[Erp5-report] r24940 - /erp5/trunk/products/ERP5Catalog/CatalogTool.py
nobody at svn.erp5.org
nobody at svn.erp5.org
Thu Dec 18 14:16:28 CET 2008
Author: vincent
Date: Thu Dec 18 14:16:27 2008
New Revision: 24940
URL: http://svn.erp5.org?rev=24940&view=rev
Log:
Use a better sql escaping method.
Modified:
erp5/trunk/products/ERP5Catalog/CatalogTool.py
Modified: erp5/trunk/products/ERP5Catalog/CatalogTool.py
URL: http://svn.erp5.org/erp5/trunk/products/ERP5Catalog/CatalogTool.py?rev=24940&r1=24939&r2=24940&view=diff
==============================================================================
--- erp5/trunk/products/ERP5Catalog/CatalogTool.py [utf8] (original)
+++ erp5/trunk/products/ERP5Catalog/CatalogTool.py [utf8] Thu Dec 18 14:16:27 2008
@@ -50,7 +50,7 @@
from MethodObject import Method
from Products.ERP5Security.ERP5UserManager import SUPER_USER
-from DocumentTemplate.DT_Var import sql_quote
+from Products.ERP5Type.Utils import sqlquote
import os, time, urllib, warnings
import sys
@@ -565,7 +565,7 @@
else:
# XXX: What with this string transformation ?! Souldn't it be done in
# dtml instead ?
- allowedRolesAndUsers = ["'%s'" % (sql_quote(role), ) for role in allowedRolesAndUsers]
+ allowedRolesAndUsers = [sqlquote(role) for role in allowedRolesAndUsers]
security_uid_list = [x.uid for x in method(security_roles_list = allowedRolesAndUsers)]
security_uid_cache[cache_key] = security_uid_list
else:
More information about the Erp5-report
mailing list