HI
I am seeing difference in behavior between 2.14.5 and 2.14.6 for
SQLFORM.grid, after clicking on the 'csv' button to download the csv.
Same statement in both 2.14.5 and 2.14.6
formTable=SQLFORM.grid(\
query,\
fields=[db.temperature.probe,db.temperature.timeMeasured,db.temperature.celsius],\
orderby=db.temperature.timeMeasured, \
searchable=False,\
sortable=False,\
paginate=10,\
deletable=False,\
editable=False,\
details=False,\
create=False,\
csv=True,\
links_in_grid=False, \
user_signature=True, \
maxtextlengths={}, \
maxtextlength=20
)
No error in 2.14.5. This error in 2.14.6:
Traceback (most recent call last):
File "/home/pi/w/web2py/gluon/restricted.py", line 220, in restricted
exec(ccode, environment)
File "/home/pi/w/web2py/applications/init/controllers/display.py"
<https://127.0.0.1:8001/admin/default/edit/init/controllers/display.py>, line
72, in <module>
File "/home/pi/w/web2py/gluon/globals.py", line 405, in <lambda>
self._caller = lambda f: f()
File "/home/pi/w/web2py/applications/init/controllers/display.py"
<https://127.0.0.1:8001/admin/default/edit/init/controllers/display.py>, line
31, in tempsTable
maxtextlength=20
File "/home/pi/w/web2py/gluon/sqlhtml.py", line 2479, in grid
raise HTTP(200, oExp.export(), **response.headers)
File "/home/pi/w/web2py/gluon/sqlhtml.py", line 3522, in export
self.rows.export_to_csv_file(s, represent=True)
File "/home/pi/w/web2py/gluon/packages/dal/pydal/objects.py", line 2454, in
export_to_csv_file
row.append(record._extra[col])
File "/home/pi/w/web2py/gluon/packages/dal/pydal/objects.py", line 91, in
__getattr__
raise AttributeError
AttributeError
where the SQLFORM.grid is in the function tempsTable, here is the view html:
{{=LOAD(f='tempsTable', args=[], vars=tempQuery,\
extension='load', ajax=True, user_signature=True)}}
regards,
Ben
On Monday, May 9, 2016 at 5:31:38 PM UTC-7, Massimo Di Pierro wrote:
>
> A few vulnerabilities have been found in admin. One of them was serious
> and it made admin vulnerable to brute force password attacks under some
> conditions.
> They have been been fixed in version 2.14.6. If you expose admin publicly,
> we recommend you upgrade immediately.
>
> Anyway, we remind everybody that it is not recommended to expose admin in
> production environments. Run it locally and connect to it using a ssh
> tunnel instead.
>
> Many takes to Narendra for funding and reporting the vulnerabilities,
> Leonel for fixing them, and Richard and Simone for adding many tests and
> fixing bugs.
>
> Massimo
>
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
