Browse Source

Merge pull request #44 from gurneyalex/9.0-unsafe-eval

[SEC] report_xls: fix unsafe eval
pull/51/head
Maxime Chambreuil - http://www.savoirfairelinux.com 9 years ago
parent
commit
1fa32b234f
  1. 2
      report_xls/__openerp__.py
  2. 3
      report_xls/report_xls.py

2
report_xls/__openerp__.py

@ -21,7 +21,7 @@
##############################################################################
{
'name': 'Excel report engine',
'version': '8.0.0.6.0',
'version': '8.0.0.6.1',
'license': 'AGPL-3',
'author': "Noviat,Odoo Community Association (OCA)",
'website': 'http://www.noviat.com',

3
report_xls/report_xls.py

@ -26,6 +26,7 @@ import cStringIO
from datetime import datetime
from openerp.osv.fields import datetime as datetime_field
from openerp.tools import DEFAULT_SERVER_DATETIME_FORMAT
from openerp.tools.safe_eval import safe_eval
import inspect
from types import CodeType
from openerp.report.report_sxw import report_sxw
@ -160,7 +161,7 @@ class report_xls(report_sxw):
row = col_specs[wanted][rowtype][:]
for i in range(len(row)):
if isinstance(row[i], CodeType):
row[i] = eval(row[i], render_space)
row[i] = safe_eval(row[i], render_space)
row.insert(0, wanted)
return row

Loading…
Cancel
Save