1. 18 May, 2022 3 commits
    • Levin Zimmermann's avatar
      restricted: Allow patched pandas.read_* functions · 4360dbc6
      Levin Zimmermann authored
      Rationale:
      
      Converting * to data frame / numpy array efficiently is required in all
      wendelin projects, without this functionality wendelin is useless.
      Currently all projects allow this functionality in an insecure way.
      This commit aims to improve the situation by supporting a secure way of
      this functionality.
      
      (See nexedi/wendelin!99 (comment 158474))
      
      Because pandas (in restricted Python) can also be useful in 'pure' ERP5
      (without Wendelin) the functionality is added to ERP5 source code.
      
      ---
      
      Security:
      
      Security is guaranteed by patching selected read_* functions and
      allowing the patched versions. The patch prohibits anything but
      string input which directly contains the data (e.g. no urls, file
      paths). New unit tests ensure the restrictions of the patches
      are actually effective.
      
      ---
      
      Notes on implementation decisions:
      
      Instead of offering new ERP5 extension methods (e.g. Base_readJson)
      this commit adds patched pandas read functions in restricted Python.
      In this way the change of the known API is as minimal as possible.
      
      Instead of globally monkey-patching pandas read_* functions, only the
      functions inside restricted python are patched.
      In this way the fully-functional, original functions are still available
      in Zope products or ERP5 extension code.
      
      Minor changes in the way how pandas is allowed in restricted python
      have been applied. Please consult the following discussions in the Merge
      request for details:
      
      nexedi/erp5!1615 (comment 159203)
      nexedi/erp5!1615 (comment 159341)
      4360dbc6
    • Levin Zimmermann's avatar
      70b92437
    • Levin Zimmermann's avatar
      ERP5Site: Remove compatibility with old data model · b1bdb286
      Levin Zimmermann authored
      ...for  getPortalDataConfigurationTypeList.
      
      See !1630 (comment 159889).
      b1bdb286
  2. 17 May, 2022 5 commits
  3. 16 May, 2022 4 commits
    • Julien Muchembled's avatar
      ERP5Type: fix regression in properties.dtml · eef80b9e
      Julien Muchembled authored
      In commit a17bb910 ("py2/py3:
      Make Products code compatible with both python2 and python3"),
      2to3 changed `_.has_key(...)` to `... in _` whereas _ is not a dict.
      
      Traceback (innermost last):
       ...
       Module OFS.PropertyManager, line 309, in manage_editProperties
         manage_tabs_message=message)
       Module Shared.DC.Scripts.Bindings, line 322, in __call__
         return self._bindAndExec(args, kw, None)
       Module Shared.DC.Scripts.Bindings, line 359, in _bindAndExec
         return self._exec(bound_data, args, kw)
       Module App.special_dtml, line 185, in _exec
         try: result = render_blocks(self._v_blocks, ns)
       Module DocumentTemplate.DT_In, line 707, in renderwob
         try: append(render(section, md))
       Module DocumentTemplate.DT_Let, line 76, in render
         else: d[name]=expr(md)
       Module DocumentTemplate.DT_Util, line 210, in eval
        - __traceback_info__: _
         return eval(code, d)
       Module <string>, line 1, in <module>
      
      TypeError: argument of type 'TemplateDict' is not iterable
      eef80b9e
    • Xiaowu Zhang's avatar
      erp5_trade: add product line selection in stock report · 6cbb159d
      Xiaowu Zhang authored
      See merge request nexedi/erp5!1628
      6cbb159d
    • Xiaowu Zhang's avatar
      e1360ac0
    • Romain Courteaud's avatar
      erp5_web: force redirection on website using a service worker · 7a7b4a45
      Romain Courteaud authored
      Delete the content of the cache storage (used by erp5js), unregister the service worker and force the browser to reload.
      7a7b4a45
  4. 13 May, 2022 5 commits
  5. 11 May, 2022 1 commit
  6. 10 May, 2022 2 commits
  7. 09 May, 2022 4 commits
  8. 06 May, 2022 8 commits
  9. 04 May, 2022 8 commits