Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[16.0][FIX] l10n_it_central_journal_reportlab: escape Paragraph content #4400

Merged
merged 1 commit into from
Oct 18, 2024
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
57 changes: 31 additions & 26 deletions l10n_it_central_journal_reportlab/wizard/print_giornale.py
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@
import base64
import io
from datetime import timedelta
from xml.sax.saxutils import escape

from reportlab.lib import colors
from reportlab.lib.enums import TA_RIGHT
Expand Down Expand Up @@ -308,8 +309,12 @@ def get_initial_balance_data_report_giornale(self):
"",
"",
Paragraph(_("Initial Balance"), style_name),
Paragraph(formatLang(self.env, self.progressive_debit2), style_number),
Paragraph(formatLang(self.env, self.progressive_credit), style_number),
Paragraph(
escape(formatLang(self.env, self.progressive_debit2)), style_number
),
Paragraph(
escape(formatLang(self.env, self.progressive_credit)), style_number
),
]
]
return initial_balance_data
Expand Down Expand Up @@ -338,27 +343,28 @@ def get_grupped_final_tables_report_giornale(
)
if not account_name:
continue
# evitiamo che i caratteri < o > vengano interpretato come tag html
# dalla libreria reportlab
account_name = account_name.replace("<", "&lt;").replace(">", "&gt;")

start_row += 1
row = Paragraph(str(start_row), style_name)
date = Paragraph(format_date(self.env, line["date"]), style_name)
move = Paragraph(line["move_name"], style_name)
account = Paragraph(account_name, style_name)
name = Paragraph(line["name"], style_name)
row = Paragraph(escape(str(start_row)), style_name)
date = Paragraph(escape(format_date(self.env, line["date"])), style_name)
move = Paragraph(escape(line["move_name"]), style_name)
account = Paragraph(escape(account_name), style_name)
name = Paragraph(escape(line["name"]), style_name)
# dato che nel SQL ho la somma dei crediti e debiti potrei avere
# che un conto ha sia debito che credito
lines_data = []
if line["debit"] > 0:
debit = Paragraph(formatLang(self.env, line["debit"]), style_number)
credit = Paragraph(formatLang(self.env, 0), style_number)
debit = Paragraph(
escape(formatLang(self.env, line["debit"])), style_number
)
credit = Paragraph(escape(formatLang(self.env, 0)), style_number)
list_balance.append((line["debit"], 0))
lines_data.append([[row, date, move, account, name, debit, credit]])
if line["credit"] > 0:
debit = Paragraph(formatLang(self.env, 0), style_number)
credit = Paragraph(formatLang(self.env, line["credit"]), style_number)
debit = Paragraph(escape(formatLang(self.env, 0)), style_number)
credit = Paragraph(
escape(formatLang(self.env, line["credit"])), style_number
)
list_balance.append((0, line["credit"]))
lines_data.append([[row, date, move, account, name, debit, credit]])
for line_data in lines_data:
Expand Down Expand Up @@ -394,25 +400,24 @@ def get_final_tables_report_giornale(

for line in self.env["account.move.line"].browse(move_line_ids):
start_row += 1
row = Paragraph(str(start_row), style_name)
date = Paragraph(format_date(self.env, line.date), style_name)
ref = Paragraph(str(line.ref or ""), style_name)
row = Paragraph(escape(str(start_row)), style_name)
date = Paragraph(escape(format_date(self.env, line.date)), style_name)
ref = Paragraph(escape(str(line.ref or "")), style_name)
move_name = line.move_id.name or ""
move = Paragraph(move_name, style_name)
move = Paragraph(escape(move_name), style_name)
account_name = self._get_account_name_reportlab(line)
# evitiamo che i caratteri < o > vengano interpretato come tag html
# dalla libreria reportlab
account_name = account_name.replace("<", "&lt;").replace(">", "&gt;")
account = Paragraph(account_name, style_name)
account = Paragraph(escape(account_name), style_name)
if line.account_id.account_type in [
"asset_receivable",
"liability_payable",
]:
name = Paragraph(str(line.partner_id.name or ""), style_name)
name = Paragraph(escape(str(line.partner_id.name or "")), style_name)
else:
name = Paragraph(str(line.name or ""), style_name)
debit = Paragraph(formatLang(self.env, line.debit), style_number)
credit = Paragraph(formatLang(self.env, line.credit), style_number)
name = Paragraph(escape(str(line.name or "")), style_name)
debit = Paragraph(escape(formatLang(self.env, line.debit)), style_number)
credit = Paragraph(escape(formatLang(self.env, line.credit)), style_number)
list_balance.append((line.debit, line.credit))
line_data = [[row, date, ref, move, account, name, debit, credit]]
if previous_move_name != move_name:
Expand Down Expand Up @@ -441,8 +446,8 @@ def get_balance_data_report_giornale(self, tot_debit, tot_credit, final=False):
"",
"",
name,
Paragraph(formatLang(self.env, tot_debit), style_number),
Paragraph(formatLang(self.env, tot_credit), style_number),
Paragraph(escape(formatLang(self.env, tot_debit)), style_number),
Paragraph(escape(formatLang(self.env, tot_credit)), style_number),
]
]
return balance_data
Expand Down
Loading