Handle permission errors for static files (Fix for #2358)

Version bump
This commit is contained in:
Ozzie Isaacs 2022-04-03 20:26:43 +02:00
parent fee76741a0
commit 8adae6ed0c
6 changed files with 33 additions and 18 deletions

View File

@ -47,13 +47,16 @@ def init_cache_busting(app):
for filename in filenames: for filename in filenames:
# compute version component # compute version component
rooted_filename = os.path.join(dirpath, filename) rooted_filename = os.path.join(dirpath, filename)
try:
with open(rooted_filename, 'rb') as f: with open(rooted_filename, 'rb') as f:
file_hash = hashlib.md5(f.read()).hexdigest()[:7] # nosec file_hash = hashlib.md5(f.read()).hexdigest()[:7] # nosec
# save version to tables # save version to tables
file_path = rooted_filename.replace(static_folder, "") file_path = rooted_filename.replace(static_folder, "")
file_path = file_path.replace("\\", "/") # Convert Windows path to web path file_path = file_path.replace("\\", "/") # Convert Windows path to web path
hash_table[file_path] = file_hash hash_table[file_path] = file_hash
except PermissionError:
log.error("No permission to access {} file.".format(rooted_filename))
log.debug('Finished computing cache-busting values') log.debug('Finished computing cache-busting values')
def bust_filename(filename): def bust_filename(filename):

View File

@ -154,7 +154,7 @@ def selected_roles(dictionary):
BookMeta = namedtuple('BookMeta', 'file_path, extension, title, author, cover, description, tags, series, ' BookMeta = namedtuple('BookMeta', 'file_path, extension, title, author, cover, description, tags, series, '
'series_id, languages, publisher') 'series_id, languages, publisher')
STABLE_VERSION = {'version': '0.6.18'} STABLE_VERSION = {'version': '0.6.19 Beta'}
NIGHTLY_VERSION = dict() NIGHTLY_VERSION = dict()
NIGHTLY_VERSION[0] = '$Format:%H$' NIGHTLY_VERSION[0] = '$Format:%H$'

View File

@ -42,8 +42,9 @@ def error_http(error):
def internal_error(error): def internal_error(error):
return render_template('http_error.html', return render_template('http_error.html',
error_code="Internal Server Error", error_code="500 Internal Server Error",
error_name=str(error), error_name='The server encountered an internal error and was unable to complete your '
'request. There is an error in the application.',
issue=True, issue=True,
unconfigured=False, unconfigured=False,
error_stack=traceback.format_exc().split("\n"), error_stack=traceback.format_exc().split("\n"),

View File

@ -698,9 +698,12 @@ def delete_book(book, calibrepath, book_format):
def get_cover_on_failure(use_generic_cover): def get_cover_on_failure(use_generic_cover):
if use_generic_cover: if use_generic_cover:
try:
return send_from_directory(_STATIC_DIR, "generic_cover.jpg") return send_from_directory(_STATIC_DIR, "generic_cover.jpg")
else: except PermissionError:
return None log.error("No permission to access generic_cover.jpg file.")
abort(403)
abort(404)
def get_book_cover(book_id): def get_book_cover(book_id):

View File

@ -18,11 +18,11 @@
from flask import render_template, request from flask import render_template, request
from flask_babel import gettext as _ from flask_babel import gettext as _
from flask import g from flask import g, abort
from werkzeug.local import LocalProxy from werkzeug.local import LocalProxy
from flask_login import current_user from flask_login import current_user
from . import config, constants, ub, logger, db, calibre_db from . import config, constants, logger
from .ub import User from .ub import User
@ -119,6 +119,10 @@ def get_sidebar_config(kwargs=None):
# Returns the template for rendering and includes the instance name # Returns the template for rendering and includes the instance name
def render_title_template(*args, **kwargs): def render_title_template(*args, **kwargs):
sidebar, simple = get_sidebar_config(kwargs) sidebar, simple = get_sidebar_config(kwargs)
try:
return render_template(instance=config.config_calibre_web_title, sidebar=sidebar, simple=simple, return render_template(instance=config.config_calibre_web_title, sidebar=sidebar, simple=simple,
accept=constants.EXTENSIONS_UPLOAD, # read_book_ids=get_readbooks_ids(), accept=constants.EXTENSIONS_UPLOAD,
*args, **kwargs) *args, **kwargs)
except PermissionError:
log.error("No permission to access {} file.".format(args[0]))
abort(403)

View File

@ -1368,7 +1368,11 @@ def get_cover(book_id):
@web.route("/robots.txt") @web.route("/robots.txt")
def get_robots(): def get_robots():
try:
return send_from_directory(constants.STATIC_DIR, "robots.txt") return send_from_directory(constants.STATIC_DIR, "robots.txt")
except PermissionError:
log.error("No permission to access robots.txt file.")
abort(403)
@web.route("/show/<int:book_id>/<book_format>", defaults={'anyname': 'None'}) @web.route("/show/<int:book_id>/<book_format>", defaults={'anyname': 'None'})