diff --git a/addons/account/account.py b/addons/account/account.py index a9a5b30e4b1..e06e59d008d 100644 --- a/addons/account/account.py +++ b/addons/account/account.py @@ -31,6 +31,7 @@ from openerp import pooler, tools from openerp.osv import fields, osv, expression from openerp.tools.translate import _ from openerp.tools.float_utils import float_round as round +from openerp.tools.safe_eval import safe_eval as eval import openerp.addons.decimal_precision as dp @@ -2033,7 +2034,7 @@ class account_tax(osv.osv): for tax in taxes: if tax.applicable_type=='code': localdict = {'price_unit':price_unit, 'product':product, 'partner':partner} - exec tax.python_applicable in localdict + eval(tax.python_applicable, localdict, mode="exec", nocopy=True) if localdict.get('result', False): res.append(tax) else: @@ -2074,7 +2075,7 @@ class account_tax(osv.osv): # data['amount'] = quantity elif tax.type=='code': localdict = {'price_unit':cur_price_unit, 'product':product, 'partner':partner} - exec tax.python_compute in localdict + eval(tax.python_compute, localdict, mode="exec", nocopy=True) amount = localdict['result'] data['amount'] = amount elif tax.type=='balance': @@ -2210,7 +2211,7 @@ class account_tax(osv.osv): elif tax.type=='code': localdict = {'price_unit':cur_price_unit, 'product':product, 'partner':partner} - exec tax.python_compute_inv in localdict + eval(tax.python_compute_inv, localdict, mode="exec", nocopy=True) amount = localdict['result'] elif tax.type=='balance': amount = cur_price_unit - reduce(lambda x,y: y.get('amount',0.0)+x, res, 0.0) diff --git a/addons/account/wizard/account_invoice_refund.py b/addons/account/wizard/account_invoice_refund.py index d046d3d3572..10aecef84a9 100644 --- a/addons/account/wizard/account_invoice_refund.py +++ b/addons/account/wizard/account_invoice_refund.py @@ -24,6 +24,7 @@ import time from openerp.osv import fields, osv from openerp.tools.translate import _ from openerp import netsvc +from openerp.tools.safe_eval import safe_eval as eval class account_invoice_refund(osv.osv_memory): diff --git a/addons/account_test/report/account_test_report.py b/addons/account_test/report/account_test_report.py index abf0385be86..8cf5c5f0191 100644 --- a/addons/account_test/report/account_test_report.py +++ b/addons/account_test/report/account_test_report.py @@ -24,6 +24,8 @@ import datetime import time from report import report_sxw from openerp.tools.translate import _ +from openerp.tools.safe_eval import safe_eval as eval + # # Use period and Journal for selection or resources # @@ -64,7 +66,7 @@ class report_assert_account(report_sxw.rml_parse): 'result': None, #used to store the result of the test 'column_order': None, #used to choose the display order of columns (in case you are returning a list of dict) } - exec code_exec in localdict + eval(code_exec, localdict, mode="exec", nocopy=True) result = localdict['result'] column_order = localdict.get('column_order', None) diff --git a/addons/anonymization/anonymization.py b/addons/anonymization/anonymization.py index 3e86dbbd2e1..2b0b4c3b1f2 100644 --- a/addons/anonymization/anonymization.py +++ b/addons/anonymization/anonymization.py @@ -31,6 +31,7 @@ import random import datetime from openerp.osv import fields, osv from openerp.tools.translate import _ +from openerp.tools.safe_eval import safe_eval as eval from itertools import groupby from operator import itemgetter diff --git a/addons/base_action_rule/base_action_rule.py b/addons/base_action_rule/base_action_rule.py index 398bf00286a..f47f94894bd 100644 --- a/addons/base_action_rule/base_action_rule.py +++ b/addons/base_action_rule/base_action_rule.py @@ -27,6 +27,7 @@ import openerp from openerp import SUPERUSER_ID from openerp.osv import fields, osv from openerp.tools import DEFAULT_SERVER_DATETIME_FORMAT +from openerp.tools.safe_eval import safe_eval as eval _logger = logging.getLogger(__name__) diff --git a/addons/delivery/delivery.py b/addons/delivery/delivery.py index 62d513c8bff..c240ab19f6e 100644 --- a/addons/delivery/delivery.py +++ b/addons/delivery/delivery.py @@ -23,6 +23,7 @@ import time from openerp.osv import fields,osv from openerp.tools.translate import _ import openerp.addons.decimal_precision as dp +from openerp.tools.safe_eval import safe_eval as eval class delivery_carrier(osv.osv): _name = "delivery.carrier" diff --git a/addons/l10n_fr/report/base_report.py b/addons/l10n_fr/report/base_report.py index bc2cd308bf8..d17bc273638 100644 --- a/addons/l10n_fr/report/base_report.py +++ b/addons/l10n_fr/report/base_report.py @@ -29,6 +29,7 @@ import time from openerp.report import report_sxw +from openerp.tools.safe_eval import safe_eval as eval class base_report(report_sxw.rml_parse): def __init__(self, cr, uid, name, context=None): diff --git a/addons/mail/mail_alias.py b/addons/mail/mail_alias.py index bd935498bc8..6366430a234 100644 --- a/addons/mail/mail_alias.py +++ b/addons/mail/mail_alias.py @@ -27,6 +27,7 @@ from openerp.osv import fields, osv from openerp.tools import ustr from openerp.modules.registry import RegistryManager from openerp import SUPERUSER_ID +from openerp.tools.safe_eval import safe_eval as eval _logger = logging.getLogger(__name__) diff --git a/addons/process/process.py b/addons/process/process.py index 30b37a8b0e2..e9d11156f30 100644 --- a/addons/process/process.py +++ b/addons/process/process.py @@ -22,6 +22,7 @@ from openerp import pooler from openerp import tools from openerp.osv import fields, osv +from openerp.tools.safe_eval import safe_eval as eval class Env(dict): diff --git a/addons/purchase/purchase.py b/addons/purchase/purchase.py index a56813774eb..3e80966e410 100644 --- a/addons/purchase/purchase.py +++ b/addons/purchase/purchase.py @@ -33,6 +33,7 @@ import openerp.addons.decimal_precision as dp from openerp.osv.orm import browse_record, browse_null from openerp.tools import DEFAULT_SERVER_DATE_FORMAT, DEFAULT_SERVER_DATETIME_FORMAT, DATETIME_FORMATS_MAP from openerp.tools.float_utils import float_compare +from openerp.tools.safe_eval import safe_eval as eval class purchase_order(osv.osv): diff --git a/addons/share/wizard/share_wizard.py b/addons/share/wizard/share_wizard.py index c01ad220be1..41ccf0bead5 100644 --- a/addons/share/wizard/share_wizard.py +++ b/addons/share/wizard/share_wizard.py @@ -615,8 +615,8 @@ class share_wizard(osv.TransientModel): # other groups, so we duplicate if needed rule = self._check_personal_rule_or_duplicate(cr, group_id, rule, context=context) eval_ctx = rule_obj._eval_context_for_combinations() - org_domain = expression.normalize_domain(eval(rule.domain_force, eval_ctx)) - new_clause = expression.normalize_domain(eval(domain, eval_ctx)) + org_domain = expression.normalize_domain(safe_eval(rule.domain_force, eval_ctx)) + new_clause = expression.normalize_domain(safe_eval(domain, eval_ctx)) combined_domain = expression.AND([new_clause, org_domain]) rule.write({'domain_force': combined_domain, 'name': rule.name + _('(Modified)')}) _logger.debug("Combining sharing rule %s on model %s with domain: %s", rule.id, model_id, domain) diff --git a/addons/web_diagram/controllers/main.py b/addons/web_diagram/controllers/main.py index 3f3c1065504..0415d3d2452 100644 --- a/addons/web_diagram/controllers/main.py +++ b/addons/web_diagram/controllers/main.py @@ -1,4 +1,5 @@ import openerp +from openerp.tools.safe_eval import safe_eval as eval class DiagramView(openerp.addons.web.http.Controller): _cp_path = "/web_diagram/diagram" diff --git a/openerp/report/report_sxw.py b/openerp/report/report_sxw.py index c0260656133..9bfa330cab9 100644 --- a/openerp/report/report_sxw.py +++ b/openerp/report/report_sxw.py @@ -36,6 +36,7 @@ import common from openerp.osv.fields import float as float_field, function as function_field, datetime as datetime_field from openerp.tools.translate import _ from openerp.tools import DEFAULT_SERVER_DATE_FORMAT, DEFAULT_SERVER_DATETIME_FORMAT +from openerp.tools.safe_eval import safe_eval as eval _logger = logging.getLogger(__name__)