Merge pull request #29 from gurneyalex/7.0-unsafe-eval

[SEC] program: fix unsafe eval
OCA · Feb 16, 2016 · 7188a61 · 7188a61
2 parents e557966 + d663de6
commit 7188a61
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 3 deletions.
diff --git a/program/__openerp__.py b/program/__openerp__.py
@@ -22,7 +22,7 @@
 
 {
     'name': 'Program',
-    'version': '1.10',
+    'version': '7.0.1.10.1',
     'category': 'Program',
     'summary': 'Results Based Management',
     'description': '''

diff --git a/program/program_result_level.py b/program/program_result_level.py
@@ -30,6 +30,7 @@
 
 from openerp.osv import fields, orm
 from openerp.tools.translate import _
+from openerp.tools.safe_eval import safe_eval
 
 from .program_result import STATES
 
@@ -92,7 +93,7 @@ def _clone_menu_action(self, cr, user,
             data = action_pool.read(
                 cr, user, new_action_id, ['domain', 'context'], context=context
             )
-            domain = eval(data['domain'] or "[]")
+            domain = safe_eval(data['domain'] or "[]")
             overwritten_domain_fields = [
                 i[0] for i in additional_domain if len(i) == 3
             ]
@@ -101,7 +102,7 @@ def _clone_menu_action(self, cr, user,
                 if not (len(i) == 3 and i[0] in overwritten_domain_fields)
             ]
             domain += additional_domain or []
-            act_context = eval(data['context'] or "{}")
+            act_context = safe_eval(data['context'] or "{}")
             act_context.update(additional_context or {})
             action_pool.write(
                 cr, user, new_action_id, {