19da54a7ae
Merge remote-tracking branch 'fixes/escape_ldap'
2026-04-15 19:37:31 +02:00
cde3888e17
Prevent LDAP injection in bind_user>get_object_details
2026-04-14 22:35:13 +02:00
224915bba1
Prevent XXE in epub/fb2/goodreads API
...
The lxml.etree.fromstring() function use the default XML parser, which resolves
external entities because XML handling defaults in Python sucks. There is no
need for such dangerous misfeatures in calibre-web, so let's disable it.
A user able to upload epub/fb2 could add something like this to the file:
```xml
<?xml version="1.0"?>
<!DOCTYPE foo [<!ENTITY xxe SYSTEM "file:///etc/passwd">]>
<container><rootfiles><rootfile full-path="&xxe;"/></rootfiles></container>
```
and obtain the content of the `/etc/passwd` file, which is bad™.
2026-04-14 22:12:57 +02:00
a6fdd8ab36
Updated testresults
...
Fix goodreads
Remove unused import
Limit number of routes for book pages
2025-11-22 15:06:40 +01:00
714c19f558
Some code cosmetics
2025-09-08 17:31:43 +02:00
4583fc8023
Python 3.13 compatibility
...
Code cosmetics
2025-03-30 12:03:12 +02:00
65a29ed4c9
Log exception for unhandled errors in background tasks
2025-03-30 08:58:56 +02:00
78d45f0208
Remove tzlocal warning
...
Updated requirements
2024-09-16 17:25:37 +02:00
64e4a1155c
Code cosmetics
...
Bugfix missing bleach tags (#3080 )
Bugfix pdfreader
2024-06-20 19:12:46 +02:00
ab11919c0b
Merge remote-tracking branch 'Synctoken/fix/kobo-sync-token'
2024-05-12 17:56:49 +02:00
6f60ec7b99
Change order of imports for goodreads to make import error message clear agan
2024-05-11 18:27:35 +02:00
7e85894b3a
Bugfix for goodreads (html formated info for authors now visible)
2024-05-11 07:10:41 +02:00
c8c3b3cba3
Fix for goodreads not working anymore (due to blocked requests calls by goodreads.com)
2024-05-10 15:24:24 +02:00
25a875b628
Fix for goodreads blocking "requests"
2024-05-10 09:42:44 +02:00
b1d7badef4
fix: change b64-encoded token to unicode string
2024-05-02 03:06:53 -04:00
51d306b11d
chore: fix some typos in comments
...
Signed-off-by: growfrow <growfrow@outlook.com >
2024-04-20 20:49:56 +02:00
c3fc125501
Added command line option or overwriting limiter backend
...
Added logger functions to remove newlines in messages
CalibreTask has now a default name
2024-02-25 16:02:01 +01:00
885d914f18
Update tornado to 6.2
...
Remove unneeded imports from jsonschema for synctoken
Update optional requirements
Remove invalid direction arrows in comic reader
2023-08-28 18:06:32 +02:00
1c8bc78b48
Improvements for sqlalchemy 2
2023-04-13 19:01:53 +02:00
bde36e3cd4
Bugfix for logging ldap debug messages with non stream logfile
2023-03-26 13:17:02 +02:00
9646b6e2dd
Enable debug output for ldap login
2023-03-26 11:29:54 +02:00
6afb429185
Stop Scheduler also on reboot
2023-01-29 09:53:02 +01:00
508e2b4d0a
Merge branch 'master' into Develop
...
# Conflicts:
# cps/admin.py
# cps/config_sql.py
# cps/search.py
# cps/templates/admin.html
# cps/web.py
# setup.cfg
# test/Calibre-Web TestSummary_Linux.html
2023-01-28 18:52:50 +01:00
e178efb58c
Update for #2653 (AP Scheduler triggers are function calls and not strings anymore)
2023-01-15 13:49:16 +01:00
3bde8a5d95
Encrypt passwords
2022-07-02 17:45:24 +02:00
2e007a160e
reenable startup logging
...
Bugfixes from refactoring and merge
2022-04-26 14:45:06 +02:00
ae9a970782
Add button to update cover cache (for usecase sideloaded changed cover)
...
Bugfix logig start background schedue
2022-04-25 08:24:14 +02:00
069dc2766f
Update optional-requirements
...
Bugfix with serializing tasks
Bugfix order of tasks (id was used instead of task_id)
Code cosmetics
2022-04-23 20:03:59 +02:00
2f5b9e41ac
Reduce number visible System tasks in Tasks list
2022-04-22 20:31:03 +02:00
5070cc4c23
Merge branch 'master' into cover_thumbnail
2022-03-21 19:02:14 +01:00
0d49b56883
Update gmail.json location
2022-03-21 18:50:02 +01:00
c0d0660986
Added names for jobs to make log more readable
...
Bugfix logging delete thumbnail
2022-03-20 19:55:46 +01:00
d9a83e0638
Merge branch 'master' into cover_thumbnail
...
# Conflicts:
# cps/editbooks.py
# cps/helper.py
# cps/web.py
# test/Calibre-Web TestSummary_Linux.html
2022-03-14 19:41:47 +01:00
4379669cf8
Database error is more detailed
...
renamed debug_or_exception to error_or_exception
2022-03-12 17:14:54 +01:00
4a0dde0371
Merge remote-tracking branch 'cover_images/thumbnails' into cover_thumbnail
...
# Conflicts:
# cps/admin.py
# cps/config_sql.py
# cps/helper.py
# cps/tasks/upload.py
# cps/updater.py
# cps/web.py
2022-02-08 19:55:20 +01:00
3123a914a4
Updated test results
...
Fix updater
Added comment regarding code taken from calibre source
2022-01-30 11:15:14 +01:00
4f3c396450
Merge remote-tracking branch 'lubimyczytac/add_lubimyczytac.pl_meta_provider' into Develop
...
# Conflicts:
# optional-requirements.txt
2022-01-27 18:37:02 +01:00
50bb74d748
Add CSRF support for schedule task settings, fixed details page not loading
2022-01-27 00:35:45 -06:00
18ce310b30
Merge branch Develop into thumbnails
2022-01-26 23:51:50 -06:00
127bf98aac
Merge branch 'master' into Develop
...
# Conflicts:
# cps/templates/detail.html
# test/Calibre-Web TestSummary_Linux.html
2022-01-23 17:51:54 +01:00
20b5a9a2c0
Merge branch 'master' into add_lubimyczytac.pl_meta_provider
2022-01-13 10:49:51 +01:00
47f5e2ffb4
Remove python2 urllib imports
...
Fix for "javascript:" script links in identifier
2021-12-30 14:45:31 +01:00
2e815147fb
Merge branch 'master' into Develop
...
# Conflicts:
# cps/kobo_sync_status.py
# test/Calibre-Web TestSummary_Linux.html
2021-12-19 10:29:56 +01:00
51bf35c2e4
unify scholar
2021-12-13 17:21:41 +01:00
d64589914f
add series, languages and isbn to google provider
2021-12-13 15:14:19 +01:00
362fdc5716
run lubimyczytac detail pages in threadpool
2021-12-13 02:14:53 +01:00
d55626d445
refactor and cleaning
2021-12-13 01:23:03 +01:00
42bf40d7bb
Change 2 timestamps to utctime
2021-12-12 19:54:17 +01:00
7d67168a4a
Update test result
2021-12-06 20:27:25 +01:00
91a21ababe
Allow download of archived books
2021-12-04 11:16:33 +01:00
Ozzie Isaacs