openerp-india team mailing list archive
-
openerp-india team
-
Mailing list archive
-
Message #21717
[Bug 1100907] Re: Missing protection against '%' in user data
** Description changed:
On latest 7.0 branch :
- create an empty database
- install the 'sale' app
- enable user CSV import in the settings
- enable pricelists in the sale config
- Create a file pricelist.csv containing :
"active",".id","currency_id","id","name","visible_discount","company_id","type","version_id"
"True","6","EUR (€)","list3","Public Pricelist -3%","True","","sale","Public Pricelist Version -3%"
- Select this file in the import wizard of the pricelist list view.
- click on Validate
=> traceback
File "/home/dadafkas/projets/anybox/buildout.7.0/parts/openobject-server/7.0/openerp/osv/orm.py", line 1483, in _log
message=unicode(exception.args[0]) % base)
ValueError: unsupported format character ''' (0x27) at index 67
The problem comes from the '%' in the user data, being interpreted by
the % formatting. The bug is located in several places in the code, I
could only find a few of them:
- openobject-server/openerp/osv/orm.py:1482
+ openobject-server/openerp/addons/base/ir/ir_fields.py:174
+ openobject-server/openerp/addons/base/ir/ir_fields.py:182
+ openobject-server/openerp/addons/base/ir/ir_fields.py:195
+ openobject-server/openerp/addons/base/ir/ir_fields.py:226
+ openobject-server/openerp/addons/base/ir/ir_fields.py:265
+ openobject-server/openerp/addons/base/ir/ir_fields.py:313
openobject-server/openerp/addons/base/ir/ir_fields.py:342
The quickfix is to *.replace('%', '%%')
--
You received this bug notification because you are a member of OpenERP
Indian Team, which is subscribed to OpenERP Server.
https://bugs.launchpad.net/bugs/1100907
Title:
Missing protection against '%' in user data
Status in OpenERP Server:
New
Bug description:
On latest 7.0 branch :
- create an empty database
- install the 'sale' app
- enable user CSV import in the settings
- enable pricelists in the sale config
- Create a file pricelist.csv containing :
"active",".id","currency_id","id","name","visible_discount","company_id","type","version_id"
"True","6","EUR (€)","list3","Public Pricelist -3%","True","","sale","Public Pricelist Version -3%"
- Select this file in the import wizard of the pricelist list view.
- click on Validate
=> traceback
File "/home/dadafkas/projets/anybox/buildout.7.0/parts/openobject-server/7.0/openerp/osv/orm.py", line 1483, in _log
message=unicode(exception.args[0]) % base)
ValueError: unsupported format character ''' (0x27) at index 67
The problem comes from the '%' in the user data, being interpreted by
the % formatting. The bug is located in several places in the code, I
could only find a few of them:
openobject-server/openerp/addons/base/ir/ir_fields.py:174
openobject-server/openerp/addons/base/ir/ir_fields.py:182
openobject-server/openerp/addons/base/ir/ir_fields.py:195
openobject-server/openerp/addons/base/ir/ir_fields.py:226
openobject-server/openerp/addons/base/ir/ir_fields.py:265
openobject-server/openerp/addons/base/ir/ir_fields.py:313
openobject-server/openerp/addons/base/ir/ir_fields.py:342
The quickfix is to *.replace('%', '%%')
To manage notifications about this bug go to:
https://bugs.launchpad.net/openobject-server/+bug/1100907/+subscriptions
References