Odoo Addons (MOVED TO GITHUB)

Code review comment for lp:~frederic-declercq/openobject-addons/addons-fu

  1. addons-fu
  2. Merge into trunk-extra-addons
Revision history for this message
Sharoon Thomas http://openlabs.co.in (sharoonthomas) wrote :

Hi,

As Christophe pointed out there are lot of SQL queries using cr.execute.

Most of them in osv.osv objects are subject to sql injection. Example:line 148 in the diff

I think you need to change them if this has to be usable.

Refer lp:422563 for further details of how your methods may be exploited

Also refer: http://doc.openerp.com/contribute/developing_modules.html?highlight=sql%20injection#security
(Not sure this is efficient enough though)

review: Needs Fixing

« Back to merge proposal