A sanitize fields by default remove all attributes outside of a
whitelist (if sanitize_attributes on field is not set to false).

This prevent to use parallax widget in Html sanitized field since
attribute "data-scroll-background-ratio" define parallax effect speed
but was not in whitelist.

note: also keep data-interval for gallery widget

opw-2053983
closes #35961

Signed-off-by: Nicolas Lempereur (nle) <nle@odoo.com>

Typo of https://github.com/odoo/odoo/commit/b154e219f68cc378ba8cc9dedf1d48819cd8e87a



closes odoo/odoo#35937

Signed-off-by: Martin Trigaux (mat) <mat@odoo.com>

If you change the color of a link with the editor without using the link
edition menu, this do not work (which might be expected), but if the
text outside the font had been colorized, the font will be applied
outside of the link only.

This is unexpected since if we have: "hello <a>cruel</a> world!", if we
select only "cruel" and change color, the change only happen to "hello"
and "world!".

With this changeset, an anchor in the ancestor prevent to use an
ancestor font tag to change color (which prevent the issue).

opw-2044551
closes #35862

Signed-off-by: Nicolas Lempereur (nle) <nle@odoo.com>

Same cause, error, rationale and fix than 0ec0a4a3

#OneCharacterPatch, reloaded

opw-2056251

closes odoo/odoo#35857

Signed-off-by: Richard Mathot (rim) <rim@openerp.com>

In other words, when a field F depends on a non-stored field G, it also depends
on G's dependencies.  This guarantees that whenever a dependency of G is
modified, F will be invalidated and marked to recompute (if necessary).

The transitive closure of dependencies is not computed over stored fields.
Anyway stored fields already trigger the recomputation of their dependent
fields during their recomputation.  The performance impact on the loading of a
registry is negligible (less than 1%), and the increase of recomputation
triggers is small (less than 10%).

(cherry picked from commit 3fbd86bc)

opw-2033493

closes odoo/odoo#35636

Signed-off-by: Raphael Collet (rco) <rco@openerp.com>

Because of a whitespace character present at the beginning of the message_id of some mails,
they were fetched twice.

From the SQL side, we see that Outlook is formatting the header following the RFC822
by allowing the header to look like:

Header:<CRLF>
<whitespace><hash_of_msg_id>

From RFC822:
"Each header field can be viewed as a single, logical line of ASCII characters.
For convenience, the field-body portion of this conceptual entity can be split
into a multiple-line representation" (abr.)

It was also possible to find out by checking the logs.
One or two whitespace(s) can be seen before the hash of the msg_id.

The following commit is making sure we use and save the message_id without the whitespace
by stripping them off on the coming mail.

OPW-2006806

Applying CHS solution to avoid crash on empty header.

closes odoo/odoo#35682

Signed-off-by: bve-odoo <Abridbus@users.noreply.github.com>

In the planner the url are generated by prepare_backend_url that takes
an action's xml id as argument. The id passed should have the format
'module_name_where_the_action_is.action_name'. In this case the id passed
was product.product_template_action_product but the action is defined in
stock thus the prepare_backend_url was not able to find the associate action
and return a wrong(default) url.

This commit change the action id passed with the correct module.

closes odoo/odoo#18812

Signed-off-by: Arnold Moyaux <amoyaux@users.noreply.github.com>

Before this commit, the field intrastat_country_id was not propagated when refunding an invoice

After this commit, the refund invoice takes the same values for that field
as the invoice it is refunding

OPW 2028333

closes odoo/odoo#35309

Signed-off-by: Lucas Perais (lpe) <lpe@odoo.com>

closes odoo/odoo#35235

Signed-off-by: Martin Trigaux (mat) <mat@odoo.com>

https://docs.python.org/3/library/stdtypes.html#truth


By default, an object is considered true unless
its class defines either a __bool__() method that returns False
or a __len__() method that returns zero

Since etree elements are iterator, they define a len function.
However it turns out that customerProfileId has always no children.
So bool(find(x)) is always False; the intended meaning was find(x) is None.

opw 1999427

closes odoo/odoo#34922

Signed-off-by: Nans Lefebvre (len) <len@odoo.com>

closes odoo/odoo#35246

Signed-off-by: Nans Lefebvre (len) <len@odoo.com>

closes odoo/odoo#35156

Signed-off-by: Martin Trigaux (mat) <mat@odoo.com>

Before this commit, for the following view tree:
P (active)
|
I (inactive)
|
II (active)
When calling `customize_template_get()` on 'P', it would wrongly return 'II'.
It shouldn't, since its parent 'I' is inactive.

Step to reproduce:
- Go to /shop
- Enable ecommerce categories
- Enable Collapsible Cateogories
- Disable ecommerce categories
- Collapsible categories is still shown even if its parent got archived

Test writen in 12.0 with #35154

closes odoo/odoo#35155

Signed-off-by: Jérémy Kersten (jke) <jke@openerp.com>

This commit extends the changes introduced by 88de9311 to adapt
Odoo payment flows to the switch in transaction signature done
by Authorize.net.

The initial fix was not sufficient for flows that mixed redirection
payment flows and server-to-server flows (e.g. paying a quote with a
card that gets saved then using the token to pay for a subscription).

The problem comes from the fact that the server-to-server API uses
the API Transaction Key and API Login ID as credentials to authenticate
requests; there is no need for a signature since this data is never
publicly exposed on the website and a MITM is mitigated by the fact
that it would need to be done between the Odoo server and the
Authorize.net servers (both of which use https in a normal deployment)
which is admitedly more complex than doing a MITM on a Starbucks wifi.

On the other hand, the 'redirection' flow will include all transaction
parameters as inputs in an html form, therefore the signature is
required to ensure that the values have not been modified by a website
user or a mitm.

Since both flows can coexist on the same configuration, we cannot use
the same field depending on the payment flow configuration - we need
both fields to be stored for the provider.

This commit therefore has to introduce new fields on payment.acquirer
record that can store the signature key for authorize in addition to the
usual authorize fields. Instead of adding a new module, this commit uses
non-stored computed fields that will generate System Parameters entries
for any acquirer of the 'authorize' kind when set through the interface.

closes odoo/odoo#34670

Signed-off-by: Damien Bouvy (dbo) <dbo@odoo.com>

Fine tuning of 06d149a3
It appears that according to
https://www.nbb.be/doc/dq/f_pdf_ex/nieuwsbriefintrastat_n28_2018_fr.pdf


minimum weight  is 0.01, and that anything below should be rounded to 0.01

OPW 2031682

closes odoo/odoo#34951

Signed-off-by: Lucas Perais (lpe) <lpe@odoo.com>

Steps to reproduce the bug:

- Create an invoice I
- Set the invoice date in the past and  add payment terms
- Validate I
- Create refund from I

Bug:

The invoice date is set as today but the due date was set in the past.

opw:2033438

closes odoo/odoo#34748

Signed-off-by: Simon Goffin (sig) <sig@openerp.com>

During checkout, the user can create a new billing (only for public user as it
will create a 'normal' `res.partner`), a new shipping, edit its billing (that
will edit himself) or edit its shipping address.

All those cases will go through the exact same methods, public user and logged
in user included.

This previously led to multiple issues and multiple fixes to correctly set
`company_id` and `website_id` on the address (res.partner).

See 44372471 that fixed the `website_id` part.

See 3a0f05f3 that fixed the multi-company behavior, but needed 2ba71140 to not
modify the company of an already created partner, but was still incomplete as
after that fix a logged in user would still have the admin (sudo) company
instead of the website one as supposed.

This commit will fix that bug and add some tests for all mentionned issues.

Fixes #28853

Backport from odoo/odoo#34596

closes odoo/odoo#34689

Signed-off-by: Jérémy Kersten (jke) <jke@openerp.com>

When a pl promo code is applied, the code is shown in the promo code input.

Before this commit, if the user clicked on "Apply" (so with the same code) it
would remove the pl as it would go in the `if` condition that is supposed to
handle empty code modo to reset pl.

Coming from #34633

closes odoo/odoo#34734

Signed-off-by: Jérémy Kersten (jke) <jke@openerp.com>

Before this commit, values were rounded to the unit, which was part of the former specs
of the Intrastat report

After this commit, we make the intrastat 2019 comply with the new spec, which is to round
value, price and weight to two decimals

See the spec here: https://www.nbb.be/doc/dq/f_pdf_ex/nieuwsbriefintrastat_n28_2018_fr.pdf



OPW 2031682

closes odoo/odoo#34700

Signed-off-by: Lucas Perais (lpe) <lpe@odoo.com>

The patch fa492d87 has been backported
from Odoo 12.0, that runs on Python 3.

The string '\n\n({} {}, {} {})' to be formatted is a byte-string in
Python 2, while the return value of _() is always a unicode-string.

As format() is (too?) nice, it attempts to convert the unicode-strings
into ascii in order to inject them in the format pattern.
With some languages that are written in ascii, this works -- by chance.
When you use non-ascii languages like Japanese, it fails.

We then fix that issue by using unicode-strings in the formatting
pattern.

#OneCharacterPatch B-)

opw-2032016

-----------------------------

For full technical understanding:

Python 2.7.16 (default, Mar 11 2019, 18:59:25)
[GCC 8.2.1 20181127] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> '{}'.format('test')
'test'
>>> '{}'.format(u'test')
'test'
>>> '{}'.format(u'エ')
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
UnicodeEncodeError: 'ascii' codec can't encode character u'\u30a8' in position 0: ordinal not in range(128)
>>> u'{}'.format(u'エ')
u'\u30a8'

closes odoo/odoo#34698

Signed-off-by: Richard Mathot (rim) <rim@openerp.com>

If a browse record is empty, assigning a value will fail
Introduced at c04065ab

Closes odoo/odoo#34521

closes odoo/odoo#34654

Signed-off-by: Martin Trigaux (mat) <mat@odoo.com>

Before this commit, when a transaction has as status 'authorized', the
transactions' confirm page gives an error : 'Oops! There was a problem
with your payment.'

Now, the page gives the same message as when the transaction has the
status 'done' : 'Your payment was successful! It may take some time to
be validated on our end.'

opw-1984325

closes odoo/odoo#34652

Signed-off-by: Damien Bouvy (dbo) <dbo@odoo.com>

Backport somewhat improved version of this fix (we don't need to check
for the existing extension since we're not doing anything if there is
an extension at all) merged into later branches, to avoid forward-port
conflicts.

closes odoo/odoo#34509

Signed-off-by: Xavier Morel (xmo) <xmo@odoo.com>

 - mute logger to avoid logging bad queries
 - enforce fields strings

These changes will forbid tests to fail in following versions.

Fix/improve commit d870749d
that was removing line feed (\n).

In this one, we also remove carriage return (\r)
to address all cases.

closes odoo/odoo#34536

Signed-off-by: Nicolas Lempereur (nle) <nle@odoo.com>

The point was to fix files attachments without an extension,
potentially appending to existing extensions was not a smart idea.

See #34299, 5eb15c01

Detected with OPW 1920765

Reproduce : set multi-companies, install accounting. The due amount for all companies is the sum of the due amount for every single company

Cause : the context for company_id is not set in account.move.line:_query_get

Solution : set it in res.partner:_credit_debit_get in case _query_get is used elsewhere

closes odoo/odoo#30463

closes odoo/odoo#34486

Signed-off-by: Nans Lefebvre (len) <len@odoo.com>

Let contacts be shared in a multi-company setting.
Make a filter on 'Total receivable', e.g. greater than 0.
All contacts that correspond to this clause are show,
even if their Total receivable is nonzero in another company.
It follows that a partner can be shown by the filter with a value 0.

The inconsistency was created by 01718433, which adapted the compute method
to the multi-company setting, as before the two were summing all companies.

opw 2028660

When an `IntegrityError` is raised, the user receives a cryptic error
message which doesn't provide much valuable information in order to
solve the problem.

However, such an error is raised in 3 cases:
1. A mandatory field is not provided at creation/update.
2. The deletion of a record makes a mandatory Many2one field NULL on a
referenced table (`ON DELETE SET NULL` on a not nullable field).
3. The deletion of a record raises a `ON DELETE RESTRICT` foreign-key
constaints.

In the first and second cases, we provide the table and field on which
the `NOT NULL` constaint is raised. We also suggest to archive the
record in case of a deletion.

In the third case, we provide the table and the constraint raised. We
also suggest to archive the record.

Notes:
- The IDs of the records causing the issue is not provided since the
information is not provided by PostgreSQL.
- Although cases 2 and 3 have a different root cause, the error
message raised is very similar. Indeed, from an end-user perspective
the solution is identical: archive the record. Another solution would
also be to manually edit the records raising the error, but most of
the time this is not an option: these records are locked and cannot be
edited anymore.

task-1970853
Closes #32949

closes odoo/odoo#33922

Signed-off-by: Nicolas Martinelli (nim) <nim@odoo.com>


Co-authored-by: Sapan Zaveri <sza@odoo.com>
Co-authored-by: Pragya Ladda <pla@odoo.com>

It's currently possible for binary downloads to be missing an
extension entirely. Generate an extension from the mimetype and use
that. Also ensure the existing extension (if any) matches the
mimetype.

Warning: this may require adding new mimetype/extensions pairs to the
local mimetype database similar to
f413d155.

Also fix missing or incorrect filenames on records without a filename
field: in some Odoo versions the client would send a filename of
"null", resulting in a download of e.g. "null.pdf" instead of the
attachment or inferred name.

Task 2025716

closes odoo/odoo#34299

Signed-off-by: Xavier Morel (xmo) <xmo@odoo.com>

- Make a SO with a product that have a carriage return in its
description
- Export FEC report

The CSV contains new lines and is not correctly formatted.

opw-2026861

closes odoo/odoo#34385

Signed-off-by: Nicolas Martinelli (nim) <nim@odoo.com>

Backport of:

a3519638
fe9e7d47

opw-2026861

A special folder named `0.0.0` can contain scripts that are run on
upgrade of any version.
They are useful to make some sanity checks or other verifications to
ensure database consistency.

The first version of this patch used the more eye-catching `any` for
the migration folder, but it was problematic for upgrading from an older
version that doesn't contain this patch.

Using a version "number" containing two dots is required to avoid it
being prefixed with the server version (see `convert_version` method) and
resulting in a version like `10.0.any`.
Such version would have been executed, even without this patch, when
upgrading from an older major server version (9.0.1.0 < 10.0.any).

closes odoo/odoo#34268

Signed-off-by: Christophe Simonis <chs@odoo.com>

- Create 2 included taxes: 21 % and 6 %
- Create a product A with 21 % as default tax
- Create a fiscal position to map the tax 21 % to tax 6 %
- Allow the fiscal position in the POS
- Add product in a POS order
- Apply the fiscal position

The subtotal is not recomputed correctly. On the other hand, if the
fiscal is first set then the product added, there is no problem.

This is because the `fix_tax_included_price` is only called by
`add_product` and not when changing the fiscal position.

opw-2020755

closes odoo/odoo#34260

Signed-off-by: Nicolas Martinelli (nim) <nim@odoo.com>

Display extra information on error messages:
- Access error based on ACLs: user, fields (if applies)
- Access error based on record rules: user, ids
- Missing error: model, operation, user, ids

closes odoo/odoo#33945

Signed-off-by: Nicolas Martinelli (nim) <nim@odoo.com>


Co-authored-by: jev-odoo <jev@odoo.com>

DROP CONSTRAINT (even with IF EXISTS is specified) acquires an ACCESS
EXCLUSIVE lock on the table, preventing e.g. inserts in an other
transaction, so ir_logging would systematically deadlock if configured
to the same database and a warning would be triggered during install
or update (if that ran ir.logging's init).

1. hand-roll the "IF EXISTS" bit, to avoid taking an ACCESS EXCLUSIVE
lock on the table if the problematic constraint does not exist and
thus doesn't need to be dropped (which by now should be the vast
majority of cases).

Replacing DROP CONSTRAINT with DISABLE TRIGGER does not fix the
issue as *that* acquires SHARE ROW EXCLUSIVE. While that's less
constraitning than ACCESS EXCLUSIVE, it still conflicts with an
insert's ROW_EXCLUSIVE.

2. add a timeout to the logging INSERT anyway, the deadlock is still
an issue if we're updating a database which does have the
problematic constraint, and we want to preclude the possible
eventual introduction of new deadlocks in the future.

closes odoo/odoo#34243

Signed-off-by: Xavier Morel (xmo) <xmo@odoo.com>

As a convention, JPY currency symbol normally shows before the amount.

closes odoo/odoo#34113

Signed-off-by: Martin Trigaux (mat) <mat@odoo.com>

Stock.locations should be in no-update:
Limit the impact of recompute fields during the upgrade of stock module. (especially method _compute_product_availability)
Limit the impact on migration

Method _compute_product_availability is triggered during an upgrade of module and during migrations.
This may take a lot of time of big databases

closes odoo/odoo#34074

Signed-off-by: Nicolas Martinelli (nim) <nim@odoo.com>

In the Discuss app, using Chrome or IE11, try to send the same
attachment to different channels. The first attachment is correctly
detected but not the next ones.

The problem is due to a browser inconsistency, on firefox selecting the
same file in an `<input type=file>` triggers the `change` event. This is
not the case on Chrome/IE, selecting the same file doesn't triggers an
`onchange`.

opw-2006647

closes odoo/odoo#34076

Signed-off-by: Alexandre Kühn (aku) <aku@odoo.com>