projects / odoo / odoo.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: bf35399) | patch
[FIX] hr_holidays: proper parameter passing syntax for raw SQL
authorOlivier Dony <odo@openerp.com>
Fri, 4 Jul 2014 14:45:41 +0000 (16:45 +0200)
committerOlivier Dony <odo@openerp.com>
Fri, 4 Jul 2014 14:45:41 +0000 (16:45 +0200)
commit1279ca0334e99a1ccc7a3ad195ee10e2f4b7b677
tree073445b6f95ef4d43ab2d757c0c63eaf5570a338tree | snapshot
parentbf353998f20c27eed3494a172c7afa174c20865acommit | diff
[FIX] hr_holidays: proper parameter passing syntax for raw SQL

This instance was not actually exploitable for
SQL injection as it is not callable directly
via RPC and guarded by other queries when indirectly
called. Still plain awful.
addons/hr_holidays/hr_holidays.py diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.