Odoo Server (MOVED TO GITHUB)

Invoicing Analytic Account Entries Crash

Bug #327120 reported by paulkoan
4
Affects Status Importance Assigned to Milestone
Odoo Server (MOVED TO GITHUB)
Fix Released
Undecided
qdp (OpenERP)

Bug Description

When invoicing entries from an analytical account via:

Financial Management / Periodical Processing / Entries to Invoice / Uninvoiced Entries

If more than one entry is selected to generate an invoice, the traceback below is generated.

Steps to reproduce:

1) Create partner, product, analytical journal, analytical account, account

2) In Hours Encoding, make entries against the client for the product, in the analytical account, in the analytical journal, for the product, in the account.

3) Go to Uninvoiced Entries, select more than one entry, select Action, Invoice (leave default or select options)

4) Click "Create Invoices"

Traceback created:

[code]
Traceback (most recent call last):
  File "/usr/lib/python2.5/site-packages/openerp-server/netsvc.py", line 231, in dispatch
    result = LocalService(service_name)(method, *params)
  File "/usr/lib/python2.5/site-packages/openerp-server/netsvc.py", line 74, in __call__
    return getattr(self, method)(*params)
  File "/usr/lib/python2.5/site-packages/openerp-server/service/web_services.py", line 537, in execute
    return self._execute(db, uid, wiz_id, datas, action, context)
  File "/usr/lib/python2.5/site-packages/openerp-server/service/web_services.py", line 517, in _execute
    return wiz.execute(db, uid, self.wiz_datas[wiz_id], action, context)
  File "/usr/lib/python2.5/site-packages/openerp-server/wizard/__init__.py", line 178, in execute
    res = self.execute_cr(cr, uid, data, state, context)
  File "/usr/lib/python2.5/site-packages/openerp-server/wizard/__init__.py", line 83, in execute_cr
    res['action'] = result_def['action'](self, cr, uid, data, context)
  File "/usr/lib/python2.5/site-packages/openerp-server/addons/hr_timesheet_invoice/wizard/hr_timesheet_invoice_create.py", line 131, in _do_create
    cr.execute("SELECT * FROM account_analytic_line WHERE account_id = %s and id IN (%s) AND product_id=%s and to_invoice=%s", (account.id, ','.join(map(str,data['ids'])), product_id, factor_id))
  File "/usr/lib/python2.5/site-packages/openerp-server/sql_db.py", line 76, in wrapper
    return f(self, *args, **kwargs)
  File "/usr/lib/python2.5/site-packages/openerp-server/sql_db.py", line 118, in execute
    res = self._obj.execute(query, params)
ProgrammingError: invalid input syntax for integer: "34,33,35,29,21,22,12"
[/code]

qdp (OpenERP) (qdp)
Changed in openobject-server:
assignee: nobody → qdp
status: New → In Progress
qdp (OpenERP) (qdp)
Changed in openobject-server:
status: In Progress → Fix Released
Revision history for this message
paulkoan (c-launchpad-airbred-com) wrote :

Thanks for the quick response - this didn't actually fix it though. With the same data, the error is the same, but the id list is now split so that each id has a comma inserted between the first and second digit of the id:

ProgrammingError: invalid input syntax for integer: "3,43,33,52,92,12,21,2"

(should be: "34,33,35,29,21,22,12")

The original error is reported later on, as the query is passed to the object, and it looks correct - if you took it straight to SQL it would be managed fine:

SELECT * FROM account_analytic_line WHERE account_id = 2 and id IN (34,33,35,29,21,22,12) AND product_id=3 and to_invoice=1

I think the problem is that the query parameter gets quoted:

SELECT * FROM account_analytic_line WHERE account_id = 2 and id IN ('3,43,33,52,92,12,21,2') AND product_id=3 and to_invoice=1

(ignoring that the fix has caused the id list to be created incorrectly).

I think the problem must be further along, perhaps in the cursor code itself - it is quoting input perhaps where it shouldn't, perhaps as an injection protection mechanism?

If I de-parameterise it:

                str_ids=','.join(map(str,data['ids']))
# for x in data['ids']:
# str_ids += ','.join(str(x))
                cr.execute("SELECT * FROM account_analytic_line WHERE account_id = %s and id IN ("+str_ids+") AND product_id=%s and to_invoice=%s", (account.id, product_id, factor_id))

The invoice gets created (though without any pricing, which I suspect is a different problem).

Revision history for this message
Christophe Simonis (OpenERP) (kangol) wrote :

fixed

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.