From 0a142c9da85657719ac985fddc2a64287790f08b Mon Sep 17 00:00:00 2001 From: benjamin <benjamin@le-filament.com> Date: Tue, 4 Jan 2022 14:33:50 +0100 Subject: [PATCH] [update] replace unsafe_eval by safe_eval --- controllers/main.py | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/controllers/main.py b/controllers/main.py index 3fe9a57..f6aeb34 100644 --- a/controllers/main.py +++ b/controllers/main.py @@ -8,7 +8,7 @@ from io import BytesIO, StringIO from odoo import http from odoo.http import request from odoo.tools.misc import xlwt -from odoo.tools.safe_eval import unsafe_eval +from odoo.tools.safe_eval import safe_eval from odoo.addons.web.controllers.main import content_disposition, serialize_exception @@ -48,7 +48,10 @@ class JournalDatasExport(http.Controller): for line in export_line_ids: row = [] for field in export_id.fields_ids: - value = unsafe_eval(field["field_name"]) + if field["field_name"].startswith('line.'): + value = safe_eval(field["field_name"], {'line': line}, mode="eval") + else: + value = safe_eval(field["field_name"]) row.append(value) lines_to_export.append(row) line.write({"date_export": datetime.now()}) -- GitLab