Merge lp:~camptocamp/openobject-addons/7.0-fix_1196847 into lp:openobject-addons/7.0
Proposed by
Nicolas Bessi - Camptocamp
Status: | Needs review |
---|---|
Proposed branch: | lp:~camptocamp/openobject-addons/7.0-fix_1196847 |
Merge into: | lp:openobject-addons/7.0 |
Diff against target: |
43 lines (+8/-7) 2 files modified
mail/data/mail_data.xml (+1/-1) mail/update.py (+7/-6) |
To merge this branch: | bzr merge lp:~camptocamp/openobject-addons/7.0-fix_1196847 |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Olivier Dony (Odoo) | Needs Fixing | ||
Alexandre Fayolle - camptocamp (community) | code review, no test | Approve | |
Holger Brunn (Therp) (community) | code review | Approve | |
Review via email: mp+172491@code.launchpad.net |
Description of the change
Fix of bug 1196847 That may allows arbitrary code execution if safe_eval is tricked.
To post a comment you must log in.
Unmerged revisions
- 9282. By Nicolas Bessi - Camptocamp
-
[FIX] log messages should not be translated
- 9281. By Nicolas Bessi - Camptocamp
-
[IMP] add loggin of waranty server call
- 9280. By Nicolas Bessi - Camptocamp
-
[FIX] force close of the url
- 9279. By Nicolas Bessi - Camptocamp
-
[FIX] arbitrary code execution
I recommend keeping the call to uo.close() in order to have a clean termination of the HTTP session.
And I'd be glad to have a trace of the sent parameters and of the value of submit_result in the logs