odoo
/
odoo
2
0
Fork 0
Code Pull Requests Releases Activity

[FIX] http: do not allow passing spaces around db in URL param 

Until 9.0 our psycopg2 DSN connection strings do not allow having
spaces within the db name, and passing some can cause duplicate
registries to be loaded.

Stripping spaces is a simple workaround until we actually support
spaces within db names.

Fixes #13078
This commit is contained in:
Olivier Dony 2016-08-19 02:47:19 +02:00
parent b226510840
commit b17b2a2eb7
No known key found for this signature in database
GPG Key ID: CD556E25E8A6D0D4
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
addons/web/controllers/main.py
View File

@ -101,7 +101,7 @@ def ensure_db(redirect='/web/database/selector'):
# If the db is taken out of a query parameter, it will be checked against
# `http.db_filter()` in order to ensure it's legit and thus avoid db
# forgering that could lead to xss attacks.
db = request.params.get('db')
db = request.params.get('db') and request.params.get('db').strip()
# Ensure db is legit
if db and db not in http.db_filter([db]):