This commit is contained in:
cbartondock 2021-11-21 09:23:52 -05:00
commit f58c5bee1c
48 changed files with 7167 additions and 4744 deletions

View File

@ -23,7 +23,7 @@ To receive fixes for security vulnerabilities it is required to always upgrade t
| V 0.6.13|JavaScript could get executed in the description series, categories or publishers title|| | V 0.6.13|JavaScript could get executed in the description series, categories or publishers title||
| V 0.6.13|JavaScript could get executed in the shelf title|| | V 0.6.13|JavaScript could get executed in the shelf title||
| V 0.6.13|Login with the old session cookie after logout. Thanks to @ibarrionuevo|| | V 0.6.13|Login with the old session cookie after logout. Thanks to @ibarrionuevo||
| V 0.6.14|CSRF was possible. Thanks to @mik317 and Hagai Wechsler (WhiteSource) || | V 0.6.14|CSRF was possible. Thanks to @mik317 and Hagai Wechsler (WhiteSource) |CVE-2021-25965|
| V 0.6.14|Cross-Site Scripting vulnerability on typeahead inputs. Thanks to @notdodo|| | V 0.6.14|Cross-Site Scripting vulnerability on typeahead inputs. Thanks to @notdodo||

View File

@ -1575,7 +1575,7 @@ def edit_user(user_id):
if not content or (not config.config_anonbrowse and content.name == "Guest"): if not content or (not config.config_anonbrowse and content.name == "Guest"):
flash(_(u"User not found"), category="error") flash(_(u"User not found"), category="error")
return redirect(url_for('admin.admin')) return redirect(url_for('admin.admin'))
languages = calibre_db.speaking_language() languages = calibre_db.speaking_language(return_all_languages=True)
translations = babel.list_translations() + [LC('en')] translations = babel.list_translations() + [LC('en')]
kobo_support = feature_support['kobo'] and config.config_kobo_sync kobo_support = feature_support['kobo'] and config.config_kobo_sync
if request.method == "POST": if request.method == "POST":

View File

@ -612,7 +612,7 @@ class CalibreDB():
return self.session.query(Data).filter(Data.book == book_id).filter(Data.format == file_format).first() return self.session.query(Data).filter(Data.book == book_id).filter(Data.format == file_format).first()
# Language and content filters for displaying in the UI # Language and content filters for displaying in the UI
def common_filters(self, allow_show_archived=False): def common_filters(self, allow_show_archived=False, return_all_languages=False):
if not allow_show_archived: if not allow_show_archived:
archived_books = ( archived_books = (
ub.session.query(ub.ArchivedBook) ub.session.query(ub.ArchivedBook)
@ -625,10 +625,10 @@ class CalibreDB():
else: else:
archived_filter = true() archived_filter = true()
if current_user.filter_language() != "all": if current_user.filter_language() == "all" or return_all_languages:
lang_filter = Books.languages.any(Languages.lang_code == current_user.filter_language())
else:
lang_filter = true() lang_filter = true()
else:
lang_filter = Books.languages.any(Languages.lang_code == current_user.filter_language())
negtags_list = current_user.list_denied_tags() negtags_list = current_user.list_denied_tags()
postags_list = current_user.list_allowed_tags() postags_list = current_user.list_allowed_tags()
neg_content_tags_filter = false() if negtags_list == [''] else Books.tags.any(Tags.name.in_(negtags_list)) neg_content_tags_filter = false() if negtags_list == [''] else Books.tags.any(Tags.name.in_(negtags_list))
@ -796,18 +796,19 @@ class CalibreDB():
return result[offset:limit_all], result_count, pagination return result[offset:limit_all], result_count, pagination
# Creates for all stored languages a translated speaking name in the array for the UI # Creates for all stored languages a translated speaking name in the array for the UI
def speaking_language(self, languages=None): def speaking_language(self, languages=None, return_all_languages=False, reverse_order=False):
from . import get_locale from . import get_locale
if not languages: if not languages:
languages = self.session.query(Languages) \ languages = self.session.query(Languages) \
.join(books_languages_link) \ .join(books_languages_link) \
.join(Books) \ .join(Books) \
.filter(self.common_filters()) \ .filter(self.common_filters(return_all_languages=return_all_languages)) \
.group_by(text('books_languages_link.lang_code')).all() .group_by(text('books_languages_link.lang_code')).all()
for lang in languages: for lang in languages:
lang.name = isoLanguages.get_language_name(get_locale(), lang.lang_code) lang.name = isoLanguages.get_language_name(get_locale(), lang.lang_code)
return languages return sorted(languages, key=lambda x: x.name, reverse=reverse_order)
def update_title_sort(self, config, conn=None): def update_title_sort(self, config, conn=None):
# user defined sort function for calibre databases (Series, etc.) # user defined sort function for calibre databases (Series, etc.)

View File

@ -114,7 +114,7 @@ def search_objects_add(db_book_object, db_type, input_elements):
type_elements = c_elements.value type_elements = c_elements.value
else: else:
type_elements = c_elements.name type_elements = c_elements.name
if inp_element.lower() == type_elements.lower(): # Lowercase check if inp_element == type_elements:
found = True found = True
break break
if not found: if not found:

View File

@ -112,6 +112,7 @@ LANGUAGE_NAMES = {
"elx": "elamština", "elx": "elamština",
"eng": "Angličtina", "eng": "Angličtina",
"enm": "Angličtina; středověká (1100-1500)", "enm": "Angličtina; středověká (1100-1500)",
"enu": "Enu",
"epo": "esperanto", "epo": "esperanto",
"est": "estonština", "est": "estonština",
"eus": "baskičtina", "eus": "baskičtina",
@ -533,6 +534,7 @@ LANGUAGE_NAMES = {
"elx": "Elamisch", "elx": "Elamisch",
"eng": "Englisch", "eng": "Englisch",
"enm": "Mittelenglisch", "enm": "Mittelenglisch",
"enu": "Enu",
"epo": "Esperanto", "epo": "Esperanto",
"est": "Estnisch", "est": "Estnisch",
"eus": "Baskisch", "eus": "Baskisch",
@ -945,6 +947,7 @@ LANGUAGE_NAMES = {
"eka": "Ekajuk", "eka": "Ekajuk",
"elx": "Elamite", "elx": "Elamite",
"eng": "Αγγλικά", "eng": "Αγγλικά",
"enu": "Enu",
"myv": "Erzya", "myv": "Erzya",
"epo": "Εσπεράντο", "epo": "Εσπεράντο",
"est": "Εσθονικά", "est": "Εσθονικά",
@ -1330,6 +1333,7 @@ LANGUAGE_NAMES = {
"elx": "Elamita", "elx": "Elamita",
"eng": "Inglés", "eng": "Inglés",
"enm": "Inglés medio (1100-1500)", "enm": "Inglés medio (1100-1500)",
"enu": "Enu",
"epo": "Esperanto", "epo": "Esperanto",
"est": "Estonio", "est": "Estonio",
"eus": "Vasco", "eus": "Vasco",
@ -1751,6 +1755,7 @@ LANGUAGE_NAMES = {
"elx": "elami", "elx": "elami",
"eng": "englanti", "eng": "englanti",
"enm": "keskienglanti", "enm": "keskienglanti",
"enu": "Enu",
"epo": "esperanto", "epo": "esperanto",
"est": "viro", "est": "viro",
"eus": "baski", "eus": "baski",
@ -2172,6 +2177,7 @@ LANGUAGE_NAMES = {
"elx": "élamite", "elx": "élamite",
"eng": "anglais", "eng": "anglais",
"enm": "anglais moyen (1100-1500)", "enm": "anglais moyen (1100-1500)",
"enu": "enu",
"epo": "espéranto", "epo": "espéranto",
"est": "estonien", "est": "estonien",
"eus": "basque", "eus": "basque",
@ -2593,6 +2599,7 @@ LANGUAGE_NAMES = {
"elx": "elamita", "elx": "elamita",
"eng": "angol", "eng": "angol",
"enm": "angol; középkori (1100-1500)", "enm": "angol; középkori (1100-1500)",
"enu": "Enu",
"epo": "eszperantó", "epo": "eszperantó",
"est": "észt", "est": "észt",
"eus": "Baszk", "eus": "Baszk",
@ -3014,6 +3021,7 @@ LANGUAGE_NAMES = {
"elx": "Elamitico", "elx": "Elamitico",
"eng": "Inglese", "eng": "Inglese",
"enm": "Inglese medio (1100-1500)", "enm": "Inglese medio (1100-1500)",
"enu": "Enu",
"epo": "Esperanto", "epo": "Esperanto",
"est": "Estone", "est": "Estone",
"eus": "Basco", "eus": "Basco",
@ -3435,6 +3443,7 @@ LANGUAGE_NAMES = {
"elx": "エラム語", "elx": "エラム語",
"eng": "英語", "eng": "英語",
"enm": "英語; 中世 (1100-1500)", "enm": "英語; 中世 (1100-1500)",
"enu": "Enu",
"epo": "エスペラント", "epo": "エスペラント",
"est": "エストニア語", "est": "エストニア語",
"eus": "バスク語", "eus": "バスク語",
@ -3856,6 +3865,7 @@ LANGUAGE_NAMES = {
"elx": "Elamite", "elx": "Elamite",
"eng": "English", "eng": "English",
"enm": "English; Middle (1100-1500)", "enm": "English; Middle (1100-1500)",
"enu": "Enu",
"epo": "Esperanto", "epo": "Esperanto",
"est": "Estonian", "est": "Estonian",
"eus": "Basque", "eus": "Basque",
@ -4277,6 +4287,7 @@ LANGUAGE_NAMES = {
"elx": "Elamitisch", "elx": "Elamitisch",
"eng": "Engels", "eng": "Engels",
"enm": "Engels; middel (1100-1500)", "enm": "Engels; middel (1100-1500)",
"enu": "Enu",
"epo": "Esperanto", "epo": "Esperanto",
"est": "Estlands", "est": "Estlands",
"eus": "Baskisch", "eus": "Baskisch",
@ -4698,6 +4709,7 @@ LANGUAGE_NAMES = {
"elx": "elamicki", "elx": "elamicki",
"eng": "Angielski", "eng": "Angielski",
"enm": "angielski średniowieczny (1100-1500)", "enm": "angielski średniowieczny (1100-1500)",
"enu": "Enu",
"epo": "esperanto", "epo": "esperanto",
"est": "estoński", "est": "estoński",
"eus": "baskijski", "eus": "baskijski",
@ -5110,6 +5122,7 @@ LANGUAGE_NAMES = {
"eka": "Ekajuk", "eka": "Ekajuk",
"elx": "Elamite", "elx": "Elamite",
"eng": "Inglês", "eng": "Inglês",
"enu": "Enu",
"myv": "Erzya", "myv": "Erzya",
"epo": "Esperanto", "epo": "Esperanto",
"est": "Estónio", "est": "Estónio",
@ -5493,6 +5506,7 @@ LANGUAGE_NAMES = {
"elx": "Эламский", "elx": "Эламский",
"eng": "Английский", "eng": "Английский",
"enm": "Среднеанглийский (1100-1500)", "enm": "Среднеанглийский (1100-1500)",
"enu": "Enu",
"epo": "Эсперанто", "epo": "Эсперанто",
"est": "Эстонский", "est": "Эстонский",
"eus": "Баскский", "eus": "Баскский",
@ -5914,6 +5928,7 @@ LANGUAGE_NAMES = {
"elx": "Elamitiska", "elx": "Elamitiska",
"eng": "Engelska", "eng": "Engelska",
"enm": "Medelengelska (1100-1500)", "enm": "Medelengelska (1100-1500)",
"enu": "Enu",
"epo": "Esperanto", "epo": "Esperanto",
"est": "Estniska", "est": "Estniska",
"eus": "Baskiska", "eus": "Baskiska",
@ -6326,6 +6341,7 @@ LANGUAGE_NAMES = {
"eka": "Ekajuk (Afrika)", "eka": "Ekajuk (Afrika)",
"elx": "Elamca", "elx": "Elamca",
"eng": "İngilizce", "eng": "İngilizce",
"enu": "Enu",
"myv": "Erzya dili", "myv": "Erzya dili",
"epo": "Esperanto", "epo": "Esperanto",
"est": "Estonca", "est": "Estonca",
@ -6709,6 +6725,7 @@ LANGUAGE_NAMES = {
"elx": "еламська", "elx": "еламська",
"eng": "англійська", "eng": "англійська",
"enm": "середньоанглійська (1100-1500)", "enm": "середньоанглійська (1100-1500)",
"enu": "ену",
"epo": "есперанто", "epo": "есперанто",
"est": "естонська", "est": "естонська",
"eus": "баскська", "eus": "баскська",
@ -7130,6 +7147,7 @@ LANGUAGE_NAMES = {
"elx": "埃兰语", "elx": "埃兰语",
"eng": "英语", "eng": "英语",
"enm": "英语中古1100-1500", "enm": "英语中古1100-1500",
"enu": "Enu",
"epo": "世界语", "epo": "世界语",
"est": "爱沙尼亚语", "est": "爱沙尼亚语",
"eus": "巴斯克语", "eus": "巴斯克语",
@ -7542,6 +7560,7 @@ LANGUAGE_NAMES = {
"eka": "Ekajuk", "eka": "Ekajuk",
"elx": "Elamite", "elx": "Elamite",
"eng": "英文", "eng": "英文",
"enu": "Enu",
"myv": "Erzya", "myv": "Erzya",
"epo": "世界語", "epo": "世界語",
"est": "愛沙尼亞文", "est": "愛沙尼亞文",
@ -7925,6 +7944,7 @@ LANGUAGE_NAMES = {
"elx": "Elamite", "elx": "Elamite",
"eng": "English", "eng": "English",
"enm": "English; Middle (1100-1500)", "enm": "English; Middle (1100-1500)",
"enu": "Enu",
"epo": "Esperanto", "epo": "Esperanto",
"est": "Estonian", "est": "Estonian",
"eus": "Basque", "eus": "Basque",

View File

@ -1,19 +1,35 @@
{% extends "layout.html" %} {% extends "layout.html" %}
{% block body %} {% block body %}
<h1>{{title}}</h1> <h1>{{title}}</h1>
<div class="filterheader hidden-xs">
<input type="hidden" name="csrf_token" value="{{ csrf_token() }}">
<div id="asc" data-order="{{ order }}" data-id="{{ data }}" class="btn btn-primary {% if order == 1 %} active{% endif%}"><span class="glyphicon glyphicon-sort-by-alphabet"></span></div>
<div id="desc" data-id="{{ data }}" class="btn btn-primary{% if order == 0 %} active{% endif%}"><span class="glyphicon glyphicon-sort-by-alphabet-alt"></span></div>
{% if charlist|length %}
<div id="all" class="active btn btn-primary {% if charlist|length > 9 %}hidden-sm{% endif %}">{{_('All')}}</div>
{% endif %}
<div class="btn-group character {% if charlist|length > 9 %}hidden-sm{% endif %}" role="group">
{% for char in charlist%}
<div class="btn btn-primary char">{{char}}</div>
{% endfor %}
</div>
</div>
<div class="container"> <div class="container">
<div class="col-xs-12 col-sm-6"> <div div id="list" class="col-xs-12 col-sm-6">
{% for lang in languages %} {% for lang in languages %}
{% if loop.index0 == (loop.length/2)|int and loop.length > 20 %} {% if loop.index0 == (loop.length/2)|int and loop.length > 20 %}
</div> </div>
<div class="col-xs-12 col-sm-6"> <div id="second" class="col-xs-12 col-sm-6">
{% endif %} {% endif %}
<div class="row"> <div class="row" data-id="{% if lang.name %}{{lang.name}}{% else %}{{lang[0].name}}{% endif %}">
<div class="col-xs-2 col-sm-2 col-md-1" align="left"><span class="badge">{{lang_counter[loop.index0].bookcount}}</span></div> <div class="col-xs-2 col-sm-2 col-md-1" align="left"><span class="badge">{{lang_counter[loop.index0].bookcount}}</span></div>
<div class="col-xs-10 col-sm-10 col-md-11"><a id="list_{{loop.index0}}" href="{{url_for('web.books_list', book_id=lang.lang_code, data=data, sort_param='new')}}">{{lang.name}}</a></div> <div class="col-xs-10 col-sm-10 col-md-11"><a id="list_{{loop.index0}}" href="{{url_for('web.books_list', book_id=lang.lang_code, data=data, sort_param='new')}}">{{lang.name}}</a></div>
</div> </div>
{% endfor %} {% endfor %}
</div> </div>
</div> </div>
{% endblock %} {% endblock %}
{% block js %}
<script src="{{ url_for('static', filename='js/filter_list.js') }}"></script>
{% endblock %}

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

View File

@ -62,27 +62,13 @@ searched_ids = {}
logged_in = dict() logged_in = dict()
def store_user_session():
if flask_session.get('_user_id', ""):
if logged_in.get(flask_session.get('_user_id', "")):
logged_in[flask_session.get('_user_id', "")].append(flask_session.get('_id', ""))
else:
logged_in[flask_session.get('_user_id', "")] = [flask_session.get('_id', "")]
log.info(flask_session.get('_id', ""))
def delete_user_session(user_id, session_key):
try:
logged_in.get(str(user_id), []).remove(session_key)
except ValueError:
pass
def check_user_session(user_id, session_key):
return session_key in logged_in.get(str(user_id), [])
def signal_store_user_session(object, user): def signal_store_user_session(object, user):
store_user_session() store_user_session()
def store_user_session(): def store_user_session():
if flask_session.get('user_id', ""):
flask_session['_user_id'] = flask_session.get('user_id', "")
if flask_session.get('_user_id', ""): if flask_session.get('_user_id', ""):
try: try:
if not check_user_session(flask_session.get('_user_id', ""), flask_session.get('_id', "")): if not check_user_session(flask_session.get('_user_id', ""), flask_session.get('_id', "")):

View File

@ -831,7 +831,7 @@ def list_books():
books = calibre_db.session.query(db.Books).filter(calibre_db.common_filters()).all() books = calibre_db.session.query(db.Books).filter(calibre_db.common_filters()).all()
entries = calibre_db.get_checkbox_sorted(books, state, off, limit, order) entries = calibre_db.get_checkbox_sorted(books, state, off, limit, order)
elif search: elif search:
entries, filtered_count, __ = calibre_db.get_search_results(search, off, order, limit, *join) entries, filtered_count, __ = calibre_db.get_search_results(search, off, [order,''], limit, *join)
else: else:
entries, __, __ = calibre_db.fill_indexpage((int(off) / (int(limit)) + 1), limit, db.Books, True, order, *join) entries, __, __ = calibre_db.fill_indexpage((int(off) / (int(limit)) + 1), limit, db.Books, True, order, *join)
@ -1012,30 +1012,25 @@ def formats_list():
@web.route("/language") @web.route("/language")
@login_required_if_no_ano @login_required_if_no_ano
def language_overview(): def language_overview():
if current_user.check_visibility(constants.SIDEBAR_LANGUAGE): if current_user.check_visibility(constants.SIDEBAR_LANGUAGE) and current_user.filter_language() == u"all":
charlist = list() if current_user.get_view_property('language', 'dir') == 'desc':
if current_user.filter_language() == u"all": order = db.Languages.lang_code.desc()
languages = calibre_db.speaking_language() order_no = 0
# ToDo: generate first character list for languages
else: else:
#try: order = db.Languages.lang_code.asc()
# cur_l = LC.parse(current_user.filter_language()) order_no = 1
#except UnknownLocaleError: charlist = list()
# cur_l = None languages = calibre_db.speaking_language(reverse_order=not order_no)
for lang in languages:
languages = calibre_db.session.query(db.Languages).filter( upper_lang = lang.name[0].upper()
db.Languages.lang_code == current_user.filter_language()).all() if upper_lang not in charlist:
languages[0].name = isoLanguages.get_language_name(get_locale(), languages[0].name.lang_code) charlist.append(upper_lang)
#if cur_l:
# languages[0].name = cur_l.get_language_name(get_locale())
#else:
# languages[0].name = _(isoLanguages.get(part3=languages[0].lang_code).name)
lang_counter = calibre_db.session.query(db.books_languages_link, lang_counter = calibre_db.session.query(db.books_languages_link,
func.count('books_languages_link.book').label('bookcount')).group_by( func.count('books_languages_link.book').label('bookcount')).group_by(
text('books_languages_link.lang_code')).all() text('books_languages_link.lang_code')).all()
return render_title_template('languages.html', languages=languages, lang_counter=lang_counter, return render_title_template('languages.html', languages=languages, lang_counter=lang_counter,
charlist=charlist, title=_(u"Languages"), page="langlist", charlist=charlist, title=_(u"Languages"), page="langlist",
data="language") data="language", order=order_no)
else: else:
abort(404) abort(404)

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff