calibre-web/cps/web.py at ea567fcbf0a2d696cb2b51f87dd7563bc23015fc

mirror of https://github.com/janeczku/calibre-web synced 2026-06-07 13:12:12 +00:00

Files

T

jvoisin 84777319d7 Fix access bypass on /show/ (serve_book)

The `serve_book` function uses `get_book()` which performs no access filtering:
it simply fetches by ID. Compare with `read_book` at web.py:1562 which
correctly uses `get_filtered_book()`. The `common_filters()` function enforces
per-user tag restrictions, language restrictions, and hidden-book rules.

2026-04-14 23:05:18 +02:00

81 KiB

Raw Blame History

View Raw

81 KiB Raw Blame History

81 KiB

Raw Blame History