projects
/
odoo
/
odoo.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
00b80f5
)
[fix] mrp: potential sql injection vector
author
Xavier Morel
<xmo@tinyerp.com>
Tue, 23 Feb 2010 12:47:48 +0000
(13:47 +0100)
committer
Xavier Morel
<xmo@tinyerp.com>
Tue, 23 Feb 2010 12:47:48 +0000
(13:47 +0100)
bzr revid: xmo@tinyerp.com-
20100223124748
-a5llbwcm7or44rhu
addons/mrp/mrp.py
patch
|
blob
|
history
diff --git
a/addons/mrp/mrp.py
b/addons/mrp/mrp.py
index
7cac4a8
..
15c02ab
100644
(file)
--- a/
addons/mrp/mrp.py
+++ b/
addons/mrp/mrp.py
@@
-216,7
+216,7
@@
class mrp_bom(osv.osv):
def _check_recursion(self, cr, uid, ids):
level = 500
while len(ids):
- cr.execute('select distinct bom_id from mrp_bom where id in ('+','.join(map(str,ids))+')')
+ cr.execute('select distinct bom_id from mrp_bom where id in %s', (tuple(ids),))
ids = filter(None, map(lambda x:x[0], cr.fetchall()))
if not level:
return False