[REVERT] revert the migrate folder changes for SQL-Injection.
bzr revid: vra@tinyerp.com-20100621090543-q2l7y6tedu33kd9w
This commit is contained in:
parent
2dfc9149b3
commit
b311f12e2a
|
@ -1,6 +1,6 @@
|
|||
# -*- coding: utf-8 -*-
|
||||
##############################################################################
|
||||
#
|
||||
#
|
||||
# OpenERP, Open Source Management Solution
|
||||
# Copyright (C) 2004-2009 Tiny SPRL (<http://tiny.be>).
|
||||
#
|
||||
|
@ -15,7 +15,7 @@
|
|||
# GNU Affero General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU Affero General Public License
|
||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
##############################################################################
|
||||
|
||||
|
@ -33,11 +33,11 @@ parser = optparse.OptionParser(version="Tiny ERP server migration script " + __v
|
|||
parser.add_option("-c", "--config", dest="config", help="specify path to Tiny ERP config file")
|
||||
|
||||
group = optparse.OptionGroup(parser, "Database related options")
|
||||
group.add_option("--db_host", dest="db_host", help="specify the database host")
|
||||
group.add_option("--db_port", dest="db_port", help="specify the database port")
|
||||
group.add_option("--db_host", dest="db_host", help="specify the database host")
|
||||
group.add_option("--db_port", dest="db_port", help="specify the database port")
|
||||
group.add_option("-d", "--database", dest="db_name", help="specify the database name")
|
||||
group.add_option("-r", "--db_user", dest="db_user", help="specify the database user name")
|
||||
group.add_option("-w", "--db_password", dest="db_password", help="specify the database password")
|
||||
group.add_option("-w", "--db_password", dest="db_password", help="specify the database password")
|
||||
parser.add_option_group(group)
|
||||
|
||||
options = optparse.Values()
|
||||
|
@ -94,7 +94,7 @@ for partner in partners:
|
|||
res_id = 'res.partner,%d' % partner['id']
|
||||
cr.execute(
|
||||
"insert into ir_property(name, value, res_id, company_id, fields_id) "\
|
||||
"values(%s, %s, %s, %d, %d)",
|
||||
"values(%s, %s, %s, %d, %d)",
|
||||
('property_payment_term', value, res_id, company_id, fields_id))
|
||||
|
||||
# remove the field
|
||||
|
@ -116,7 +116,7 @@ registered_reports = cr.fetchall()
|
|||
reg_reports_ids = ','.join([str(id) for (id,) in registered_reports])
|
||||
|
||||
for report in reports_wh_duplicates:
|
||||
cr.execute("select id from ir_act_report_xml where model=%s and report_name=%s and id NOT IN ("+reg_reports_ids+")", (report['model'], report['report_name']))
|
||||
cr.execute("select id from ir_act_report_xml where model=%s and report_name=%s and id not in ("+reg_reports_ids+")", (report['model'], report['report_name']))
|
||||
(id,) = cr.fetchone()
|
||||
cr.execute("delete from ir_act_report_xml where id=%d", (id,))
|
||||
cr.execute("delete from ir_values where value='ir.actions.report.xml,%d'", (id,))
|
||||
|
@ -129,7 +129,7 @@ cr.commit()
|
|||
|
||||
# this removes all transitions which are not registered in ir_model_data
|
||||
|
||||
cr.execute("delete from wkf_transition where id NOT IN (select res_id from ir_model_data where model='workflow.transition')")
|
||||
cr.execute("delete from wkf_transition where id not in (select res_id from ir_model_data where model='workflow.transition')")
|
||||
cr.commit()
|
||||
|
||||
# -------------------------------- #
|
||||
|
|
|
@ -70,7 +70,7 @@ cr = db.cursor()
|
|||
# remove old menu #
|
||||
# --------------- #
|
||||
|
||||
cr.execute("delete from ir_ui_menu where (id NOT IN (select parent_id from ir_ui_menu where parent_id is not null)) and (id not in (select res_id from ir_values where model='ir.ui.menu'))")
|
||||
cr.execute("delete from ir_ui_menu where (id not in (select parent_id from ir_ui_menu where parent_id is not null)) and (id not in (select res_id from ir_values where model='ir.ui.menu'))")
|
||||
cr.commit()
|
||||
|
||||
# --------------- #
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# -*- coding: utf-8 -*-
|
||||
##############################################################################
|
||||
#
|
||||
#
|
||||
# OpenERP, Open Source Management Solution
|
||||
# Copyright (C) 2004-2009 Tiny SPRL (<http://tiny.be>).
|
||||
#
|
||||
|
@ -15,7 +15,7 @@
|
|||
# GNU Affero General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU Affero General Public License
|
||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
##############################################################################
|
||||
|
||||
|
@ -33,11 +33,11 @@ parser = optparse.OptionParser(version="Tiny ERP server migration script " + __v
|
|||
parser.add_option("-c", "--config", dest="config", help="specify path to Tiny ERP config file")
|
||||
|
||||
group = optparse.OptionGroup(parser, "Database related options")
|
||||
group.add_option("--db_host", dest="db_host", help="specify the database host")
|
||||
group.add_option("--db_port", dest="db_port", help="specify the database port")
|
||||
group.add_option("--db_host", dest="db_host", help="specify the database host")
|
||||
group.add_option("--db_port", dest="db_port", help="specify the database port")
|
||||
group.add_option("-d", "--database", dest="db_name", help="specify the database name")
|
||||
group.add_option("-r", "--db_user", dest="db_user", help="specify the database user name")
|
||||
group.add_option("-w", "--db_password", dest="db_password", help="specify the database password")
|
||||
group.add_option("-w", "--db_password", dest="db_password", help="specify the database password")
|
||||
parser.add_option_group(group)
|
||||
|
||||
options = optparse.Values()
|
||||
|
@ -78,10 +78,10 @@ cr.commit()
|
|||
# --------------- #
|
||||
|
||||
while True:
|
||||
cr.execute("select id from ir_ui_menu where (id NOT IN (select parent_id from ir_ui_menu where parent_id is not null)) and (id NOT IN (select res_id from ir_values where model='ir.ui.menu'))")
|
||||
cr.execute("select id from ir_ui_menu where (id not in (select parent_id from ir_ui_menu where parent_id is not null)) and (id not in (select res_id from ir_values where model='ir.ui.menu'))")
|
||||
if not cr.rowcount:
|
||||
break
|
||||
cr.execute("delete from ir_ui_menu where (id NOT IN (select parent_id from ir_ui_menu where parent_id is not null)) and (id NOT IN (select res_id from ir_values where model='ir.ui.menu'))")
|
||||
cr.execute("delete from ir_ui_menu where (id not in (select parent_id from ir_ui_menu where parent_id is not null)) and (id not in (select res_id from ir_values where model='ir.ui.menu'))")
|
||||
cr.commit()
|
||||
|
||||
# ----------------------------------------- #
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# -*- coding: utf-8 -*-
|
||||
##############################################################################
|
||||
#
|
||||
#
|
||||
# OpenERP, Open Source Management Solution
|
||||
# Copyright (C) 2004-2009 Tiny SPRL (<http://tiny.be>).
|
||||
#
|
||||
|
@ -15,7 +15,7 @@
|
|||
# GNU Affero General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU Affero General Public License
|
||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
##############################################################################
|
||||
|
||||
|
@ -33,11 +33,11 @@ parser = optparse.OptionParser(version="Tiny ERP server migration script " + __v
|
|||
parser.add_option("-c", "--config", dest="config", help="specify path to Tiny ERP config file")
|
||||
|
||||
group = optparse.OptionGroup(parser, "Database related options")
|
||||
group.add_option("--db_host", dest="db_host", help="specify the database host")
|
||||
group.add_option("--db_port", dest="db_port", help="specify the database port")
|
||||
group.add_option("--db_host", dest="db_host", help="specify the database host")
|
||||
group.add_option("--db_port", dest="db_port", help="specify the database port")
|
||||
group.add_option("-d", "--database", dest="db_name", help="specify the database name")
|
||||
group.add_option("-r", "--db_user", dest="db_user", help="specify the database user name")
|
||||
group.add_option("-w", "--db_password", dest="db_password", help="specify the database password")
|
||||
group.add_option("-w", "--db_password", dest="db_password", help="specify the database password")
|
||||
parser.add_option_group(group)
|
||||
|
||||
options = optparse.Values()
|
||||
|
@ -78,7 +78,7 @@ def change_column(cr, table, column, new_type, copy):
|
|||
]
|
||||
if copy:
|
||||
commands.insert(
|
||||
2,
|
||||
2,
|
||||
"UPDATE %s SET %s=temp_column::%s" % (table, column, new_type))
|
||||
|
||||
for command in commands:
|
||||
|
@ -102,10 +102,10 @@ if not cr.rowcount:
|
|||
# --------------- #
|
||||
|
||||
while True:
|
||||
cr.execute("select id from ir_ui_menu where id NOT IN (select parent_id from ir_ui_menu where parent_id is not null) and id NOT IN (select res_id from ir_model_data where model='ir.ui.menu')")
|
||||
cr.execute("select id from ir_ui_menu where id not in (select parent_id from ir_ui_menu where parent_id is not null) and id not in (select res_id from ir_model_data where model='ir.ui.menu')")
|
||||
if not cr.rowcount:
|
||||
break
|
||||
cr.execute("delete from ir_ui_menu where id NOT IN (select parent_id from ir_ui_menu where parent_id is not null) and id NOT IN (select res_id from ir_model_data where model='ir.ui.menu')")
|
||||
cr.execute("delete from ir_ui_menu where id not in (select parent_id from ir_ui_menu where parent_id is not null) and id not in (select res_id from ir_model_data where model='ir.ui.menu')")
|
||||
cr.commit()
|
||||
|
||||
# ----------------------------------------------------- #
|
||||
|
|
|
@ -79,7 +79,7 @@ for c in res:
|
|||
res2 = cr.fetchone()
|
||||
cr.execute('SELECT id from res_country where code = %s', (c[0],))
|
||||
ids = ','.join(map(lambda x: str(x[0]), cr.fetchall()))
|
||||
cr.execute('UPDATE res_partner_address set country_id = %d where country_id IN ('+ids+')', (res2[0],))
|
||||
cr.execute('UPDATE res_partner_address set country_id = %d where country_id in ('+ids+')', (res2[0],))
|
||||
cr.execute('DELETE FROM res_country WHERE code = %s and id <> %d', (c[0], res2[0],))
|
||||
cr.commit()
|
||||
|
||||
|
|
Loading…
Reference in New Issue