr)

 {

-	UserDef *userdef = (UserDef*)ptr->data;

-	if (userdef->flag & USER_SCRIPT_AUTOEXEC_DISABLE)	G.f &= ~G_SCRIPT_AUTOEXEC;

-	else												G.f |=  G_SCRIPT_AUTOEXEC;

+	if ((G.f & G_SCRIPT_OVERRIDE_PREF) == 0) {

+		/* Blender run with --enable-autoexec */

+		UserDef *userdef = (UserDef*)ptr->data;

+		if (userdef->flag & USER_SCRIPT_AUTOEXEC_DISABLE)	G.f &= ~G_SCRIPT_AUTOEXEC;

+		else												G.f |=  G_SCRIPT_AUTOEXEC;

+	}

 }

 static void rna_userdef_mipmap_update(Main *bmain, Scene *scene, PointerRNA *ptr)

--- a/source/blender/windowmanager/intern/wm_files.c	

+++ a/source/blender/windowmanager/intern/wm_files.c	

@@ -270,7 +270,8 @@ static void wm_init_userdef(bContext *C)

 	/* set the python auto-execute setting from user prefs */

 	/* enabled by default, unless explicitly enabled in the command line which overrides */

-	if((G.f & G_SCRIPT_OVERRIDE_PREF) == 0) {

+	if (! G.background && ((G.f & G_SCRIPT_OVERRIDE_PREF) == 0)) {

+		/* Blender run with --enable-autoexec */

 		if ((U.flag & USER_SCRIPT_AUTOEXEC_DISABLE) == 0) G.f |=  G_SCRIPT_AUTOEXEC;

 		else											  G.f &= ~G_SCRIPT_AUTOEXEC;

 	}

--- a/source/creator/creator.c	

+++ a/source/creator/creator.c	

@@ -278,6 +278,7 @@ static int print_help(int UNUSED(argc), const char **UNUSED(argv), void *data)

 	printf("\n");

+	BLI_argsPrintArgDoc(ba, "-666");

 	BLI_argsPrintArgDoc(ba, "--enable-autoexec");

 	BLI_argsPrintArgDoc(ba, "--disable-autoexec");

@@ -359,14 +360,14 @@ static int end_arguments(int UNUSED(argc), const char **UNUSED(argv), void *UNUS

 static int enable_python(int UNUSED(argc), const char **UNUSED(argv), void *UNUSED(data))

 {

 	G.f |= G_SCRIPT_AUTOEXEC;

-	G.f |= G_SCRIPT_OVERRIDE_PREF;

+	G.f &= ~G_SCRIPT_OVERRIDE_PREF;  /* Enables turning G_SCRIPT_AUTOEXEC off from user prefs */

 	return 0;

 }

 static int disable_python(int UNUSED(argc), const char **UNUSED(argv), void *UNUSED(data))

 {

 	G.f &= ~G_SCRIPT_AUTOEXEC;

-	G.f |= G_SCRIPT_OVERRIDE_PREF;

+	G.f |= G_SCRIPT_OVERRIDE_PREF;  /* Disables turning G_SCRIPT_AUTOEXEC on from user prefs */

 	return 0;

 }

@@ -1075,8 +1076,9 @@ static void setupArguments(bContext *C, bArgs *ba, SYS_SystemHandle *syshandle)

 	BLI_argsAdd(ba, 1, "-v", "--version", "\n\tPrint Blender version and exit", print_version, NULL);

-	BLI_argsAdd(ba, 1, "-y", "--enable-autoexec", "\n\tEnable automatic python script execution (default)", enable_python, NULL);

-	BLI_argsAdd(ba, 1, "-Y", "--disable-autoexec", "\n\tDisable automatic python script execution (pydrivers, pyconstraints, pynodes)", disable_python, NULL);

+	BLI_argsAdd(ba, 1, NULL, "-666", "\n\tEnable automatic python script execution (port from CVE-2009-3850 patch to Blender 2.49b)", enable_python, NULL);

+	BLI_argsAdd(ba, 1, "-y", "--enable-autoexec", "\n\tEnable automatic python script execution", enable_python, NULL);

+	BLI_argsAdd(ba, 1, "-Y", "--disable-autoexec", "\n\tDisable automatic python script execution (pydrivers, pyconstraints, pynodes) (default)", disable_python, NULL);

 	BLI_argsAdd(ba, 1, "-b", "--background", "<file>\n\tLoad <file> in background (often used for UI-less rendering)", background_mode, NULL);