From 0a142c9da85657719ac985fddc2a64287790f08b Mon Sep 17 00:00:00 2001
From: benjamin <benjamin@le-filament.com>
Date: Tue, 4 Jan 2022 14:33:50 +0100
Subject: [PATCH] [update] replace unsafe_eval by safe_eval

---
 controllers/main.py | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/controllers/main.py b/controllers/main.py
index 3fe9a57..f6aeb34 100644
--- a/controllers/main.py
+++ b/controllers/main.py
@@ -8,7 +8,7 @@ from io import BytesIO, StringIO
 from odoo import http
 from odoo.http import request
 from odoo.tools.misc import xlwt
-from odoo.tools.safe_eval import unsafe_eval
+from odoo.tools.safe_eval import safe_eval
 
 from odoo.addons.web.controllers.main import content_disposition, serialize_exception
 
@@ -48,7 +48,10 @@ class JournalDatasExport(http.Controller):
         for line in export_line_ids:
             row = []
             for field in export_id.fields_ids:
-                value = unsafe_eval(field["field_name"])
+                if field["field_name"].startswith('line.'):
+                    value = safe_eval(field["field_name"], {'line': line}, mode="eval")
+                else:
+                    value = safe_eval(field["field_name"])
                 row.append(value)
             lines_to_export.append(row)
             line.write({"date_export": datetime.now()})
-- 
GitLab