njeudy
/
vertical-cooperative
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
Browse Source

[IMP] partner_age: justify pylint: disable=sql-injection

pull/97/head
robin.keunen 5 years ago
parent
9fde56a981
commit
200a80375f
1 changed files with 8 additions and 8 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 16
      partner_age/models/partner.py

16
partner_age/models/partner.py
View File

@ -19,14 +19,14 @@ class ResPartner(models.Model):
if operator not in ("=", "!=", "<", "<=", ">", ">=", "in", "not in"): if operator not in ("=", "!=", "<", "<=", ">", ">=", "in", "not in"):
return [] return []
# pylint: disable=sql-injection # pylint: disable=sql-injection
# fixme while you're here, please fix the query to pass
# pylint sql-injection
query = """SELECT id
FROM "%s"
WHERE extract(year from age(CURRENT_DATE,
birthdate_date)) %s %%s""" % (
self._table,
operator,
# the value of operator is checked, no risk of injection
query = """
SELECT id
FROM res_partner
WHERE extract(year from age(CURRENT_DATE, birthdate_date))
{operator} %s
""".format(
operator=operator
) )
self.env.cr.execute(query, (value,)) self.env.cr.execute(query, (value,))
ids = [t[0] for t in self.env.cr.fetchall()] ids = [t[0] for t in self.env.cr.fetchall()]

Write Preview
Loading…
Cancel
Save