projects
/
odoo
/
odoo.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Remove sql injection problem
[odoo/odoo.git]
/
bin
/
addons
/
base
/
res
/
partner
/
partner.py
diff --git
a/bin/addons/base/res/partner/partner.py
b/bin/addons/base/res/partner/partner.py
index
93b6698
..
82acd80
100644
(file)
--- a/
bin/addons/base/res/partner/partner.py
+++ b/
bin/addons/base/res/partner/partner.py
@@
-1,4
+1,4
@@
-# -*- encoding: utf-8 -*-
+# -*- coding: utf-8 -*-
##############################################################################
#
# OpenERP, Open Source Management Solution
##############################################################################
#
# OpenERP, Open Source Management Solution
@@
-70,7
+70,7
@@
class res_partner_category(osv.osv):
def _check_recursion(self, cr, uid, ids):
level = 100
while len(ids):
def _check_recursion(self, cr, uid, ids):
level = 100
while len(ids):
- cr.execute('select distinct parent_id from res_partner_category where id in ('+','.join(map(str,ids))+')')
+ cr.execute('select distinct parent_id from res_partner_category where id in ('+','.join(map(str, ids))+')')
ids = filter(None, map(lambda x:x[0], cr.fetchall()))
if not level:
return False
ids = filter(None, map(lambda x:x[0], cr.fetchall()))
if not level:
return False
@@
-234,7
+234,7
@@
class res_partner(osv.osv):
return True
def address_get(self, cr, uid, ids, adr_pref=['default']):
return True
def address_get(self, cr, uid, ids, adr_pref=['default']):
- cr.execute('select type,id from res_partner_address where partner_id in ('+','.join(map(str,ids))+')')
+ cr.execute('select type,id from res_partner_address where partner_id in ('+','.join(map(str,map(int, ids)))+')')
res = cr.fetchall()
adr = dict(res)
# get the id of the (first) default address if there is one,
res = cr.fetchall()
adr = dict(res)
# get the id of the (first) default address if there is one,