Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[9.0][FIX] Mail tracking bugfixes #199

Merged
merged 3 commits into from
Oct 10, 2017
Merged

[9.0][FIX] Mail tracking bugfixes #199

merged 3 commits into from
Oct 10, 2017

Conversation

antespi
Copy link
Contributor

@antespi antespi commented Sep 22, 2017
edited
Loading

This PR fix two bugs found in mail_tracking:

  • When an email notification is an answer of another email notification (for example, in a invoice mail thread), then mail_tracking addon add several tracking email IDs in body. This fix assure that there is only one ID (and the last one).
  • Support for multi-company. Mail tracking status of partners from other companies raise an access error exception. This fix get status as sudo.

@antespi antespi changed the title Mail tracking fix [9.0][FIX] Mail tracking bugfixes Sep 22, 2017
@antespi antespi self-assigned this Sep 22, 2017
@antespi antespi added this to the 9.0 milestone Sep 22, 2017
yajo
yajo requested changes Sep 22, 2017
View reviewed changes
mail_tracking/models/ir_mail_server.py
@@ -23,7 +23,7 @@ def _tracking_email_id_body_get(self, body):
tracking_email_id = False
# https://regex101.com/r/lW4cB1/2
match = re.search(
r'<img [^>]* data-odoo-tracking-email=["\']([0-9]*)["\']', body)
r'<img[^>]*data-odoo-tracking-email=["\']([0-9]*)["\']', body)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I find all of this would be much easier to maintain and understand by using lxml.html to parse the email body, and then XPath to find/remove the node. This regexp for instance would produce false positives with i.e. <img src="i'm a hacker>"/>, and given those come from the outside world, it's a good attack vector.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, this is another way to do it.
I think regex is faster and consume less memory. BTW, that vector is not matching the regex, see https://regex101.com/r/lW4cB1/3

Copy link
Member

@yajo yajo Sep 22, 2017
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Indeed, I was wrong, but see:

  • <img data-odoo-tracking-email="0'/>
  • <imgdata-odoo-tracking-email="0'/>
  • <img <broken syntax!! data-odoo-tracking-email="0'/>
  • <img <broken syntax!! data-odoo-tracking-email="0' muahahahaa>
  • <img valid-tag=">" data-odoo-tracking-email="1999"/>

want more? 😏

Copy link
Contributor Author

@antespi antespi Sep 22, 2017
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Well, in those cases lxml will break, isn't it?

This fix first remove any tag that match with this regex, then inject the tag and after read the tag, so if there is some broken tag then it's not a security problem.

Using lxml, what would the code have to do if no valid HTML is read?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it should except and pass in such case, don't you think?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think that using lxml and then except and pass when invalid tags in the email will miss a tracking for some emails. In my approach (btw, the current one) those corner cases will be tracked without any problem.

So, I prefer to keep the current implementation because:

  • It's more resilience
  • It has a better CPU & RAM performance
  • It's simpler
  • It's the current implementation, less code changes
  • It hasn't any security issue

Any other opinions here?

rafaelbn
rafaelbn approved these changes Oct 9, 2017
View reviewed changes
Copy link
Member

@rafaelbn rafaelbn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks! 👍

@pedrobaeza
Copy link
Member

Please change module version number. Does this apply to v10? If so, please forward port it.

@yajo
Copy link
Member

yajo commented Oct 10, 2017

Done for him, no problem on final squashing, could you review @pedrobaeza?

@pedrobaeza pedrobaeza merged commit 6eb0332 into OCA:9.0 Oct 10, 2017
@pedrobaeza
Copy link
Member

Merged squashing

yajo pushed a commit to Tecnativa/social that referenced this pull request Oct 11, 2017
@antespi @yajo
[FIX] mail_tracking: bugfixes (OCA#199)
93232c0 
* [FIX] Only one data-odoo-tracking-email tag in each email
* [FIX] Get status even in multicompany instances
@yajo yajo mentioned this pull request Oct 11, 2017
Merged
chienandalu pushed a commit to Tecnativa/social that referenced this pull request Mar 19, 2018
@antespi @chienandalu
[FIX] mail_tracking: bugfixes (OCA#199)
32b7f3e 
* [FIX] Only one data-odoo-tracking-email tag in each email
* [FIX] Get status even in multicompany instances
chienandalu pushed a commit to Tecnativa/social that referenced this pull request Apr 5, 2018
@antespi @chienandalu
[FIX] mail_tracking: bugfixes (OCA#199)
5f74401 
* [FIX] Only one data-odoo-tracking-email tag in each email
* [FIX] Get status even in multicompany instances
chienandalu pushed a commit to Tecnativa/social that referenced this pull request Apr 5, 2018
@antespi @chienandalu
[FIX] mail_tracking: bugfixes (OCA#199)
b272bcd 
* [FIX] Only one data-odoo-tracking-email tag in each email
* [FIX] Get status even in multicompany instances
chienandalu pushed a commit to Tecnativa/social that referenced this pull request May 4, 2018
@antespi @chienandalu
[FIX] mail_tracking: bugfixes (OCA#199)
bc5e239 
* [FIX] Only one data-odoo-tracking-email tag in each email
* [FIX] Get status even in multicompany instances
yajo pushed a commit that referenced this pull request May 7, 2018
@antespi @yajo
[FIX] mail_tracking: bugfixes (#199)
9c22360 
* [FIX] Only one data-odoo-tracking-email tag in each email
* [FIX] Get status even in multicompany instances
ernestotejeda pushed a commit to Tecnativa/social that referenced this pull request Nov 5, 2018
@antespi @ernestotejeda
[FIX] mail_tracking: bugfixes (OCA#199)
d7319fb 
* [FIX] Only one data-odoo-tracking-email tag in each email
* [FIX] Get status even in multicompany instances
ernestotejeda pushed a commit to Tecnativa/social that referenced this pull request Dec 18, 2018
@antespi @ernestotejeda
[FIX] mail_tracking: bugfixes (OCA#199)
0c02f4b 
* [FIX] Only one data-odoo-tracking-email tag in each email
* [FIX] Get status even in multicompany instances
alan196 pushed a commit to Jarsa/social that referenced this pull request Dec 22, 2018
@antespi @alan196
[FIX] mail_tracking: bugfixes (OCA#199)
366478c 
* [FIX] Only one data-odoo-tracking-email tag in each email
* [FIX] Get status even in multicompany instances
ernestotejeda pushed a commit to Tecnativa/social that referenced this pull request Mar 7, 2019
@antespi @ernestotejeda
[FIX] mail_tracking: bugfixes (OCA#199)
e5e938a 
* [FIX] Only one data-odoo-tracking-email tag in each email
* [FIX] Get status even in multicompany instances
Tardo pushed a commit to Tecnativa/social that referenced this pull request Nov 18, 2019
@antespi @Tardo
[FIX] mail_tracking: bugfixes (OCA#199)
4cf9b2b 
* [FIX] Only one data-odoo-tracking-email tag in each email
* [FIX] Get status even in multicompany instances
Tardo pushed a commit to Tecnativa/social that referenced this pull request Nov 18, 2019
@antespi @Tardo
[FIX] mail_tracking: bugfixes (OCA#199)
624f8e8 
* [FIX] Only one data-odoo-tracking-email tag in each email
* [FIX] Get status even in multicompany instances
Tardo pushed a commit to Tecnativa/social that referenced this pull request Dec 5, 2019
@antespi @Tardo
[FIX] mail_tracking: bugfixes (OCA#199)
b658ba5 
* [FIX] Only one data-odoo-tracking-email tag in each email
* [FIX] Get status even in multicompany instances
pedrobaeza pushed a commit to Tecnativa/social that referenced this pull request Jan 7, 2020
@antespi @pedrobaeza
[FIX] mail_tracking: bugfixes (OCA#199)
e50e205 
* [FIX] Only one data-odoo-tracking-email tag in each email
* [FIX] Get status even in multicompany instances
Tardo pushed a commit to Tecnativa/social that referenced this pull request Jan 27, 2020
@antespi @Tardo
[FIX] mail_tracking: bugfixes (OCA#199)
c5c42f8 
* [FIX] Only one data-odoo-tracking-email tag in each email
* [FIX] Get status even in multicompany instances
Tardo pushed a commit to Tecnativa/social that referenced this pull request Feb 5, 2020
@antespi @Tardo
[FIX] mail_tracking: bugfixes (OCA#199)
5cb779b 
* [FIX] Only one data-odoo-tracking-email tag in each email
* [FIX] Get status even in multicompany instances
denris pushed a commit to denris/social that referenced this pull request Jan 28, 2021
@antespi
[FIX] mail_tracking: bugfixes (OCA#199)
8b67c1c 
* [FIX] Only one data-odoo-tracking-email tag in each email
* [FIX] Get status even in multicompany instances
SimoneVagile pushed a commit to SimoneVagile/social that referenced this pull request Jun 22, 2021
@antespi @SimoneVagile
[FIX] mail_tracking: bugfixes (OCA#199)
c768a3c 
* [FIX] Only one data-odoo-tracking-email tag in each email
* [FIX] Get status even in multicompany instances
marco1esparza pushed a commit to marco1esparza/social that referenced this pull request Dec 1, 2021
@antespi @marco1esparza
[FIX] mail_tracking: bugfixes (OCA#199)
3ebe41d 
* [FIX] Only one data-odoo-tracking-email tag in each email
* [FIX] Get status even in multicompany instances
JasminSForgeFlow pushed a commit to ForgeFlow/social that referenced this pull request Mar 25, 2022
@antespi @JasminSForgeFlow
[FIX] mail_tracking: bugfixes (OCA#199)
9cf7efc 
* [FIX] Only one data-odoo-tracking-email tag in each email
* [FIX] Get status even in multicompany instances
JasminSForgeFlow pushed a commit to ForgeFlow/social that referenced this pull request Apr 20, 2022
@antespi @JasminSForgeFlow
[FIX] mail_tracking: bugfixes (OCA#199)
2c5a564 
* [FIX] Only one data-odoo-tracking-email tag in each email
* [FIX] Get status even in multicompany instances
maq-adhoc pushed a commit to adhoc-dev/social that referenced this pull request Dec 15, 2022
@antespi @filoquin
[FIX] mail_tracking: bugfixes (OCA#199)
5af0653 
* [FIX] Only one data-odoo-tracking-email tag in each email
* [FIX] Get status even in multicompany instances
hvgollar pushed a commit to dynapps/social that referenced this pull request Dec 19, 2022
@antespi
[FIX] mail_tracking: bugfixes (OCA#199)
df416c6 
* [FIX] Only one data-odoo-tracking-email tag in each email
* [FIX] Get status even in multicompany instances
alan196 pushed a commit to Jarsa/social that referenced this pull request Feb 20, 2023
@antespi @alan196
[FIX] mail_tracking: bugfixes (OCA#199)
c24afca 
* [FIX] Only one data-odoo-tracking-email tag in each email
* [FIX] Get status even in multicompany instances
maq-adhoc pushed a commit to adhoc-dev/social that referenced this pull request Mar 6, 2023
@antespi @filoquin
[FIX] mail_tracking: bugfixes (OCA#199)
9b7d55d 
* [FIX] Only one data-odoo-tracking-email tag in each email
* [FIX] Get status even in multicompany instances
mathieudelva pushed a commit to mathieudelva/social that referenced this pull request May 23, 2023
@antespi @mathieudelva
[FIX] mail_tracking: bugfixes (OCA#199)
d538ff5 
* [FIX] Only one data-odoo-tracking-email tag in each email
* [FIX] Get status even in multicompany instances
payen000 pushed a commit to vauxoo-dev/social that referenced this pull request Sep 5, 2023
@antespi @payen000
[FIX] mail_tracking: bugfixes (OCA#199)
b7d6faa 
* [FIX] Only one data-odoo-tracking-email tag in each email
* [FIX] Get status even in multicompany instances
payen000 pushed a commit to vauxoo-dev/social that referenced this pull request Sep 25, 2023
@antespi @payen000
[FIX] mail_tracking: bugfixes (OCA#199)
5987c3f 
* [FIX] Only one data-odoo-tracking-email tag in each email
* [FIX] Get status even in multicompany instances
nguyenminhchien pushed a commit to nguyenminhchien/social that referenced this pull request Oct 20, 2023
@antespi @nguyenminhchien
[FIX] mail_tracking: bugfixes (OCA#199)
76de0fc 
* [FIX] Only one data-odoo-tracking-email tag in each email
* [FIX] Get status even in multicompany instances
trisdoan pushed a commit to trisdoan/social that referenced this pull request Mar 15, 2024
@antespi @trisdoan
[FIX] mail_tracking: bugfixes (OCA#199)
1230950 
* [FIX] Only one data-odoo-tracking-email tag in each email
* [FIX] Get status even in multicompany instances
chienandalu pushed a commit to Tecnativa/social that referenced this pull request May 14, 2024
@antespi @chienandalu
[FIX] mail_tracking: bugfixes (OCA#199)
bb61935 
* [FIX] Only one data-odoo-tracking-email tag in each email
* [FIX] Get status even in multicompany instances
chienandalu pushed a commit to Tecnativa/social that referenced this pull request May 30, 2024
@antespi @chienandalu
[FIX] mail_tracking: bugfixes (OCA#199)
434d4b7 
* [FIX] Only one data-odoo-tracking-email tag in each email
* [FIX] Get status even in multicompany instances
trisdoan pushed a commit to trisdoan/social that referenced this pull request May 31, 2024
@antespi @trisdoan
[FIX] mail_tracking: bugfixes (OCA#199)
83c8f0a 
* [FIX] Only one data-odoo-tracking-email tag in each email
* [FIX] Get status even in multicompany instances
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@yajo yajo yajo approved these changes

@rafaelbn rafaelbn rafaelbn approved these changes

Assignees

@antespi antespi

Labels
needs review
Projects
None yet
Milestone
9.0
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@antespi @pedrobaeza @yajo @rafaelbn