Remove sql injection problem

[odoo/odoo.git] / bin / addons / base / res / partner / partner.py

diff --git a/bin/addons/base/res/partner/partner.py b/bin/addons/base/res/partner/partner.py
index 93b6698..82acd80 100644 (file)
--- a/bin/addons/base/res/partner/partner.py
+++ b/bin/addons/base/res/partner/partner.py
@@ -1,4 +1,4 @@
-# -*- encoding: utf-8 -*-
+# -*- coding: utf-8 -*-
 ##############################################################################
 #    
 #    OpenERP, Open Source Management Solution
@@ -70,7 +70,7 @@ class res_partner_category(osv.osv):
     def _check_recursion(self, cr, uid, ids):
         level = 100
         while len(ids):
-            cr.execute('select distinct parent_id from res_partner_category where id in ('+','.join(map(str,ids))+')')
+            cr.execute('select distinct parent_id from res_partner_category where id in ('+','.join(map(str, ids))+')')
             ids = filter(None, map(lambda x:x[0], cr.fetchall()))
             if not level:
                 return False
@@ -234,7 +234,7 @@ class res_partner(osv.osv):
         return True
 
     def address_get(self, cr, uid, ids, adr_pref=['default']):
-        cr.execute('select type,id from res_partner_address where partner_id in ('+','.join(map(str,ids))+')')
+        cr.execute('select type,id from res_partner_address where partner_id in ('+','.join(map(str,map(int, ids)))+')')
         res = cr.fetchall()
         adr = dict(res)
         # get the id of the (first) default address if there is one,