security hazard; access to self on searchCriteria
This commit is contained in:
parent
96ace1f7dd
commit
feb0c94e79
|
@ -2311,7 +2311,8 @@ class ObjectsServer(AdministrableServerMixin, Server):
|
|||
continue
|
||||
try:
|
||||
if eval(criteria, {'object': objectCore,
|
||||
'result': result}, {}):
|
||||
'result': result,
|
||||
'self': self}, {}):
|
||||
result.append(objectId)
|
||||
except Exception, e:
|
||||
pass
|
||||
|
|
Reference in New Issue