[tryton-debian-vcs] tryton-server branch debian updated. debian/3.8.2-1-2-g6617705
Mathias Behrle
tryton-debian-vcs at alioth.debian.org
Wed Feb 10 19:55:47 UTC 2016
The following commit has been merged in the debian branch:
https://alioth.debian.org/plugins/scmgit/cgi-bin/gitweb.cgi/?p=tryton/tryton-server.git;a=commitdiff;h=debian/3.8.2-1-2-g6617705
commit 661770560c7510420af8c01c7d28eb5cfd673879
Author: Mathias Behrle <mathiasb at m9s.biz>
Date: Wed Feb 10 18:16:10 2016 +0100
Releasing debian version 3.8.3-1.
Signed-off-by: Mathias Behrle <mathiasb at m9s.biz>
diff --git a/debian/changelog b/debian/changelog
index c5d0028..65f8cf2 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+tryton-server (3.8.3-1) unstable; urgency=medium
+
+ * Merging upstream version 3.8.3.
+
+ -- Mathias Behrle <mathiasb at m9s.biz> Wed, 10 Feb 2016 18:16:10 +0100
+
tryton-server (3.8.2-1) unstable; urgency=medium
* Moving python-simplejson from Depends to Recommends.
commit dca31354dd4553848c4de92c87e06a4bc0271428
Author: Mathias Behrle <mathiasb at m9s.biz>
Date: Wed Feb 10 18:16:09 2016 +0100
Merging upstream version 3.8.3.
diff --git a/CHANGELOG b/CHANGELOG
index c67bc63..7d6c5bc 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,3 +1,9 @@
+Version 3.8.3 - 2016-02-06
+* Bug fixes (see mercurial logs for details)
+* Strip and unquote double-quote from Postgresql schema in search_path
+* Don't read historized user when evaluating record rules as it could lead to
+ past privilege escalation.
+
Version 3.8.2 - 2016-01-11
* Bug fixes (see mercurial logs for details)
diff --git a/PKG-INFO b/PKG-INFO
index e6aa46b..c944c45 100644
--- a/PKG-INFO
+++ b/PKG-INFO
@@ -1,6 +1,6 @@
Metadata-Version: 1.1
Name: trytond
-Version: 3.8.2
+Version: 3.8.3
Summary: Tryton server
Home-page: http://www.tryton.org/
Author: Tryton
diff --git a/trytond.egg-info/PKG-INFO b/trytond.egg-info/PKG-INFO
index e6aa46b..c944c45 100644
--- a/trytond.egg-info/PKG-INFO
+++ b/trytond.egg-info/PKG-INFO
@@ -1,6 +1,6 @@
Metadata-Version: 1.1
Name: trytond
-Version: 3.8.2
+Version: 3.8.3
Summary: Tryton server
Home-page: http://www.tryton.org/
Author: Tryton
diff --git a/trytond/__init__.py b/trytond/__init__.py
index b60e110..2871eed 100644
--- a/trytond/__init__.py
+++ b/trytond/__init__.py
@@ -4,7 +4,7 @@ import os
import time
from email import charset
-__version__ = "3.8.2"
+__version__ = "3.8.3"
os.environ['TZ'] = 'UTC'
if hasattr(time, 'tzset'):
diff --git a/trytond/backend/postgresql/database.py b/trytond/backend/postgresql/database.py
index 9776784..3d7cf2d 100644
--- a/trytond/backend/postgresql/database.py
+++ b/trytond/backend/postgresql/database.py
@@ -39,6 +39,18 @@ RE_VERSION = re.compile(r'\S+ (\d+)\.(\d+)')
os.environ['PGTZ'] = os.environ.get('TZ', '')
+def unescape_quote(s):
+ if s.startswith('"') and s.endswith('"'):
+ return s.strip('"').replace('""', '"')
+ return s
+
+
+def replace_special_values(s, **mapping):
+ for name, value in mapping.iteritems():
+ s = s.replace('$' + name, value)
+ return s
+
+
class Database(DatabaseInterface):
_databases = {}
@@ -347,8 +359,14 @@ class Cursor(CursorInterface):
def search_path(self):
if self._search_path is None:
self.execute('SHOW search_path')
- self._search_path = self.fetchone()[0].replace(
- '"$user"', self.current_user).split(',')
+ path, = self.fetchone()
+ special_values = {
+ 'user': self.current_user,
+ }
+ self._search_path = [
+ unescape_quote(replace_special_values(
+ p.strip(), **special_values))
+ for p in path.split(',')]
return self._search_path
register_type(UNICODE)
diff --git a/trytond/ir/rule.py b/trytond/ir/rule.py
index cb61ffc..267705b 100644
--- a/trytond/ir/rule.py
+++ b/trytond/ir/rule.py
@@ -145,7 +145,7 @@ class Rule(ModelSQL, ModelView):
def _get_context():
User = Pool().get('res.user')
user_id = Transaction().user
- with Transaction().set_context(_check_access=False):
+ with Transaction().set_context(_check_access=False, _datetime=None):
user = EvalEnvironment(User(user_id), User)
return {
'user': user,
--
tryton-server
More information about the tryton-debian-vcs
mailing list