safe_eval _import method restrict modules to use in python code fields, and have a missing argument too
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Odoo Server (MOVED TO GITHUB) |
New
|
Undecided
|
Unassigned |
Bug Description
I was trying to create a Salary Rule object in the HR Payroll Module, adding a python code into a python field.
I figure it out that i was limited to only import ['_strptime', 'time'] modules for use their methods in the python field. Debugging a little into the openerp/
_ALLOWED_MODULES = ['_strptime', 'time']
When I tried to add another python modules that I need, datetime and dateutil, it wont let me, so I add this two modules to the _ALLOWED_MODULES var and then it works, I was able to use all the modules I import that remains to into this variable.
_ALLOWED_MODULES = ['_strptime', 'time', 'datetime', 'dateutil']
The _ALLOWED_MODULES variable is only use in this field and for the import purpose.
Also the server log raise an exception when trying to use the complete signature for the __import__() built-in method, it raise and make import error. For example, I use this signature:
dateutil = __import_
Check into the save_eval code and discover that the fromlist argument of this function was missing when the import builtin function was overwritten by openerp. I added the argument at the overwrite method and then it works perfectly.