Browse Source

Merge pull request #363 from gurneyalex/8.0-unsafe-eval

[SEC] fetchmail_attach_from_folder: fix unsafe eval
pull/365/head
Pedro M. Baeza 9 years ago
parent
commit
dd6846b613
  1. 2
      fetchmail_attach_from_folder/__openerp__.py
  2. 15
      fetchmail_attach_from_folder/model/fetchmail_server.py

2
fetchmail_attach_from_folder/__openerp__.py

@ -23,7 +23,7 @@
{ {
'name': 'Email gateway - folders', 'name': 'Email gateway - folders',
'summary': 'Attach mails in an IMAP folder to existing objects', 'summary': 'Attach mails in an IMAP folder to existing objects',
'version': '8.0.1.0.0',
'version': '8.0.1.0.1',
'author': "Therp BV,Odoo Community Association (OCA)", 'author': "Therp BV,Odoo Community Association (OCA)",
'website': 'http://www.therp.nl', 'website': 'http://www.therp.nl',
'license': 'AGPL-3', 'license': 'AGPL-3',

15
fetchmail_attach_from_folder/model/fetchmail_server.py

@ -262,11 +262,18 @@ class fetchmail_server(models.Model):
for field in view.xpath('//field'): for field in view.xpath('//field'):
if field.tag == 'field' and field.get('name') in modifiers: if field.tag == 'field' and field.get('name') in modifiers:
field.set('modifiers', simplejson.dumps(
field.set(
'modifiers',
simplejson.dumps(
dict( dict(
eval(field.attrib['modifiers'],
UnquoteEvalContext({})),
**modifiers[field.attrib['name']])))
safe_eval(
field.attrib['modifiers'],
UnquoteEvalContext({})
),
**modifiers[field.attrib['name']]
)
),
)
if (field.tag == 'field' and if (field.tag == 'field' and
field.get('name') == 'match_algorithm'): field.get('name') == 'match_algorithm'):
field.set('help', docstr) field.set('help', docstr)

Loading…
Cancel
Save