From 62f22027c561fb268db5e41abab16e99c95135e0 Mon Sep 17 00:00:00 2001
From: Alexandre Fayolle <alexandre.fayolle@camptocamp.com>
Date: Sat, 20 May 2017 15:00:07 +0200
Subject: [PATCH] fixup! [SEC] auth_generate_password,
 fetchmail_attach_from_folder: fix unsafe eval

---
 auth_generate_password/model/res_users.py | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/auth_generate_password/model/res_users.py b/auth_generate_password/model/res_users.py
index 35972124b..78c8fbfad 100644
--- a/auth_generate_password/model/res_users.py
+++ b/auth_generate_password/model/res_users.py
@@ -40,15 +40,22 @@ class res_users(Model):
         icp_obj = self.pool['ir.config_parameter']
         imd_obj = self.pool['ir.model.data']
         et_obj = self.pool['email.template']
+        globals_dict = {'string': string}
         try:
             int(icp_obj.get_param(
                 cr, uid, 'auth_generate_password.password_size'))
         except:
             raise except_orm(_("error"), _("Only digit chars authorized"))
-        password_size = safe_eval(icp_obj.get_param(
-            cr, uid, 'auth_generate_password.password_size'))
-        password_chars = safe_eval(icp_obj.get_param(
-            cr, uid, 'auth_generate_password.password_chars'))
+        password_size = safe_eval(
+            icp_obj.get_param(
+                cr, uid, 'auth_generate_password.password_size'),
+            globals_dict=globals_dict
+        )
+        password_chars = safe_eval(
+            icp_obj.get_param(
+                cr, uid, 'auth_generate_password.password_chars'),
+            globals_dict=globals_dict
+        )
         et = imd_obj.get_object(
             cr, uid, 'auth_generate_password', 'generate_password_template')