Techsystech
/
OCA_Reporting_engine_17.0
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[SEC] report_xls: fix unsafe eval

pull/45/head
Alexandre Fayolle 2016-02-15 10:15:10 +01:00
parent 3dd6296319
commit b154dde083
2 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
report_xls/__openerp__.py
View File

@ -21,7 +21,7 @@
############################################################################## ##############################################################################
{ {
'name': 'Excel report engine', 'name': 'Excel report engine',
'version': '8.0.0.6.0', 'version': '8.0.0.6.1',
'license': 'AGPL-3', 'license': 'AGPL-3',
'author': "Noviat,Odoo Community Association (OCA)", 'author': "Noviat,Odoo Community Association (OCA)",
'website': 'http://www.noviat.com', 'website': 'http://www.noviat.com',

3
report_xls/report_xls.py
View File

@ -26,6 +26,7 @@ import cStringIO
from datetime import datetime from datetime import datetime
from openerp.osv.fields import datetime as datetime_field from openerp.osv.fields import datetime as datetime_field
from openerp.tools import DEFAULT_SERVER_DATETIME_FORMAT from openerp.tools import DEFAULT_SERVER_DATETIME_FORMAT
from openerp.tools.safe_eval import safe_eval
import inspect import inspect
from types import CodeType from types import CodeType
from openerp.report.report_sxw import report_sxw from openerp.report.report_sxw import report_sxw
@ -162,7 +163,7 @@ class report_xls(report_sxw):
row = col_specs[wanted][rowtype][:] row = col_specs[wanted][rowtype][:]
for i in range(len(row)): for i in range(len(row)):
if isinstance(row[i], CodeType): if isinstance(row[i], CodeType):
row[i] = eval(row[i], render_space) row[i] = safe_eval(row[i], render_space)
row.insert(0, wanted) row.insert(0, wanted)
return row return row