[IMP] account: moved the build of the query_get used in the reports, on the reports file... to avoid sql injections
bzr revid: qdp-launchpad@tinyerp.com-20101001081202-n2yc97fvh3rqdl7m
This commit is contained in:
parent
fdf460d9d0
commit
e42cc1278b
|
@ -38,9 +38,10 @@ class general_ledger(rml_parse.rml_parse, common_report_header):
|
|||
|
||||
def set_context(self, objects, data, ids, report_type=None):
|
||||
new_ids = ids
|
||||
obj_move = self.pool.get('account.move.line')
|
||||
self.sortby = data['form'].get('sortby', 'sort_date')
|
||||
self.query = data['form'].get('query_line', '')
|
||||
self.init_query = data['form']['initial_bal_query']
|
||||
self.query = obj_move._query_get(cr, uid, obj='l', context=data['form'].get('used_context',{}))
|
||||
self.init_query = obj_move._query_get(cr, uid, obj='l', context=data['form'].get('used_context_initial_bal', {}))
|
||||
self.init_balance = data['form']['initial_balance']
|
||||
self.display_account = data['form']['display_account']
|
||||
self.target_move = data['form'].get('target_move', 'all')
|
||||
|
|
|
@ -148,8 +148,8 @@ class account_common_report(osv.osv_memory):
|
|||
used_context, used_context_initial_bal = self._build_contexts(cr, uid, ids, data, context=context)
|
||||
query_line = obj_move._query_get(cr, uid, obj='l', context=used_context)
|
||||
data['form']['periods'] = used_context.get('periods', False) and used_context['periods'] or []
|
||||
data['form']['query_line'] = query_line
|
||||
data['form']['initial_bal_query'] = obj_move._query_get(cr, uid, obj='l', context=used_context_initial_bal)
|
||||
data['form']['used_context'] = used_context
|
||||
data['form']['used_context_initial_bal'] = used_context_initial_bal
|
||||
return self._print_report(cr, uid, ids, data, query_line, context=context)
|
||||
|
||||
account_common_report()
|
||||
|
|
Loading…
Reference in New Issue