search

janeczku / calibre-web

:books: Web app for browsing, reading and downloading eBooks stored in a Calibre database
GNU General Public License v3.0
13.2k stars 1.41k forks source link

Tolino vision 6 Webbrowser download HTML #2566

Open zacc1111 opened 2 years ago

zacc1111 commented 2 years ago

OS: Unraid Docker Docker: lscr.io/linuxserver/calibre-web:latest Device: Tolino vision 6

If I want to download an ebook with my tolino via the buildin web browser, only an html file with *.epub format is downloaded.

16653290188713995.epub <-- created file on Tolino


<!DOCTYPE html>
<html lang="en">
  <head>
    <title>Calibre-Web | Login</title>
    <meta charset="utf-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
    <meta name="apple-mobile-web-app-capable" content="yes">

    <!-- Bootstrap -->
    <link rel="apple-touch-icon" sizes="140x140" href="/calibre-web/static/favicon.ico">
    <link rel="shortcut icon" href="/calibre-web/static/favicon.ico">
    <link href="/calibre-web/static/css/libs/bootstrap.min.css" rel="stylesheet" media="screen">

    <link href="/calibre-web/static/css/style.css" rel="stylesheet" media="screen">
    <link href="/calibre-web/static/css/upload.css" rel="stylesheet" media="screen">

    <!-- HTML5 Shim and Respond.js IE8 support of HTML5 elements and media queries -->
    <!-- WARNING: Respond.js doesn't work if you view the page via file:// -->
    <!--[if lt IE 9]>
      <script src="https://oss.maxcdn.com/libs/html5shiv/3.7.0/html5shiv.js"></script>
      <script src="https://oss.maxcdn.com/libs/respond.js/1.3.0/respond.min.js"></script>
    <![endif]-->
  </head>
  <body class="login " data-text="Home" data-textback="Back">
    <!-- Static navbar -->
    <div class="navbar navbar-default navbar-static-top" role="navigation">
      <div class="container-fluid">
        <div class="navbar-header">
          <button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".navbar-collapse">
            <span class="sr-only">Toggle Navigation</span>
            <span class="icon-bar"></span>
            <span class="icon-bar"></span>
            <span class="icon-bar"></span>
          </button>
          <a class="navbar-brand" href="/calibre-web/">Calibre-Web</a>
        </div>

        <div class="navbar-collapse collapse">

          <ul class="nav navbar-nav navbar-right" id="main-nav">

          </ul>
        </div><!--/.nav-collapse -->
      </div>
    </div>

    <div class="container-fluid">
      <div class="row-fluid">

        <div class="col-sm-10">

<div class="well col-sm-6 col-sm-offset-2">
  <h2 style="margin-top: 0">Login</h2>
  <form method="POST" role="form">
    <input type="hidden" name="next" value="/calibre-web/download/3995/epub/3995.epub">
    <input type="hidden" name="csrf_token" value="IjYyNTllYWI3YjU4YWRjOGU5M2ZkMzUxZDI1ZDAyOGRhNzVmMjBjM2Mi.Y0Lnew.AwxZ4W0aHTngckNiUKAZDN14JR8">
    <div class="form-group">
      <label for="username">Username</label>
      <input type="text" class="form-control" id="username" name="username" autocapitalize="off" placeholder="Username">
    </div>
    <div class="form-group">
      <label for="password">Password</label>
      <input type="password" class="form-control" id="password" name="password" placeholder="Password">
    </div>
    <div class="checkbox">
      <label>
        <input type="checkbox" name="remember_me" checked> Remember Me
      </label>
    </div>
    <button type="submit" name="submit" class="btn btn-default">Login</button>

    <button type="submit" name="forgot" value="forgot" class="btn btn-default">Forgot Password?</button>

  </form>
</div>

      </div>
    </div>
  </div>
    <div class="modal fade" id="bookDetailsModal" tabindex="-1" role="dialog" aria-labelledby="bookDetailsModalLabel">
      <div class="modal-dialog modal-lg" role="document">
        <div class="modal-content">
          <div class="modal-header">
            <button type="button" class="close" data-dismiss="modal" aria-label="Close"><span aria-hidden="true">&times;</span></button>
            <h4 class="modal-title" id="bookDetailsModalLabel">Book Details</h4>
          </div>
          <div class="modal-body">...</div>
          <div class="modal-footer">
            <button type="button" id="details_close" class="btn btn-default" data-dismiss="modal">Close</button>
          </div>
        </div>
      </div>
    </div>

    <!-- jQuery (necessary for Bootstrap's JavaScript plugins) -->
    <script src="/calibre-web/static/js/libs/jquery.min.js"></script>
    <!-- Include all compiled plugins (below), or include individual files as needed -->
    <script src="/calibre-web/static/js/libs/bootstrap.min.js"></script>
    <script src="/calibre-web/static/js/libs/underscore-umd-min.js"></script>
    <script src="/calibre-web/static/js/libs/intention.min.js"></script>
    <script src="/calibre-web/static/js/libs/context.min.js"></script>
    <script src="/calibre-web/static/js/libs/plugins.js"></script>
    <script src="/calibre-web/static/js/libs/jquery.form.min.js"></script>
    <script src="/calibre-web/static/js/uploadprogress.js"> </script>
    <script src="/calibre-web/static/js/main.js"></script>

  </body>
</html>

Tested also on latest version with following config:

sed -i "/lm.session_protection = 'strong'/d" /app/calibre-web/cps/__init__.py sed -i "/if not ub.check_user_session(current_user.id, flask_session.get('_id')) and 'opds' not in request.path:/d" /app/calibre-web/cps/admin.py sed -i "/logout_user()/d" /app/calibre-web/cps/admin.py

But not Working.

I tested it with the old version 6.10 and the download worked.

Unfortunately, in this version quite a lot of security holes. Why it works not with the lastest version?

6.10 config:

System Statistics
Program Library     Installed Version
Platform            Linux 5.19.14-Unraid #1 SMP PREEMPT_DYNAMIC Thu Oct 6 09:15:00 PDT 2022 x86_64 x86_64
Python          3.8.5 (default, Jul 28 2020, 12:59:40) [GCC 9.3.0]
Calibre_Web         0.6.10 - 9418045a2cbd8646524d1b8181057084a41e1a99 - 2021-01-17T16:28:28+01:00
WebServer       Gevent 20.5.2
Flask           1.1.2
Flask_Login         0.5.0
Flask_Principal     0.4.0
Werkzeug        1.0.1
Babel           2.8.1
Jinja2          2.11.3
Requests        2.24.0
SqlAlchemy      1.3.23
pySqlite            2.6.0
SQLite          3.31.1
iso639          0.4.5
pytz            2021.1
Unidecode       installed
Flask_SimpleLDAP    installed
python_LDAP         3.2.0
Goodreads       installed
jsonschema      3.2.0
flask_dance         3.0.0
Image Magick    ImageMagick 6.9.10-23 Q16 x86_64 20190101 https://imagemagick.org
PyPdf           v1.26.0
lxml            v4.5.2.0
Wand            0.6.5
Comic_API       2.1.3
ebook converter     not installed
unrar           UNRAR 5.61 beta 1 freeware Copyright (c) 1993-2018 Alexander Roshal
kepubify            not installed
kbruegge commented 1 year ago

I'm also facing the same problems. I tried the workarounds in #2422 to no avail. I'm on the latest version of the linuxserver docker image.

For my setup at home I was able to get it working when I use the local IP of the server instead of its domain name. So instead of entering the domain into the Tolino browsers URL bar i just entered the full IP and port of calibre-web within my LAN.