Skip to content

Commit

Permalink
[FIX] mail,delivery: fix incorrect imports
Browse files Browse the repository at this point in the history
  • Loading branch information
@odony
odony committed Jul 25, 2016
1 parent 0e104a1 commit bb1c6bd
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 0 deletions.
1 change: 1 addition & 0 deletions addons/delivery/models/delivery_carrier.py
View file
Expand Up @@ -4,6 +4,7 @@
import logging
from openerp import api, fields, models, _
from openerp.exceptions import UserError, ValidationError
from openerp.tools.safe_eval import safe_eval as eval

_logger = logging.getLogger(__name__)

Expand Down
1 change: 1 addition & 0 deletions addons/mail/models/mail_channel.py
View file
Expand Up @@ -9,6 +9,7 @@
from openerp.tools.misc import DEFAULT_SERVER_DATETIME_FORMAT
from openerp.exceptions import UserError
from openerp.osv import expression
from openerp.tools.safe_eval import safe_eval as eval

from openerp.addons.bus.models.bus_presence import AWAY_TIMER

Expand Down

2 comments on commit bb1c6bd

@gurneyalex
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thanks for this fix.

As a side remark, I really dislike this idiom: it makes it much harder when reading code to know if a given eval() statement is using the sandboxed version or not. By using explicitely safe_eval() it becomes trivial to grep the code base and find potentially vulnerable calls to eval()

@odony
Copy link
Contributor Author

@odony odony commented on bb1c6bd Aug 17, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@gurneyalex I dislike it as well, and you'll be happy to see that we cleaned that up in master at bf668b6 and 4015e5a, and further, we now completely forbid any direct use of eval :-)

Please sign in to comment.