From b5a6904c4ac4049823396090360b6f566f4e4603 Mon Sep 17 00:00:00 2001
From: oobabooga <112222186+oobabooga@users.noreply.github.com>
Date: Tue, 14 Oct 2025 20:42:37 -0700
Subject: [PATCH] Make --trust-remote-code immutable from the UI/API

---
 modules/loaders.py             | 3 ---
 modules/shared.py              | 9 ++++++++-
 modules/transformers_loader.py | 6 +++---
 modules/ui.py                  | 1 -
 modules/ui_model_menu.py       | 1 -
 5 files changed, 11 insertions(+), 9 deletions(-)

diff --git a/modules/loaders.py b/modules/loaders.py
index fe982ab5..609a54c6 100644
--- a/modules/loaders.py
+++ b/modules/loaders.py
@@ -45,7 +45,6 @@ loaders_and_params = OrderedDict({
         'disk',
         'use_double_quant',
         'bf16',
-        'trust_remote_code',
         'no_use_fast',
     ],
     'ExLlamav3_HF': [
@@ -53,7 +52,6 @@ loaders_and_params = OrderedDict({
         'cache_type',
         'gpu_split',
         'cfg_cache',
-        'trust_remote_code',
         'no_use_fast',
         'enable_tp',
         'tp_backend',
@@ -82,7 +80,6 @@ loaders_and_params = OrderedDict({
         'no_xformers',
         'no_sdpa',
         'cfg_cache',
-        'trust_remote_code',
         'no_use_fast',
     ],
     'ExLlamav2': [
diff --git a/modules/shared.py b/modules/shared.py
index af26f185..e54ba654 100644
--- a/modules/shared.py
+++ b/modules/shared.py
@@ -174,6 +174,7 @@ if cmd_flags_path.exists():
 
 
 args = parser.parse_args()
+original_args = copy.deepcopy(args)
 args_defaults = parser.parse_args([])
 
 # Create a mapping of all argument aliases to their canonical names
@@ -295,7 +296,13 @@ default_settings = copy.deepcopy(settings)
 def do_cmd_flags_warnings():
     # Security warnings
     if args.trust_remote_code:
-        logger.warning('trust_remote_code is enabled. This is dangerous.')
+        logger.warning(
+            "The `--trust-remote-code` flag is enabled.\n"
+            "This allows models to execute arbitrary code on your machine.\n\n"
+            "1. Only use with models from sources you fully trust.\n"
+            "2. Set an access password with `--gradio-auth`."
+        )
+
     if 'COLAB_GPU' not in os.environ and not args.nowebui:
         if args.share:
             logger.warning("The gradio \"share link\" feature uses a proprietary executable to create a reverse tunnel. Use it with care.")
diff --git a/modules/transformers_loader.py b/modules/transformers_loader.py
index 7866f448..f1af1299 100644
--- a/modules/transformers_loader.py
+++ b/modules/transformers_loader.py
@@ -123,7 +123,7 @@ def load_tokenizer(model_name, tokenizer_dir=None):
 
         tokenizer = AutoTokenizer.from_pretrained(
             path_to_model,
-            trust_remote_code=shared.args.trust_remote_code,
+            trust_remote_code=shared.original_args.trust_remote_code,
             use_fast=not shared.args.no_use_fast
         )
 
@@ -140,13 +140,13 @@ def load_model_HF(model_name):
         'torch_dtype': torch.bfloat16 if shared.args.bf16 else torch.float16,
     }
 
-    if shared.args.trust_remote_code:
+    if shared.original_args.trust_remote_code:
         params['trust_remote_code'] = True
 
     if shared.args.force_safetensors:
         params['force_safetensors'] = True
 
-    config = AutoConfig.from_pretrained(path_to_model, trust_remote_code=shared.args.trust_remote_code)
+    config = AutoConfig.from_pretrained(path_to_model, trust_remote_code=shared.original_args.trust_remote_code)
 
     if 'chatglm' in model_name.lower():
         LoaderClass = AutoModel
diff --git a/modules/ui.py b/modules/ui.py
index 12f43768..76533767 100644
--- a/modules/ui.py
+++ b/modules/ui.py
@@ -160,7 +160,6 @@ def list_model_elements():
         'no_sdpa',
         'cfg_cache',
         'cpp_runner',
-        'trust_remote_code',
         'no_use_fast',
         'model_draft',
         'draft_max',
diff --git a/modules/ui_model_menu.py b/modules/ui_model_menu.py
index 729700d4..50ada9f9 100644
--- a/modules/ui_model_menu.py
+++ b/modules/ui_model_menu.py
@@ -57,7 +57,6 @@ def create_ui():
                             shared.gradio['autosplit'] = gr.Checkbox(label="autosplit", value=shared.args.autosplit, info='Automatically split the model tensors across the available GPUs.')
                             shared.gradio['enable_tp'] = gr.Checkbox(label="enable_tp", value=shared.args.enable_tp, info='Enable tensor parallelism (TP).')
                             shared.gradio['cpp_runner'] = gr.Checkbox(label="cpp-runner", value=shared.args.cpp_runner, info='Enable inference with ModelRunnerCpp, which is faster than the default ModelRunner.')
-                            shared.gradio['trust_remote_code'] = gr.Checkbox(label="trust-remote-code", value=shared.args.trust_remote_code, info='Set trust_remote_code=True while loading the tokenizer/model. To enable this option, start the web UI with the --trust-remote-code flag.', interactive=shared.args.trust_remote_code)
                             shared.gradio['tensorrt_llm_info'] = gr.Markdown('* TensorRT-LLM has to be installed manually in a separate Python 3.10 environment at the moment. For a guide, consult the description of [this PR](https://github.com/oobabooga/text-generation-webui/pull/5715). \n\n* `ctx_size` is only used when `cpp-runner` is checked.\n\n* `cpp_runner` does not support streaming at the moment.')
 
                             # Multimodal