Skip to content

Commit

Permalink
[FIX] dbfilter_from_header: Security fix see OCA PR 1340 for more det…
Browse files Browse the repository at this point in the history 
…ails (#141)
  • Loading branch information
@moylop260
moylop260 committed Aug 11, 2018
1 parent 0aefb1e commit bf96d2c
Show file tree
Hide file tree
Showing 2 changed files with 15 additions and 9 deletions.
23 changes: 14 additions & 9 deletions dbfilter_from_header/__init__.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,16 +5,21 @@

import re
from odoo import http
from odoo.tools import config

db_filter_org = http.db_filter

def post_load():
db_filter_org = http.db_filter

def db_filter(dbs, httprequest=None):
dbs = db_filter_org(dbs, httprequest)
httprequest = httprequest or http.request.httprequest
db_filter_hdr = httprequest.environ.get('HTTP_X_ODOO_DBFILTER')
if db_filter_hdr:
dbs = [db for db in dbs if re.match(db_filter_hdr, db)]
return dbs

http.db_filter = db_filter
def db_filter(dbs, httprequest=None):
dbs = db_filter_org(dbs, httprequest)
httprequest = httprequest or http.request.httprequest
db_filter_hdr = httprequest.environ.get('HTTP_X_ODOO_DBFILTER')
if db_filter_hdr:
dbs = [db for db in dbs if re.match(db_filter_hdr, db)]
return dbs

if config.get('proxy_mode') and \
'dbfilter_from_header' in config.get('server_wide_modules'):
http.db_filter = db_filter
1 change: 1 addition & 0 deletions dbfilter_from_header/__manifest__.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,4 +25,5 @@
"external_dependencies": {
'python': [],
},
"post_load": "post_load",
}

0 comments on commit bf96d2c

Please sign in to comment.