[REVERT] revert the migrate folder changes for SQL-Injection.

bzr revid: vra@tinyerp.com-20100621090543-q2l7y6tedu33kd9w
2010-06-21 14:35:43 +05:30 · 2010-06-21 14:35:43 +05:30 · b311f12e2a
parent 2dfc9149b3
commit b311f12e2a
5 changed files with 25 additions and 25 deletions
--- a/doc/migrate/3.3.0-3.4.0/post.py
+++ b/doc/migrate/3.3.0-3.4.0/post.py
@ -116,7 +116,7 @@ registered_reports = cr.fetchall()
 reg_reports_ids = ','.join([str(id) for (id,) in registered_reports])

 for report in reports_wh_duplicates:
-    cr.execute("select id from ir_act_report_xml where model=%s and report_name=%s and id NOT IN ("+reg_reports_ids+")", (report['model'], report['report_name']))
+    cr.execute("select id from ir_act_report_xml where model=%s and report_name=%s and id not in ("+reg_reports_ids+")", (report['model'], report['report_name']))
    (id,) = cr.fetchone()
    cr.execute("delete from ir_act_report_xml where id=%d", (id,))
    cr.execute("delete from ir_values where value='ir.actions.report.xml,%d'", (id,))
@ -129,7 +129,7 @@ cr.commit()

 # this removes all transitions which are not registered in ir_model_data

-cr.execute("delete from wkf_transition where id NOT IN (select res_id from ir_model_data where model='workflow.transition')")
+cr.execute("delete from wkf_transition where id not in (select res_id from ir_model_data where model='workflow.transition')")
 cr.commit()

 # -------------------------------- #
--- a/doc/migrate/3.4.0-4.0.0/post-tiny.py
+++ b/doc/migrate/3.4.0-4.0.0/post-tiny.py
@ -70,7 +70,7 @@ cr = db.cursor()
 # remove old menu #
 # --------------- #

-cr.execute("delete from ir_ui_menu where (id NOT IN (select parent_id from ir_ui_menu where parent_id is not null)) and (id not in (select res_id from ir_values where model='ir.ui.menu'))")
+cr.execute("delete from ir_ui_menu where (id not in (select parent_id from ir_ui_menu where parent_id is not null)) and (id not in (select res_id from ir_values where model='ir.ui.menu'))")
 cr.commit()

 # --------------- #
--- a/doc/migrate/3.4.0-4.0.0/post.py
+++ b/doc/migrate/3.4.0-4.0.0/post.py
@ -78,10 +78,10 @@ cr.commit()
 # --------------- #

 while True:
-    cr.execute("select id from ir_ui_menu where (id NOT IN (select parent_id from ir_ui_menu where parent_id is not null)) and (id NOT IN (select res_id from ir_values where model='ir.ui.menu'))")
+    cr.execute("select id from ir_ui_menu where (id not in (select parent_id from ir_ui_menu where parent_id is not null)) and (id not in (select res_id from ir_values where model='ir.ui.menu'))")
    if not cr.rowcount:
        break
-    cr.execute("delete from ir_ui_menu where (id NOT IN (select parent_id from ir_ui_menu where parent_id is not null)) and (id NOT IN (select res_id from ir_values where model='ir.ui.menu'))")
+    cr.execute("delete from ir_ui_menu where (id not in (select parent_id from ir_ui_menu where parent_id is not null)) and (id not in (select res_id from ir_values where model='ir.ui.menu'))")
 cr.commit()

 # ----------------------------------------- #
--- a/doc/migrate/3.4.0-4.0.0/pre.py
+++ b/doc/migrate/3.4.0-4.0.0/pre.py
@ -102,10 +102,10 @@ if not cr.rowcount:
 # --------------- #

 while True:
-    cr.execute("select id from ir_ui_menu where id NOT IN (select parent_id from ir_ui_menu where parent_id is not null) and id NOT IN (select res_id from ir_model_data where model='ir.ui.menu')")
+    cr.execute("select id from ir_ui_menu where id not in (select parent_id from ir_ui_menu where parent_id is not null) and id not in (select res_id from ir_model_data where model='ir.ui.menu')")
    if not cr.rowcount:
        break
-    cr.execute("delete from ir_ui_menu where id NOT IN (select parent_id from ir_ui_menu where parent_id is not null) and id NOT IN (select res_id from ir_model_data where model='ir.ui.menu')")
+    cr.execute("delete from ir_ui_menu where id not in (select parent_id from ir_ui_menu where parent_id is not null) and id not in (select res_id from ir_model_data where model='ir.ui.menu')")
 cr.commit()

 # ----------------------------------------------------- #
--- a/doc/migrate/4.0.0-4.2.0/tiny/pre-tiny.py
+++ b/doc/migrate/4.0.0-4.2.0/tiny/pre-tiny.py
@ -79,7 +79,7 @@ for c in res:
    res2 = cr.fetchone()
    cr.execute('SELECT id from res_country where code = %s', (c[0],))
    ids = ','.join(map(lambda x: str(x[0]), cr.fetchall()))
-    cr.execute('UPDATE res_partner_address set country_id = %d where country_id IN ('+ids+')', (res2[0],))
+    cr.execute('UPDATE res_partner_address set country_id = %d where country_id in ('+ids+')', (res2[0],))
    cr.execute('DELETE FROM res_country WHERE code = %s and id <> %d', (c[0], res2[0],))
 cr.commit()