From 3142b9604ae5f262ecbf27f2597a8e4ad320e84e Mon Sep 17 00:00:00 2001 From: mreficent Date: Mon, 25 Jun 2018 16:14:50 +0200 Subject: [PATCH] [FIX] mogrify doesn't allow dicts --- sql_request_abstract/__manifest__.py | 2 +- sql_request_abstract/models/sql_request_mixin.py | 8 ++++++-- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/sql_request_abstract/__manifest__.py b/sql_request_abstract/__manifest__.py index 0cb8c4c92..fa3382d96 100644 --- a/sql_request_abstract/__manifest__.py +++ b/sql_request_abstract/__manifest__.py @@ -5,7 +5,7 @@ { 'name': 'SQL Request Abstract', - 'version': '10.0.1.0.0', + 'version': '10.0.1.0.1', 'author': 'GRAP,Akretion,Odoo Community Association (OCA)', 'website': 'https://www.odoo-community.org', 'license': 'AGPL-3', diff --git a/sql_request_abstract/models/sql_request_mixin.py b/sql_request_abstract/models/sql_request_mixin.py index e55a1e627..9aced3863 100644 --- a/sql_request_abstract/models/sql_request_mixin.py +++ b/sql_request_abstract/models/sql_request_mixin.py @@ -144,8 +144,10 @@ class SQLRequestMixin(models.AbstractModel): if mode in ('view', 'materialized_view'): rollback = False - params = params and params or {} - query = self.env.cr.mogrify(self.query, params).decode('utf-8') + params = params or {} + # pylint: disable=sql-injection + query = self.query % params + query = query.decode('utf-8') if mode in ('fetchone', 'fetchall'): pass @@ -184,12 +186,14 @@ class SQLRequestMixin(models.AbstractModel): def _create_savepoint(self): rollback_name = '%s_%s' % ( self._name.replace('.', '_'), uuid.uuid1().hex) + # pylint: disable=sql-injection req = "SAVEPOINT %s" % (rollback_name) self.env.cr.execute(req) return rollback_name @api.model def _rollback_savepoint(self, rollback_name): + # pylint: disable=sql-injection req = "ROLLBACK TO SAVEPOINT %s" % (rollback_name) self.env.cr.execute(req)