def _get_desc(self):
for module in self:
path = modules.get_module_resource(
module.name, 'static/description/index.html')
if path:
with tools.file_open(path, 'rb') as desc_file:
doc = desc_file.read()
html = lxml.html.document_fromstring(doc)
for element, attribute, link, pos in html.iterlinks():
if element.get('src') and not '//' in element.get(
'src') and not 'static/' in element.get('src'):
element.set(
'src', "/%s/static/description/%s" %
(module.name, element.get('src')))
module.description_html = tools.html_sanitize(
lxml.html.tostring(html))
else:
overrides = {
'embed_stylesheet': False,
'doctitle_xform': False,
'output_encoding': 'unicode',
'xml_declaration': False,
'file_insertion_enabled': False,
}
output = publish_string(source=module.description or '',
settings_overrides=overrides,
writer=MyWriter())
module.description_html = tools.html_sanitize(output)
def test_style_parsing(self):
test_data = [
(
'<span style="position: fixed; top: 0px; left: 50px; width: 40%; height: 50%; background-color: red;">Coin coin </span>',
['background-color: red', 'Coin coin'],
['position', 'top', 'left']
), (
"""<div style='before: "Email Address; coincoin cheval: lapin";
font-size: 30px; max-width: 100%; after: "Not sure
this; means: anything ?#ùµ"
; some-property: 2px; top: 3'>youplaboum</div>""",
['font-size: 30px', 'youplaboum'],
['some-property', 'top', 'cheval']
), (
'<span style="width">Coincoin</span>',
[],
['width']
)
]
for test, in_lst, out_lst in test_data:
new_html = html_sanitize(test, sanitize_attributes=False, sanitize_style=True, strip_style=False, strip_classes=False)
for text in in_lst:
self.assertIn(text, new_html)
for text in out_lst:
self.assertNotIn(text, new_html)
# style should not be sanitized if removed
new_html = html_sanitize(test_data[0][0], sanitize_attributes=False, strip_style=True, strip_classes=False)
self.assertEqual(new_html, u'<span>Coin coin </span>')
def test_quote_text(self):
html = html_sanitize(test_mail_examples.TEXT_1)
for ext in test_mail_examples.TEXT_1_IN:
self.assertIn(ext, html)
for ext in test_mail_examples.TEXT_1_OUT:
self.assertIn(u'<span data-o-mail-quote="1">%s</span>' % misc.html_escape(ext), html)
html = html_sanitize(test_mail_examples.TEXT_2)
for ext in test_mail_examples.TEXT_2_IN:
self.assertIn(ext, html)
for ext in test_mail_examples.TEXT_2_OUT:
self.assertIn(u'<span data-o-mail-quote="1">%s</span>' % misc.html_escape(ext), html)
def test_misc(self):
# False / void should not crash
html = html_sanitize('')
self.assertEqual(html, '')
html = html_sanitize(False)
self.assertEqual(html, False)
# Message with xml and doctype tags don't crash
html = html_sanitize(u'<?xml version="1.0" encoding="iso-8859-1"?>\n<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"\n "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">\n<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">\n <head>\n <title>404 - Not Found</title>\n </head>\n <body>\n <h1>404 - Not Found</h1>\n </body>\n</html>\n')
self.assertNotIn('encoding', html)
self.assertNotIn('<title>404 - Not Found</title>', html)
self.assertIn('<h1>404 - Not Found</h1>', html)
def test_quote_hotmail_html(self):
html = html_sanitize(test_mail_examples.QUOTE_HOTMAIL_HTML)
for ext in test_mail_examples.QUOTE_HOTMAIL_HTML_IN:
self.assertIn(ext, html)
for ext in test_mail_examples.QUOTE_HOTMAIL_HTML_OUT:
self.assertIn(ext, html)
html = html_sanitize(test_mail_examples.HOTMAIL_1)
for ext in test_mail_examples.HOTMAIL_1_IN:
self.assertIn(ext, html)
for ext in test_mail_examples.HOTMAIL_1_OUT:
self.assertIn(ext, html)
def convert_answer_to_comment(self):
""" Tools to convert an answer (forum.post) to a comment (mail.message).
The original post is unlinked and a new comment is posted on the question
using the post create_uid as the comment's author. """
self.ensure_one()
if not self.parent_id:
return self.env['mail.message']
# karma-based action check: use the post field that computed own/all value
if not self.can_comment_convert:
raise KarmaError('Not enough karma to convert an answer to a comment')
# post the message
question = self.parent_id
values = {
'author_id': self.sudo().create_uid.partner_id.id, # use sudo here because of access to res.users model
'body': tools.html_sanitize(self.content, sanitize_attributes=True, strip_style=True, strip_classes=True),
'message_type': 'comment',
'subtype': 'mail.mt_comment',
'date': self.create_date,
}
new_message = question.with_context(mail_create_nosubscribe=True).message_post(**values)
# unlink the original answer, using SUPERUSER_ID to avoid karma issues
self.sudo().unlink()
return new_message
def test_quote_basic_text(self):
test_data = [
(
"""This is Sparta!\n--\nAdministrator\n+9988776655""",
['This is Sparta!'],
['\n--\nAdministrator\n+9988776655']
), (
"""<p>This is Sparta!\n--\nAdministrator</p>""",
[],
['\n--\nAdministrator']
), (
"""<p>This is Sparta!<br/>--<br>Administrator</p>""",
['This is Sparta!'],
[]
), (
"""This is Sparta!\n>Ah bon ?\nCertes\n> Chouette !\nClair""",
['This is Sparta!', 'Certes', 'Clair'],
['\n>Ah bon ?', '\n> Chouette !']
)
]
for test, in_lst, out_lst in test_data:
new_html = html_sanitize(test)
for text in in_lst:
self.assertIn(text, new_html)
for text in out_lst:
self.assertIn(u'<span data-o-mail-quote="1">%s</span>' % misc.html_escape(text), new_html)
def test_quote_blockquote(self):
html = html_sanitize(test_mail_examples.QUOTE_BLOCKQUOTE)
for ext in test_mail_examples.QUOTE_BLOCKQUOTE_IN:
self.assertIn(ext, html)
for ext in test_mail_examples.QUOTE_BLOCKQUOTE_OUT:
self.assertIn(
u'<span data-o-mail-quote="1">%s' % misc.html_escape(ext),
html)
def test_cid_with_at(self):
img_tag = '<img src="@">'
sanitized = html_sanitize(img_tag,
sanitize_tags=False,
strip_classes=True)
self.assertEqual(
img_tag, sanitized,
"img with can have cid containing @ and shouldn't be escaped")
def test_quote_thunderbird(self):
html = html_sanitize(test_mail_examples.QUOTE_THUNDERBIRD_1)
for ext in test_mail_examples.QUOTE_THUNDERBIRD_1_IN:
self.assertIn(ext, html)
for ext in test_mail_examples.QUOTE_THUNDERBIRD_1_OUT:
self.assertIn(
u'<span data-o-mail-quote="1">%s</span>' %
misc.html_escape(ext), html)
def test_edi_source(self):
html = html_sanitize(test_mail_examples.EDI_LIKE_HTML_SOURCE)
self.assertIn(
'font-family: \'Lucida Grande\', Ubuntu, Arial, Verdana, sans-serif;', html,
'html_sanitize removed valid styling')
self.assertIn(
'src="https://www.paypal.com/en_US/i/btn/btn_paynowCC_LG.gif"', html,
'html_sanitize removed valid img')
self.assertNotIn('</body></html>', html, 'html_sanitize did not remove extra closing tags')
def test_sanitize_escape_emails(self):
emails = [
"Charles <*****@*****.**>",
"Dupuis <'tr/-: ${dupuis#$'@truc.baz.fr>",
"Technical <service/[email protected]>",
"Div nico <*****@*****.**>"
]
for email in emails:
self.assertIn(misc.html_escape(email), html_sanitize(email), 'html_sanitize stripped emails of original html')
def test_sanitize_unescape_emails(self):
not_emails = [
'<blockquote cite="mid:CAEJSRZvWvud8c6Qp=wfNG6O1+wK3i_jb33qVrF7XyrgPNjnyUA@mail.gmail.com" type="cite">cat</blockquote>',
'<img alt="@github-login" class="avatar" src="/web/image/pi" height="36" width="36">']
for email in not_emails:
sanitized = html_sanitize(email)
left_part = email.split('>')[0] # take only left part, as the sanitizer could add data information on node
self.assertNotIn(misc.html_escape(email), sanitized, 'html_sanitize stripped emails of original html')
self.assertIn(left_part, sanitized)
def test_evil_malicious_code(self):
# taken from https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Tests
cases = [
("<IMG SRC=javascript:alert('XSS')>"), # no quotes and semicolons
("<IMG SRC=javascript:alert('XSS')>"), # UTF-8 Unicode encoding
("<IMG SRC=javascript:alert('XSS')>"), # hex encoding
("<IMG SRC=\"jav
ascript:alert('XSS');\">"), # embedded carriage return
("<IMG SRC=\"jav
ascript:alert('XSS');\">"), # embedded newline
("<IMG SRC=\"jav ascript:alert('XSS');\">"), # embedded tab
("<IMG SRC=\"jav	ascript:alert('XSS');\">"), # embedded encoded tab
("<IMG SRC=\"  javascript:alert('XSS');\">"), # spaces and meta-characters
("<IMG SRC=\"javascript:alert('XSS')\""), # half-open html
("<IMG \"\"\"><SCRIPT>alert(\"XSS\")</SCRIPT>\">"), # malformed tag
("<SCRIPT/XSS SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>"), # non-alpha-non-digits
("<SCRIPT/SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>"), # non-alpha-non-digits
("<<SCRIPT>alert(\"XSS\");//<</SCRIPT>"), # extraneous open brackets
("<SCRIPT SRC=http://ha.ckers.org/xss.js?< B >"), # non-closing script tags
("<INPUT TYPE=\"IMAGE\" SRC=\"javascript:alert('XSS');\">"), # input image
("<BODY BACKGROUND=\"javascript:alert('XSS')\">"), # body image
("<IMG DYNSRC=\"javascript:alert('XSS')\">"), # img dynsrc
("<IMG LOWSRC=\"javascript:alert('XSS')\">"), # img lowsrc
("<TABLE BACKGROUND=\"javascript:alert('XSS')\">"), # table
("<TABLE><TD BACKGROUND=\"javascript:alert('XSS')\">"), # td
("<DIV STYLE=\"background-image: url(javascript:alert('XSS'))\">"), # div background
("<DIV STYLE=\"background-image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029'\0029\">"), # div background with unicoded exploit
("<DIV STYLE=\"background-image: url(javascript:alert('XSS'))\">"), # div background + extra characters
("<IMG SRC='vbscript:msgbox(\"XSS\")'>"), # VBscrip in an image
("<BODY ONLOAD=alert('XSS')>"), # event handler
("<BR SIZE=\"&{alert('XSS')}\>"), # & javascript includes
("<LINK REL=\"stylesheet\" HREF=\"javascript:alert('XSS');\">"), # style sheet
("<LINK REL=\"stylesheet\" HREF=\"http://ha.ckers.org/xss.css\">"), # remote style sheet
("<STYLE>@import'http://ha.ckers.org/xss.css';</STYLE>"), # remote style sheet 2
("<META HTTP-EQUIV=\"Link\" Content=\"<http://ha.ckers.org/xss.css>; REL=stylesheet\">"), # remote style sheet 3
("<STYLE>BODY{-moz-binding:url(\"http://ha.ckers.org/xssmoz.xml#xss\")}</STYLE>"), # remote style sheet 4
("<IMG STYLE=\"xss:expr/*XSS*/ession(alert('XSS'))\">"), # style attribute using a comment to break up expression
]
for content in cases:
html = html_sanitize(content)
self.assertNotIn('javascript', html, 'html_sanitize did not remove a malicious javascript')
self.assertTrue('ha.ckers.org' not in html or 'http://ha.ckers.org/xss.css' in html, 'html_sanitize did not remove a malicious code in %s (%s)' % (content, html))
content = "<!--[if gte IE 4]><SCRIPT>alert('XSS');</SCRIPT><![endif]-->" # down-level hidden block
self.assertEquals(html_sanitize(content, silent=False), '')
def test_basic_sanitizer(self):
cases = [
("yop", "<p>yop</p>"), # simple
("lala<p>yop</p>xxx", "<p>lala</p><p>yop</p>xxx"), # trailing text
("Merci à l'intérêt pour notre produit.nous vous contacterons bientôt. Merci",
u"<p>Merci à l'intérêt pour notre produit.nous vous contacterons bientôt. Merci</p>"), # unicode
]
for content, expected in cases:
html = html_sanitize(content)
self.assertEqual(html, expected, 'html_sanitize is broken')
def test_quote_signature(self):
test_data = [
(
"""<div>Hello<pre>--<br />Administrator</pre></div>""",
["<pre data-o-mail-quote=\"1\">--", "<br data-o-mail-quote=\"1\">"],
)
]
for test, in_lst in test_data:
new_html = html_sanitize(test)
for text in in_lst:
self.assertIn(text, new_html)
def test_html(self):
sanitized_html = html_sanitize(test_mail_examples.MISC_HTML_SOURCE)
for tag in [
'<div', '<b', '<i', '<u', '<strike', '<li', '<blockquote',
'<a href'
]:
self.assertIn(tag, sanitized_html,
'html_sanitize stripped too much of original html')
for attr in ['javascript']:
self.assertNotIn(
attr, sanitized_html,
'html_sanitize did not remove enough unwanted attributes')
def test_style_class_only(self):
html = html_sanitize(test_mail_examples.REMOVE_CLASS,
sanitize_attributes=False,
sanitize_style=True,
strip_classes=True)
for ext in test_mail_examples.REMOVE_CLASS_IN:
self.assertIn(ext, html)
for ext in test_mail_examples.REMOVE_CLASS_OUT:
self.assertNotIn(
ext,
html,
)
def compute_tips(self, company, user):
tip = self.env['digest.tip'].search(
[('user_ids', '!=', user.id), '|',
('group_id', 'in', user.groups_id.ids), ('group_id', '=', False)],
limit=1)
if not tip:
return False
tip.user_ids = [4, user.id]
body = tools.html_sanitize(tip.tip_description)
tip_description = self.env['mail.template'].render_template(
body, 'digest.tip', self.id)
return tip_description
def compute_tips(self, company, user, tips_count=1, consumed=True):
tips = self.env['digest.tip'].search(
[('user_ids', '!=', user.id), '|',
('group_id', 'in', user.groups_id.ids), ('group_id', '=', False)],
limit=tips_count)
tip_descriptions = [
self.env['mail.render.mixin']._render_template(
tools.html_sanitize(tip.tip_description),
'digest.tip',
tip.ids,
post_process=True)[tip.id] for tip in tips
]
if consumed:
tips.user_ids += user
return tip_descriptions
def test_mako(self):
cases = [('''<p>Some text</p>
<% set signup_url = object.get_signup_url() %>
% if signup_url:
<p>
You can access this document and pay online via our Customer Portal:
</p>''', '''<p>Some text</p>
<% set signup_url = object.get_signup_url() %>
% if signup_url:
<p>
You can access this document and pay online via our Customer Portal:
</p>''')]
for content, expected in cases:
html = html_sanitize(content, silent=False)
self.assertEqual(html, expected,
'html_sanitize: broken mako management')
def _action_send_statistics(self):
"""Send an email to the responsible of each finished mailing with the statistics."""
self.kpi_mail_required = False
for mailing in self:
user = mailing.user_id
mailing = mailing.with_context(
lang=user.lang or self._context.get('lang'))
link_trackers = self.env['link.tracker'].search([
('mass_mailing_id', '=', mailing.id)
]).sorted('count', reverse=True)
link_trackers_body = self.env['ir.qweb']._render(
'mass_mailing.mass_mailing_kpi_link_trackers',
{
'object': mailing,
'link_trackers': link_trackers
},
)
rendered_body = self.env['ir.qweb']._render(
'digest.digest_mail_main',
{
'body': tools.html_sanitize(link_trackers_body),
'company': user.company_id,
'user': user,
'display_mobile_banner': True,
**mailing._prepare_statistics_email_values()
},
)
full_mail = self.env['mail.render.mixin']._render_encapsulate(
'digest.digest_mail_layout',
rendered_body,
)
mail_values = {
'subject': _('24H Stats of mailing "%s"') % mailing.subject,
'email_from': user.email_formatted,
'email_to': user.email_formatted,
'body_html': full_mail,
'auto_delete': True,
}
mail = self.env['mail.mail'].sudo().create(mail_values)
mail.send(raise_exception=False)
def send_mail_test(self):
self.ensure_one()
mails = self.env['mail.mail']
mailing = self.mass_mailing_id
test_emails = tools.email_split(self.email_to)
for test_mail in test_emails:
# Convert links in absolute URLs before the application of the shortener
mailing.write({
'body_html':
self.env['mail.template']._replace_local_links(
mailing.body_html)
})
mail_values = {
'email_from':
mailing.email_from,
'reply_to':
mailing.reply_to,
'email_to':
test_mail,
'subject':
mailing.name,
'body_html':
tools.html_sanitize(mailing.body_html,
sanitize_attributes=True,
sanitize_style=True,
strip_classes=True),
'notification':
True,
'mailing_id':
mailing.id,
'attachment_ids':
[(4, attachment.id) for attachment in mailing.attachment_ids],
'auto_delete':
True,
}
mail = self.env['mail.mail'].create(mail_values)
mails |= mail
mails.send()
return True
def test_quote_thunderbird_html(self):
html = html_sanitize(test_mail_examples.QUOTE_THUNDERBIRD_HTML)
for ext in test_mail_examples.QUOTE_THUNDERBIRD_HTML_IN:
self.assertIn(ext, html)
for ext in test_mail_examples.QUOTE_THUNDERBIRD_HTML_OUT:
self.assertIn(ext, html)
def generate_email(self, res_ids, fields=None):
"""Generates an email from the template for given the given model based on
records given by res_ids.
:param template_id: id of the template to render.
:param res_id: id of the record to use for rendering the template (model
is taken from template definition)
:returns: a dict containing all relevant fields for creating a new
mail.mail entry, with one extra key ``attachments``, in the
format [(report_name, data)] where data is base64 encoded.
"""
self.ensure_one()
multi_mode = True
if isinstance(res_ids, pycompat.integer_types):
res_ids = [res_ids]
multi_mode = False
if fields is None:
fields = [
'subject', 'body_html', 'email_from', 'email_to', 'partner_to',
'email_cc', 'reply_to', 'scheduled_date'
]
res_ids_to_templates = self.get_email_template(res_ids)
# templates: res_id -> template; template -> res_ids
templates_to_res_ids = {}
for res_id, template in res_ids_to_templates.items():
templates_to_res_ids.setdefault(template, []).append(res_id)
results = dict()
for template, template_res_ids in templates_to_res_ids.items():
Template = self.env['mail.template']
# generate fields value for all res_ids linked to the current template
if template.lang:
Template = Template.with_context(
lang=template._context.get('lang'))
for field in fields:
Template = Template.with_context(safe=field in {'subject'})
generated_field_values = Template.render_template(
getattr(template, field),
template.model,
template_res_ids,
post_process=(field == 'body_html'))
for res_id, field_value in generated_field_values.items():
results.setdefault(res_id, dict())[field] = field_value
# compute recipients
if any(field in fields
for field in ['email_to', 'partner_to', 'email_cc']):
results = template.generate_recipients(results,
template_res_ids)
# update values for all res_ids
for res_id in template_res_ids:
values = results[res_id]
# body: add user signature, sanitize
if 'body_html' in fields and template.user_signature:
signature = self.env.user.signature
if signature:
values['body_html'] = tools.append_content_to_html(
values['body_html'], signature, plaintext=False)
if values.get('body_html'):
values['body'] = tools.html_sanitize(values['body_html'])
# technical settings
values.update(
mail_server_id=template.mail_server_id.id or False,
auto_delete=template.auto_delete,
keep_days=template.keep_days,
model=template.model,
res_id=res_id or False,
attachment_ids=[
attach.id for attach in template.attachment_ids
],
)
# Add report in attachments: generate once for all template_res_ids
if template.report_template:
for res_id in template_res_ids:
attachments = []
report_name = self.render_template(template.report_name,
template.model, res_id)
report = template.report_template
report_service = report.report_name
if report.report_type not in ['qweb-html', 'qweb-pdf']:
raise UserError(
_('Unsupported report type %s found.') %
report.report_type)
result, format = report.render_qweb_pdf([res_id])
# TODO in trunk, change return format to binary to match message_post expected format
result = base64.b64encode(result)
if not report_name:
report_name = 'report.' + report_service
ext = "." + format
if not report_name.endswith(ext):
report_name += ext
attachments.append((report_name, result))
results[res_id]['attachments'] = attachments
return multi_mode and results or results[res_ids[0]]
def send_mail_test(self):
self.ensure_one()
ctx = dict(self.env.context)
ctx.pop('default_state', None)
self = self.with_context(ctx)
mails_sudo = self.env['mail.mail'].sudo()
mailing = self.mass_mailing_id
test_emails = tools.email_split(self.email_to)
mass_mail_layout = self.env.ref(
'mass_mailing.mass_mailing_mail_layout')
record = self.env[mailing.mailing_model_real].search([], limit=1)
body = mailing._prepend_preview(mailing.body_html, mailing.preview)
subject = mailing.subject
# If there is atleast 1 record for the model used in this mailing, then we use this one to render the template
# Downside: Jinja syntax is only tested when there is atleast one record of the mailing's model
if record:
# Returns a proper error if there is a syntax error with jinja
body = self.env['mail.render.mixin']._render_template(
body,
mailing.mailing_model_real,
record.ids,
post_process=True)[record.id]
subject = self.env['mail.render.mixin']._render_template(
subject, mailing.mailing_model_real, record.ids)[record.id]
# Convert links in absolute URLs before the application of the shortener
body = self.env['mail.render.mixin']._replace_local_links(body)
body = tools.html_sanitize(body,
sanitize_attributes=True,
sanitize_style=True)
for test_mail in test_emails:
mail_values = {
'email_from':
mailing.email_from,
'reply_to':
mailing.reply_to,
'email_to':
test_mail,
'subject':
subject,
'body_html':
mass_mail_layout._render({'body': body},
engine='ir.qweb',
minimal_qcontext=True),
'notification':
True,
'mailing_id':
mailing.id,
'attachment_ids':
[(4, attachment.id) for attachment in mailing.attachment_ids],
'auto_delete':
True,
'mail_server_id':
mailing.mail_server_id.id,
}
mail = self.env['mail.mail'].sudo().create(mail_values)
mails_sudo |= mail
mails_sudo.send()
return True
def generate_email(self, res_ids, fields):
"""Generates an email from the template for given the given model based on
records given by res_ids.
:param res_id: id of the record to use for rendering the template (model
is taken from template definition)
:returns: a dict containing all relevant fields for creating a new
mail.mail entry, with one extra key ``attachments``, in the
format [(report_name, data)] where data is base64 encoded.
"""
self.ensure_one()
multi_mode = True
if isinstance(res_ids, int):
res_ids = [res_ids]
multi_mode = False
results = dict()
for lang, (
template,
template_res_ids) in self._classify_per_lang(res_ids).items():
for field in fields:
template = template.with_context(safe=(field == 'subject'))
generated_field_values = template._render_field(
field,
template_res_ids,
post_process=(field == 'body_html'))
for res_id, field_value in generated_field_values.items():
results.setdefault(res_id, dict())[field] = field_value
# compute recipients
if any(field in fields
for field in ['email_to', 'partner_to', 'email_cc']):
results = template.generate_recipients(results,
template_res_ids)
# update values for all res_ids
for res_id in template_res_ids:
values = results[res_id]
if values.get('body_html'):
values['body'] = tools.html_sanitize(values['body_html'])
# technical settings
values.update(
mail_server_id=template.mail_server_id.id or False,
auto_delete=template.auto_delete,
model=template.model,
res_id=res_id or False,
attachment_ids=[
attach.id for attach in template.attachment_ids
],
)
# Add report in attachments: generate once for all template_res_ids
if template.report_template:
for res_id in template_res_ids:
attachments = []
report_name = template._render_field(
'report_name', [res_id])[res_id]
report = template.report_template
report_service = report.report_name
if report.report_type in ['qweb-html', 'qweb-pdf']:
result, format = report._render_qweb_pdf([res_id])
else:
res = report._render([res_id])
if not res:
raise UserError(
_('Unsupported report type %s found.',
report.report_type))
result, format = res
# TODO in trunk, change return format to binary to match message_post expected format
result = base64.b64encode(result)
if not report_name:
report_name = 'report.' + report_service
ext = "." + format
if not report_name.endswith(ext):
report_name += ext
attachments.append((report_name, result))
results[res_id]['attachments'] = attachments
return multi_mode and results or results[res_ids[0]]
