Missing protection against '%' in user data
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Odoo Server (MOVED TO GITHUB) |
Confirmed
|
Medium
|
OpenERP's Framework R&D |
Bug Description
On latest 7.0 branch :
- create an empty database
- install the 'sale' app
- enable user CSV import in the settings
- enable pricelists in the sale config
- Create a file pricelist.csv containing :
"active"
"True","6","EUR (€)","list3"
- Select this file in the import wizard of the pricelist list view.
- click on Validate
=> traceback
File "/home/
message=
ValueError: unsupported format character ''' (0x27) at index 67
The problem comes from the '%' in the user data, being interpreted by the % formatting. The bug is located in several places in the code, I could only find a few of them:
openobject-
openobject-
openobject-
openobject-
openobject-
openobject-
openobject-
The quickfix is to *.replace('%', '%%')
description: | updated |
description: | updated |
summary: |
- bad raise depending on user data + Missing protection against '%' in user data |
description: | updated |
Changed in openobject-server: | |
status: | New → Confirmed |
status: | Confirmed → New |
Changed in openobject-server: | |
assignee: | nobody → OpenERP's Framework R&D (openerp-dev-framework) |
importance: | Undecided → Medium |
status: | New → Confirmed |
Here is a sample fix, but it does not contain additional unit tests for all these cases, which may be a good idea https:/ /code.launchpad .net/~anybox/ openobject- server/ lp1100907