[FW][FIX] mail: traceback when searching single quotes or round brackets #165293

fw-bot · 2024-05-13T16:54:01Z

Before this commit, when trying to highlight a message containing a single quote you get a traceback.
To reproduce:

post a message with body "can't"
search for "can"
search for "can't"

This happens because the XPath expression with unescaped single quotes becomes invalid.

This commit fixes the issue by escaping the single quotes using the XPath concat() function.

Before this commit, trying to search for a message containing a round bracket would produce a traceback.

search for the string "("

This happens because the search term is not being escaped for the regexp.

This commit fixes the issue by escaping the search term. Same is being done on the mock server. Added tests.

Forward-Port-Of: #165121
Forward-Port-Of: #164320

robodoo · 2024-05-13T16:54:02Z

Pull request status dashboard.

fw-bot · 2024-05-13T16:54:03Z

@Atovange @alexkuhn cherrypicking of pull request #164320 failed.

stdout:

Auto-merging addons/mail/static/src/core/common/message_search_hook.js
CONFLICT (modify/delete): addons/mail/static/src/core/common/thread_service.js deleted in HEAD and modified in f0b3e1da2307 ([FIX] mail: escaping single quotes in message search).  Version f0b3e1da2307 ([FIX] mail: escaping single quotes in message search) of addons/mail/static/src/core/common/thread_service.js left in tree.
Auto-merging addons/web/static/src/core/domain.js
CONFLICT (content): Merge conflict in addons/web/static/src/core/domain.js

stderr:

18:53:44.783883 git.c:463               trace: built-in: git cherry-pick f0b3e1da2307cb5f9f613fdb93914789f866bcee
error: could not apply f0b3e1da2307... [FIX] mail: escaping single quotes in message search
hint: After resolving the conflicts, mark them with
hint: "git add/rm <pathspec>", then run
hint: "git cherry-pick --continue".
hint: You can instead skip this commit with "git cherry-pick --skip".
hint: To abort and get back to the state before "git cherry-pick",
hint: run "git cherry-pick --abort".
----------
status:

Either perform the forward-port manually (and push to this branch, proceeding as usual) or close this PR (maybe?).

In the former case, you may want to edit this PR message as well.

⚠️ after resolving this conflict, you will need to merge it via @robodoo.

More info at https://github.com/odoo/odoo/wiki/Mergebot#forward-port

Before this commit, when trying to highlight a message containing a single quote you get a traceback. To reproduce: - post a message with body "can't" - search for "can" - search for "can't" This happens because the XPath expression with unescaped single quotes becomes invalid. This commit fixes the issue by escaping the single quotes using the XPath concat() function. --- [FIX] mail: escaping search term for regexps Before this commit, trying to search for a message containing a round bracket would produce a traceback. - search for the string "(" This happens because the search term is not being escaped for the regexp. This commit fixes the issue by escaping the search term. Same is being done on the mock server. Added tests. Forward-Port-Of: odoo#164320 closes odoo#164320 X-original-commit: 61aa7c3

alexkuhn

@robodoo r+

robodoo · 2024-05-14T08:50:27Z

@alexkuhn you may want to rebuild or fix this PR as it has failed CI.

alexkuhn · 2024-05-14T09:16:27Z

@robodoo override=ci/security

This is just added comment on a side-effect of innerHTML= that is relevant for understanding that resulting message.body has a mix of escaped and non-escaped chars. The search term requires to be formatted the same way as a result.

#165121 (comment)

Before this commit, when trying to highlight a message containing a single quote you get a traceback. To reproduce: - post a message with body "can't" - search for "can" - search for "can't" This happens because the XPath expression with unescaped single quotes becomes invalid. This commit fixes the issue by escaping the single quotes using the XPath concat() function. --- [FIX] mail: escaping search term for regexps Before this commit, trying to search for a message containing a round bracket would produce a traceback. - search for the string "(" This happens because the search term is not being escaped for the regexp. This commit fixes the issue by escaping the search term. Same is being done on the mock server. Added tests. Forward-Port-Of: #164320 closes #164320 closes #165293 X-original-commit: 61aa7c3 Signed-off-by: Alexandre Kühn (aku) <aku@odoo.com>

Before this commit, when trying to highlight a message containing a single quote you get a traceback. To reproduce: - post a message with body "can't" - search for "can" - search for "can't" This happens because the XPath expression with unescaped single quotes becomes invalid. This commit fixes the issue by escaping the single quotes using the XPath concat() function. --- [FIX] mail: escaping search term for regexps Before this commit, trying to search for a message containing a round bracket would produce a traceback. - search for the string "(" This happens because the search term is not being escaped for the regexp. This commit fixes the issue by escaping the search term. Same is being done on the mock server. Added tests. Forward-Port-Of: odoo#164320 closes odoo#164320 closes odoo#165293 X-original-commit: 61aa7c3 Signed-off-by: Alexandre Kühn (aku) <aku@odoo.com>

C3POdoo added the RD research & development, internal work label May 13, 2024

robodoo added forwardport This PR was created by @fw-bot conflict There was an error while creating this forward-port PR labels May 13, 2024

fw-bot mentioned this pull request May 14, 2024

[FIX] mail: traceback when searching single quotes or round brackets #164320

Closed

Atovange force-pushed the master-17.0-xpath-error-gito-JFBE-fw branch from 9632b40 to 2e413c6 Compare May 14, 2024 07:16

C3POdoo requested review from a team, Iucapad and juliusc2066 and removed request for a team May 14, 2024 07:19

Atovange force-pushed the master-17.0-xpath-error-gito-JFBE-fw branch from 2e413c6 to cd1d549 Compare May 14, 2024 08:28

alexkuhn approved these changes May 14, 2024

View reviewed changes

robodoo temporarily deployed to merge May 14, 2024 11:42 Inactive

robodoo closed this May 14, 2024

robodoo added the 17.3 label May 14, 2024

fw-bot deleted the master-17.0-xpath-error-gito-JFBE-fw branch May 28, 2024 11:46

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[FW][FIX] mail: traceback when searching single quotes or round brackets #165293

[FW][FIX] mail: traceback when searching single quotes or round brackets #165293

fw-bot commented May 13, 2024

robodoo commented May 13, 2024

fw-bot commented May 13, 2024

alexkuhn left a comment

robodoo commented May 14, 2024

alexkuhn commented May 14, 2024

[FW][FIX] mail: traceback when searching single quotes or round brackets #165293

[FW][FIX] mail: traceback when searching single quotes or round brackets #165293

Conversation

fw-bot commented May 13, 2024

robodoo commented May 13, 2024

fw-bot commented May 13, 2024

alexkuhn left a comment

Choose a reason for hiding this comment

robodoo commented May 14, 2024

alexkuhn commented May 14, 2024