[IMP] handling of overly large images in website image upload

bzr revid: xmo@openerp.com-20140204165823-q05aoq83q28b2hhg

addons/website/controllers/main.py

@@ -239,13 +239,20 @@ class Website(openerp.addons.web.controllers.main.Home):
 
     @http.route('/website/attach', type='http', auth='user', methods=['POST'], website=True)
     def attach(self, func, upload):
-        req = request.httprequest
 
         url = message = None
         try:
+            image_data = upload.read()
+            image = Image.open(cStringIO.StringIO(image_data))
+            w, h = image.size
+            if w*h > 42e6: # Nokia Lumia 1020 photo resolution
+                raise ValueError(
+                    u"Image size excessive, uploaded images must be smaller "
+                    u"than 42 million pixel")
+
             attachment_id = request.registry['ir.attachment'].create(request.cr, request.uid, {
                 'name': upload.filename,
-                'datas': upload.read().encode('base64'),
+                'datas': image_data.encode('base64'),
                 'datas_fname': upload.filename,
                 'res_model': 'ir.ui.view',
             }, request.context)
@@ -259,7 +266,7 @@ class Website(openerp.addons.web.controllers.main.Home):
             })
         except Exception, e:
             logger.exception("Failed to upload image to attachment")
-            message = str(e)
+            message = unicode(e)
 
         return """<script type='text/javascript'>
             window.parent['%s'](%s, %s);

addons/website/static/src/js/website.editor.js

@@ -1305,13 +1305,16 @@
          * Sets the provided image url as the dialog's value-to-save and
          * refreshes the preview element to use it.
          */
-        set_image: function (url) {
+        set_image: function (url, error) {
+            this.$('input.url').val(
+                error ? '' : url);
             this.$('input.url').val(url);
             this.preview_image();
         },
 
         file_selection: function () {
             this.$el.addClass('nosave');
+            this.$('form').removeClass('has-error').find('.help-block').empty();
             this.$('button.filepicker').removeClass('btn-danger btn-success');
 
             var self = this;
@@ -1326,12 +1329,15 @@
         },
         file_selected: function(url, error) {
             var $button = this.$('button.filepicker');
-            if (error) {
+            if (!error) {
+                $button.addClass('btn-success');
+            } else {
+                url = null;
+                this.$('form').addClass('has-error')
+                    .find('.help-block').text(error);
                 $button.addClass('btn-danger');
-                return;
             }
-            $button.addClass('btn-success');
-            this.set_image(url);
+            this.set_image(url, error);
         },
         preview_image: function () {
             var loaded = function () {
@@ -1353,6 +1359,8 @@
         },
         browse_existing: function (e) {
             e.preventDefault();
+            this.$('form').removeClass('has-error').find('.help-block').empty();
+            this.$('button.filepicker').removeClass('btn-danger btn-success');
             new website.editor.ExistingImageDialog(this).appendTo(document.body);
         },
     });

addons/website/static/src/xml/website.editor.xml

@@ -111,6 +111,7 @@
                                placeholder="http://openerp.com"/>
                     </div>
                     <input type="hidden" name="func"/>
+                    <div class="help-block"/>
                 </form>
                 <div class="col-sm-4 image-preview-container">
                     <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAACXBIWXMAAAsTAAALEwEAmpwYAAAAC0lEQVQIHWP4zwAAAgEBAMVfG14AAAAASUVORK5CYII%3D"