From 7929711feaff76133f91183e66632196ff106f7f Mon Sep 17 00:00:00 2001 From: OzzieIsaacs Date: Tue, 8 Sep 2020 20:57:39 +0200 Subject: [PATCH] Improvements for file uploading format restriction --- cps/admin.py | 7 +++++-- cps/config_sql.py | 2 +- cps/editbooks.py | 4 ++-- cps/templates/layout.html | 2 +- 4 files changed, 9 insertions(+), 6 deletions(-) diff --git a/cps/admin.py b/cps/admin.py index 424a12b4..cd37ad80 100644 --- a/cps/admin.py +++ b/cps/admin.py @@ -641,8 +641,11 @@ def _configuration_update_helper(): _config_int(to_save, "config_external_port") _config_checkbox_int(to_save, "config_kobo_proxy") - _config_string(to_save, "config_upload_formats") - constants.EXTENSIONS_UPLOAD = [x.lstrip().rstrip() for x in config.config_upload_formats.split(',')] + if "config_upload_formats" in to_save: + to_save["config_upload_formats"] = ','.join( + helper.uniq([x.lstrip().rstrip().lower() for x in to_save["config_upload_formats"].split(',')])) + _config_string(to_save, "config_upload_formats") + constants.EXTENSIONS_UPLOAD = config.config_upload_formats.split(',') _config_string(to_save, "config_calibre") _config_string(to_save, "config_converterpath") diff --git a/cps/config_sql.py b/cps/config_sql.py index 3573abe7..d5c7b213 100644 --- a/cps/config_sql.py +++ b/cps/config_sql.py @@ -287,7 +287,7 @@ class _ConfigSQL(object): db_file = os.path.join(self.config_calibre_dir, 'metadata.db') have_metadata_db = os.path.isfile(db_file) self.db_configured = have_metadata_db - constants.EXTENSIONS_UPLOAD = [x.lstrip().rstrip() for x in self.config_upload_formats.split(',')] + constants.EXTENSIONS_UPLOAD = [x.lstrip().rstrip().lower() for x in self.config_upload_formats.split(',')] logfile = logger.setup(self.config_logfile, self.config_log_level) if logfile != self.config_logfile: log.warning("Log path %s not valid, falling back to default", self.config_logfile) diff --git a/cps/editbooks.py b/cps/editbooks.py index ded4ec15..eb72a628 100644 --- a/cps/editbooks.py +++ b/cps/editbooks.py @@ -504,7 +504,7 @@ def upload_single_file(request, book, book_id): if requested_file.filename != '': if '.' in requested_file.filename: file_ext = requested_file.filename.rsplit('.', 1)[-1].lower() - if file_ext not in constants.EXTENSIONS_UPLOAD: + if file_ext not in constants.EXTENSIONS_UPLOAD and '' not in constants.EXTENSIONS_UPLOAD: flash(_("File extension '%(ext)s' is not allowed to be uploaded to this server", ext=file_ext), category="error") return redirect(url_for('web.show_book', book_id=book.id)) @@ -754,7 +754,7 @@ def upload(): # check if file extension is correct if '.' in requested_file.filename: file_ext = requested_file.filename.rsplit('.', 1)[-1].lower() - if file_ext not in constants.EXTENSIONS_UPLOAD: + if file_ext not in constants.EXTENSIONS_UPLOAD and '' not in constants.EXTENSIONS_UPLOAD: flash( _("File extension '%(ext)s' is not allowed to be uploaded to this server", ext=file_ext), category="error") diff --git a/cps/templates/layout.html b/cps/templates/layout.html index e4ae2e30..e43801d3 100644 --- a/cps/templates/layout.html +++ b/cps/templates/layout.html @@ -64,7 +64,7 @@