[impact] Limit available functions in jinja environment

2014-07-25 12:50:00 +05:30 · 2014-07-25 12:50:00 +05:30 · 62b1cbf003
commit 62b1cbf003
parent a5437cdac1
8 changed files with 22 additions and 19 deletions
--- a/erpnext/accounts/doctype/chart_of_accounts/charts/import_from_openerp.py
+++ b/erpnext/accounts/doctype/chart_of_accounts/charts/import_from_openerp.py
@ -9,7 +9,7 @@ from __future__ import unicode_literals
 import os, json
 import ast
 from xml.etree import ElementTree as ET
-from frappe.utils.datautils import read_csv_content
+from frappe.utils.csvutils import read_csv_content
 from frappe.utils import cstr
 import frappe

--- a/erpnext/accounts/doctype/journal_voucher_detail/journal_voucher_detail.json
+++ b/erpnext/accounts/doctype/journal_voucher_detail/journal_voucher_detail.json
@ -1,6 +1,6 @@
 {
 "autoname": "JVD.######", 
- "creation": "2013-02-22 01:27:39.000000", 
+ "creation": "2013-02-22 01:27:39", 
 "docstatus": 0, 
 "doctype": "DocType", 
 "fields": [
@ -31,6 +31,7 @@
   "oldfieldtype": "Link", 
   "options": "Cost Center", 
   "permlevel": 0, 
+   "print_hide": 1, 
   "print_width": "180px", 
   "search_index": 0, 
   "width": "180px"
@ -50,6 +51,7 @@
   "oldfieldtype": "Data", 
   "options": "Company:company:default_currency", 
   "permlevel": 0, 
+   "print_hide": 1, 
   "read_only": 1
  }, 
  {
@ -158,9 +160,10 @@
 ], 
 "idx": 1, 
 "istable": 1, 
- "modified": "2014-02-03 12:44:31.000000", 
+ "modified": "2014-07-25 03:16:51.149899", 
 "modified_by": "Administrator", 
 "module": "Accounts", 
 "name": "Journal Voucher Detail", 
- "owner": "Administrator"
+ "owner": "Administrator", 
+ "permissions": []
 }
--- a/erpnext/controllers/buying_controller.py
+++ b/erpnext/controllers/buying_controller.py
@ -4,7 +4,7 @@
 from __future__ import unicode_literals
 import frappe
 from frappe import _, msgprint
-from frappe.utils import flt, _round
+from frappe.utils import flt, rounded
 from erpnext.setup.utils import get_company_currency
 from erpnext.accounts.party import get_party_details

@ -118,10 +118,10 @@ class BuyingController(StockController):
 			self.precision("total_tax"))

 		if self.meta.get_field("rounded_total"):
-			self.rounded_total = _round(self.grand_total)
+			self.rounded_total = rounded(self.grand_total)

 		if self.meta.get_field("rounded_total_import"):
-			self.rounded_total_import = _round(self.grand_total_import)
+			self.rounded_total_import = rounded(self.grand_total_import)

 		if self.meta.get_field("other_charges_added"):
 			self.other_charges_added = flt(sum([flt(d.tax_amount) for d in self.tax_doclist
--- a/erpnext/controllers/selling_controller.py
+++ b/erpnext/controllers/selling_controller.py
@ -3,7 +3,7 @@

 from __future__ import unicode_literals
 import frappe
-from frappe.utils import cint, flt, _round, cstr, comma_or
+from frappe.utils import cint, flt, rounded, cstr, comma_or
 from erpnext.setup.utils import get_company_currency
 from frappe import _, throw

@ -220,8 +220,8 @@ class SellingController(StockController):
 			self.net_total_export + flt(self.discount_amount),
 			self.precision("other_charges_total_export"))

-		self.rounded_total = _round(self.grand_total)
-		self.rounded_total_export = _round(self.grand_total_export)
+		self.rounded_total = rounded(self.grand_total)
+		self.rounded_total_export = rounded(self.grand_total_export)

 	def apply_discount_amount(self):
 		if self.discount_amount:
--- a/erpnext/hr/doctype/salary_slip/salary_slip.py
+++ b/erpnext/hr/doctype/salary_slip/salary_slip.py
@ -4,7 +4,7 @@
 from __future__ import unicode_literals
 import frappe

-from frappe.utils import add_days, cint, cstr, flt, getdate, nowdate, _round
+from frappe.utils import add_days, cint, cstr, flt, getdate, nowdate, rounded
 from frappe.model.naming import make_autoname

 from frappe import msgprint, _
@ -152,7 +152,7 @@ class SalarySlip(TransactionBase):
 		self.gross_pay = flt(self.arrear_amount) + flt(self.leave_encashment_amount)
 		for d in self.get("earning_details"):
 			if cint(d.e_depends_on_lwp) == 1:
-				d.e_modified_amount = _round(flt(d.e_amount) * flt(self.payment_days)
+				d.e_modified_amount = rounded(flt(d.e_amount) * flt(self.payment_days)
 					/ cint(self.total_days_in_month), 2)
 			elif not self.payment_days:
 				d.e_modified_amount = 0
@ -164,7 +164,7 @@ class SalarySlip(TransactionBase):
 		self.total_deduction = 0
 		for d in self.get('deduction_details'):
 			if cint(d.d_depends_on_lwp) == 1:
-				d.d_modified_amount = _round(flt(d.d_amount) * flt(self.payment_days)
+				d.d_modified_amount = rounded(flt(d.d_amount) * flt(self.payment_days)
 					/ cint(self.total_days_in_month), 2)
 			elif not self.payment_days:
 				d.d_modified_amount = 0
@ -177,7 +177,7 @@ class SalarySlip(TransactionBase):
 		self.calculate_earning_total()
 		self.calculate_ded_total()
 		self.net_pay = flt(self.gross_pay) - flt(self.total_deduction)
-		self.rounded_total = _round(self.net_pay)
+		self.rounded_total = rounded(self.net_pay)

 	def on_submit(self):
 		if(self.email_check == 1):
--- a/erpnext/hr/doctype/upload_attendance/upload_attendance.py
+++ b/erpnext/hr/doctype/upload_attendance/upload_attendance.py
@ -7,7 +7,7 @@ from __future__ import unicode_literals
 import frappe
 from frappe.utils import cstr, add_days, date_diff
 from frappe import _
-from frappe.utils.datautils import UnicodeWriter
+from frappe.utils.csvutils import UnicodeWriter
 from frappe.model.document import Document

 class UploadAttendance(Document):
@ -96,7 +96,7 @@ def upload():
 	if not frappe.has_permission("Attendance", "create"):
 		raise frappe.PermissionError

-	from frappe.utils.datautils import read_csv_content_from_uploaded_file
+	from frappe.utils.csvutils import read_csv_content_from_uploaded_file
 	from frappe.modules import scrub

 	rows = read_csv_content_from_uploaded_file()
@ -110,7 +110,7 @@ def upload():
 	ret = []
 	error = False

-	from frappe.utils.datautils import check_record, import_doc
+	from frappe.utils.csvutils import check_record, import_doc

 	for i, row in enumerate(rows[5:]):
 		if not row: continue
--- a/erpnext/stock/doctype/stock_reconciliation/stock_reconciliation.py
+++ b/erpnext/stock/doctype/stock_reconciliation/stock_reconciliation.py
@ -302,6 +302,6 @@ class StockReconciliation(StockController):

@frappe.whitelist()
 def upload():
-	from frappe.utils.datautils import read_csv_content_from_uploaded_file
+	from frappe.utils.csvutils import read_csv_content_from_uploaded_file
 	csv_content = read_csv_content_from_uploaded_file()
 	return filter(lambda x: x and any(x), csv_content)
--- a/erpnext/utilities/doctype/rename_tool/rename_tool.py
+++ b/erpnext/utilities/doctype/rename_tool/rename_tool.py
@ -19,7 +19,7 @@ def get_doctypes():

@frappe.whitelist()
 def upload(select_doctype=None, rows=None):
-	from frappe.utils.datautils import read_csv_content_from_uploaded_file
+	from frappe.utils.csvutils import read_csv_content_from_uploaded_file
 	from frappe.model.rename_doc import rename_doc

 	if not select_doctype: