Merge branch 'master' into Develop:

Logging correct ip address behind reverse proxy, add br to not sanitized tag for comments code cleaning
2 months ago · a6931b4936
parent 23d5463213 9536b2c322
commit a6931b4936
5 changed files with 46 additions and 11 deletions
--- a/cps/clean_html.py
+++ b/cps/clean_html.py
@ -35,7 +35,7 @@ def clean_string(unsafe_text, book_id=0):
    try:
        if bleach:
            allowed_tags = list(ALLOWED_TAGS)
-            allowed_tags.extend(["p", "span", "div", "pre", "h1", "h2", "h3", "h4", "h5", "h6"])
+            allowed_tags.extend(["p", "span", "div", "pre", "br", "h1", "h2", "h3", "h4", "h5", "h6"])
            safe_text = clean_html(unsafe_text, tags=set(allowed_tags))
        else:
            safe_text = clean_html(unsafe_text)
--- a/cps/editbooks.py
+++ b/cps/editbooks.py
@ -1288,7 +1288,6 @@ def handle_author_on_edit(book, author_name, update_stored=True):
    # handle author(s)
    input_authors = prepare_authors(author_name, config.get_book_path(), config.config_use_google_drive)
    # change |= modify_database_object(input_authors, book.authors, db.Authors, calibre_db.session, 'author')
    # Search for each author if author is in database, if not, author name and sorted author name is generated new
    # everything then is assembled for sorted author field in database
    sort_authors_list = list()
@ -1368,9 +1367,7 @@ def add_objects(db_book_object, db_object, db_session, db_type, add_elements):
    for add_element in add_elements:
        # check if an element with that name exists
        changed = True
        # db_session.query(db.Tags).filter((func.lower(db.Tags.name).ilike("GênOt"))).all()
        db_element = db_session.query(db_object).filter((func.lower(db_filter).ilike(add_element))).all()
        # db_element = db_session.query(db_object).filter(func.lower(db_filter) == add_element.lower()).first()
        # if no element is found add it
        if not db_element:
            if db_type == 'author':
@ -1387,15 +1384,10 @@ def add_objects(db_book_object, db_object, db_session, db_type, add_elements):
            db_book_object.append(new_element)
        else:
            if len(db_element) == 1:
            #db_no_case = db_session.query(db_object).filter(db_filter == add_element).first()
            #if db_no_case:
                # check for new case of element
                db_element = create_objects_for_addition(db_element[0], add_element, db_type)
            else:
                db_el = db_session.query(db_object).filter(db_filter == add_element).first()
                db_element = db_element[0] if not db_el else db_el
            #else:
            #    db_element = create_objects_for_addition(db_element, add_element, db_type)
            # add element to book
            db_book_object.append(db_element)
--- a/cps/gevent_wsgi.py
+++ b/cps/gevent_wsgi.py
@ -16,7 +16,7 @@
 #  You should have received a copy of the GNU General Public License
 #  along with this program. If not, see <http://www.gnu.org/licenses/>.
-
+from datetime import datetime
 from gevent.pywsgi import WSGIHandler
@ -27,4 +27,26 @@ class MyWSGIHandler(WSGIHandler):
        env['RAW_URI'] = path
        return env
    def format_request(self):
        now = datetime.now().replace(microsecond=0)
        length = self.response_length or '-'
        if self.time_finish:
            delta = '%.6f' % (self.time_finish - self.time_start)
        else:
            delta = '-'
        forwarded = self.environ.get('HTTP_X_FORWARDED_FOR', None)
        if forwarded:
            client_address = forwarded
        else:
            client_address = self.client_address[0] if isinstance(self.client_address, tuple) else self.client_address
        return '%s - - [%s] "%s" %s %s %s' % (
            client_address or '-',
            now,
            self.requestline or '',
            # Use the native string version of the status, saved so we don't have to
            # decode. But fallback to the encoded 'status' in case of subclasses
            # (Is that really necessary? At least there's no overhead.)
            (self._orig_status or self.status or '000').split()[0],
            length,
            delta)
--- a/cps/server.py
+++ b/cps/server.py
@ -21,7 +21,6 @@ import os
 import errno
 import signal
 import socket
 import asyncio
 try:
    from gevent.pywsgi import WSGIServer
--- a/cps/tornado_wsgi.py
+++ b/cps/tornado_wsgi.py
@ -22,6 +22,7 @@ import tornado
 from tornado import escape
 from tornado import httputil
 from tornado.ioloop import IOLoop
 from tornado.log import access_log
 from typing import List, Tuple, Optional, Callable, Any, Dict, Text
 from types import TracebackType
@ -96,5 +97,26 @@ class MyWSGIContainer(WSGIContainer):
        except TypeError as e:
            environ = WSGIContainer.environ(request)
        environ['RAW_URI'] = request.path
        self.env = environ
        return environ
    def _log(self, status_code: int, request: httputil.HTTPServerRequest) -> None:
        if status_code < 400:
            log_method = access_log.info
        elif status_code < 500:
            log_method = access_log.warning
        else:
            log_method = access_log.error
        request_time = 1000.0 * request.request_time()
        assert request.method is not None
        assert request.uri is not None
        ip = self.env.get("HTTP_FORWARD_FOR", None) or request.remote_ip
        summary = (
            request.method  # type: ignore[operator]
            + " "
            + request.uri
            + " ("
            + ip
            + ")"
        )
        log_method("%d %s %.2fms", status_code, summary, request_time)