From 3f7fc2cf5b5c2f116e1cf3df210cab04bdb1769f Mon Sep 17 00:00:00 2001 From: Kovid Goyal Date: Fri, 6 Feb 2026 16:41:18 +0530 Subject: [PATCH] A few more locations to disallow template based searches --- src/calibre/srv/fts.py | 2 +- src/calibre/srv/handler.py | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/src/calibre/srv/fts.py b/src/calibre/srv/fts.py index e467e4151f..0ac78a622b 100644 --- a/src/calibre/srv/fts.py +++ b/src/calibre/srv/fts.py @@ -33,7 +33,7 @@ def fts_search(ctx, rd): ans['query_id'] = qid book_ids = None if rd.query.get('restriction'): - book_ids = db.search('', restriction=rd.query.get('restriction')) + book_ids = db.search('', restriction=rd.query.get('restriction'), allow_templates=False) def add_metadata(result): result.pop('id', None) diff --git a/src/calibre/srv/handler.py b/src/calibre/srv/handler.py index f0b8a28e26..ea218f452a 100644 --- a/src/calibre/srv/handler.py +++ b/src/calibre/srv/handler.py @@ -86,7 +86,7 @@ class Context: restriction = self.restriction_for(request_data, db) if restriction: try: - return book_id in db.search('', restriction=restriction) + return book_id in db.search('', restriction=restriction, allow_templates=False) except ParseException: return False return db.has_id(book_id) @@ -95,12 +95,12 @@ class Context: restriction = self.restriction_for(request_data, db) allowed_book_ids = None if restriction: - allowed_book_ids = db.search('', restriction=restriction) + allowed_book_ids = db.search('', restriction=restriction, allow_templates=False) return db.newly_added_book_ids(count=count, book_ids=allowed_book_ids) def get_allowed_book_ids_from_restriction(self, request_data, db): restriction = self.restriction_for(request_data, db) - return frozenset(db.search('', restriction=restriction)) if restriction else None + return frozenset(db.search('', restriction=restriction, allow_templates=False)) if restriction else None def allowed_book_ids(self, request_data, db): try: