mirror of
https://github.com/kovidgoyal/calibre.git
synced 2025-07-09 03:04:10 -04:00
Also restrict resources to root dir for txt input
This commit is contained in:
parent
d296547799
commit
71547e8a11
@ -86,7 +86,7 @@ class HTMLInput(InputFormatPlugin):
|
|||||||
if hasattr(stream, 'name'):
|
if hasattr(stream, 'name'):
|
||||||
basedir = os.path.dirname(stream.name)
|
basedir = os.path.dirname(stream.name)
|
||||||
fname = os.path.basename(stream.name)
|
fname = os.path.basename(stream.name)
|
||||||
self.root_dir_of_input = os.path.abspath(basedir) + os.sep
|
self.root_dir_of_input = os.path.normcase(os.path.abspath(basedir) + os.sep)
|
||||||
|
|
||||||
if file_ext != 'opf':
|
if file_ext != 'opf':
|
||||||
if opts.dont_package:
|
if opts.dont_package:
|
||||||
@ -262,7 +262,7 @@ class HTMLInput(InputFormatPlugin):
|
|||||||
if not link:
|
if not link:
|
||||||
return None, None
|
return None, None
|
||||||
link = os.path.abspath(os.path.realpath(link))
|
link = os.path.abspath(os.path.realpath(link))
|
||||||
if not link.startswith(self.root_dir_of_input):
|
if not os.path.normcase(link).startswith(self.root_dir_of_input):
|
||||||
if not self.opts.allow_local_files_outside_root:
|
if not self.opts.allow_local_files_outside_root:
|
||||||
self.log.warn('Not adding {} as it is outside the document root: {}'.format(link, self.root_dir_of_input))
|
self.log.warn('Not adding {} as it is outside the document root: {}'.format(link, self.root_dir_of_input))
|
||||||
return None, None
|
return None, None
|
||||||
|
@ -107,12 +107,13 @@ class TXTInput(InputFormatPlugin):
|
|||||||
from html5_parser import parse
|
from html5_parser import parse
|
||||||
root = parse(html)
|
root = parse(html)
|
||||||
changed = False
|
changed = False
|
||||||
|
base_dir = os.path.normcase(os.path.abspath(base_dir)) + os.sep
|
||||||
for img in root.xpath('//img[@src]'):
|
for img in root.xpath('//img[@src]'):
|
||||||
src = img.get('src')
|
src = img.get('src')
|
||||||
prefix = src.split(':', 1)[0].lower()
|
prefix = src.split(':', 1)[0].lower()
|
||||||
if src and prefix not in ('file', 'http', 'https', 'ftp') and not os.path.isabs(src):
|
if src and prefix not in ('file', 'http', 'https', 'ftp') and not os.path.isabs(src):
|
||||||
src = os.path.join(base_dir, src)
|
src = os.path.join(base_dir, src)
|
||||||
if os.path.isfile(src) and os.access(src, os.R_OK):
|
if os.path.normcase(src).startswith(base_dir) and os.path.isfile(src) and os.access(src, os.R_OK):
|
||||||
with open(src, 'rb') as f:
|
with open(src, 'rb') as f:
|
||||||
data = f.read()
|
data = f.read()
|
||||||
f = self.shift_file(os.path.basename(src), data)
|
f = self.shift_file(os.path.basename(src), data)
|
||||||
|
Loading…
x
Reference in New Issue
Block a user