1
0
mirror of https://github.com/janeczku/calibre-web synced 2024-12-25 09:30:31 +00:00

Merge branch 'master' into Develop

(Fix for #3005 and #2993)
This commit is contained in:
Ozzie Isaacs 2024-02-25 20:07:40 +01:00
commit 23a8a4657d
4 changed files with 30 additions and 11 deletions

View File

@ -917,11 +917,15 @@ def list_restriction(res_type, user_id):
@admi.route("/ajax/fullsync", methods=["POST"]) @admi.route("/ajax/fullsync", methods=["POST"])
@login_required @login_required
def ajax_fullsync(): def ajax_self_fullsync():
count = ub.session.query(ub.KoboSyncedBooks).filter(current_user.id == ub.KoboSyncedBooks.user_id).delete() return do_full_kobo_sync(current_user.id)
message = _("{} sync entries deleted").format(count)
ub.session_commit(message)
return Response(json.dumps([{"type": "success", "message": message}]), mimetype='application/json') @admi.route("/ajax/fullsync/<int:userid>", methods=["POST"])
@login_required
@admin_required
def ajax_fullsync(userid):
return do_full_kobo_sync(userid)
@admi.route("/ajax/pathchooser/") @admi.route("/ajax/pathchooser/")
@ -931,6 +935,13 @@ def ajax_pathchooser():
return pathchooser() return pathchooser()
def do_full_kobo_sync(userid):
count = ub.session.query(ub.KoboSyncedBooks).filter(userid == ub.KoboSyncedBooks.user_id).delete()
message = _("{} sync entries deleted").format(count)
ub.session_commit(message)
return Response(json.dumps([{"type": "success", "message": message}]), mimetype='application/json')
def check_valid_read_column(column): def check_valid_read_column(column):
if column != "0": if column != "0":
if not calibre_db.session.query(db.CustomColumns).filter(db.CustomColumns.id == column) \ if not calibre_db.session.query(db.CustomColumns).filter(db.CustomColumns.id == column) \

View File

@ -621,8 +621,12 @@ $(function() {
"btnfullsync", "btnfullsync",
"GeneralDeleteModal", "GeneralDeleteModal",
$(this).data('value'), $(this).data('value'),
function(value){ function(userid) {
path = getPath() + "/ajax/fullsync" if (userid) {
path = getPath() + "/ajax/fullsync/" + userid
} else {
path = getPath() + "/ajax/fullsync"
}
$.ajax({ $.ajax({
method:"post", method:"post",
url: path, url: path,

View File

@ -67,7 +67,7 @@
<div class="btn btn-danger" id="config_delete_kobo_token" data-value="{{ content.id }}" data-remote="false" {% if not content.remote_auth_token.first() %} style="display: none;" {% endif %}>{{_('Delete')}}</div> <div class="btn btn-danger" id="config_delete_kobo_token" data-value="{{ content.id }}" data-remote="false" {% if not content.remote_auth_token.first() %} style="display: none;" {% endif %}>{{_('Delete')}}</div>
</div> </div>
<div class="form-group col"> <div class="form-group col">
<div class="btn btn-default" id="kobo_full_sync" data-value="{{ content.id }}" {% if not content.remote_auth_token.first() %} style="display: none;" {% endif %}>{{_('Force full kobo sync')}}</div> <div class="btn btn-default" id="kobo_full_sync" data-value="{% if current_user.role_admin() %}{{ content.id }}{% else %}0{% endif %}" {% if not content.remote_auth_token.first() %} style="display: none;" {% endif %}>{{_('Force full kobo sync')}}</div>
</div> </div>
{% endif %} {% endif %}
<div class="col-sm-6"> <div class="col-sm-6">

View File

@ -86,9 +86,13 @@ except ImportError:
@app.after_request @app.after_request
def add_security_headers(resp): def add_security_headers(resp):
csp = "default-src 'self'" default_src = ([host.strip() for host in config.config_trustedhosts.split(',') if host] +
csp += ''.join([' ' + host for host in config.config_trustedhosts.strip().split(',')]) ["'self'", "'unsafe-inline'", "'unsafe-eval'"])
csp += " 'unsafe-inline' 'unsafe-eval'; font-src 'self' data:; img-src 'self'" csp = "default-src " + ' '.join(default_src) + "; "
csp += "font-src 'self' data:"
if request.endpoint == "web.read_book":
csp += " blob:"
csp += "; img-src 'self'"
if request.path.startswith("/author/") and config.config_use_goodreads: if request.path.startswith("/author/") and config.config_use_goodreads:
csp += " images.gr-assets.com i.gr-assets.com s.gr-assets.com" csp += " images.gr-assets.com i.gr-assets.com s.gr-assets.com"
csp += " data:" csp += " data:"