1
0
mirror of https://github.com/janeczku/calibre-web synced 2024-12-01 05:49:58 +00:00
Commit Graph

1968 Commits

Author SHA1 Message Date
OzzieIsaacs
e1fbc9255c Merge remote-tracking branch 'sec_fixes/bump_underscore' 2020-05-10 10:26:01 +02:00
OzzieIsaacs
f33e25ac40 Merge remote-tracking branch 'sec_fixes/cookies_improvement' 2020-05-10 10:22:21 +02:00
OzzieIsaacs
51365ab006 Merge remote-tracking branch 'sec_fixes/strong_session_protection' 2020-05-10 10:21:19 +02:00
OzzieIsaacs
d61b7e48d7 Merge remote-tracking branch 'sec_fixes/random_password' 2020-05-10 10:18:40 +02:00
OzzieIsaacs
f590b24f85 Merge remote-tracking branch 'sec_fixes/https' 2020-05-10 10:17:36 +02:00
jvoisin
dd3b562f1a Change some links from http to https 2020-05-09 17:11:56 +02:00
jvoisin
264b4b669e Bump underscorejs version from 1.9.1 to 1.12.2 2020-05-09 16:54:21 +02:00
Ozzieisaacs
03d134697c Fix #1361 (covers of archived books not shown) 2020-05-09 16:36:08 +02:00
Ozzie Isaacs
e706e1a68d
Update CONTRIBUTING.md 2020-05-09 16:15:52 +02:00
Ozzieisaacs
ff3f42db95 Fix #1364 (translated format identifier)
Updated french Translation
2020-05-09 16:12:55 +02:00
Ozzie Isaacs
2bf6b263ed
correction of contribution guideline 2020-05-09 15:58:10 +02:00
jvoisin
bf166b757a Improve a bit the cookie's hardening
- Samesite for session cookies as well as the remember me ones
- Httponly
2020-05-09 14:42:28 +02:00
jvoisin
b4165335a7 Use strong sessions protection
See https://flask-login.readthedocs.io/en/latest/#session-protection for
details
2020-05-09 14:34:14 +02:00
jvoisin
2a1bf2fa71 Generate strong random passwords 2020-05-09 14:24:20 +02:00
Ozzieisaacs
189243a9b0 Merge remote-tracking branch 'publisher_sort/patch-1' 2020-05-08 15:04:45 +02:00
Ozzieisaacs
34e339c506 Merge remote-tracking branch 'it/patch-12' 2020-05-08 14:59:51 +02:00
Knepherbird
69fde7dead
Update web.py
Set db.Publishers query to order by name column, because publishers.sort column is empty.
2020-05-07 13:55:59 -07:00
Ozzieisaacs
6a6c1b6b21 Fix for #1358, #1355 2020-05-06 16:25:03 +02:00
Ozzieisaacs
51808d2ad4 Version Bump 2020-05-05 20:31:12 +02:00
Ozzieisaacs
0735fb1e92 Fix #1349 (Fix error on move cover with foreign file systems, e.g. samba shares)
Preparation for release
2020-05-05 20:28:10 +02:00
Ozzieisaacs
850a85915b Fix #1354 (Error on uploading single book, because of missing rarfile) 2020-05-05 18:48:40 +02:00
ElQuimm
148f1109c6
updated messages.po
just a little update for coherence with Read/da leggere -> Archived/da archiviare.
Sorry :-)
2020-05-04 20:56:58 +02:00
Ozzieisaacs
fcbeeca305 Merge remote-tracking branch 'it/patch-11' 2020-05-04 20:21:05 +02:00
Ozzieisaacs
fb16429867 Randomize flask secret_key 2020-05-04 19:02:03 +02:00
ElQuimm
db38d7ee78
Updated version of italian.po
:-)
2020-05-03 21:30:06 +02:00
OzzieIsaacs
36a984ce3c Revert proxyfix 2020-05-02 18:17:52 +02:00
Ozzieisaacs
1ce432b136 Merge remote-tracking branch 'kobo/fix_covers_merge' 2020-05-02 09:34:24 +02:00
Michael Shavit
e0fbfa44a4 Fix issue with cover images introduced during the merge of #1277. 2020-05-02 01:55:14 -04:00
Ozzieisaacs
547bbecef1 Merge branch 'master' into Develop 2020-05-01 17:16:28 +02:00
Ozzieisaacs
700cb3b553 Merge remote-tracking branch 'NL/master'
Updated all strings
2020-05-01 17:15:59 +02:00
Ozzieisaacs
8646f8f23a Merge branch 'Develop'
# Conflicts:
#	cps/__init__.py
2020-05-01 14:51:54 +02:00
OzzieIsaacs
99cc69c67d Update Teststatus 2020-05-01 14:38:54 +02:00
OzzieIsaacs
2c5d76908a Added missing upload format 2020-05-01 13:34:16 +02:00
Ozzieisaacs
832b34fc54 Improved errorhandling for resending password
Improved errorhandling for editing user
2020-05-01 12:00:45 +02:00
Ozzieisaacs
000b85ff81 Fixes for deleting books(error handling and user feedback) 2020-05-01 10:26:35 +02:00
Ozzieisaacs
bb317d54f2 Fix reject reset password without configured email server 2020-05-01 08:37:54 +02:00
Ozzieisaacs
d6f41d8dc0 Fix error 404 on reset password (Fix #1342) 2020-05-01 08:33:50 +02:00
Marcel
6dff5ed679
NL language update 2020-04-30 21:30:50 +02:00
OzzieIsaacs
fb8b6310d5 Fix from tests 2020-04-30 20:58:01 +02:00
Ozzieisaacs
02aaf17ac5 Fix #1339 (Proxyfix import with old werkzeug versions causes traceback) 2020-04-30 19:21:08 +02:00
Ozzieisaacs
b160a8de0b Merge branch 'master' into Develop
# Conflicts:
#	cps/__init__.py
#	cps/comic.py
#	cps/editbooks.py
#	cps/helper.py
#	cps/kobo.py
#	cps/translations/nl/LC_MESSAGES/messages.mo
#	cps/translations/nl/LC_MESSAGES/messages.po
#	cps/ub.py
#	cps/uploader.py
#	cps/web.py
2020-04-30 18:08:28 +02:00
Ozzieisaacs
e3246fd751 Merge remote-tracking branch 'key' 2020-04-30 17:29:41 +02:00
Ozzieisaacs
91b1775f50 Fix #1225 (Unrar binary added, cover files from cbr files can be extracted) 2020-04-29 19:02:35 +02:00
Ozzieisaacs
fb18ab1ca5 Fix #866 (Recent book sidebar element can't be removed anymore) 2020-04-29 18:57:39 +02:00
Ozzieisaacs
01ff55c84e Removed non working filters for search 2020-04-29 17:57:53 +02:00
jvoisin
523aab2e9e Don't use an hardcoded session key
This fixes a trivial authentication bypass,
according to https://flask.palletsprojects.com/en/1.1.x/quickstart/#sessions
2020-04-29 13:59:34 +02:00
Ozzieisaacs
9a7d9da654 Merge remote-tracking branch 'js_caliblur/xss' 2020-04-29 12:08:51 +02:00
Ozzieisaacs
e9446556a1 Merge remote-tracking branch 'ru/master' 2020-04-29 12:06:35 +02:00
jvoisin
806a5f209f Fix two minor xss 2020-04-29 11:33:33 +02:00
ZIzA
c864b368b0
Russian language update 2020-04-29 01:30:14 +04:00