© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
2eb648a
demo site
(Get the code!)
The problem I found is that this bug is not limited to the web client, but it is propagated to the server code :
The web client creates a "vals" dictionary with form data, serializes it, send it through NetRPC. But all the empty fields (either [] for o2m or [(6,0,[])] for m2m) are the exact same object in memory! So when the server unserializes the dict, the problem appears on the server side as well : the received dict contains several times the same mutable value (same python reference).
Then, any server-side code that will try to append an id in an empty one2many field will modify *all other* empty one2many fields at the same time.
In the best case (what happend to me), the id does not exist in the unwanted field and you get an error which is very difficult to understand.
In the worst case you silently modify an unwanted field, which I find dangerous and can lead to a clear security flaw.