Anup(OpenERP) has proposed merging
lp:~openerp-dev/openobject-addons/6.0-opw-6286-ach into
lp:openobject-addons/6.0.
Requested reviews:
Jay Vora (OpenERP) (jvo-openerp)
For more details, see:
https://code.launchpad.net/~openerp-dev/openobject-addons/6.0-opw-6286-ach/+merge/64821
Hello,
XML report of mrp will crash the report when characters like '&','<','>' are
used in the name of the supplier or product.
I have fixed the issue by this.
Thanks,
--
https://code.launchpad.net/~openerp-dev/openobject-addons/6.0-opw-6286-ach/+merge/64821
Your team OpenERP R&D Team is subscribed to branch
lp:~openerp-dev/openobject-addons/6.0-opw-6286-ach.
=== modified file 'mrp/report/price.py'
--- mrp/report/price.py 2011-01-14 00:11:01 +0000
+++ mrp/report/price.py 2011-06-16 13:19:25 +0000
@@ -55,23 +55,23 @@
sellers, sellers_price = '',''
if prod.seller_id:
- main_sp_name = "<b>%s</b>\r\n" %(prod.seller_id.name)
+ main_sp_name = "<b>%s</b>\r\n" %(to_xml(prod.seller_id.name))
price = supplier_info_pool.price_get(cr, uid, prod.seller_id.id, prod.id, number*prod_qtty)[prod.seller_id.id]
price = product_uom_pool._compute_price(cr, uid, prod.uom_id.id, price, to_uom_id=product_uom.id)
- main_sp_price = """<b>"""+rml_obj.formatLang(price)+' '+ company_currency.symbol+"""</b>\r\n"""
+ main_sp_price = """<b>"""+rml_obj.formatLang(price)+' '+ to_xml(company_currency.symbol)+"""</b>\r\n"""
sum += prod_qtty*price
std_price = product_uom_pool._compute_price(cr, uid, prod.uom_id.id, prod.standard_price, to_uom_id=product_uom.id)
main_strd_price = str(std_price) + '\r\n'
sum_strd = prod_qtty*std_price
for seller_id in prod.seller_ids:
- sellers += '- <i>'+ seller_id.name.name +'</i>\r\n'
+ sellers += '- <i>'+ to_xml(seller_id.name.name) +'</i>\r\n'
price = supplier_info_pool.price_get(cr, uid, seller_id.name.id, prod.id, number*prod_qtty)[seller_id.name.id]
price = product_uom_pool._compute_price(cr, uid, prod.uom_id.id, price, to_uom_id=product_uom.id)
- sellers_price += """<i>"""+rml_obj.formatLang(price) +' '+ company_currency.symbol +"""</i>\r\n"""
+ sellers_price += """<i>"""+rml_obj.formatLang(price) +' '+ to_xml(company_currency.symbol) +"""</i>\r\n"""
xml += """<col para='yes'> """+ prod_name +""" </col>
<col para='yes'> """+ main_sp_name + sellers + """ </col>
- <col f='yes'>"""+ rml_obj.formatLang(prod_qtty) +' '+ product_uom.name +"""</col>
- <col f='yes'>"""+ rml_obj.formatLang(float(main_strd_price)) +' '+ company_currency.symbol +"""</col>
+ <col f='yes'>"""+ rml_obj.formatLang(prod_qtty) +' '+ to_xml(product_uom.name) +"""</col>
+ <col f='yes'>"""+ rml_obj.formatLang(float(main_strd_price)) +' '+ to_xml(company_currency.symbol) +"""</col>
<col f='yes'>""" + main_sp_price + sellers_price + """</col>'"""
xml += '</row>'
@@ -83,11 +83,11 @@
cost_hour = wrk['hour']*workcenter.costs_hour
total = cost_cycle + cost_hour
xml = '<row>'
- xml += "<col para='yes'>" + workcenter.name + '</col>'
+ xml += "<col para='yes'>" + to_xml(workcenter.name) + '</col>'
xml += "<col/>"
- xml += """<col f='yes'>"""+rml_obj.formatLang(cost_cycle)+' '+ company_currency.symbol + """</col>"""
- xml += """<col f='yes'>"""+rml_obj.formatLang(cost_hour)+' '+ company_currency.symbol + """</col>"""
- xml += """<col f='yes'>"""+rml_obj.formatLang(cost_hour + cost_cycle)+' '+ company_currency.symbol + """</col>"""
+ xml += """<col f='yes'>"""+rml_obj.formatLang(cost_cycle)+' '+ to_xml(company_currency.symbol) + """</col>"""
+ xml += """<col f='yes'>"""+rml_obj.formatLang(cost_hour)+' '+ to_xml(company_currency.symbol) + """</col>"""
+ xml += """<col f='yes'>"""+rml_obj.formatLang(cost_hour + cost_cycle)+' '+ to_xml(company_currency.symbol) + """</col>"""
xml += '</row>'
return xml, total
@@ -102,7 +102,7 @@
<PageWidth>595.27</PageWidth>
<PageHeight>841.88</PageHeight>
<tableSize>55.00mm,58.00mm,29.00mm,29.00mm,29.00mm</tableSize>
- """ % (user_pool.browse(cr, uid, uid).company_id.name)
+ """ % (to_xml(user_pool.browse(cr, uid, uid).company_id.name))
config_stop = """
<report-footer>Generated by OpenERP</report-footer>
</config>
@@ -134,7 +134,7 @@
for product in product_pool.browse(cr, uid, ids, context=context):
bom_id = bom_pool._bom_find(cr, uid, product.id, product.uom_id.id)
title = "<title>%s</title>" %(_("Cost Structure"))
- title += "<title>%s</title>" %product.name
+ title += "<title>%s</title>" %to_xml(product.name)
xml += "<lines style='header'>" + title + prod_header + "</lines>"
if not bom_id:
total_strd = number * product.standard_price
@@ -147,11 +147,11 @@
<col para='yes'>-</col>
</row></lines>"""
xml += """<lines style='total'> <row>
- <col> """ + _('Total Cost of ') + str(number) +' '+ product.uom_id.name + """: </col>
+ <col> """ + _('Total Cost of ') + str(number) +' '+ to_xml(product.uom_id.name) + """: </col>
<col/>
<col f='yes'/>
- <col t='yes'>"""+ rml_obj.formatLang(total_strd, digits=purchase_price_digits) +' '+ company_currency.symbol + """</col>
- <col t='yes'>"""+ rml_obj.formatLang(total, digits=purchase_price_digits) +' '+ company_currency.symbol + """</col>
+ <col t='yes'>"""+ rml_obj.formatLang(total_strd, digits=purchase_price_digits) +' '+ to_xml(company_currency.symbol) + """</col>
+ <col t='yes'>"""+ rml_obj.formatLang(total, digits=purchase_price_digits) +' '+ to_xml(company_currency.symbol) + """</col>
</row></lines>'"""
else:
bom = bom_pool.browse(cr, uid, bom_id, context=context)
@@ -174,10 +174,10 @@
xml += "<lines style='lines'>" + xml_tmp + '</lines>'
xml += """<lines style='sub_total'> <row>
- <col> """ + _('Components Cost of ') + str(number) +' '+ product.uom_id.name + """: </col>
+ <col> """ + _('Components Cost of ') + str(number) +' '+ to_xml(product.uom_id.name) + """: </col>
<col/>
<col t='yes'/>
- <col t='yes'>"""+ rml_obj.formatLang(total_strd, digits=purchase_price_digits) +' '+ company_currency.symbol + """</col>
+ <col t='yes'>"""+ rml_obj.formatLang(total_strd, digits=purchase_price_digits) +' '+ to_xml(company_currency.symbol) + """</col>
<col t='yes'></col>
</row></lines>'"""
@@ -191,17 +191,17 @@
xml += workcenter_header
xml += "<lines style='lines'>" + xml_tmp + '</lines>'
xml += """<lines style='sub_total'> <row>
- <col> """ + _('Work Cost of ') + str(number) +' '+ product.uom_id.name +""": </col>
- <col/>
- <col/>
- <col/>
- <col t='yes'>"""+ rml_obj.formatLang(total2, digits=purchase_price_digits) +' '+ company_currency.symbol +"""</col>
+ <col> """ + _('Work Cost of ') + str(number) +' '+ to_xml(product.uom_id.name) +""": </col>
+ <col/>
+ <col/>
+ <col/>
+ <col t='yes'>"""+ rml_obj.formatLang(total2, digits=purchase_price_digits) +' '+ to_xml(company_currency.symbol) +"""</col>
</row></lines>'"""
xml += """<lines style='total'> <row>
- <col> """ + _('Total Cost of ') + str(number) +' '+ product.uom_id.name + """: </col>
+ <col> """ + _('Total Cost of ') + str(number) +' '+ to_xml(product.uom_id.name) + """: </col>
<col/>
<col t='yes'/>
- <col t='yes'>"""+ rml_obj.formatLang(total_strd+total2, digits=purchase_price_digits) +' '+ company_currency.symbol + """</col>
+ <col t='yes'>"""+ rml_obj.formatLang(total_strd+total2, digits=purchase_price_digits) +' '+ to_xml(company_currency.symbol) + """</col>
<col t='yes'></col>
</row></lines>'"""
_______________________________________________
Mailing list: https://launchpad.net/~openerp-dev-gtk
Post to : [email protected]
Unsubscribe : https://launchpad.net/~openerp-dev-gtk
More help : https://help.launchpad.net/ListHelp
