Browse Source

fixup! [SEC] auth_generate_password, fetchmail_attach_from_folder: fix unsafe eval

7.0
Alexandre Fayolle 8 years ago
committed by Holger Brunn
parent
commit
62f22027c5
  1. 15
      auth_generate_password/model/res_users.py

15
auth_generate_password/model/res_users.py

@ -40,15 +40,22 @@ class res_users(Model):
icp_obj = self.pool['ir.config_parameter'] icp_obj = self.pool['ir.config_parameter']
imd_obj = self.pool['ir.model.data'] imd_obj = self.pool['ir.model.data']
et_obj = self.pool['email.template'] et_obj = self.pool['email.template']
globals_dict = {'string': string}
try: try:
int(icp_obj.get_param( int(icp_obj.get_param(
cr, uid, 'auth_generate_password.password_size')) cr, uid, 'auth_generate_password.password_size'))
except: except:
raise except_orm(_("error"), _("Only digit chars authorized")) raise except_orm(_("error"), _("Only digit chars authorized"))
password_size = safe_eval(icp_obj.get_param(
cr, uid, 'auth_generate_password.password_size'))
password_chars = safe_eval(icp_obj.get_param(
cr, uid, 'auth_generate_password.password_chars'))
password_size = safe_eval(
icp_obj.get_param(
cr, uid, 'auth_generate_password.password_size'),
globals_dict=globals_dict
)
password_chars = safe_eval(
icp_obj.get_param(
cr, uid, 'auth_generate_password.password_chars'),
globals_dict=globals_dict
)
et = imd_obj.get_object( et = imd_obj.get_object(
cr, uid, 'auth_generate_password', 'generate_password_template') cr, uid, 'auth_generate_password', 'generate_password_template')

Loading…
Cancel
Save