Odoo Addons (MOVED TO GITHUB)

Merge lp:~openerp-dev/openobject-addons/6.0-opw-6286-ach into lp:openobject-addons/6.0

6.0-opw-6286-ach
Merge into 6.0

Proposed by Anup(SerpentCS) on 2011-06-16

Status:	Needs review
Proposed branch:	lp:~openerp-dev/openobject-addons/6.0-opw-6286-ach
Merge into:	lp:openobject-addons/6.0
Diff against target:	119 lines (+24/-24) 1 file modified mrp/report/price.py (+24/-24)
To merge this branch:	bzr merge lp:~openerp-dev/openobject-addons/6.0-opw-6286-ach
Related bugs:	Link a bug report

Reviewer	Review Type	Date Requested	Status
Jay Vora (Serpent Consulting Services)		2011-06-16	Pending
Review via email: mp+64821@code.launchpad.net

Description of the change

Hello,

XML report of mrp will crash the report when characters like '&','<','>' are used in the name of the supplier or product.

I have fixed the issue by this.

Thanks,

Revision history for this message

Rifakat Husen (OpenERP) (rha-openerp) wrote on 2012-09-12:

Fix for this issue has already been landed into stable with,
r4967, Revision ID: <email address hidden>

Remarkable efforts, thanks!
Rejecting this merge as this is already been fixed.

Regards,
Rifakat

Unmerged revisions

4654. By Anup(SerpentCS) on 2011-06-16: [FIX] mrp : XML Reports may crash when characters like &,>,< are passed, Fixed(6286)

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

Subscribers

People subscribed via source and target branches

to all changes:

Abiodun Dabiri

Ajay Patel (OpenERP)

Ariel E. Figueroa - http://www.humanytek.com

Arif

Bhumika Shrimali

Bruno M. Villasanti (Thymbra)

Christophe CHAUVET

Cristian Salamea

Dhara Shah (OpenERP)

Dharmesh PATEL@Axelor SARL

Fordy

Hiren Vora

Imad

Jonathan Wilson

Juano

Krisztian Eyssen

Mathias Mahrholz

Michael Lu

OpenERP Core Team

OpenERP R&D Team

Rama mashetty

Reuf Rujevic

Ricardo Salvador Valencia Domínguez

Salvatore Josué Trimarchi Pinto

Steve Romanow

Sudip Chatterjee

Thierry T

Yogesh (SerpentCS)

Yuliadi Rumanto

abhishek

gpa(OpenERP)

kriangchai.pongkittisopa

piyush suva

ptsrml

rNet

yadagiri

to status/vote changes:

Alexandro Colorado

Graeme Gellatly

 === modified file 'mrp/report/price.py'
 --- mrp/report/price.py	2011-01-14 00:11:01 +0000
 +++ mrp/report/price.py	2011-06-16 13:19:25 +0000
@@ -55,23 +55,23 @@
              sellers, sellers_price = '',''
              if prod.seller_id:
--                main_sp_name = "<b>%s</b>\r\n" %(prod.seller_id.name)
++                main_sp_name = "<b>%s</b>\r\n" %(to_xml(prod.seller_id.name))
                  price = supplier_info_pool.price_get(cr, uid, prod.seller_id.id, prod.id, number*prod_qtty)[prod.seller_id.id]
                  price = product_uom_pool._compute_price(cr, uid, prod.uom_id.id, price, to_uom_id=product_uom.id)
--                main_sp_price = """<b>"""+rml_obj.formatLang(price)+' '+ company_currency.symbol+"""</b>\r\n"""
++                main_sp_price = """<b>"""+rml_obj.formatLang(price)+' '+ to_xml(company_currency.symbol)+"""</b>\r\n"""
                  sum += prod_qtty*price
              std_price = product_uom_pool._compute_price(cr, uid, prod.uom_id.id, prod.standard_price, to_uom_id=product_uom.id)
              main_strd_price = str(std_price) + '\r\n'
              sum_strd = prod_qtty*std_price
              for seller_id in prod.seller_ids:
--                sellers +=  '- <i>'+ seller_id.name.name +'</i>\r\n'
++                sellers +=  '- <i>'+ to_xml(seller_id.name.name) +'</i>\r\n'
                  price = supplier_info_pool.price_get(cr, uid, seller_id.name.id, prod.id, number*prod_qtty)[seller_id.name.id]
                  price = product_uom_pool._compute_price(cr, uid, prod.uom_id.id, price, to_uom_id=product_uom.id)
--                sellers_price += """<i>"""+rml_obj.formatLang(price) +' '+ company_currency.symbol +"""</i>\r\n"""
++                sellers_price += """<i>"""+rml_obj.formatLang(price) +' '+ to_xml(company_currency.symbol) +"""</i>\r\n"""
              xml += """<col para='yes'> """+ prod_name +""" </col>
                      <col para='yes'> """+ main_sp_name + sellers + """ </col>
--                    <col f='yes'>"""+ rml_obj.formatLang(prod_qtty) +' '+ product_uom.name +"""</col>
--                    <col f='yes'>"""+ rml_obj.formatLang(float(main_strd_price)) +' '+ company_currency.symbol +"""</col>
++                    <col f='yes'>"""+ rml_obj.formatLang(prod_qtty) +' '+ to_xml(product_uom.name) +"""</col>
++                    <col f='yes'>"""+ rml_obj.formatLang(float(main_strd_price)) +' '+ to_xml(company_currency.symbol) +"""</col>
                      <col f='yes'>""" + main_sp_price + sellers_price + """</col>'"""
              xml += '</row>'
@@ -83,11 +83,11 @@
              cost_hour = wrk['hour']*workcenter.costs_hour
              total = cost_cycle + cost_hour
              xml = '<row>'
--            xml += "<col para='yes'>" + workcenter.name + '</col>'
++            xml += "<col para='yes'>" + to_xml(workcenter.name) + '</col>'
              xml += "<col/>"
--            xml += """<col f='yes'>"""+rml_obj.formatLang(cost_cycle)+' '+ company_currency.symbol + """</col>"""
--            xml += """<col f='yes'>"""+rml_obj.formatLang(cost_hour)+' '+ company_currency.symbol + """</col>"""
--            xml += """<col f='yes'>"""+rml_obj.formatLang(cost_hour + cost_cycle)+' '+ company_currency.symbol + """</col>"""
++            xml += """<col f='yes'>"""+rml_obj.formatLang(cost_cycle)+' '+ to_xml(company_currency.symbol) + """</col>"""
++            xml += """<col f='yes'>"""+rml_obj.formatLang(cost_hour)+' '+ to_xml(company_currency.symbol) + """</col>"""
++            xml += """<col f='yes'>"""+rml_obj.formatLang(cost_hour + cost_cycle)+' '+ to_xml(company_currency.symbol) + """</col>"""
              xml += '</row>'
              return xml, total
@@ -102,7 +102,7 @@
              <PageWidth>595.27</PageWidth>
              <PageHeight>841.88</PageHeight>
              <tableSize>55.00mm,58.00mm,29.00mm,29.00mm,29.00mm</tableSize>
--            """ % (user_pool.browse(cr, uid, uid).company_id.name)
++            """ % (to_xml(user_pool.browse(cr, uid, uid).company_id.name))
          config_stop = """
              <report-footer>Generated by OpenERP</report-footer>
          </config>
@@ -134,7 +134,7 @@
          for product in product_pool.browse(cr, uid, ids, context=context):
              bom_id = bom_pool._bom_find(cr, uid, product.id, product.uom_id.id)
              title = "<title>%s</title>" %(_("Cost Structure"))
--            title += "<title>%s</title>" %product.name
++            title += "<title>%s</title>" %to_xml(product.name)
              xml += "<lines style='header'>" + title + prod_header + "</lines>"
              if not bom_id:
                  total_strd = number * product.standard_price
@@ -147,11 +147,11 @@
                      <col para='yes'>-</col>
                      </row></lines>"""
                  xml += """<lines style='total'> <row>
--                    <col> """ + _('Total Cost of ') + str(number) +' '+ product.uom_id.name + """: </col>
++                    <col> """ + _('Total Cost of ') + str(number) +' '+ to_xml(product.uom_id.name) + """: </col>
                      <col/>
                      <col f='yes'/>
--                    <col t='yes'>"""+ rml_obj.formatLang(total_strd, digits=purchase_price_digits) +' '+ company_currency.symbol + """</col>
--                    <col t='yes'>"""+ rml_obj.formatLang(total, digits=purchase_price_digits) +' '+ company_currency.symbol + """</col>
++                    <col t='yes'>"""+ rml_obj.formatLang(total_strd, digits=purchase_price_digits) +' '+ to_xml(company_currency.symbol) + """</col>
++                    <col t='yes'>"""+ rml_obj.formatLang(total, digits=purchase_price_digits) +' '+ to_xml(company_currency.symbol) + """</col>
                      </row></lines>'"""
              else:
                  bom = bom_pool.browse(cr, uid, bom_id, context=context)
@@ -174,10 +174,10 @@
                  xml += "<lines style='lines'>" + xml_tmp + '</lines>'
                  xml += """<lines style='sub_total'> <row>
--                    <col> """ + _('Components Cost of ')  + str(number) +' '+ product.uom_id.name + """: </col>
++                    <col> """ + _('Components Cost of ')  + str(number) +' '+ to_xml(product.uom_id.name) + """: </col>
                      <col/>
                      <col t='yes'/>
--                    <col t='yes'>"""+ rml_obj.formatLang(total_strd, digits=purchase_price_digits) +' '+ company_currency.symbol + """</col>
++                    <col t='yes'>"""+ rml_obj.formatLang(total_strd, digits=purchase_price_digits) +' '+ to_xml(company_currency.symbol) + """</col>
                      <col t='yes'></col>
                      </row></lines>'"""
@@ -191,17 +191,17 @@
                      xml += workcenter_header
                      xml += "<lines style='lines'>" + xml_tmp + '</lines>'
                      xml += """<lines style='sub_total'> <row>
--                    <col> """ + _('Work Cost of ') + str(number) +' '+ product.uom_id.name +""": </col>
--                    <col/>
--                    <col/>
--                    <col/>
--                    <col t='yes'>"""+ rml_obj.formatLang(total2, digits=purchase_price_digits) +' '+ company_currency.symbol +"""</col>
++                    <col> """ + _('Work Cost of ') + str(number) +' '+ to_xml(product.uom_id.name) +""": </col>
++                    <col/>
++                    <col/>
++                    <col/>
++                    <col t='yes'>"""+ rml_obj.formatLang(total2, digits=purchase_price_digits) +' '+ to_xml(company_currency.symbol) +"""</col>
                      </row></lines>'"""
                  xml += """<lines style='total'> <row>
--                    <col> """ + _('Total Cost of ') + str(number) +' '+ product.uom_id.name + """: </col>
++                    <col> """ + _('Total Cost of ') + str(number) +' '+ to_xml(product.uom_id.name) + """: </col>
                      <col/>
                      <col t='yes'/>
--                    <col t='yes'>"""+ rml_obj.formatLang(total_strd+total2, digits=purchase_price_digits) +' '+ company_currency.symbol + """</col>
++                    <col t='yes'>"""+ rml_obj.formatLang(total_strd+total2, digits=purchase_price_digits) +' '+ to_xml(company_currency.symbol) + """</col>
                      <col t='yes'></col>
                      </row></lines>'"""