[FIX] avoid sql injection in sequences
bzr revid: vra@tinyerp.com-20100512083656-bc30l9o5rbn5lh3w
This commit is contained in:
parent
d2faa2990a
commit
97f81a14e5
|
@ -42,7 +42,9 @@ class ir_sequence(osv.osv):
|
|||
_columns = {
|
||||
'fiscal_ids' : fields.one2many('account.sequence.fiscalyear', 'sequence_main_id', 'Sequences')
|
||||
}
|
||||
def get_id(self, cr, uid, sequence_id, test='id', context={}):
|
||||
def get_id(self, cr, uid, sequence_id, test='id', context={}):
|
||||
if test not in ('id=%s', 'code=%s'):
|
||||
raise ValueError('invalid test')
|
||||
cr.execute('select id from ir_sequence where '+test+'=%s and active=%s', (sequence_id, True,))
|
||||
res = cr.dictfetchone()
|
||||
if res:
|
||||
|
|
Loading…
Reference in New Issue