search

janeczku / calibre-web

:books: Web app for browsing, reading and downloading eBooks stored in a Calibre database
GNU General Public License v3.0
13.17k stars 1.41k forks source link

Some upload filetypes no longer work in latest (0.6.22) version #3102

Closed CarlesLlobet closed 3 months ago

CarlesLlobet commented 4 months ago

Describe the bug/problem

After updating to the latest version, where Python-magic has been addedd to validate myme-types (PR 3061), some uploads fail.

My assumption is that some magicnumbers might be missing, since it only appears to happen with some specific files. Here's an example where both files are M4B (which is accepted according to EXTENSIONS_UPLOAD constant), but one uploads and the other doesn't: telegram-cloud-photo-size-4-5798546939179025337-y

The first one doesn't work, and I haven't been able to find any reference to that Magic number, although it appears to be some sort of reference to M4A and M4A is also accepted according to EXTENSIONS_UPLOAD constant:

The second one does work and I've found it belongs to MPEG4 Part 14.

To Reproduce

Steps to reproduce the behavior:

  1. Drag & Drop an M4B file with the first magic number, such as the above M4B audiobook (upload expirates in 30days)
  2. See error "File type isn't allowed to be uploaded to this server": image

Logfile

Add content of calibre-web.log file or the relevant error, try to reproduce your problem with "debug" log-level to get more output.

Expected behavior

All valid files should be accepted. Either this (and any other missing) magic number is also allowlisted, or instead we opt for a denylist approach with only malicious files (executables and such) are denied, which would be much more maintainable and aligned with any future improvement (such as the adition of a ClamAV or similar upload scan).

Environment (please complete the following information):

Additional context N/A

OzzieIsaacs commented 4 months ago

I‘ll Check, as workaround you can deactivate the upload check in admin -> basic config -> security settings -> …

CarlesLlobet commented 4 months ago

as workaround you can deactivate the upload check in admin -> basic config -> security settings -> …

Oh didn't know about that option 😍 That will definitely be useful, thx! 💪

OzzieIsaacs commented 4 months ago

I knew this would happen

OzzieIsaacs commented 4 months ago

I added the correct file type check, please update to the newest nightly version, the upload should work now

CarlesLlobet commented 4 months ago

Wow, quickest fix I've ever seen 👀

I've seen where the error was, nice catch. Confirmed its successfully fixed in nightly, thanks 💪

Congrats on such amazing tool and support. 🙏 🎉

OzzieIsaacs commented 4 months ago

I‘d like to leave it open till the next release

schmurtzm commented 3 months ago

Doesn't seems to be fixed, I had to uncheck " Check if file extensions matches file content on upload" to upload my ebook successfully (V 0.6.23 Teofila, Windows)

NathanIfinity commented 2 months ago

Unable to upload anything since update to V 0.6.23 Teofila, Windows always get the message : File type isn't allowed to be uploaded to this server even though all file type are set in the settings

image

only work around is

image