Created on 2014-10-02.22:40:47 by yangoon, last changed 79 months ago by roundup-bot.
New changeset b0469bec074a by C?dric Krier in branch '3.2': Avoid double evaluation from inherit with different model http://hg.tryton.org/trytond/rev/b0469bec074a New changeset 08125c149a3e by C?dric Krier in branch '3.0': Avoid double evaluation from inherit with different model http://hg.tryton.org/trytond/rev/08125c149a3e New changeset f43757ec69d9 by C?dric Krier in branch '2.8': Avoid double evaluation from inherit with different model http://hg.tryton.org/trytond/rev/f43757ec69d9 New changeset ec71bb868ef3 by C?dric Krier in branch '2.6': Avoid double evaluation from inherit with different model http://hg.tryton.org/trytond/rev/ec71bb868ef3 New changeset b890cc2f66e4 by C?dric Krier in branch '2.4': Avoid double evaluation from inherit with different model http://hg.tryton.org/trytond/rev/b890cc2f66e4
For me, it doesn't deserve it because only sequence.strict are affected which are only used for invoice sequence. Normal usage will require to create such sequence once per year (generally 1 january). So the bug could be managed as any other bugs with the "monthly" bugfix releases.
Adding ajacoutot,bch,duesenfranz,nicoe,sharkcz from issue4155 to nosy. @ced: Thx for the fix. I think we should have another quick bug fix release for this issue. Is this ok for you?
Here is a review5681002 for the quick fix.
This is because of the double call to fields_view_get due to the inherit of a view from an other model. I think we should drop this feature as we don't have anymore "inherits" for which this was implemented. Meanwhile as every series is affected, I think we could avoid the second call to safe_eval if the attributue contains "__" as it will in any case fail and it also means that it was already encoded.
Also confirmed when trying to create a strict sequence from Administration
- All modules installation - create a fiscalyear - on Tab Sequences in the field of the first sequence (Post Move Sequence) hit F3 and create first sequence - go to second field (Customer Invoice Sequence) and hit F3 -> Traceback (most recent call last): File "/trytond/protocols/jsonrpc.py", line 150, in _marshaled_dispatch response['result'] = dispatch_method(method, params) File "/trytond/protocols/jsonrpc.py", line 179, in _dispatch res = dispatch(*args) File "/trytond/protocols/dispatcher.py", line 160, in dispatch result = rpc.result(meth(*c_args, **c_kwargs)) File "/trytond/model/modelview.py", line 239, in fields_view_get result['field_childs']) File "/trytond/model/modelview.py", line 331, in _view_look_dom_arch fields_width=fields_width) File "/trytond/model/modelview.py", line 471, in __view_look_dom fields_width=fields_width, fields_attrs=fields_attrs) File "/trytond/model/modelview.py", line 431, in __view_look_dom CONTEXT))) File "/trytond/tools/misc.py", line 373, in safe_eval raise ValueError('Double underscores not allowed') ValueError: Double underscores not allowed
|2014-12-02 09:59:37||ced||link||issue4382 superseder|
|2014-10-27 23:31:17||roundup-bot||set||status: done-cbb -> resolved|
nosy: + roundup-bot
messages: + msg18704
|2014-10-06 22:26:40||ced||set||status: testing -> done-cbb|
|2014-10-03 11:23:53||ced||set||messages: + msg18420|
+ bch, nicoe, sharkcz, ajacoutot, duesenfranz|
superseder: + CVE-2014-6633: safe_eval is, in fact, not safe
messages: + msg18419
|2014-10-03 09:28:31||roba||set||nosy: + roba|
|2014-10-03 00:29:24||ced||set||status: chatting -> testing|
keyword: + review
messages: + msg18418
component: + trytond
messages: + msg18417
|2014-10-02 22:42:37||yangoon||set||status: unread -> chatting|
messages: + msg18416
Showing 10 items. Show all history (warning: this could be VERY long)