[security] take care uidrels may contains a relation targetting something else than a constant node (eg IN function)
--- a/server/querier.py Fri Mar 19 10:07:30 2010 +0100
+++ b/server/querier.py Fri Mar 19 10:10:18 2010 +0100
@@ -321,8 +321,14 @@
for var in rqlst.defined_vars.itervalues():
for rel in var.stinfo['uidrels']:
const = rel.children[1].children[0]
- varkwargs[var.name] = typed_eid(const.eval(self.args))
- break
+ try:
+ varkwargs[var.name] = typed_eid(const.eval(self.args))
+ break
+ except AttributeError:
+ #from rql.nodes import Function
+ #assert isinstance(const, Function)
+ # X eid IN(...)
+ pass
# dictionnary of variables restricted for security reason
localchecks = {}
restricted_vars = set()