Techsystech
/
OCA_Reporting_engine_17.0
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Avoid possible sql injection in bi_view_editor

pull/106/head
Andrea 2017-03-17 13:55:31 +01:00
parent c16e15ed08
commit a04ed55922
1 changed files with 2 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
bi_view_editor/models/ir_model.py
View File

@ -280,9 +280,8 @@ class IrModel(models.Model):
# this sql update is necessary since a write method here would # this sql update is necessary since a write method here would
# be not working (an orm constraint is restricting the modification # be not working (an orm constraint is restricting the modification
# of the state field while updating ir.model) # of the state field while updating ir.model)
q = ("""UPDATE ir_model SET state = 'manual' q = "UPDATE ir_model SET state = 'manual' WHERE id = %s"
WHERE id = """ + str(res.id)) self.env.cr.execute(q, (res.id, ))
self.env.cr.execute(q)
# # update registry # # update registry
if self._context.get('bve'): if self._context.get('bve'):