From b39904ad4af03ba45021a3bccf8d78b9b37bc086 Mon Sep 17 00:00:00 2001 From: "Ravi Gohil (Open ERP)" Date: Thu, 17 May 2012 15:53:59 +0530 Subject: [PATCH] [FIX] To prevent the leak when domain and context passed blank and view_id is passed as blank list by the server action : (Maintenance Case : 574769) bzr revid: rgo@tinyerp.com-20120517102359-7u10pq22ynd3219k --- addons/web/controllers/main.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/addons/web/controllers/main.py b/addons/web/controllers/main.py index 535ab7d9fea..8852e434961 100644 --- a/addons/web/controllers/main.py +++ b/addons/web/controllers/main.py @@ -684,10 +684,10 @@ def clean_action(req, action, do_not_eval=False): if not do_not_eval: # values come from the server, we can just eval them if isinstance(action.get('context'), basestring): - action['context'] = eval( action['context'], eval_ctx ) or {} + action['context'] = eval( action['context'] or '{}', eval_ctx ) or {} if isinstance(action.get('domain'), basestring): - action['domain'] = eval( action['domain'], eval_ctx ) or [] + action['domain'] = eval( action['domain'] or '[]', eval_ctx ) or [] else: if 'context' in action: action['context'] = parse_context(action['context'], req.session) @@ -719,7 +719,7 @@ def generate_views(action): :param dict action: action descriptor dictionary to generate a views key for """ - view_id = action.get('view_id', False) + view_id = action.get('view_id', False) or False if isinstance(view_id, (list, tuple)): view_id = view_id[0]