Selaa lähdekoodia

Merge pull request #11469 from adityahase/fix-pdf

fix(pdf): Restrict cookies to the host domain
version-14
mergify[bot] 4 vuotta sitten
committed by GitHub
vanhempi
commit
ebcc23591a
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
1 muutettua tiedostoa jossa 21 lisäystä ja 7 poistoa
  1. +21
    -7
      frappe/utils/pdf.py

+ 21
- 7
frappe/utils/pdf.py Näytä tiedosto

@@ -52,6 +52,8 @@ def get_pdf(html, options=None, output=None):
output.appendPagesFromReader(reader)
else:
raise
finally:
cleanup(options)

if "password" in options:
password = options["password"]
@@ -110,8 +112,7 @@ def prepare_options(html, options):
options.update(html_options or {})

# cookies
if frappe.session and frappe.session.sid:
options['cookie'] = [('sid', '{0}'.format(frappe.session.sid))]
options.update(get_cookie_options())

# page size
if not options.get("page-size"):
@@ -120,6 +121,22 @@ def prepare_options(html, options):
return html, options


def get_cookie_options():
options = {}
if frappe.session and frappe.session.sid:
# Use wkhtmltopdf's cookie-jar feature to set cookies and restrict them to host domain
cookiejar = "/tmp/{}.jar".format(frappe.generate_hash())

# Remove port from request.host
# https://werkzeug.palletsprojects.com/en/0.16.x/wrappers/#werkzeug.wrappers.BaseRequest.host
domain = frappe.local.request.host.split(":", 1)[0]
with open(cookiejar, "w") as f:
f.write("sid={}; Domain={};\n".format(frappe.session.sid, domain))

options['cookie-jar'] = cookiejar

return options

def read_options_from_html(html):
options = {}
soup = BeautifulSoup(html, "html5lib")
@@ -184,11 +201,8 @@ def prepare_header_footer(soup):
return options


def cleanup(fname, options):
if os.path.exists(fname):
os.remove(fname)

for key in ("header-html", "footer-html"):
def cleanup(options):
for key in ("header-html", "footer-html", "cookie-jar"):
if options.get(key) and os.path.exists(options[key]):
os.remove(options[key])



Ladataan…
Peruuta
Tallenna