[FIX] Security Loophole corrected

[openobject-server @ jvo@tinyerp.com-20090901150136-tjpngpcfixg940b6] bzr revid: p_christ@hol.gr-20090901210416-x0euuqx22nchdyj7
2009-09-02 00:04:16 +03:00 · 2009-09-02 00:04:16 +03:00 · d594e929ba
parent 6e6329bb7d
commit d594e929ba
1 changed files with 4 additions and 4 deletions
--- a/bin/osv/orm.py
+++ b/bin/osv/orm.py
@ -2139,16 +2139,16 @@ class orm(orm_template):
                if d1:
                    cr.execute('SELECT %s FROM \"%s\" WHERE id IN (%s) AND %s ORDER BY %s' % \
                            (','.join(fields_pre2 + ['id']), self._table,
-                                ','.join([str(x) for x in sub_ids]), d1,
-                                self._order), d2)
+                                ','.join(['%s' for x in sub_ids]), d1,
+                                self._order),sub_ids + d2)
                    if not cr.rowcount == len({}.fromkeys(sub_ids)):
                        raise except_orm(_('AccessError'),
                                _('You try to bypass an access rule (Document type: %s).') % self._description)
                else:
                    cr.execute('SELECT %s FROM \"%s\" WHERE id IN (%s) ORDER BY %s' % \
                            (','.join(fields_pre2 + ['id']), self._table,
-                                ','.join([str(x) for x in sub_ids]),
-                                self._order))
+                                ','.join(['%s' for x in sub_ids]),
+                                self._order), sub_ids)
                res.extend(cr.dictfetchall())
        else:
            res = map(lambda x: {'id': x}, ids)