Exemplo n.º 1
0
 def _get_desc(self):
     for module in self:
         path = modules.get_module_resource(
             module.name, 'static/description/index.html')
         if path:
             with tools.file_open(path, 'rb') as desc_file:
                 doc = desc_file.read()
                 html = lxml.html.document_fromstring(doc)
                 for element, attribute, link, pos in html.iterlinks():
                     if element.get('src') and not '//' in element.get(
                             'src') and not 'static/' in element.get('src'):
                         element.set(
                             'src', "/%s/static/description/%s" %
                             (module.name, element.get('src')))
                 module.description_html = tools.html_sanitize(
                     lxml.html.tostring(html))
         else:
             overrides = {
                 'embed_stylesheet': False,
                 'doctitle_xform': False,
                 'output_encoding': 'unicode',
                 'xml_declaration': False,
                 'file_insertion_enabled': False,
             }
             output = publish_string(source=module.description or '',
                                     settings_overrides=overrides,
                                     writer=MyWriter())
             module.description_html = tools.html_sanitize(output)
Exemplo n.º 2
0
    def test_style_parsing(self):
        test_data = [
            (
                '<span style="position: fixed; top: 0px; left: 50px; width: 40%; height: 50%; background-color: red;">Coin coin </span>',
                ['background-color: red', 'Coin coin'],
                ['position', 'top', 'left']
            ), (
                """<div style='before: "Email Address; coincoin cheval: lapin";  
   font-size: 30px; max-width: 100%; after: "Not sure
    
          this; means: anything ?#ùµ"
    ; some-property: 2px; top: 3'>youplaboum</div>""",
                ['font-size: 30px', 'youplaboum'],
                ['some-property', 'top', 'cheval']
            ), (
                '<span style="width">Coincoin</span>',
                [],
                ['width']
            )
        ]

        for test, in_lst, out_lst in test_data:
            new_html = html_sanitize(test, sanitize_attributes=False, sanitize_style=True, strip_style=False, strip_classes=False)
            for text in in_lst:
                self.assertIn(text, new_html)
            for text in out_lst:
                self.assertNotIn(text, new_html)

        # style should not be sanitized if removed
        new_html = html_sanitize(test_data[0][0], sanitize_attributes=False, strip_style=True, strip_classes=False)
        self.assertEqual(new_html, u'<span>Coin coin </span>')
Exemplo n.º 3
0
    def test_quote_text(self):
        html = html_sanitize(test_mail_examples.TEXT_1)
        for ext in test_mail_examples.TEXT_1_IN:
            self.assertIn(ext, html)
        for ext in test_mail_examples.TEXT_1_OUT:
            self.assertIn(u'<span data-o-mail-quote="1">%s</span>' % misc.html_escape(ext), html)

        html = html_sanitize(test_mail_examples.TEXT_2)
        for ext in test_mail_examples.TEXT_2_IN:
            self.assertIn(ext, html)
        for ext in test_mail_examples.TEXT_2_OUT:
            self.assertIn(u'<span data-o-mail-quote="1">%s</span>' % misc.html_escape(ext), html)
Exemplo n.º 4
0
    def test_misc(self):
        # False / void should not crash
        html = html_sanitize('')
        self.assertEqual(html, '')
        html = html_sanitize(False)
        self.assertEqual(html, False)

        # Message with xml and doctype tags don't crash
        html = html_sanitize(u'<?xml version="1.0" encoding="iso-8859-1"?>\n<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"\n         "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">\n<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">\n <head>\n  <title>404 - Not Found</title>\n </head>\n <body>\n  <h1>404 - Not Found</h1>\n </body>\n</html>\n')
        self.assertNotIn('encoding', html)
        self.assertNotIn('<title>404 - Not Found</title>', html)
        self.assertIn('<h1>404 - Not Found</h1>', html)
Exemplo n.º 5
0
    def test_quote_hotmail_html(self):
        html = html_sanitize(test_mail_examples.QUOTE_HOTMAIL_HTML)
        for ext in test_mail_examples.QUOTE_HOTMAIL_HTML_IN:
            self.assertIn(ext, html)
        for ext in test_mail_examples.QUOTE_HOTMAIL_HTML_OUT:
            self.assertIn(ext, html)

        html = html_sanitize(test_mail_examples.HOTMAIL_1)
        for ext in test_mail_examples.HOTMAIL_1_IN:
            self.assertIn(ext, html)
        for ext in test_mail_examples.HOTMAIL_1_OUT:
            self.assertIn(ext, html)
Exemplo n.º 6
0
    def convert_answer_to_comment(self):
        """ Tools to convert an answer (forum.post) to a comment (mail.message).
        The original post is unlinked and a new comment is posted on the question
        using the post create_uid as the comment's author. """
        self.ensure_one()
        if not self.parent_id:
            return self.env['mail.message']

        # karma-based action check: use the post field that computed own/all value
        if not self.can_comment_convert:
            raise KarmaError('Not enough karma to convert an answer to a comment')

        # post the message
        question = self.parent_id
        values = {
            'author_id': self.sudo().create_uid.partner_id.id,  # use sudo here because of access to res.users model
            'body': tools.html_sanitize(self.content, sanitize_attributes=True, strip_style=True, strip_classes=True),
            'message_type': 'comment',
            'subtype': 'mail.mt_comment',
            'date': self.create_date,
        }
        new_message = question.with_context(mail_create_nosubscribe=True).message_post(**values)

        # unlink the original answer, using SUPERUSER_ID to avoid karma issues
        self.sudo().unlink()

        return new_message
Exemplo n.º 7
0
 def test_quote_basic_text(self):
     test_data = [
         (
             """This is Sparta!\n--\nAdministrator\n+9988776655""",
             ['This is Sparta!'],
             ['\n--\nAdministrator\n+9988776655']
         ), (
             """<p>This is Sparta!\n--\nAdministrator</p>""",
             [],
             ['\n--\nAdministrator']
         ), (
             """<p>This is Sparta!<br/>--<br>Administrator</p>""",
             ['This is Sparta!'],
             []
         ), (
             """This is Sparta!\n>Ah bon ?\nCertes\n> Chouette !\nClair""",
             ['This is Sparta!', 'Certes', 'Clair'],
             ['\n>Ah bon ?', '\n> Chouette !']
         )
     ]
     for test, in_lst, out_lst in test_data:
         new_html = html_sanitize(test)
         for text in in_lst:
             self.assertIn(text, new_html)
         for text in out_lst:
             self.assertIn(u'<span data-o-mail-quote="1">%s</span>' % misc.html_escape(text), new_html)
Exemplo n.º 8
0
 def test_quote_blockquote(self):
     html = html_sanitize(test_mail_examples.QUOTE_BLOCKQUOTE)
     for ext in test_mail_examples.QUOTE_BLOCKQUOTE_IN:
         self.assertIn(ext, html)
     for ext in test_mail_examples.QUOTE_BLOCKQUOTE_OUT:
         self.assertIn(
             u'<span data-o-mail-quote="1">%s' % misc.html_escape(ext),
             html)
Exemplo n.º 9
0
 def test_cid_with_at(self):
     img_tag = '<img src="@">'
     sanitized = html_sanitize(img_tag,
                               sanitize_tags=False,
                               strip_classes=True)
     self.assertEqual(
         img_tag, sanitized,
         "img with can have cid containing @ and shouldn't be escaped")
Exemplo n.º 10
0
 def test_quote_thunderbird(self):
     html = html_sanitize(test_mail_examples.QUOTE_THUNDERBIRD_1)
     for ext in test_mail_examples.QUOTE_THUNDERBIRD_1_IN:
         self.assertIn(ext, html)
     for ext in test_mail_examples.QUOTE_THUNDERBIRD_1_OUT:
         self.assertIn(
             u'<span data-o-mail-quote="1">%s</span>' %
             misc.html_escape(ext), html)
Exemplo n.º 11
0
 def test_edi_source(self):
     html = html_sanitize(test_mail_examples.EDI_LIKE_HTML_SOURCE)
     self.assertIn(
         'font-family: \'Lucida Grande\', Ubuntu, Arial, Verdana, sans-serif;', html,
         'html_sanitize removed valid styling')
     self.assertIn(
         'src="https://www.paypal.com/en_US/i/btn/btn_paynowCC_LG.gif"', html,
         'html_sanitize removed valid img')
     self.assertNotIn('</body></html>', html, 'html_sanitize did not remove extra closing tags')
Exemplo n.º 12
0
 def test_sanitize_escape_emails(self):
     emails = [
         "Charles <*****@*****.**>",
         "Dupuis <'tr/-: ${dupuis#$'@truc.baz.fr>",
         "Technical <service/[email protected]>",
         "Div nico <*****@*****.**>"
     ]
     for email in emails:
         self.assertIn(misc.html_escape(email), html_sanitize(email), 'html_sanitize stripped emails of original html')
Exemplo n.º 13
0
 def test_sanitize_unescape_emails(self):
     not_emails = [
         '<blockquote cite="mid:CAEJSRZvWvud8c6Qp=wfNG6O1+wK3i_jb33qVrF7XyrgPNjnyUA@mail.gmail.com" type="cite">cat</blockquote>',
         '<img alt="@github-login" class="avatar" src="/web/image/pi" height="36" width="36">']
     for email in not_emails:
         sanitized = html_sanitize(email)
         left_part = email.split('>')[0]  # take only left part, as the sanitizer could add data information on node
         self.assertNotIn(misc.html_escape(email), sanitized, 'html_sanitize stripped emails of original html')
         self.assertIn(left_part, sanitized)
Exemplo n.º 14
0
    def test_evil_malicious_code(self):
        # taken from https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Tests
        cases = [
            ("<IMG SRC=javascript:alert('XSS')>"),  # no quotes and semicolons
            ("<IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;>"),  # UTF-8 Unicode encoding
            ("<IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29>"),  # hex encoding
            ("<IMG SRC=\"jav&#x0D;ascript:alert('XSS');\">"),  # embedded carriage return
            ("<IMG SRC=\"jav&#x0A;ascript:alert('XSS');\">"),  # embedded newline
            ("<IMG SRC=\"jav   ascript:alert('XSS');\">"),  # embedded tab
            ("<IMG SRC=\"jav&#x09;ascript:alert('XSS');\">"),  # embedded encoded tab
            ("<IMG SRC=\" &#14;  javascript:alert('XSS');\">"),  # spaces and meta-characters
            ("<IMG SRC=\"javascript:alert('XSS')\""),  # half-open html
            ("<IMG \"\"\"><SCRIPT>alert(\"XSS\")</SCRIPT>\">"),  # malformed tag
            ("<SCRIPT/XSS SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>"),  # non-alpha-non-digits
            ("<SCRIPT/SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>"),  # non-alpha-non-digits
            ("<<SCRIPT>alert(\"XSS\");//<</SCRIPT>"),  # extraneous open brackets
            ("<SCRIPT SRC=http://ha.ckers.org/xss.js?< B >"),  # non-closing script tags
            ("<INPUT TYPE=\"IMAGE\" SRC=\"javascript:alert('XSS');\">"),  # input image
            ("<BODY BACKGROUND=\"javascript:alert('XSS')\">"),  # body image
            ("<IMG DYNSRC=\"javascript:alert('XSS')\">"),  # img dynsrc
            ("<IMG LOWSRC=\"javascript:alert('XSS')\">"),  # img lowsrc
            ("<TABLE BACKGROUND=\"javascript:alert('XSS')\">"),  # table
            ("<TABLE><TD BACKGROUND=\"javascript:alert('XSS')\">"),  # td
            ("<DIV STYLE=\"background-image: url(javascript:alert('XSS'))\">"),  # div background
            ("<DIV STYLE=\"background-image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029'\0029\">"),  # div background with unicoded exploit
            ("<DIV STYLE=\"background-image: url(&#1;javascript:alert('XSS'))\">"),  # div background + extra characters
            ("<IMG SRC='vbscript:msgbox(\"XSS\")'>"),  # VBscrip in an image
            ("<BODY ONLOAD=alert('XSS')>"),  # event handler
            ("<BR SIZE=\"&{alert('XSS')}\>"),  # & javascript includes
            ("<LINK REL=\"stylesheet\" HREF=\"javascript:alert('XSS');\">"),  # style sheet
            ("<LINK REL=\"stylesheet\" HREF=\"http://ha.ckers.org/xss.css\">"),  # remote style sheet
            ("<STYLE>@import'http://ha.ckers.org/xss.css';</STYLE>"),  # remote style sheet 2
            ("<META HTTP-EQUIV=\"Link\" Content=\"<http://ha.ckers.org/xss.css>; REL=stylesheet\">"),  # remote style sheet 3
            ("<STYLE>BODY{-moz-binding:url(\"http://ha.ckers.org/xssmoz.xml#xss\")}</STYLE>"),  # remote style sheet 4
            ("<IMG STYLE=\"xss:expr/*XSS*/ession(alert('XSS'))\">"),  # style attribute using a comment to break up expression
        ]
        for content in cases:
            html = html_sanitize(content)
            self.assertNotIn('javascript', html, 'html_sanitize did not remove a malicious javascript')
            self.assertTrue('ha.ckers.org' not in html or 'http://ha.ckers.org/xss.css' in html, 'html_sanitize did not remove a malicious code in %s (%s)' % (content, html))

        content = "<!--[if gte IE 4]><SCRIPT>alert('XSS');</SCRIPT><![endif]-->"  # down-level hidden block
        self.assertEquals(html_sanitize(content, silent=False), '')
Exemplo n.º 15
0
 def test_basic_sanitizer(self):
     cases = [
         ("yop", "<p>yop</p>"),  # simple
         ("lala<p>yop</p>xxx", "<p>lala</p><p>yop</p>xxx"),  # trailing text
         ("Merci à l'intérêt pour notre produit.nous vous contacterons bientôt. Merci",
             u"<p>Merci à l'intérêt pour notre produit.nous vous contacterons bientôt. Merci</p>"),  # unicode
     ]
     for content, expected in cases:
         html = html_sanitize(content)
         self.assertEqual(html, expected, 'html_sanitize is broken')
Exemplo n.º 16
0
 def test_quote_signature(self):
     test_data = [
         (
             """<div>Hello<pre>--<br />Administrator</pre></div>""",
             ["<pre data-o-mail-quote=\"1\">--", "<br data-o-mail-quote=\"1\">"],
         )
     ]
     for test, in_lst in test_data:
         new_html = html_sanitize(test)
         for text in in_lst:
             self.assertIn(text, new_html)
Exemplo n.º 17
0
 def test_html(self):
     sanitized_html = html_sanitize(test_mail_examples.MISC_HTML_SOURCE)
     for tag in [
             '<div', '<b', '<i', '<u', '<strike', '<li', '<blockquote',
             '<a href'
     ]:
         self.assertIn(tag, sanitized_html,
                       'html_sanitize stripped too much of original html')
     for attr in ['javascript']:
         self.assertNotIn(
             attr, sanitized_html,
             'html_sanitize did not remove enough unwanted attributes')
Exemplo n.º 18
0
 def test_style_class_only(self):
     html = html_sanitize(test_mail_examples.REMOVE_CLASS,
                          sanitize_attributes=False,
                          sanitize_style=True,
                          strip_classes=True)
     for ext in test_mail_examples.REMOVE_CLASS_IN:
         self.assertIn(ext, html)
     for ext in test_mail_examples.REMOVE_CLASS_OUT:
         self.assertNotIn(
             ext,
             html,
         )
Exemplo n.º 19
0
 def compute_tips(self, company, user):
     tip = self.env['digest.tip'].search(
         [('user_ids', '!=', user.id), '|',
          ('group_id', 'in', user.groups_id.ids), ('group_id', '=', False)],
         limit=1)
     if not tip:
         return False
     tip.user_ids = [4, user.id]
     body = tools.html_sanitize(tip.tip_description)
     tip_description = self.env['mail.template'].render_template(
         body, 'digest.tip', self.id)
     return tip_description
Exemplo n.º 20
0
 def compute_tips(self, company, user, tips_count=1, consumed=True):
     tips = self.env['digest.tip'].search(
         [('user_ids', '!=', user.id), '|',
          ('group_id', 'in', user.groups_id.ids), ('group_id', '=', False)],
         limit=tips_count)
     tip_descriptions = [
         self.env['mail.render.mixin']._render_template(
             tools.html_sanitize(tip.tip_description),
             'digest.tip',
             tip.ids,
             post_process=True)[tip.id] for tip in tips
     ]
     if consumed:
         tips.user_ids += user
     return tip_descriptions
Exemplo n.º 21
0
    def test_mako(self):
        cases = [('''<p>Some text</p>
<% set signup_url = object.get_signup_url() %>
% if signup_url:
<p>
    You can access this document and pay online via our Customer Portal:
</p>''', '''<p>Some text</p>
<% set signup_url = object.get_signup_url() %>
% if signup_url:
<p>
    You can access this document and pay online via our Customer Portal:
</p>''')]
        for content, expected in cases:
            html = html_sanitize(content, silent=False)
            self.assertEqual(html, expected,
                             'html_sanitize: broken mako management')
Exemplo n.º 22
0
    def _action_send_statistics(self):
        """Send an email to the responsible of each finished mailing with the statistics."""
        self.kpi_mail_required = False

        for mailing in self:
            user = mailing.user_id
            mailing = mailing.with_context(
                lang=user.lang or self._context.get('lang'))

            link_trackers = self.env['link.tracker'].search([
                ('mass_mailing_id', '=', mailing.id)
            ]).sorted('count', reverse=True)
            link_trackers_body = self.env['ir.qweb']._render(
                'mass_mailing.mass_mailing_kpi_link_trackers',
                {
                    'object': mailing,
                    'link_trackers': link_trackers
                },
            )

            rendered_body = self.env['ir.qweb']._render(
                'digest.digest_mail_main',
                {
                    'body': tools.html_sanitize(link_trackers_body),
                    'company': user.company_id,
                    'user': user,
                    'display_mobile_banner': True,
                    **mailing._prepare_statistics_email_values()
                },
            )

            full_mail = self.env['mail.render.mixin']._render_encapsulate(
                'digest.digest_mail_layout',
                rendered_body,
            )

            mail_values = {
                'subject': _('24H Stats of mailing "%s"') % mailing.subject,
                'email_from': user.email_formatted,
                'email_to': user.email_formatted,
                'body_html': full_mail,
                'auto_delete': True,
            }
            mail = self.env['mail.mail'].sudo().create(mail_values)
            mail.send(raise_exception=False)
Exemplo n.º 23
0
 def send_mail_test(self):
     self.ensure_one()
     mails = self.env['mail.mail']
     mailing = self.mass_mailing_id
     test_emails = tools.email_split(self.email_to)
     for test_mail in test_emails:
         # Convert links in absolute URLs before the application of the shortener
         mailing.write({
             'body_html':
             self.env['mail.template']._replace_local_links(
                 mailing.body_html)
         })
         mail_values = {
             'email_from':
             mailing.email_from,
             'reply_to':
             mailing.reply_to,
             'email_to':
             test_mail,
             'subject':
             mailing.name,
             'body_html':
             tools.html_sanitize(mailing.body_html,
                                 sanitize_attributes=True,
                                 sanitize_style=True,
                                 strip_classes=True),
             'notification':
             True,
             'mailing_id':
             mailing.id,
             'attachment_ids':
             [(4, attachment.id) for attachment in mailing.attachment_ids],
             'auto_delete':
             True,
         }
         mail = self.env['mail.mail'].create(mail_values)
         mails |= mail
     mails.send()
     return True
Exemplo n.º 24
0
 def test_quote_thunderbird_html(self):
     html = html_sanitize(test_mail_examples.QUOTE_THUNDERBIRD_HTML)
     for ext in test_mail_examples.QUOTE_THUNDERBIRD_HTML_IN:
         self.assertIn(ext, html)
     for ext in test_mail_examples.QUOTE_THUNDERBIRD_HTML_OUT:
         self.assertIn(ext, html)
Exemplo n.º 25
0
    def generate_email(self, res_ids, fields=None):
        """Generates an email from the template for given the given model based on
        records given by res_ids.

        :param template_id: id of the template to render.
        :param res_id: id of the record to use for rendering the template (model
                       is taken from template definition)
        :returns: a dict containing all relevant fields for creating a new
                  mail.mail entry, with one extra key ``attachments``, in the
                  format [(report_name, data)] where data is base64 encoded.
        """
        self.ensure_one()
        multi_mode = True
        if isinstance(res_ids, pycompat.integer_types):
            res_ids = [res_ids]
            multi_mode = False
        if fields is None:
            fields = [
                'subject', 'body_html', 'email_from', 'email_to', 'partner_to',
                'email_cc', 'reply_to', 'scheduled_date'
            ]

        res_ids_to_templates = self.get_email_template(res_ids)

        # templates: res_id -> template; template -> res_ids
        templates_to_res_ids = {}
        for res_id, template in res_ids_to_templates.items():
            templates_to_res_ids.setdefault(template, []).append(res_id)

        results = dict()
        for template, template_res_ids in templates_to_res_ids.items():
            Template = self.env['mail.template']
            # generate fields value for all res_ids linked to the current template
            if template.lang:
                Template = Template.with_context(
                    lang=template._context.get('lang'))
            for field in fields:
                Template = Template.with_context(safe=field in {'subject'})
                generated_field_values = Template.render_template(
                    getattr(template, field),
                    template.model,
                    template_res_ids,
                    post_process=(field == 'body_html'))
                for res_id, field_value in generated_field_values.items():
                    results.setdefault(res_id, dict())[field] = field_value
            # compute recipients
            if any(field in fields
                   for field in ['email_to', 'partner_to', 'email_cc']):
                results = template.generate_recipients(results,
                                                       template_res_ids)
            # update values for all res_ids
            for res_id in template_res_ids:
                values = results[res_id]
                # body: add user signature, sanitize
                if 'body_html' in fields and template.user_signature:
                    signature = self.env.user.signature
                    if signature:
                        values['body_html'] = tools.append_content_to_html(
                            values['body_html'], signature, plaintext=False)
                if values.get('body_html'):
                    values['body'] = tools.html_sanitize(values['body_html'])
                # technical settings
                values.update(
                    mail_server_id=template.mail_server_id.id or False,
                    auto_delete=template.auto_delete,
                    keep_days=template.keep_days,
                    model=template.model,
                    res_id=res_id or False,
                    attachment_ids=[
                        attach.id for attach in template.attachment_ids
                    ],
                )

            # Add report in attachments: generate once for all template_res_ids
            if template.report_template:
                for res_id in template_res_ids:
                    attachments = []
                    report_name = self.render_template(template.report_name,
                                                       template.model, res_id)
                    report = template.report_template
                    report_service = report.report_name

                    if report.report_type not in ['qweb-html', 'qweb-pdf']:
                        raise UserError(
                            _('Unsupported report type %s found.') %
                            report.report_type)
                    result, format = report.render_qweb_pdf([res_id])

                    # TODO in trunk, change return format to binary to match message_post expected format
                    result = base64.b64encode(result)
                    if not report_name:
                        report_name = 'report.' + report_service
                    ext = "." + format
                    if not report_name.endswith(ext):
                        report_name += ext
                    attachments.append((report_name, result))
                    results[res_id]['attachments'] = attachments

        return multi_mode and results or results[res_ids[0]]
Exemplo n.º 26
0
    def send_mail_test(self):
        self.ensure_one()
        ctx = dict(self.env.context)
        ctx.pop('default_state', None)
        self = self.with_context(ctx)

        mails_sudo = self.env['mail.mail'].sudo()
        mailing = self.mass_mailing_id
        test_emails = tools.email_split(self.email_to)
        mass_mail_layout = self.env.ref(
            'mass_mailing.mass_mailing_mail_layout')

        record = self.env[mailing.mailing_model_real].search([], limit=1)
        body = mailing._prepend_preview(mailing.body_html, mailing.preview)
        subject = mailing.subject

        # If there is atleast 1 record for the model used in this mailing, then we use this one to render the template
        # Downside: Jinja syntax is only tested when there is atleast one record of the mailing's model
        if record:
            # Returns a proper error if there is a syntax error with jinja
            body = self.env['mail.render.mixin']._render_template(
                body,
                mailing.mailing_model_real,
                record.ids,
                post_process=True)[record.id]
            subject = self.env['mail.render.mixin']._render_template(
                subject, mailing.mailing_model_real, record.ids)[record.id]

        # Convert links in absolute URLs before the application of the shortener
        body = self.env['mail.render.mixin']._replace_local_links(body)
        body = tools.html_sanitize(body,
                                   sanitize_attributes=True,
                                   sanitize_style=True)

        for test_mail in test_emails:
            mail_values = {
                'email_from':
                mailing.email_from,
                'reply_to':
                mailing.reply_to,
                'email_to':
                test_mail,
                'subject':
                subject,
                'body_html':
                mass_mail_layout._render({'body': body},
                                         engine='ir.qweb',
                                         minimal_qcontext=True),
                'notification':
                True,
                'mailing_id':
                mailing.id,
                'attachment_ids':
                [(4, attachment.id) for attachment in mailing.attachment_ids],
                'auto_delete':
                True,
                'mail_server_id':
                mailing.mail_server_id.id,
            }
            mail = self.env['mail.mail'].sudo().create(mail_values)
            mails_sudo |= mail
        mails_sudo.send()
        return True
Exemplo n.º 27
0
    def generate_email(self, res_ids, fields):
        """Generates an email from the template for given the given model based on
        records given by res_ids.

        :param res_id: id of the record to use for rendering the template (model
                       is taken from template definition)
        :returns: a dict containing all relevant fields for creating a new
                  mail.mail entry, with one extra key ``attachments``, in the
                  format [(report_name, data)] where data is base64 encoded.
        """
        self.ensure_one()
        multi_mode = True
        if isinstance(res_ids, int):
            res_ids = [res_ids]
            multi_mode = False

        results = dict()
        for lang, (
                template,
                template_res_ids) in self._classify_per_lang(res_ids).items():
            for field in fields:
                template = template.with_context(safe=(field == 'subject'))
                generated_field_values = template._render_field(
                    field,
                    template_res_ids,
                    post_process=(field == 'body_html'))
                for res_id, field_value in generated_field_values.items():
                    results.setdefault(res_id, dict())[field] = field_value
            # compute recipients
            if any(field in fields
                   for field in ['email_to', 'partner_to', 'email_cc']):
                results = template.generate_recipients(results,
                                                       template_res_ids)
            # update values for all res_ids
            for res_id in template_res_ids:
                values = results[res_id]
                if values.get('body_html'):
                    values['body'] = tools.html_sanitize(values['body_html'])
                # technical settings
                values.update(
                    mail_server_id=template.mail_server_id.id or False,
                    auto_delete=template.auto_delete,
                    model=template.model,
                    res_id=res_id or False,
                    attachment_ids=[
                        attach.id for attach in template.attachment_ids
                    ],
                )

            # Add report in attachments: generate once for all template_res_ids
            if template.report_template:
                for res_id in template_res_ids:
                    attachments = []
                    report_name = template._render_field(
                        'report_name', [res_id])[res_id]
                    report = template.report_template
                    report_service = report.report_name

                    if report.report_type in ['qweb-html', 'qweb-pdf']:
                        result, format = report._render_qweb_pdf([res_id])
                    else:
                        res = report._render([res_id])
                        if not res:
                            raise UserError(
                                _('Unsupported report type %s found.',
                                  report.report_type))
                        result, format = res

                    # TODO in trunk, change return format to binary to match message_post expected format
                    result = base64.b64encode(result)
                    if not report_name:
                        report_name = 'report.' + report_service
                    ext = "." + format
                    if not report_name.endswith(ext):
                        report_name += ext
                    attachments.append((report_name, result))
                    results[res_id]['attachments'] = attachments

        return multi_mode and results or results[res_ids[0]]