-
- Downloads
[FIX] *: sanitize action content reading
The open_action_with_context was not using _for_xml_id, producing an error when reading the action content. In open_action, the action_name was taken from the context and needs sanity checks. Ensure only actions from the account module can be read and only if the user has access to the target model. This is a limitation of the previous behaviour but, at the moment, all known calls are made refering to an action from the account module. Limit the scope of this method while the 14.0 is still early to avoid having a door open to ready any action, and difficult to close later. Remove old action fetching from the context in create_move that is no longer used. closes odoo/odoo#61365 Related: odoo/enterprise#14682 Signed-off-by:Martin Trigaux (mat) <mat@odoo.com> Co-authored-by:
Xavier Morel <xmo@odoo.com>
Showing
- addons/account/models/account_bank_statement.py 1 addition, 4 deletionsaddons/account/models/account_bank_statement.py
- addons/account/models/account_journal_dashboard.py 3 additions, 5 deletionsaddons/account/models/account_journal_dashboard.py
- addons/account/models/account_move.py 1 addition, 1 deletionaddons/account/models/account_move.py
- addons/account/wizard/wizard_tax_adjustments.py 1 addition, 2 deletionsaddons/account/wizard/wizard_tax_adjustments.py
- addons/account_fleet/models/fleet_vehicle.py 1 addition, 2 deletionsaddons/account_fleet/models/fleet_vehicle.py
- addons/crm/models/res_partner.py 1 addition, 1 deletionaddons/crm/models/res_partner.py
- addons/crm/models/utm.py 1 addition, 1 deletionaddons/crm/models/utm.py
- addons/hr/models/res_users.py 1 addition, 1 deletionaddons/hr/models/res_users.py
- addons/hr_expense/models/account_journal_dashboard.py 1 addition, 1 deletionaddons/hr_expense/models/account_journal_dashboard.py
- addons/hr_recruitment/models/hr_recruitment.py 1 addition, 2 deletionsaddons/hr_recruitment/models/hr_recruitment.py
- addons/point_of_sale/models/pos_order.py 1 addition, 2 deletionsaddons/point_of_sale/models/pos_order.py
- addons/point_of_sale/models/pos_session.py 1 addition, 2 deletionsaddons/point_of_sale/models/pos_session.py
- addons/project/models/project.py 1 addition, 2 deletionsaddons/project/models/project.py
- addons/purchase/models/purchase.py 2 additions, 3 deletionsaddons/purchase/models/purchase.py
- addons/purchase_stock/models/stock.py 1 addition, 2 deletionsaddons/purchase_stock/models/stock.py
- addons/stock_account/models/stock_inventory.py 1 addition, 4 deletionsaddons/stock_account/models/stock_inventory.py
- addons/stock_account/models/stock_move.py 1 addition, 4 deletionsaddons/stock_account/models/stock_move.py
- addons/survey/models/survey_survey.py 3 additions, 6 deletionsaddons/survey/models/survey_survey.py
- odoo/tools/test_reports.py 2 additions, 2 deletionsodoo/tools/test_reports.py
Loading
Please register or sign in to comment