Improve detection of scripting in reports
Closed, ResolvedPublic

Description

Right now (KReport master 02c85d28095284df) we have following defects:

  • error in logic checking if we have qtscript or javascript interpreter used
  • one error where report:interpreter name is used instead of report:script-interpreter
  • "script interpreter used" is checked only by looking at report:script/report:script-interpreter attr and report:script/report:script-interpreter/@text. The text is saved in d->originalScript. If it is empty, we consider there are no scripts and report:scrip element is not saved. => loss of design.
    • This is not OK, should be instead: look for report:item-data-source attributes of report elements and see if they values are value.trimmed().startsWith('='). Then if script interpreter isn't javascript/qtscript, display the usual warning.

Example 1:

  • FIXED

Report with python script. Note there is script code used in report:item-data-source. Warning should be displayed.

<!DOCTYPE kexireport>
<kexireport>
 <report:content xmlns:report="http://kexi-project.org/report/2.0" xmlns:fo="urn:oasis:names:tc:opendocument:xmlns:xsl-fo-compatible:1.0" xmlns:svg="urn:oasis:names:tc:opendocument:xmlns:svg-compatible:1.0">
  <report:title>Report</report:title>
  <report:script report:script-interpreter="python"></report:script>
  <report:grid report:grid-divisions="4" report:grid-snap="1" report:page-unit="cm" report:grid-visible="1"/>
  <report:page-style report:print-orientation="portrait" fo:margin-bottom="28.346505799999999pt" fo:margin-top="28.346505799999999pt" fo:margin-left="28.346505799999999pt" fo:margin-right="28.346505799999999pt" report:page-size="A4">predefined</report:page-style>
  <report:body>
   <report:detail>
    <report:section svg:height="77.952890950006235pt" fo:background-color="#ffffff" report:section-type="detail">
     <report:field report:item-data-source="=field.value(&quot;date&quot;)+&quot;\n&quot;+field.value(&quot;uptime&quot;)+&quot;\n&quot;+field.value(&quot;dns&quot;)+&quot;\n&quot;+field.value(&quot;connect&quot;)" report:name="field2" report:word-wrap="0" report:can-grow="1" report:horizontal-align="left" svg:x="7.086626450000000pt" svg:width="531.496983750085064pt" svg:y="7.086626450000000pt" report:vertical-align="center" svg:height="14.173252900002270pt" report:z-index="0">
      <report:text-style fo:letter-spacing="0%" style:letter-kerning="true" fo:font-size="11" fo:foreground-color="#000000" fo:font-family="Nokia Pure Text" fo:background-color="#ffffff" fo:background-opacity="100%"/>
      <report:line-style report:line-style="nopen" report:line-weight="1" report:line-color="#000000"/>
     </report:field>
    </report:section>
   </report:detail>
  </report:body>
 </report:content>
 <connection type="internal" source="_160237"/>
</kexireport>

Example 2

  • TODO?

Report saved without report:script because of defective logic. Note there still is script code used in report:item-data-source.

<!DOCTYPE kexireport>
<kexireport>
 <report:content xmlns:fo="urn:oasis:names:tc:opendocument:xmlns:xsl-fo-compatible:1.0" xmlns:svg="urn:oasis:names:tc:opendocument:xmlns:svg-compatible:1.0" xmlns:report="http://kexi-project.org/report/2.0">
  <report:title>Report</report:title>
  <report:grid report:grid-visible="1" report:grid-snap="1" report:grid-divisions="4" report:page-unit="cm"/>
  <report:page-style fo:margin-left="28.346505799999999pt" report:page-size="A4" fo:margin-top="28.346505799999999pt" report:print-orientation="portrait" fo:margin-bottom="28.346505799999999pt" fo:margin-right="28.346505799999999pt">predefined</report:page-style>
  <report:body>
   <report:detail>
    <report:section fo:background-color="#ffffff" report:section-type="detail" svg:height="77.952890950006235pt">
     <report:field report:horizontal-align="left" report:z-index="0" report:can-grow="1" report:value="" report:word-wrap="0" report:item-data-source="= field.value(&quot;date&quot;)+&quot;\n&quot;+field.value(&quot;uptime&quot;)+&quot;\n&quot;+field.value(&quot;dns&quot;)+&quot;\n&quot;+field.value(&quot;connect&quot;)" svg:width="531.496983750127583pt" svg:height="14.173252900003403pt" report:name="field2" report:vertical-align="center" svg:x="3.881451088374710pt" svg:y="7.062213858883440pt">
      <report:text-style fo:background-color="#ffffff" fo:font-size="11" fo:font-family="Nokia Pure Text" fo:foreground-color="#000000" style:letter-kerning="true" fo:background-opacity="100%" fo:letter-spacing="0%"/>
      <report:line-style report:line-style="nopen" report:line-color="#000000" report:line-weight="1"/>
     </report:field>
    </report:section>
   </report:detail>
  </report:body>
 </report:content>
 <connection type="internal" source="_160237"/>
</kexireport>

Details

Differential Revisions
D5700: Possible fix for T668
staniek created this task.Sep 2 2015, 10:38 AM
staniek updated the task description. (Show Details)
staniek raised the priority of this task from to Normal.
staniek claimed this task.
staniek added a subscriber: staniek.
staniek updated the task description. (Show Details)Sep 2 2015, 10:44 AM
staniek updated the task description. (Show Details)
staniek edited projects, added KEXI; removed Kexi: Porting to Qt 5.Oct 12 2016, 2:51 PM
staniek moved this task from Backlog to TODO 3.2 on the KEXI board.Oct 12 2016, 3:17 PM
piggz added a subscriber: piggz.May 2 2017, 9:31 PM

I cant see any use of script:interpreter attribute in master.

I can see how the script-interpreter wont be saved, I will prepare a fix for that.

Thanks Adam. Regarding test files I have some usda2.kexi file but it has python scripts rather than reports with python scripting, like your tutorial https://userbase.kde.org/Kexi/Tutorials/Reports/Kexi_Reports_for_Beginners. For testing I propose to change javascript to <report:script report:script-interpreter="python"> by hand in kexi__objectdata. I have no such files around :) I think contents of the script is not important because we're no longer interpreting that. Right?

I cant see any use of script:interpreter attribute in master.

I think it's correct and here we wonder about backward compatibility or just gentle handling of errors instead of just ignoring objects that are no longer supported. I can spot "interpreter" string in Kexi 2.8 code, the old plugins/reportspgz folder. KRReportData::KRReportData and ReportDesigner::document.

staniek moved this task from TODO 3.2 to In Progress on the KEXI board.May 8 2017, 8:39 PM
staniek moved this task from Backlog to In Progress on the KReport board.May 8 2017, 8:54 PM
staniek reassigned this task from staniek to piggz.May 8 2017, 8:57 PM
staniek closed this task as Resolved.
staniek reopened this task as Open.May 9 2017, 9:27 AM

@piggz Possible defect in KReport 3.0 (KREPORT_SCRIPTING=ON). To reproduce:

Create a new empty report, save it. Move to preview, move to design. Result:

Warning appears: This report contains scripts of type "". Only scripts written in JavaScript language are supported. To prevent losing the scripts, their type and content will not be changed unless you change these scripts.

OK, fixed in both branches...

piggz closed this task as Resolved.May 12 2017, 9:04 PM