Commit 4a5029f0 authored by Vincent Pelletier's avatar Vincent Pelletier

Use a better sql escaping method.


git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@24940 20353a03-c40f-0410-a6d1-a30d3c3de9de
parent 57a2077c
...@@ -50,7 +50,7 @@ from Products.PageTemplates.Expressions import getEngine ...@@ -50,7 +50,7 @@ from Products.PageTemplates.Expressions import getEngine
from MethodObject import Method from MethodObject import Method
from Products.ERP5Security.ERP5UserManager import SUPER_USER from Products.ERP5Security.ERP5UserManager import SUPER_USER
from DocumentTemplate.DT_Var import sql_quote from Products.ERP5Type.Utils import sqlquote
import os, time, urllib, warnings import os, time, urllib, warnings
import sys import sys
...@@ -565,7 +565,7 @@ class CatalogTool (UniqueObject, ZCatalog, CMFCoreCatalogTool, ActiveObject): ...@@ -565,7 +565,7 @@ class CatalogTool (UniqueObject, ZCatalog, CMFCoreCatalogTool, ActiveObject):
else: else:
# XXX: What with this string transformation ?! Souldn't it be done in # XXX: What with this string transformation ?! Souldn't it be done in
# dtml instead ? # dtml instead ?
allowedRolesAndUsers = ["'%s'" % (sql_quote(role), ) for role in allowedRolesAndUsers] allowedRolesAndUsers = [sqlquote(role) for role in allowedRolesAndUsers]
security_uid_list = [x.uid for x in method(security_roles_list = allowedRolesAndUsers)] security_uid_list = [x.uid for x in method(security_roles_list = allowedRolesAndUsers)]
security_uid_cache[cache_key] = security_uid_list security_uid_cache[cache_key] = security_uid_list
else: else:
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment