[MERGE] forward port of branch 8.0 up to ed1c173

[odoo/odoo.git] / openerp / tools / mail.py

diff --git a/openerp/tools/mail.py b/openerp/tools/mail.py
index 50750f6..caefae4 100644 (file)
--- a/openerp/tools/mail.py
+++ b/openerp/tools/mail.py
@@ -63,6 +63,9 @@ def html_sanitize(src, silent=True, strict=False):
     # html encode email tags
     part = re.compile(r"(<(([^a<>]|a[^<>\s])[^<>]*)@[^<>]+>)", re.IGNORECASE | re.DOTALL)
     src = part.sub(lambda m: cgi.escape(m.group(1)), src)
+    # html encode mako tags <% ... %> to decode them later and keep them alive, otherwise they are stripped by the cleaner
+    src = src.replace('<%', cgi.escape('<%'))
+    src = src.replace('%>', cgi.escape('%>'))
 
     kwargs = {
         'page_structure': True,
@@ -71,7 +74,7 @@ def html_sanitize(src, silent=True, strict=False):
         'remove_unknown_tags': False,
         'allow_tags': allowed_tags,
         'comments': False,
-        'processing_instructions' : False
+        'processing_instructions': False
     }
     if etree.LXML_VERSION >= (2, 3, 1):
         # kill_tags attribute has been added in version 2.3.1
@@ -104,6 +107,8 @@ def html_sanitize(src, silent=True, strict=False):
         cleaned = cleaned.replace('%20', ' ')
         cleaned = cleaned.replace('%5B', '[')
         cleaned = cleaned.replace('%5D', ']')
+        cleaned = cleaned.replace('&lt;%', '<%')
+        cleaned = cleaned.replace('%&gt;', '%>')
     except etree.ParserError, e:
         if 'empty' in str(e):
             return ""
@@ -381,6 +386,11 @@ def html_email_clean(html, remove=False, shorten=False, max_length=300, expand_o
             node.set('in_quote', '1')
             node.set('tail_remove', '1')
         if node.tag == 'blockquote' or node.get('text_quote') or node.get('text_signature'):
+            # here no quote_begin because we want to be able to remove some quoted
+            # text without removing all the remaining context
+            node.set('in_quote', '1')
+        if node.getparent() is not None and node.getparent().get('in_quote'):
+            # inside a block of removed text but not in quote_begin (see above)
             node.set('in_quote', '1')
 
         # shorten:
@@ -500,6 +510,7 @@ def html2plaintext(html, body_id=None, encoding='utf-8'):
     html = html.replace(' ' * 2, ' ')
     html = html.replace('&gt;', '>')
     html = html.replace('&lt;', '<')
+    html = html.replace('&amp;', '&')
 
     # strip all lines
     html = '\n'.join([x.strip() for x in html.splitlines()])
@@ -598,10 +609,6 @@ command_re = re.compile("^Set-([a-z]+) *: *(.+)$", re.I + re.UNICODE)
 # group(1) = the record ID ; group(2) = the model (if any) ; group(3) = the domain
 reference_re = re.compile("<.*-open(?:object|erp)-(\\d+)(?:-([\w.]+))?.*@(.*)>", re.UNICODE)
 
-# Bounce regex
-# Typical form of bounce is bounce-128-crm.lead-34@domain
-# group(1) = the mail ID; group(2) = the model (if any); group(3) = the record ID
-bounce_re = re.compile("[\w]+-(\d+)-?([\w.]+)?-?(\d+)?", re.UNICODE)
 
 def generate_tracking_message_id(res_id):
     """Returns a string that can be used in the Message-ID RFC822 header field
@@ -665,4 +672,4 @@ def email_split(text):
                 # sometimes returns emails without at least '@'. The '@'
                 # is strictly required in RFC2822's `addr-spec`.
                 if addr[1]
-                if '@' in addr[1]]
\ No newline at end of file
+                if '@' in addr[1]]