Review: Approve I don't see anything weird to the changed code. Though reading through it hints at several other security holes, or things which could be factorized/improved in an other task/merge:
* All the paypal URL generation would probably benefit from being moved out of the templates and into dedicated methods of relevant objects * the ``followup_table`` injection mess is essentially a backdoor for injecting pretty much anything straight from the context, it shouldn't happen and — as far as I know — has little reason to since the generation of the table could just be moved to res.partner (from the report object thing), fixed to stop sucking (and being broken itself) and then cleanly called from the templates. -- https://code.launchpad.net/~openerp-dev/openobject-addons/trunk-mako_to_jinja-rco/+merge/139852 Your team OpenERP R&D Team is subscribed to branch lp:~openerp-dev/openobject-addons/trunk-mako_to_jinja-rco. _______________________________________________ Mailing list: https://launchpad.net/~openerp-dev-gtk Post to : openerp-dev-gtk@lists.launchpad.net Unsubscribe : https://launchpad.net/~openerp-dev-gtk More help : https://help.launchpad.net/ListHelp
