[REVERT] revert the migrate folder changes for SQL-Injection.

bzr revid: vra@tinyerp.com-20100621090543-q2l7y6tedu33kd9w

doc/migrate/3.3.0-3.4.0/post.py

@@ -1,6 +1,6 @@
 # -*- coding: utf-8 -*-
 ##############################################################################
-#
+#    
 #    OpenERP, Open Source Management Solution
 #    Copyright (C) 2004-2009 Tiny SPRL (<http://tiny.be>).
 #
@@ -15,7 +15,7 @@
 #    GNU Affero General Public License for more details.
 #
 #    You should have received a copy of the GNU Affero General Public License
-#    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#    along with this program.  If not, see <http://www.gnu.org/licenses/>.     
 #
 ##############################################################################
 
@@ -33,11 +33,11 @@ parser = optparse.OptionParser(version="Tiny ERP server migration script " + __v
 parser.add_option("-c", "--config", dest="config", help="specify path to Tiny ERP config file")
 
 group = optparse.OptionGroup(parser, "Database related options")
-group.add_option("--db_host", dest="db_host", help="specify the database host")
-group.add_option("--db_port", dest="db_port", help="specify the database port")
+group.add_option("--db_host", dest="db_host", help="specify the database host") 
+group.add_option("--db_port", dest="db_port", help="specify the database port") 
 group.add_option("-d", "--database", dest="db_name", help="specify the database name")
 group.add_option("-r", "--db_user", dest="db_user", help="specify the database user name")
-group.add_option("-w", "--db_password", dest="db_password", help="specify the database password")
+group.add_option("-w", "--db_password", dest="db_password", help="specify the database password") 
 parser.add_option_group(group)
 
 options = optparse.Values()
@@ -94,7 +94,7 @@ for partner in partners:
     res_id = 'res.partner,%d' % partner['id']
     cr.execute(
         "insert into ir_property(name, value, res_id, company_id, fields_id) "\
-        "values(%s, %s, %s, %d, %d)",
+        "values(%s, %s, %s, %d, %d)", 
         ('property_payment_term', value, res_id, company_id, fields_id))
 
 # remove the field
@@ -116,7 +116,7 @@ registered_reports = cr.fetchall()
 reg_reports_ids = ','.join([str(id) for (id,) in registered_reports])
 
 for report in reports_wh_duplicates:
-    cr.execute("select id from ir_act_report_xml where model=%s and report_name=%s and id NOT IN ("+reg_reports_ids+")", (report['model'], report['report_name']))
+    cr.execute("select id from ir_act_report_xml where model=%s and report_name=%s and id not in ("+reg_reports_ids+")", (report['model'], report['report_name']))
     (id,) = cr.fetchone()
     cr.execute("delete from ir_act_report_xml where id=%d", (id,))
     cr.execute("delete from ir_values where value='ir.actions.report.xml,%d'", (id,))
@@ -129,7 +129,7 @@ cr.commit()
 
 # this removes all transitions which are not registered in ir_model_data
 
-cr.execute("delete from wkf_transition where id NOT IN (select res_id from ir_model_data where model='workflow.transition')")
+cr.execute("delete from wkf_transition where id not in (select res_id from ir_model_data where model='workflow.transition')")
 cr.commit()
 
 # -------------------------------- #

doc/migrate/3.4.0-4.0.0/post-tiny.py

@@ -70,7 +70,7 @@ cr = db.cursor()
 # remove old menu #
 # --------------- #
 
-cr.execute("delete from ir_ui_menu where (id NOT IN (select parent_id from ir_ui_menu where parent_id is not null)) and (id not in (select res_id from ir_values where model='ir.ui.menu'))")
+cr.execute("delete from ir_ui_menu where (id not in (select parent_id from ir_ui_menu where parent_id is not null)) and (id not in (select res_id from ir_values where model='ir.ui.menu'))")
 cr.commit()
 
 # --------------- #

doc/migrate/3.4.0-4.0.0/post.py

@@ -1,6 +1,6 @@
 # -*- coding: utf-8 -*-
 ##############################################################################
-#
+#    
 #    OpenERP, Open Source Management Solution
 #    Copyright (C) 2004-2009 Tiny SPRL (<http://tiny.be>).
 #
@@ -15,7 +15,7 @@
 #    GNU Affero General Public License for more details.
 #
 #    You should have received a copy of the GNU Affero General Public License
-#    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#    along with this program.  If not, see <http://www.gnu.org/licenses/>.     
 #
 ##############################################################################
 
@@ -33,11 +33,11 @@ parser = optparse.OptionParser(version="Tiny ERP server migration script " + __v
 parser.add_option("-c", "--config", dest="config", help="specify path to Tiny ERP config file")
 
 group = optparse.OptionGroup(parser, "Database related options")
-group.add_option("--db_host", dest="db_host", help="specify the database host")
-group.add_option("--db_port", dest="db_port", help="specify the database port")
+group.add_option("--db_host", dest="db_host", help="specify the database host") 
+group.add_option("--db_port", dest="db_port", help="specify the database port") 
 group.add_option("-d", "--database", dest="db_name", help="specify the database name")
 group.add_option("-r", "--db_user", dest="db_user", help="specify the database user name")
-group.add_option("-w", "--db_password", dest="db_password", help="specify the database password")
+group.add_option("-w", "--db_password", dest="db_password", help="specify the database password") 
 parser.add_option_group(group)
 
 options = optparse.Values()
@@ -78,10 +78,10 @@ cr.commit()
 # --------------- #
 
 while True:
-    cr.execute("select id from ir_ui_menu where (id NOT IN (select parent_id from ir_ui_menu where parent_id is not null)) and (id NOT IN (select res_id from ir_values where model='ir.ui.menu'))")
+    cr.execute("select id from ir_ui_menu where (id not in (select parent_id from ir_ui_menu where parent_id is not null)) and (id not in (select res_id from ir_values where model='ir.ui.menu'))")
     if not cr.rowcount:
         break
-    cr.execute("delete from ir_ui_menu where (id NOT IN (select parent_id from ir_ui_menu where parent_id is not null)) and (id NOT IN (select res_id from ir_values where model='ir.ui.menu'))")
+    cr.execute("delete from ir_ui_menu where (id not in (select parent_id from ir_ui_menu where parent_id is not null)) and (id not in (select res_id from ir_values where model='ir.ui.menu'))")
 cr.commit()
 
 # ----------------------------------------- #

doc/migrate/3.4.0-4.0.0/pre.py

@@ -1,6 +1,6 @@
 # -*- coding: utf-8 -*-
 ##############################################################################
-#
+#    
 #    OpenERP, Open Source Management Solution
 #    Copyright (C) 2004-2009 Tiny SPRL (<http://tiny.be>).
 #
@@ -15,7 +15,7 @@
 #    GNU Affero General Public License for more details.
 #
 #    You should have received a copy of the GNU Affero General Public License
-#    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#    along with this program.  If not, see <http://www.gnu.org/licenses/>.     
 #
 ##############################################################################
 
@@ -33,11 +33,11 @@ parser = optparse.OptionParser(version="Tiny ERP server migration script " + __v
 parser.add_option("-c", "--config", dest="config", help="specify path to Tiny ERP config file")
 
 group = optparse.OptionGroup(parser, "Database related options")
-group.add_option("--db_host", dest="db_host", help="specify the database host")
-group.add_option("--db_port", dest="db_port", help="specify the database port")
+group.add_option("--db_host", dest="db_host", help="specify the database host") 
+group.add_option("--db_port", dest="db_port", help="specify the database port") 
 group.add_option("-d", "--database", dest="db_name", help="specify the database name")
 group.add_option("-r", "--db_user", dest="db_user", help="specify the database user name")
-group.add_option("-w", "--db_password", dest="db_password", help="specify the database password")
+group.add_option("-w", "--db_password", dest="db_password", help="specify the database password") 
 parser.add_option_group(group)
 
 options = optparse.Values()
@@ -78,7 +78,7 @@ def change_column(cr, table, column, new_type, copy):
     ]
     if copy:
         commands.insert(
-            2,
+            2, 
             "UPDATE %s SET %s=temp_column::%s" % (table, column, new_type))
 
     for command in commands:
@@ -102,10 +102,10 @@ if not cr.rowcount:
 # --------------- #
 
 while True:
-    cr.execute("select id from ir_ui_menu where id NOT IN (select parent_id from ir_ui_menu where parent_id is not null) and id NOT IN (select res_id from ir_model_data where model='ir.ui.menu')")
+    cr.execute("select id from ir_ui_menu where id not in (select parent_id from ir_ui_menu where parent_id is not null) and id not in (select res_id from ir_model_data where model='ir.ui.menu')")
     if not cr.rowcount:
         break
-    cr.execute("delete from ir_ui_menu where id NOT IN (select parent_id from ir_ui_menu where parent_id is not null) and id NOT IN (select res_id from ir_model_data where model='ir.ui.menu')")
+    cr.execute("delete from ir_ui_menu where id not in (select parent_id from ir_ui_menu where parent_id is not null) and id not in (select res_id from ir_model_data where model='ir.ui.menu')")
 cr.commit()
 
 # ----------------------------------------------------- #

doc/migrate/4.0.0-4.2.0/tiny/pre-tiny.py

@@ -79,7 +79,7 @@ for c in res:
     res2 = cr.fetchone()
     cr.execute('SELECT id from res_country where code = %s', (c[0],))
     ids = ','.join(map(lambda x: str(x[0]), cr.fetchall()))
-    cr.execute('UPDATE res_partner_address set country_id = %d where country_id IN ('+ids+')', (res2[0],))
+    cr.execute('UPDATE res_partner_address set country_id = %d where country_id in ('+ids+')', (res2[0],))
     cr.execute('DELETE FROM res_country WHERE code = %s and id <> %d', (c[0], res2[0],))
 cr.commit()