blob: 83bb8cca8cf535bd4dcc0ca4ba95f56c5f3d7736 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
|
Changelog:
Only relevant if you embed the calibre server within a larger server, it
means attackers who can convince users to click on a specially crafted
link, can run JavaScript code with the same origin as the larger server
calibre is embedded in.
From e75f85919a3c3a5f2d87861050d8483d66561c06 Mon Sep 17 00:00:00 2001
From: Kovid Goyal <kovid@kovidgoyal.net>
Date: Tue, 30 Jul 2024 13:40:21 +0530
Subject: [PATCH] Fix #2075130 [Private
bug](https://bugs.launchpad.net/calibre/+bug/2075130)
---
src/calibre/srv/legacy.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/calibre/srv/legacy.py b/src/calibre/srv/legacy.py
index 055228ebee..85586b07a6 100644
--- a/src/calibre/srv/legacy.py
+++ b/src/calibre/srv/legacy.py
@@ -255,7 +255,7 @@ def browse(ctx, rd, rest):
if rest.startswith('book/'):
# implementation of https://bugs.launchpad.net/calibre/+bug/1698411
# redirect old server book URLs to new URLs
- redirect = ctx.url_for(None) + '#book_id=' + rest[5:] + "&panel=book_details"
+ redirect = ctx.url_for(None) + '#book_id=' + int(rest[5:]) + "&panel=book_details"
from lxml import etree as ET
return html(ctx, rd, endpoint,
E.html(E.head(
--
2.44.2
|
GitWeb
