34 lines
1.2 KiB
Diff
34 lines
1.2 KiB
Diff
Changelog:
|
|
|
|
Only relevant if you embed the calibre server within a larger server, it
|
|
means attackers who can convince users to click on a specially crafted
|
|
link, can run JavaScript code with the same origin as the larger server
|
|
calibre is embedded in.
|
|
|
|
From e75f85919a3c3a5f2d87861050d8483d66561c06 Mon Sep 17 00:00:00 2001
|
|
From: Kovid Goyal <kovid@kovidgoyal.net>
|
|
Date: Tue, 30 Jul 2024 13:40:21 +0530
|
|
Subject: [PATCH] Fix #2075130 [Private
|
|
bug](https://bugs.launchpad.net/calibre/+bug/2075130)
|
|
|
|
---
|
|
src/calibre/srv/legacy.py | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
diff --git a/src/calibre/srv/legacy.py b/src/calibre/srv/legacy.py
|
|
index 055228ebee..85586b07a6 100644
|
|
--- a/src/calibre/srv/legacy.py
|
|
+++ b/src/calibre/srv/legacy.py
|
|
@@ -255,7 +255,7 @@ def browse(ctx, rd, rest):
|
|
if rest.startswith('book/'):
|
|
# implementation of https://bugs.launchpad.net/calibre/+bug/1698411
|
|
# redirect old server book URLs to new URLs
|
|
- redirect = ctx.url_for(None) + '#book_id=' + rest[5:] + "&panel=book_details"
|
|
+ redirect = ctx.url_for(None) + '#book_id=' + int(rest[5:]) + "&panel=book_details"
|
|
from lxml import etree as ET
|
|
return html(ctx, rd, endpoint,
|
|
E.html(E.head(
|
|
--
|
|
2.44.2
|
|
|