[FIX] website_payment_recurring_donations: Fix for whitelisting kwargs issue#141
Conversation
There was a problem hiding this comment.
Pull request overview
This PR updates the recurring donations portal flow to avoid issues caused by passing non-whitelisted values via **kwargs by moving donation-related data into the Odoo request context.
Changes:
- Store
donation_frequencyinrequest.env.contextfor downstream transaction creation. - Move
donation_partner_detailspropagation fromkwargstorequest.env.context. - Update
_create_transactionto read partner details from context instead ofkwargs.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| if request.env.user._is_public(): | ||
| context.update({"donation_partner_details": kwargs["partner_details"]}) | ||
| request.env.context = context |
There was a problem hiding this comment.
kwargs["partner_details"] can raise a KeyError on this public JSON route if the client omits partner_details. Also, storing the full partner_details dict in env.context is risky in Odoo because context is typically a hashable (frozen) mapping used in cache keys; a nested dict value can trigger TypeError: unhashable type: 'dict' in downstream ORM/cache usage. Prefer extracting/storing only the primitive fields needed later (e.g., email/country_id/name) or serializing to a string/tuple, and use kwargs.get(...) with a guard.
No description provided.