diff --git a/Changelog b/Changelog
index 43d3495f..fdadadf1 100644
--- a/Changelog
+++ b/Changelog
@@ -1,3 +1,6 @@
+2.13: 2020-12-02
+ * 8654: Fix 500 error on invoices list for the user contact+devuanhosting.com@virus.media (MR!742)
+ * 8593: Escape user's ssh key in xml-rpc call to create VM (MR!741)
2.12.1: 2020-07-21
* 8307: Introduce "Exclude vat calculations" for Generic Products (MR!740)
* Change DE VAT rate to 16% from 19% (MR!739)
diff --git a/datacenterlight/templatetags/custom_tags.py b/datacenterlight/templatetags/custom_tags.py
index 8003be0e..120cabbf 100644
--- a/datacenterlight/templatetags/custom_tags.py
+++ b/datacenterlight/templatetags/custom_tags.py
@@ -72,25 +72,29 @@ def get_line_item_from_hosting_order_charge(hosting_order_id):
:param hosting_order_id: the HostingOrder id
:return:
"""
- hosting_order = HostingOrder.objects.get(id = hosting_order_id)
- if hosting_order.stripe_charge_id:
- return mark_safe("""
- | {product_name} |
- {created_at} |
- {total} |
-
- {see_invoice_text}
- |
- """.format(
- product_name=hosting_order.generic_product.product_name.capitalize(),
- created_at=hosting_order.created_at.strftime('%Y-%m-%d'),
- total='%.2f' % (hosting_order.price),
- receipt_url=reverse('hosting:orders',
- kwargs={'pk': hosting_order.id}),
+ try:
+ hosting_order = HostingOrder.objects.get(id = hosting_order_id)
+ if hosting_order.stripe_charge_id:
+ return mark_safe("""
+ {product_name} |
+ {created_at} |
+ {total} |
+
+ {see_invoice_text}
+ |
+ """.format(
+ product_name=hosting_order.generic_product.product_name.capitalize(),
+ created_at=hosting_order.created_at.strftime('%Y-%m-%d'),
+ total='%.2f' % (hosting_order.price),
+ receipt_url=reverse('hosting:orders',
+ kwargs={'pk': hosting_order.id}),
- see_invoice_text=_("See Invoice")
- ))
- else:
+ see_invoice_text=_("See Invoice")
+ ))
+ else:
+ return ""
+ except Exception as ex:
+ logger.error("Error %s" % str(ex))
return ""
@@ -110,7 +114,7 @@ def get_line_item_from_stripe_invoice(invoice):
plan_name = ""
for line_data in invoice["lines"]["data"]:
if is_first:
- plan_name = line_data.plan.name
+ plan_name = line_data.plan.name if line_data.plan is not None else ""
start_date = line_data.period.start
end_date = line_data.period.end
is_first = False
diff --git a/hosting/forms.py b/hosting/forms.py
index 947cee44..8df2bd3e 100644
--- a/hosting/forms.py
+++ b/hosting/forms.py
@@ -2,6 +2,7 @@ import datetime
import logging
import subprocess
import tempfile
+import xml
from django import forms
from django.conf import settings
@@ -207,7 +208,7 @@ class UserHostingKeyForm(forms.ModelForm):
logger.debug(
"Not a correct ssh format {error}".format(error=str(cpe)))
raise forms.ValidationError(KEY_ERROR_MESSAGE)
- return openssh_pubkey_str
+ return xml.sax.saxutils.escape(openssh_pubkey_str)
def clean_name(self):
INVALID_NAME_MESSAGE = _("Comma not accepted in the name of the key")
diff --git a/hosting/views.py b/hosting/views.py
index 7f322e91..cc038d12 100644
--- a/hosting/views.py
+++ b/hosting/views.py
@@ -1,6 +1,7 @@
import logging
import uuid
from datetime import datetime
+from urllib.parse import quote
from time import sleep
import stripe
@@ -1313,7 +1314,7 @@ class InvoiceListView(LoginRequiredMixin, TemplateView):
if ('user_email' in self.request.GET
and self.request.user.email == settings.ADMIN_EMAIL):
user_email = self.request.GET['user_email']
- context['user_email'] = user_email
+ context['user_email'] = '%s' % quote(user_email)
logger.debug(
"user_email = {}".format(user_email)
)