Cutlery/calibre
1
0
Fork 0
mirror of https://github.com/kovidgoyal/calibre.git synced 2025-07-09 03:04:10 -04:00
Code Issues Packages Projects Releases Wiki Activity

Ensure use of SpooledTempFile does not temporarily create files outside the calibre temp dir

Browse Source
This commit is contained in:
Kovid Goyal 2011-09-25 12:00:25 -06:00
parent 8cb2e17254
commit 31ad166e99
1 changed files with 6 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
src/calibre/library/database2.py
View File

@ -7,7 +7,7 @@ __docformat__ = 'restructuredtext en'
The database used to store ebook metadata The database used to store ebook metadata
''' '''
import os, sys, shutil, cStringIO, glob, time, functools, traceback, re, \ import os, sys, shutil, cStringIO, glob, time, functools, traceback, re, \
json, uuid, tempfile, hashlib, copy json, uuid, hashlib, copy
from collections import defaultdict from collections import defaultdict
import threading, random import threading, random
from itertools import repeat from itertools import repeat
@ -26,7 +26,8 @@ from calibre.library.sqlite import connect, IntegrityError
from calibre.library.prefs import DBPrefs from calibre.library.prefs import DBPrefs
from calibre.ebooks.metadata.book.base import Metadata from calibre.ebooks.metadata.book.base import Metadata
from calibre.constants import preferred_encoding, iswindows, filesystem_encoding from calibre.constants import preferred_encoding, iswindows, filesystem_encoding
from calibre.ptempfile import PersistentTemporaryFile, base_dir from calibre.ptempfile import (PersistentTemporaryFile,
base_dir, SpooledTemporaryFile)
from calibre.customize.ui import run_plugins_on_import from calibre.customize.ui import run_plugins_on_import
from calibre import isbytestring from calibre import isbytestring
from calibre.utils.filenames import ascii_filename from calibre.utils.filenames import ascii_filename
@ -610,7 +611,7 @@ class LibraryDatabase2(LibraryDatabase, SchemaUpgrade, CustomColumns):
with lopen(os.path.join(tpath, 'cover.jpg'), 'wb') as f: with lopen(os.path.join(tpath, 'cover.jpg'), 'wb') as f:
f.write(cdata) f.write(cdata)
for format in formats: for format in formats:
with tempfile.SpooledTemporaryFile(max_size=SPOOL_SIZE) as stream: with SpooledTemporaryFile(SPOOL_SIZE) as stream:
try: try:
self.copy_format_to(id, format, stream, index_is_id=True) self.copy_format_to(id, format, stream, index_is_id=True)
stream.seek(0) stream.seek(0)
@ -694,7 +695,7 @@ class LibraryDatabase2(LibraryDatabase, SchemaUpgrade, CustomColumns):
shutil.copyfileobj(f, pt) shutil.copyfileobj(f, pt)
return pt.name return pt.name
if as_file: if as_file:
ret = tempfile.SpooledTemporaryFile(SPOOL_SIZE) ret = SpooledTemporaryFile(SPOOL_SIZE)
shutil.copyfileobj(f, ret) shutil.copyfileobj(f, ret)
ret.seek(0) ret.seek(0)
else: else:
@ -1282,7 +1283,7 @@ class LibraryDatabase2(LibraryDatabase, SchemaUpgrade, CustomColumns):
shutil.copyfileobj(f, pt) shutil.copyfileobj(f, pt)
ret = pt.name ret = pt.name
elif as_file: elif as_file:
ret = tempfile.SpooledTemporaryFile(max_size=SPOOL_SIZE) ret = SpooledTemporaryFile(SPOOL_SIZE)
shutil.copyfileobj(f, ret) shutil.copyfileobj(f, ret)
ret.seek(0) ret.seek(0)
# Various bits of code try to use the name as the default # Various bits of code try to use the name as the default