-
Notifications
You must be signed in to change notification settings - Fork 23.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[FIX] base: ir_qweb_field:image: handle webp mimetype #161931
Conversation
13b02a4
to
6e19781
Compare
6e19781
to
a2bd9d8
Compare
@bso-odoo Hello, can i get a small review here ? cheers |
@kebeclibre I am not very familiar with Studio and reports, so I might not have tried the correct scenario.
=> The image does not show up in the generated PDF. I was indeed not aware of this |
@kebeclibre Ok, got it, I had to use |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In the commit message:
mentionned
=>mentioned
- aren't the lines supposed to be truncated at 72 columns (when possible) ?
a2bd9d8
to
d89d88f
Compare
I don't think it is in the same scope. For the /image there is still the possibility to manually wrap the src in image_data_uri. Besides, I'm not really sure if every use case for /image can be treated the same way. Other wise, changes done @bso-odoo @odoo/rd-security Can i get an override here ? There is one impacted line that triggers the security CI but the it is just a variable name. |
It's not "just a variable name":
So Here it's safe because it's given an in-memory file-like payload, so there's no way for a user to poke around (except at the image decoders). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@robodoo override=ci/security
See discussions on odoo#85494. TLDR: webp image format needs to be supported, but we should avoid going through the Pillow library as it is largely unsafe for that format. jpg attachment are created in JS at upload time. Wkhtmltopdf doesn't support webp, so, in reports, we should display one of those jpg copies. This work is handled by `ir.qweb: _get_converted_image_data_uri` which is used as: ```xml <img src="image_data_uri(some_b64value)" /> ``` The mentioned PR did not however adapt the ir.qweb.field.image that, when passed the option `qweb_img_raw_data` should return a base64 url such as `data:[mimetype],base64,[datas]`. usage: ```xml <span t-field="object.image_field" t-options-widget="'image'" t-options-qweb_img_raw_data="1" /> ``` Hence, before this commit, there was a crash as we tried to pass that value to PIL. After this commit, there is no crash, and the image displays correctly as JPG in the PDF opw-3859423
d89d88f
to
efe2227
Compare
@xmo-odoo changes done |
@robodoo r+ |
I'm sorry, @bso-odoo. I'm afraid I can't do that. |
@robodoo r+ |
See discussions on #85494. TLDR: webp image format needs to be supported, but we should avoid going through the Pillow library as it is largely unsafe for that format. jpg attachment are created in JS at upload time. Wkhtmltopdf doesn't support webp, so, in reports, we should display one of those jpg copies. This work is handled by `ir.qweb: _get_converted_image_data_uri` which is used as: ```xml <img src="image_data_uri(some_b64value)" /> ``` The mentioned PR did not however adapt the ir.qweb.field.image that, when passed the option `qweb_img_raw_data` should return a base64 url such as `data:[mimetype],base64,[datas]`. usage: ```xml <span t-field="object.image_field" t-options-widget="'image'" t-options-qweb_img_raw_data="1" /> ``` Hence, before this commit, there was a crash as we tried to pass that value to PIL. After this commit, there is no crash, and the image displays correctly as JPG in the PDF opw-3859423 closes #161931 Signed-off-by: Benoit Socias (bso) <bso@odoo.com>
@kebeclibre @bso-odoo this pull request has forward-port PRs awaiting action (not merged or closed): |
2 similar comments
@kebeclibre @bso-odoo this pull request has forward-port PRs awaiting action (not merged or closed): |
@kebeclibre @bso-odoo this pull request has forward-port PRs awaiting action (not merged or closed): |
See discussions on #85494. TLDR: webp image format needs to be supported, but we should avoid going through the Pillow library as it is largely unsafe for that format. jpg attachment are created in JS at upload time.
Wkhtmltopdf doesn't support webp, so, in reports, we should display one of those jpg copies This work is handled by
ir.qweb: _get_converted_image_data_uri
which is used as:The mentionned PR did not however adapt the ir.qweb.field.image that, when passed the option
qweb_img_raw_data
should return a base64 url such asdata:[mimetype],base64,[datas]
. usage:Hence, before this commit, there was a crash as we tried to pass that value to PIL.
After this commit, there is no crash, and the image displays correctly as JPG in the PDF
opw-3859423
Description of the issue/feature this PR addresses:
Current behavior before PR:
Desired behavior after PR is merged:
I confirm I have signed the CLA and read the PR guidelines at www.odoo.com/submit-pr