Missing protection against '%' in user data
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Odoo Server (MOVED TO GITHUB) |
Confirmed
|
Medium
|
OpenERP's Framework R&D | ||
Bug Description
On latest 7.0 branch :
- create an empty database
- install the 'sale' app
- enable user CSV import in the settings
- enable pricelists in the sale config
- Create a file pricelist.csv containing :
"active"
"True","6","EUR (€)","list3"
- Select this file in the import wizard of the pricelist list view.
- click on Validate
=> traceback
File "/home/
message=
ValueError: unsupported format character ''' (0x27) at index 67
The problem comes from the '%' in the user data, being interpreted by the % formatting. The bug is located in several places in the code, I could only find a few of them:
openobject-
openobject-
openobject-
openobject-
openobject-
openobject-
openobject-
The quickfix is to *.replace('%', '%%')
| description: | updated |
| description: | updated |
| summary: |
- bad raise depending on user data + Missing protection against '%' in user data |
| description: | updated |
| Christophe Combelles (ccomb) wrote | #1 |
| Changed in openobject-server: | |
| status: | New → Confirmed |
| status: | Confirmed → New |
| Changed in openobject-server: | |
| assignee: | nobody → OpenERP's Framework R&D (openerp-dev-framework) |
| importance: | Undecided → Medium |
| status: | New → Confirmed |
Here is a sample fix, but it does not contain additional unit tests for all these cases, which may be a good idea https:/