CGM_Public/pretix_original
2
0
Fork 1
mirror of https://github.com/pretix/pretix.git synced 2026-05-03 14:54:04 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix #1982 -- Stricter cleaning of dynamic values in invoices

Browse Source
This commit is contained in:
Raphael Michel
2021-03-01 10:35:02 +01:00
parent 2d9a16e94d
commit de597ba864
1 changed files with 36 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

46
src/pretix/base/invoice.py
View File

@@ -255,8 +255,10 @@ class ClassicInvoiceRenderer(BaseReportlabInvoiceRenderer):
invoice_from_top = 17 * mm invoice_from_top = 17 * mm
def _draw_invoice_from(self, canvas): def _draw_invoice_from(self, canvas):
p = Paragraph(self.invoice.full_invoice_from.strip().replace('\n', '<br />\n'), style=self.stylesheet[ p = Paragraph(
'InvoiceFrom']) bleach.clean(self.invoice.full_invoice_from, tags=[]).strip().replace('\n', '<br />\n'),
style=self.stylesheet['InvoiceFrom']
)
p.wrapOn(canvas, self.invoice_from_width, self.invoice_from_height) p.wrapOn(canvas, self.invoice_from_width, self.invoice_from_height)
p_size = p.wrap(self.invoice_from_width, self.invoice_from_height) p_size = p.wrap(self.invoice_from_width, self.invoice_from_height)
p.drawOn(canvas, self.invoice_from_left, self.pagesize[1] - p_size[1] - self.invoice_from_top) p.drawOn(canvas, self.invoice_from_left, self.pagesize[1] - p_size[1] - self.invoice_from_top)
@@ -361,6 +363,7 @@ class ClassicInvoiceRenderer(BaseReportlabInvoiceRenderer):
def _draw_event(self, canvas): def _draw_event(self, canvas):
def shorten(txt): def shorten(txt):
txt = str(txt) txt = str(txt)
txt = bleach.clean(txt, tags=[]).strip()
p = Paragraph(txt.strip().replace('\n', '<br />\n'), style=self.stylesheet['Normal']) p = Paragraph(txt.strip().replace('\n', '<br />\n'), style=self.stylesheet['Normal'])
p_size = p.wrap(self.event_width, self.event_height) p_size = p.wrap(self.event_width, self.event_height)
@@ -441,13 +444,18 @@ class ClassicInvoiceRenderer(BaseReportlabInvoiceRenderer):
story = [] story = []
if self.invoice.custom_field: if self.invoice.custom_field:
story.append(Paragraph( story.append(Paragraph(
'{}: {}'.format(self.invoice.event.settings.invoice_address_custom_field, self.invoice.custom_field), '{}: {}'.format(
bleach.clean(self.invoice.event.settings.invoice_address_custom_field, tags=[]).strip().replace('\n', '<br />\n'),
bleach.clean(self.invoice.custom_field, tags=[]).strip().replace('\n', '<br />\n'),
),
self.stylesheet['Normal'] self.stylesheet['Normal']
)) ))
if self.invoice.internal_reference: if self.invoice.internal_reference:
story.append(Paragraph( story.append(Paragraph(
pgettext('invoice', 'Customer reference: {reference}').format(reference=self.invoice.internal_reference), pgettext('invoice', 'Customer reference: {reference}').format(
reference=bleach.clean(self.invoice.internal_reference, tags=[]).strip().replace('\n', '<br />\n'),
),
self.stylesheet['Normal'] self.stylesheet['Normal']
)) ))
@@ -466,7 +474,10 @@ class ClassicInvoiceRenderer(BaseReportlabInvoiceRenderer):
)) ))
if self.invoice.introductory_text: if self.invoice.introductory_text:
story.append(Paragraph(self.invoice.introductory_text, self.stylesheet['Normal'])) story.append(Paragraph(
bleach.clean(self.invoice.introductory_text, tags=[]).strip().replace('\n', '<br />\n'),
self.stylesheet['Normal']
))
story.append(Spacer(1, 10 * mm)) story.append(Spacer(1, 10 * mm))
return story return story
@@ -518,7 +529,10 @@ class ClassicInvoiceRenderer(BaseReportlabInvoiceRenderer):
for line in self.invoice.lines.all(): for line in self.invoice.lines.all():
if has_taxes: if has_taxes:
tdata.append(( tdata.append((
Paragraph(line.description, self.stylesheet['Normal']), Paragraph(
bleach.clean(line.description, tags=[]).strip().replace('\n', '<br />\n'),
self.stylesheet['Normal']
),
"1", "1",
localize(line.tax_rate) + " %", localize(line.tax_rate) + " %",
money_filter(line.net_value, self.invoice.event.currency), money_filter(line.net_value, self.invoice.event.currency),
@@ -526,7 +540,10 @@ class ClassicInvoiceRenderer(BaseReportlabInvoiceRenderer):
)) ))
else: else:
tdata.append(( tdata.append((
Paragraph(line.description, self.stylesheet['Normal']), Paragraph(
bleach.clean(line.description, tags=[]).strip().replace('\n', '<br />\n'),
self.stylesheet['Normal']
),
"1", "1",
money_filter(line.gross_value, self.invoice.event.currency), money_filter(line.gross_value, self.invoice.event.currency),
)) ))
@@ -566,10 +583,16 @@ class ClassicInvoiceRenderer(BaseReportlabInvoiceRenderer):
story.append(Spacer(1, 15 * mm)) story.append(Spacer(1, 15 * mm))
if self.invoice.payment_provider_text: if self.invoice.payment_provider_text:
story.append(Paragraph(self.invoice.payment_provider_text, self.stylesheet['Normal'])) story.append(Paragraph(
bleach.clean(self.invoice.payment_provider_text, tags=[]).strip().replace('\n', '<br />\n'),
self.stylesheet['Normal']
))
if self.invoice.additional_text: if self.invoice.additional_text:
story.append(Paragraph(self.invoice.additional_text, self.stylesheet['Normal'])) story.append(Paragraph(
bleach.clean(self.invoice.additional_text, tags=[]).strip().replace('\n', '<br />\n'),
self.stylesheet['Normal']
))
story.append(Spacer(1, 15 * mm)) story.append(Spacer(1, 15 * mm))
tstyledata = [ tstyledata = [
@@ -701,7 +724,10 @@ class Modern1Renderer(ClassicInvoiceRenderer):
def _draw_invoice_from(self, canvas): def _draw_invoice_from(self, canvas):
if not self.invoice.invoice_from: if not self.invoice.invoice_from:
return return
c = self.invoice.address_invoice_from.strip().split('\n') c = [
bleach.clean(l, tags=[]).strip().replace('\n', '<br />\n')
for l in self.invoice.address_invoice_from.strip().split('\n')
]
p = Paragraph(' · '.join(c), style=self.stylesheet['Sender']) p = Paragraph(' · '.join(c), style=self.stylesheet['Sender'])
p.wrapOn(canvas, self.invoice_to_width, 15.7 * mm) p.wrapOn(canvas, self.invoice_to_width, 15.7 * mm)
p.drawOn(canvas, self.invoice_to_left, self.pagesize[1] - self.invoice_to_top + 2 * mm) p.drawOn(canvas, self.invoice_to_left, self.pagesize[1] - self.invoice_to_top + 2 * mm)