[FIX] safe_eval : Replace the unsafe_eval by safe_eval

author Stephane Wirtel <stephane@openerp.com>

Fri, 3 Sep 2010 12:19:54 +0000 (14:19 +0200)

committer Stephane Wirtel <stephane@openerp.com>

Fri, 3 Sep 2010 12:19:54 +0000 (14:19 +0200)
author Stephane Wirtel <stephane@openerp.com>
Fri, 3 Sep 2010 12:19:54 +0000 (14:19 +0200)
committer Stephane Wirtel <stephane@openerp.com>
Fri, 3 Sep 2010 12:19:54 +0000 (14:19 +0200)
diff --git a/addons/account_report/account.py b/addons/account_report/account.py

index 29a2fe0..f790342 100644 (file)
--- a/addons/account_report/account.py
+++ b/addons/account_report/account.py
@@ -25,6 +25,7 @@ from osv import fields, osv
  import pooler
  from tools.misc import currency
  from tools.translate import _
+from tools.safe_eval import safe_eval
  
  import mx.DateTime
  from mx.DateTime import RelativeDateTime, now, DateTime, localtime
@@ -123,7 +124,7 @@ class account_report(osv.osv):
  #            else:
  #                fld_name = 'expression'
              try:
-                val = eval(getattr(rep,'expression'), objdict)
+                val = safe_eval(getattr(rep,'expression'), objdict)
              except:
                  val = 0.0
  
diff --git a/addons/base_module_merge/wizard/base_module_merge.py b/addons/base_module_merge/wizard/base_module_merge.py

index d056e56..07f9788 100644 (file)
--- a/addons/base_module_merge/wizard/base_module_merge.py
+++ b/addons/base_module_merge/wizard/base_module_merge.py
@@ -27,6 +27,7 @@ import tools
  import os
  from xml.dom import minidom
  from tools.translate import _
+from tools.safe_eval import safe_eval as eval
  
  info_start_form = '''<?xml version="1.0"?>
  <form string="Module Merging">
diff --git a/addons/base_report_creator/base_report_creator.py b/addons/base_report_creator/base_report_creator.py

index bba01b2..1521c07 100644 (file)
--- a/addons/base_report_creator/base_report_creator.py
+++ b/addons/base_report_creator/base_report_creator.py
@@ -26,6 +26,7 @@ import tools
  from osv import fields,osv,orm
  from tools.translate import _
  from tools import ustr
+from tools.safe_eval import safe_eval
  
  #class ir_model_fields(osv.osv):
  #   _inherit = 'ir.model.fields'
@@ -111,7 +112,7 @@ class report_creator(osv.osv):
          arch = '<?xml version="1.0" encoding="utf-8"?>\n'
          if view_type=='graph':
              orientation_eval = {'horz':'horizontal','vert' :'vertical'}
-            orientation = eval(report.view_graph_orientation,orientation_eval)
+            orientation = safe_eval(report.view_graph_orientation,orientation_eval)
              arch +='<graph string="%s" type="%s" orientation="%s">' % (report.name, report.view_graph_type, orientation)
              i = 0
              for val in ('x','y'):
diff --git a/addons/delivery/delivery.py b/addons/delivery/delivery.py

index 4cf0a5d..102b59e 100644 (file)
--- a/addons/delivery/delivery.py
+++ b/addons/delivery/delivery.py
@@ -23,6 +23,7 @@ import time
  import netsvc
  from osv import fields,osv
  from tools.translate import _
+from tools.safe_eval import safe_eval
  
  class delivery_carrier(osv.osv):
      _name = "delivery.carrier"
@@ -118,7 +119,7 @@ class delivery_grid(osv.osv):
  
          for line in grid.line_ids:
              price_dict = {'price': total, 'volume':volume, 'weight': weight, 'wv':volume*weight}
-            test = eval(line.type+line.operator+str(line.max_value), price_dict)
+            test = safe_eval(line.type+line.operator+str(line.max_value), price_dict)
              if test:
                  if line.price_type=='variable':
                      price = line.list_price * price_dict[line.variable_factor]
diff --git a/addons/document/document.py b/addons/document/document.py

index 1912da0..9b1c0c6 100644 (file)
--- a/addons/document/document.py
+++ b/addons/document/document.py
@@ -21,24 +21,25 @@
  ##############################################################################
  
  import base64
-
-from osv import osv, fields
-from osv.orm import except_orm
-import urlparse
-
  import os
-
-import pooler
-from content_index import content_index
-import netsvc
+import urlparse
  import StringIO
-
  import random
  import string
  from psycopg2 import Binary
-from tools import config
+
  import tools
  from tools.translate import _
+from tools import config
+from tools.safe_eval import safe_eval as eval
+
+from osv import osv, fields
+from osv.orm import except_orm
+
+import pooler
+import netsvc
+
+from content_index import content_index
  
  def random_name():
      random.seed()
@@ -121,7 +122,7 @@ class node_class(object):
          if self.object and self.root and (self.object.type=='ressource'):
              ids += fobj.search(self.cr, self.uid, where+[ ('parent_id','=',False) ])
          res = fobj.browse(self.cr, self.uid, ids, context=self.context)
-        return map(lambda x: node_class(self.cr, self.uid, self.path+'/'+eval('x.'+fobj._rec_name), x, False, context=self.context, type='file', root=False), res) + res2
+        return map(lambda x: node_class(self.cr, self.uid, self.path+'/'+eval('x.'+fobj._rec_name, {'x' : x}), x, False, context=self.context, type='file', root=False), res) + res2
      
      def get_translation(self,value,lang):
          result = value
@@ -163,7 +164,7 @@ class node_class(object):
              file_ids=fobj.search(self.cr,self.uid,vargs)
  
              res = fobj.browse(self.cr, self.uid, file_ids, context=self.context)
-            result +=map(lambda x: node_class(self.cr, self.uid, self.path+'/'+eval('x.'+fobj._rec_name), x, False, context=self.context, type='file', root=self.root), res)
+            result +=map(lambda x: node_class(self.cr, self.uid, self.path+'/'+eval('x.'+fobj._rec_name, {'x' : x}), x, False, context=self.context, type='file', root=self.root), res)
          if self.type=='collection' and self.object.type=="ressource":
              where = self.object.domain and eval(self.object.domain, {'active_id':self.root, 'uid':self.uid}) or []
              pool = pooler.get_pool(self.cr.dbname)            
@@ -204,7 +205,7 @@ class node_class(object):
              res = obj.browse(self.cr, self.uid, ids,self.context)
              for r in res:                               
                  if len(obj.fields_get(self.cr, self.uid, [_dirname_field])):
-                    r.name = eval('r.'+_dirname_field)
+                    r.name = eval('r.'+_dirname_field, {'r' : r})
                  else:
                      r.name = False
                  if not r.name:
diff --git a/addons/process/process.py b/addons/process/process.py

index 739db12..6463e7c 100644 (file)
--- a/addons/process/process.py
+++ b/addons/process/process.py
@@ -23,6 +23,8 @@
  import netsvc
  import pooler, tools
  
+from tools.safe_eval import safe_eval as eval
+
  from osv import fields, osv
  
  class Env(dict):
author	Stephane Wirtel <stephane@openerp.com>
	Fri, 3 Sep 2010 12:19:54 +0000 (14:19 +0200)
committer	Stephane Wirtel <stephane@openerp.com>
	Fri, 3 Sep 2010 12:19:54 +0000 (14:19 +0200)
addons/account_report/account.py		patch \| blob \| history
addons/base_module_merge/wizard/base_module_merge.py		patch \| blob \| history
addons/base_report_creator/base_report_creator.py		patch \| blob \| history
addons/delivery/delivery.py		patch \| blob \| history
addons/document/document.py		patch \| blob \| history
addons/process/process.py		patch \| blob \| history