Merge pull request #348 from gurneyalex/9.0-safe-eval

security: use safe_eval
2025-02-02 12:47:26 +02:00 · 2016-02-10 08:28:03 +01:00
parent 2e579af684 cd17504ea7
commit 9040b9752e
3 changed files with 6 additions and 4 deletions
--- a/account_move_line_search_extension/ir_actions.py
+++ b/account_move_line_search_extension/ir_actions.py
@@ -21,6 +21,7 @@
 ##############################################################################

 from openerp import models
+from openerp.tools.safe_eval import safe_eval


 class ir_actions_act_window(models.Model):
@@ -59,7 +60,7 @@ class ir_actions_act_window(models.Model):
        if ids == [self._amlse_act_id]:
            amlse_act = res[0]
            if amlse_act.get('context'):
-                act_ctx = eval(amlse_act['context'])
+                act_ctx = safe_eval(amlse_act['context'])
                act_ctx.update(self._amlse_add_groups(cr, uid, context))
                amlse_act['context'] = str(act_ctx)
        return res
--- a/account_move_template/account_document_template.py
+++ b/account_move_template/account_document_template.py
@@ -21,7 +21,7 @@
 ##############################################################################

 from openerp import models, fields, api, exceptions, _
-from openerp.tools.safe_eval import safe_eval as eval
+from openerp.tools.safe_eval import safe_eval
 from functools import partial
 import re

@@ -66,7 +66,7 @@ class AccountDocumentTemplate(models.Model):
            )
        try:
            recurse_lines = partial(self.lines, computed_lines=computed_lines)
-            computed_lines[line_number] = eval(
+            computed_lines[line_number] = safe_eval(
                line.python_code.replace('L', 'recurse_lines'),
                locals_dict={'recurse_lines': recurse_lines}
            )
--- a/account_tax_chart_interval/wizard/account_tax_chart.py
+++ b/account_tax_chart_interval/wizard/account_tax_chart.py
@@ -4,6 +4,7 @@
 ##############################################################################

 from openerp import models, fields, api
+from openerp.tools.safe_eval import safe_eval


 class AccountTaxChart(models.TransientModel):
@@ -33,7 +34,7 @@ class AccountTaxChart(models.TransientModel):
    @api.multi
    def account_tax_chart_open_window(self):
        res = super(AccountTaxChart, self).account_tax_chart_open_window()
-        res['context'] = eval(res['context'])
+        res['context'] = safe_eval(res['context'])
        if self.fiscalyear_id:
            res['context']['fiscalyear_id'] = self.fiscalyear_id.id
        if self.period_from and self.period_to: