This issue would be less problematic if new versions of blender would read preferences set from older versions. Currently in my experience all preferences have to be re-set after each new version download. Which means if you turn off "auto load scripts" it only stays off until the next download.
On Tue, Jun 4, 2013 at 2:15 PM, Brecht Van Lommel < brechtvanlom...@pandora.be> wrote: > Regarding implementation of a popup: if it is desired, you could load > the file with scripts disabled, and then in the info header have a > warning and button to reload the file with scripts enabled. That's > nicely non-modal too. > This seems like quite an elegant blender-esq option. It does appear this is a vulnerability in other popular 3d modeling tools... I believe the attack surface area of blender may be worse than Maya or 3ds, as blender is a free download. However, it's probably comparable to DAZ studio, which is also free and also has this vulnerability. http://www.coresecurity.com/content/blender-scripting-injection http://www.coresecurity.com/content/maya-arbitrary-command-execution http://www.coresecurity.com/content/3dsmax-arbitrary-command-execution http://www.coresecurity.com/content/dazstudio-scripting-injection It might be worth adding this comparison information to the FAQ. _______________________________________________ Bf-committers mailing list Bf-committers@blender.org http://lists.blender.org/mailman/listinfo/bf-committers