Browse Source

[FIX] mogrify doesn't allow dicts

pull/1047/head
mreficent 7 years ago
parent
commit
fbfec6c58b
  1. 18
      sql_export/README.rst
  2. 2
      sql_request_abstract/__manifest__.py
  3. 8
      sql_request_abstract/models/sql_request_mixin.py

18
sql_export/README.rst

@ -12,16 +12,16 @@ A new menu named Export is created.
Known issues / Roadmap Known issues / Roadmap
====================== ======================
* Some words are prohibeted and can't be used is the query in anyways, even in
* Some words are prohibited and can't be used is the query in anyways, even in
a select query: a select query:
* delete
* drop
* insert
* alter
* truncate
* execute
* create
* update
- delete
- drop
- insert
- alter
- truncate
- execute
- create
- update
See sql_request_abstract module to fix this issue. See sql_request_abstract module to fix this issue.

2
sql_request_abstract/__manifest__.py

@ -5,7 +5,7 @@
{ {
'name': 'SQL Request Abstract', 'name': 'SQL Request Abstract',
'version': '10.0.1.0.0',
'version': '10.0.1.0.1',
'author': 'GRAP,Akretion,Odoo Community Association (OCA)', 'author': 'GRAP,Akretion,Odoo Community Association (OCA)',
'website': 'https://www.odoo-community.org', 'website': 'https://www.odoo-community.org',
'license': 'AGPL-3', 'license': 'AGPL-3',

8
sql_request_abstract/models/sql_request_mixin.py

@ -144,8 +144,10 @@ class SQLRequestMixin(models.AbstractModel):
if mode in ('view', 'materialized_view'): if mode in ('view', 'materialized_view'):
rollback = False rollback = False
params = params and params or {}
query = self.env.cr.mogrify(self.query, params).decode('utf-8')
params = params or {}
# pylint: disable=sql-injection
query = self.query % params
query = query.decode('utf-8')
if mode in ('fetchone', 'fetchall'): if mode in ('fetchone', 'fetchall'):
pass pass
@ -184,12 +186,14 @@ class SQLRequestMixin(models.AbstractModel):
def _create_savepoint(self): def _create_savepoint(self):
rollback_name = '%s_%s' % ( rollback_name = '%s_%s' % (
self._name.replace('.', '_'), uuid.uuid1().hex) self._name.replace('.', '_'), uuid.uuid1().hex)
# pylint: disable=sql-injection
req = "SAVEPOINT %s" % (rollback_name) req = "SAVEPOINT %s" % (rollback_name)
self.env.cr.execute(req) self.env.cr.execute(req)
return rollback_name return rollback_name
@api.model @api.model
def _rollback_savepoint(self, rollback_name): def _rollback_savepoint(self, rollback_name):
# pylint: disable=sql-injection
req = "ROLLBACK TO SAVEPOINT %s" % (rollback_name) req = "ROLLBACK TO SAVEPOINT %s" % (rollback_name)
self.env.cr.execute(req) self.env.cr.execute(req)

Loading…
Cancel
Save