Ok, thank you. We are working for it
I comment what, my patch example solution no have SQL injections My idea is next patch:
=== modified file 'account/account.py' --- account/account.py 2011-10-10 08:50:07 +0000 +++ account/account.py 2011-11-08 00:54:14 +0000 @@ -271,6 +271,13 @@ request = ("SELECT l.account_id as id, " +\ ', '.join(map(mapping.__getitem__, field_names)) + " FROM account_move_line l" \ + """ + INNER JOIN account_account aa_tree_1 + ON aa_tree_1.id = l.account_id + INNER JOIN account_account aa_tree_2 + ON aa_tree_2.parent_left + BETWEEN aa_tree_1.parent_left AND aa_tree_1.parent_right + """ \ " WHERE l.account_id IN %s " \ + filters + " GROUP BY l.account_id")
NOTE: This is a example of my idea, not have the full solution
Ok, thank you.
We are working for it
I comment what, my patch example solution no have SQL injections
My idea is next patch:
=== modified file 'account/ account. py'
request = ("SELECT l.account_id as id, " +\
', '.join( map(mapping. __getitem_ _, field_names)) +
" FROM account_move_line l" \ 2.parent_ left 1.parent_ left AND aa_tree_ 1.parent_ right
" WHERE l.account_id IN %s " \
+ filters +
" GROUP BY l.account_id")
--- account/account.py 2011-10-10 08:50:07 +0000
+++ account/account.py 2011-11-08 00:54:14 +0000
@@ -271,6 +271,13 @@
+ """
+ INNER JOIN account_account aa_tree_1
+ ON aa_tree_1.id = l.account_id
+ INNER JOIN account_account aa_tree_2
+ ON aa_tree_
+ BETWEEN aa_tree_
+ """ \
NOTE: This is a example of my idea, not have the full solution