From f022cec5cfee627d1008eff095cf79bdafa89968 Mon Sep 17 00:00:00 2001 From: eneller Date: Sun, 16 Mar 2025 19:51:52 +0100 Subject: [PATCH] feat: basic input validation --- src/core/views.py | 21 ++++++++++++++++----- 1 file changed, 16 insertions(+), 5 deletions(-) diff --git a/src/core/views.py b/src/core/views.py index 95de7c2..7c8dadd 100644 --- a/src/core/views.py +++ b/src/core/views.py @@ -2,13 +2,17 @@ from django.shortcuts import render from django.http import HttpRequest, HttpResponse, FileResponse from django.conf import settings -from epub2go.convert import get_all_books, Book, GBConvert +from epub2go.convert import get_all_books, Book, GBConvert, allbooks_url import os +from urllib.parse import urlparse +import logging + +logger = logging.getLogger(__name__) #TODO configure logging converter = GBConvert(downloaddir=settings.MEDIA_ROOT) -# TODO get from pickle -books = get_all_books() +books = get_all_books()# TODO get from pickle +gbnetloc = urlparse(allbooks_url).netloc def index(request: HttpRequest): context = { @@ -17,7 +21,7 @@ def index(request: HttpRequest): } targetParam = request.GET.get('t', None) - if targetParam: + if validateUrl(targetParam): epub = getEpub(targetParam) fname = os.path.join(settings.MEDIA_ROOT, epub) file = open(fname, 'rb') @@ -28,8 +32,15 @@ def index(request: HttpRequest): return render(request, 'index.html', context) +def validateUrl(param)->bool : + if not param: return False + + netloc = urlparse(param).netloc + if(netloc == gbnetloc): return True + + return False + def getEpub(param): - print(param) # TODO validate / sanitize input # TODO check for existing file and age #GBConvert(param,downloaddir=settings.MEDIA_ROOT).run()