diff --git a/frappe/__init__.py b/frappe/__init__.py index 788d6a16d110..698458fe4292 100644 --- a/frappe/__init__.py +++ b/frappe/__init__.py @@ -51,7 +51,7 @@ ) from .utils.lazy_loader import lazy_import -__version__ = "15.50.1" +__version__ = "15.51.0" __title__ = "Frappe Framework" # This if block is never executed when running the code. It is only used for diff --git a/frappe/desk/form/load.py b/frappe/desk/form/load.py index b19f4fb89e26..10fcf646e6c3 100644 --- a/frappe/desk/form/load.py +++ b/frappe/desk/form/load.py @@ -14,6 +14,7 @@ from frappe.model.utils.user_settings import get_user_settings from frappe.permissions import get_doc_permissions from frappe.utils.data import cstr +from frappe.utils.html_utils import clean_email_html if typing.TYPE_CHECKING: from frappe.model.document import Document @@ -258,6 +259,7 @@ def _get_communications(doctype, name, start=0, limit=20): communications = get_communication_data(doctype, name, start, limit) for c in communications: if c.communication_type in ("Communication", "Automated Message"): + clean_email_html(c.content) c.attachments = json.dumps( frappe.get_all( "File", diff --git a/frappe/desk/page/setup_wizard/setup_wizard.py b/frappe/desk/page/setup_wizard/setup_wizard.py index 4f3d7407ef87..0a5c1ae299b4 100755 --- a/frappe/desk/page/setup_wizard/setup_wizard.py +++ b/frappe/desk/page/setup_wizard/setup_wizard.py @@ -50,7 +50,7 @@ def setup_complete(args): if cint(frappe.db.get_single_value("System Settings", "setup_complete")): return {"status": "ok"} - args = parse_args(args) + args = parse_args(sanitize_input(args)) stages = get_setup_stages(args) is_background_task = frappe.conf.get("trigger_site_setup_in_background") @@ -253,6 +253,19 @@ def parse_args(args): # nosemgrep return args +def sanitize_input(args): + from frappe.utils import is_html, strip_html_tags + + if isinstance(args, str): + args = json.loads(args) + + for key, value in args.items(): + if is_html(value): + args[key] = strip_html_tags(value) + + return args + + def add_all_roles_to(name): user = frappe.get_doc("User", name) user.append_roles(*_get_default_roles()) diff --git a/frappe/geo/country_info.json b/frappe/geo/country_info.json index 1e4d4fa443e6..da385f51f72b 100644 --- a/frappe/geo/country_info.json +++ b/frappe/geo/country_info.json @@ -2599,6 +2599,8 @@ "currency_name": "Swedish Krona", "currency_symbol": "kr", "number_format": "#.###,##", + "date_format": "yyyy-mm-dd", + "time_format": "HH:mm", "timezones": [ "Europe/Stockholm" ], diff --git a/frappe/model/base_document.py b/frappe/model/base_document.py index 3560f354d9f2..e3050131b3c6 100644 --- a/frappe/model/base_document.py +++ b/frappe/model/base_document.py @@ -833,7 +833,7 @@ def get_msg(df, docname): frappe.throw(_("{0} must be set first").format(self.meta.get_label(df.options))) invalidate_distinct_link_doctypes(df.parent, df.options, doctype) - + # MySQL is case insensitive. Preserve case of the original docname in the Link Field. # get a map of values ot fetch along with this link query @@ -1319,11 +1319,11 @@ def get_value(self, fieldname): def cast(self, value, df): return cast_fieldtype(df.fieldtype, value, show_warning=False) - def _extract_images_from_text_editor(self): + def _extract_images_from_editor(self): from frappe.core.doctype.file.utils import extract_images_from_doc if self.doctype != "DocType": - for df in self.meta.get("fields", {"fieldtype": ("=", "Text Editor")}): + for df in self.meta.get("fields", {"fieldtype": ("in", ("Text Editor", "HTML Editor"))}): extract_images_from_doc(self, df.fieldname) diff --git a/frappe/model/document.py b/frappe/model/document.py index de4d2910bd9d..6672a08be79c 100644 --- a/frappe/model/document.py +++ b/frappe/model/document.py @@ -591,7 +591,7 @@ def _validate(self): self._fix_rating_value() self._validate_code_fields() self._sync_autoname_field() - self._extract_images_from_text_editor() + self._extract_images_from_editor() self._sanitize_content() self._save_passwords() self.validate_workflow() @@ -604,7 +604,7 @@ def _validate(self): d._fix_rating_value() d._validate_code_fields() d._sync_autoname_field() - d._extract_images_from_text_editor() + d._extract_images_from_editor() d._sanitize_content() d._save_passwords() if self.is_new(): diff --git a/frappe/utils/background_jobs.py b/frappe/utils/background_jobs.py index 626d0cab4982..35cfb5189696 100755 --- a/frappe/utils/background_jobs.py +++ b/frappe/utils/background_jobs.py @@ -231,6 +231,7 @@ def execute_job(site, method, event, job_name, kwargs, user=None, is_async=True, # 1213 = deadlock # 1205 = lock wait timeout # or RetryBackgroundJobError is explicitly raised + frappe.job.after_job.reset() frappe.destroy() time.sleep(retry + 1) @@ -252,6 +253,9 @@ def execute_job(site, method, event, job_name, kwargs, user=None, is_async=True, return retval finally: + if not hasattr(frappe.local, "site"): + frappe.init(site) + frappe.connect() for after_job_task in frappe.get_hooks("after_job"): frappe.call(after_job_task, method=method_name, kwargs=kwargs, result=retval) frappe.local.job.after_job.run() diff --git a/frappe/utils/data.py b/frappe/utils/data.py index 64d95b669e8b..5112b62f97c0 100644 --- a/frappe/utils/data.py +++ b/frappe/utils/data.py @@ -1911,6 +1911,11 @@ def _raise_exception(): # to avoid select, delete, drop, update and case elif any(keyword in column_name.split() for keyword in blacklisted_keywords): _raise_exception() + + elif any( + re.search(rf"\b{keyword}\b", column_name, re.IGNORECASE) for keyword in blacklisted_keywords + ): + _raise_exception() elif regex.match(column_name): _raise_exception()