Merge branch 'master' into Develop

# Conflicts:
#	test/Calibre-Web TestSummary_Linux.html
This commit is contained in:
Ozzie Isaacs 2022-01-25 19:33:21 +01:00
commit d9d6fb33ba
6 changed files with 18 additions and 14 deletions

View File

@ -29,6 +29,9 @@ To receive fixes for security vulnerabilities it is required to always upgrade t
| V 0.6.15 | Cross-Site Scripting vulnerability on uploaded cover file names. Thanks to @ibarrionuevo ||
| V 0.6.15 | Creating public shelfs is now denied if user is missing the edit public shelf right. Thanks to @ibarrionuevo ||
| V 0.6.15 | Changed error message in case of trying to delete a shelf unauthorized. Thanks to @ibarrionuevo ||
| V 0.6.16 | JavaScript could get executed on authors page. Thanks to @alicaz ||
| V 0.6.16 | Localhost can no longer be used to upload covers. Thanks to @scara31 ||
| V 0.6.16 | Another case where public shelfs could be created without permission is prevented. Thanks to @ibarrionuevo ||
## Staement regarding Log4j (CVE-2021-44228 and related)

View File

@ -151,7 +151,7 @@ def selected_roles(dictionary):
BookMeta = namedtuple('BookMeta', 'file_path, extension, title, author, cover, description, tags, series, '
'series_id, languages, publisher')
STABLE_VERSION = {'version': '0.6.16 Beta'}
STABLE_VERSION = {'version': '0.6.17 Beta'}
NIGHTLY_VERSION = {}
NIGHTLY_VERSION[0] = '$Format:%H$'

View File

@ -270,7 +270,7 @@ if ($("body.book").length > 0) {
if (position + $("#add-to-shelves").width() > $(window).width()) {
positionOff = position + $("#add-to-shelves").width() - $(window).width();
adsPosition = position - positionOff - 5
adsPosition = position - positionOff - 5;
$("#add-to-shelves").attr("style", "left: " + adsPosition + "px !important; right: auto; top: " + topPos + "px");
} else {
$("#add-to-shelves").attr("style", "left: " + position + "px !important; right: auto; top: " + topPos + "px");
@ -429,7 +429,7 @@ if($("body.advsearch").length > 0) {
if (position + $("#add-to-shelves").width() > $(window).width()) {
positionOff = position + $("#add-to-shelves").width() - $(window).width();
adsPosition = position - positionOff - 5
adsPosition = position - positionOff - 5;
$("#add-to-shelves").attr("style", "left: " + adsPosition + "px !important; right: auto; top: " + topPos + "px");
} else {
$("#add-to-shelves").attr("style", "left: " + position + "px !important; right: auto; top: " + topPos + "px");
@ -479,12 +479,12 @@ if ($.trim($("#add-to-shelves").html()).length === 0) {
$("#add-to-shelf").addClass("empty-ul");
}
shelfLength = $("#add-to-shelves li").length
emptyLength = 0
shelfLength = $("#add-to-shelves li").length;
emptyLength = 0;
$("#add-to-shelves").on("click", "li a", function () {
console.log("#remove-from-shelves change registered");
emptyLength++
emptyLength++;
setTimeout(function () {
if (emptyLength >= shelfLength) {

View File

@ -59,10 +59,10 @@ $("#archived_cb").on("change", function() {
)
};
$("#shelf-actions").on("click", "[data-shelf-action]", function (e) {
$("#add-to-shelves, #remove-from-shelves").on("click", "[data-shelf-action]", function (e) {
e.preventDefault();
$.ajax({
url: this.href,
url: $(this).data('href'),
method:"post",
data: {csrf_token:$("input[name='csrf_token']").val()},
})
@ -72,7 +72,7 @@ $("#archived_cb").on("change", function() {
case "add":
$("#remove-from-shelves").append(
templates.remove({
add: this.href,
add: $this.data('href'),
remove: $this.data("remove-href"),
content: $("<div>").text(this.textContent).html()
})
@ -82,7 +82,7 @@ $("#archived_cb").on("change", function() {
$("#add-to-shelves").append(
templates.add({
add: $this.data("add-href"),
remove: this.href,
remove: $this.data('href'),
content: $("<div>").text(this.textContent).html(),
})
);

View File

@ -260,7 +260,7 @@
{% for shelf in g.shelves_access %}
{% if not shelf.id in books_shelfs and ( not shelf.is_public or g.user.role_edit_shelfs() ) %}
<li>
<a href="{{ url_for('shelf.add_to_shelf', book_id=entry.id, shelf_id=shelf.id) }}"
<a data-href="{{ url_for('shelf.add_to_shelf', book_id=entry.id, shelf_id=shelf.id) }}"
data-remove-href="{{ url_for('shelf.remove_from_shelf', book_id=entry.id, shelf_id=shelf.id) }}"
data-shelf-action="add"
>
@ -275,7 +275,7 @@
{% if books_shelfs %}
{% for shelf in g.shelves_access %}
{% if shelf.id in books_shelfs %}
<a href="{{ url_for('shelf.remove_from_shelf', book_id=entry.id, shelf_id=shelf.id) }}"
<a data-href="{{ url_for('shelf.remove_from_shelf', book_id=entry.id, shelf_id=shelf.id) }}"
data-add-href="{{ url_for('shelf.add_to_shelf', book_id=entry.id, shelf_id=shelf.id) }}"
class="btn btn-sm btn-default" role="button" data-shelf-action="remove"
>
@ -309,13 +309,13 @@
{% block js %}
<script type="text/template" id="template-shelf-add">
<li>
<a href="<%= add %>" data-remove-href="<%= remove %>" data-shelf-action="add">
<a data-href="<%= add %>" data-remove-href="<%= remove %>" data-shelf-action="add">
<%= content %>
</a>
</li>
</script>
<script type="text/template" id="template-shelf-remove">
<a href="<%= remove %>" data-add-href="<%= add %>" class="btn btn-sm btn-default" data-shelf-action="remove">
<a data-href="<%= remove %>" data-add-href="<%= add %>" class="btn btn-sm btn-default" data-shelf-action="remove">
<span class="glyphicon glyphicon-remove"></span> <%= content %>
</a>
</script>

View File

@ -9,6 +9,7 @@
{% if g.user.is_authenticated %}
{% if g.user.shelf.all() or g.shelves_access %}
<div id="shelf-actions" class="btn-toolbar" role="toolbar">
<input type="hidden" name="csrf_token" value="{{ csrf_token() }}">
<div class="btn-group" role="group" aria-label="Add to shelves">
<button id="add-to-shelf" type="button" class="btn btn-primary btn-sm dropdown-toggle" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">
<span class="glyphicon glyphicon-list"></span> {{_('Add to shelf')}}