def execute():
for product_bundle in dataent.get_all('Product Bundle'):
doc = dataent.get_doc('Product Bundle', product_bundle.name)
for item in doc.items:
if item.description:
description = sanitize_html(item.description)
item.db_set('description', description, update_modified=False)
def get_context(context):
context.no_cache = 1
if dataent.form_dict.q:
query = str(utils.escape(sanitize_html(dataent.form_dict.q)))
context.title = _('Search Results for ')
context.query = query
context.route = '/search'
context.update(get_search_results(query))
else:
context.title = _('Search')
def get_list_context(context=None):
list_context = dataent._dict(
template="templates/includes/blog/blog.html",
get_list=get_blog_list,
hide_filters=True,
children=get_children(),
# show_search = True,
title=_('Blog'))
category = sanitize_html(dataent.local.form_dict.blog_category
or dataent.local.form_dict.category)
if category:
category_title = get_blog_category(category)
list_context.sub_title = _("Posts filed under {0}").format(
category_title)
list_context.title = category_title
elif dataent.local.form_dict.blogger:
blogger = dataent.db.get_value(
"Blogger", {"name": dataent.local.form_dict.blogger}, "full_name")
list_context.sub_title = _("Posts by {0}").format(blogger)
list_context.title = blogger
elif dataent.local.form_dict.txt:
list_context.sub_title = _('Filtered by "{0}"').format(
sanitize_html(dataent.local.form_dict.txt))
if list_context.sub_title:
list_context.parents = [{
"name": _("Home"),
"route": "/"
}, {
"name": "Blog",
"route": "/blog"
}]
else:
list_context.parents = [{"name": _("Home"), "route": "/"}]
list_context.update(
dataent.get_doc("Blog Settings",
"Blog Settings").as_dict(no_default_fields=True))
return list_context
def get_context(context):
context.no_cache = 1
if dataent.form_dict.q:
query = str(utils.escape(sanitize_html(dataent.form_dict.q)))
context.title = _('Help Results for')
context.query = query
context.route = '/search_help'
d = dataent._dict()
d.results_sections = get_help_results_sections(query)
context.update(d)
else:
context.title = _('Docs Search')
def _sanitize_content(self):
"""Sanitize HTML and Email in field values. Used to prevent XSS.
- Ignore if 'Ignore XSS Filter' is checked or fieldtype is 'Code'
"""
if dataent.flags.in_install:
return
for fieldname, value in self.get_valid_dict().items():
if not value or not isinstance(value, string_types):
continue
value = dataent.as_unicode(value)
if (u"<" not in value and u">" not in value):
# doesn't look like html so no need
continue
elif "<!-- markdown -->" in value and not ("<script" in value or
"javascript:" in value):
# should be handled separately via the markdown converter function
continue
df = self.meta.get_field(fieldname)
sanitized_value = value
if df and df.get("fieldtype") in (
"Data", "Code",
"Small Text") and df.get("options") == "Email":
sanitized_value = sanitize_email(value)
elif df and (
df.get("ignore_xss_filter") or
(df.get("fieldtype") == "Code"
and df.get("options") != "Email") or df.get("fieldtype")
in ("Attach", "Attach Image", "Barcode")
# cancelled and submit but not update after submit should be ignored
or self.docstatus == 2 or
(self.docstatus == 1 and not df.get("allow_on_submit"))):
continue
else:
sanitized_value = sanitize_html(
value, linkify=df.fieldtype == 'Text Editor')
self.set(fieldname, sanitized_value)
def insert_communication(self, msg, args={}):
if isinstance(msg, list):
raw, uid, seen = msg
else:
raw = msg
uid = -1
seen = 0
if args.get("uid", -1): uid = args.get("uid", -1)
if args.get("seen", 0): seen = args.get("seen", 0)
email = Email(raw)
if email.from_email == self.email_id and not email.mail.get("Reply-To"):
# gmail shows sent emails in inbox
# and we don't want emails sent by us to be pulled back into the system again
# dont count emails sent by the system get those
if dataent.flags.in_test:
print('WARN: Cannot pull email. Sender sames as recipient inbox')
raise SentEmailInInbox
if email.message_id:
names = dataent.db.sql("""select distinct name from tabCommunication
where message_id='{message_id}'
order by creation desc limit 1""".format(
message_id=email.message_id
), as_dict=True)
if names:
name = names[0].get("name")
# email is already available update communication uid instead
dataent.db.set_value("Communication", name, "uid", uid, update_modified=False)
return
if email.content_type == 'text/html':
email.content = clean_email_html(email.content)
communication = dataent.get_doc({
"doctype": "Communication",
"subject": email.subject,
"content": email.content,
'text_content': email.text_content,
"sent_or_received": "Received",
"sender_full_name": email.from_real_name,
"sender": email.from_email,
"recipients": email.mail.get("To"),
"cc": email.mail.get("CC"),
"email_account": self.name,
"communication_medium": "Email",
"uid": int(uid or -1),
"message_id": email.message_id,
"communication_date": email.date,
"has_attachment": 1 if email.attachments else 0,
"seen": seen or 0
})
self.set_thread(communication, email)
if communication.seen:
# get email account user and set communication as seen
users = dataent.get_all("User Email", filters={ "email_account": self.name },
fields=["parent"])
users = list(set([ user.get("parent") for user in users ]))
communication._seen = json.dumps(users)
communication.flags.in_receive = True
communication.insert(ignore_permissions = 1)
# save attachments
communication._attachments = email.save_attachments_in_doc(communication)
# replace inline images
dirty = False
for file in communication._attachments:
if file.name in email.cid_map and email.cid_map[file.name]:
dirty = True
email.content = email.content.replace("cid:{0}".format(email.cid_map[file.name]),
file.file_url)
if dirty:
# not sure if using save() will trigger anything
communication.db_set("content", sanitize_html(email.content))
# notify all participants of this thread
if self.enable_auto_reply and getattr(communication, "is_first", False):
self.send_auto_reply(communication, email)
return communication