Merge branch 'master' into cover_thumbnail

# Conflicts:
#	cps/editbooks.py
#	test/Calibre-Web TestSummary_Linux.html

SECURITY.md

@@ -36,6 +36,6 @@ To receive fixes for security vulnerabilities it is required to always upgrade t
 | V 0.6.17      | The SSRF Protection can no longer be bypassed via 0.0.0.0 and it's ipv6 equivalent. Thanks to @r0hanSH             ||
 
 
-## Staement regarding Log4j (CVE-2021-44228 and related)
+## Statement regarding Log4j (CVE-2021-44228 and related)
 
 Calibre-web is not affected by bugs related to Log4j. Calibre-Web is a python program, therefore not using Java, and not using the Java logging feature log4j. 

cps/admin.py

@@ -161,7 +161,7 @@ def shutdown():
 # needed for docker applications, as changes on metadata.db from host are not visible to application
 @admi.route("/reconnect", methods=['GET'])
 def reconnect():
-    if cli.args.r:
+    if cli.reconnect_enable:
         calibre_db.reconnect_db(config, ub.app_DB_path)
         return json.dumps({})
     else:
@@ -1239,7 +1239,7 @@ def _db_configuration_update_helper():
         config.store_calibre_uuid(calibre_db, db.LibraryId)
         # if db changed -> delete shelfs, delete download books, delete read books, kobo sync...
         if db_change:
-            log.info("Calibre Database changed, delete all Calibre-Web info related to old Database")
+            log.info("Calibre Database changed, all Calibre-Web info related to old Database gets deleted")
             ub.session.query(ub.Downloads).delete()
             ub.session.query(ub.ArchivedBook).delete()
             ub.session.query(ub.ReadBook).delete()

cps/cli.py

@@ -84,10 +84,14 @@ def version_info():
 
 # dry run updater
 dry_run = args.d or None
+# enable reconnect endpoint for docker database reconnect
+reconnect_enable = args.r or os.environ.get("CALIBRE_RECONNECT", None)
 # load covers from localhost
-allow_localhost = args.l or None
+allow_localhost = args.l or os.environ.get("CALIBRE_LOCALHOST", None)
 # handle and check ip address argument
 ip_address = args.i or None
+
+
 if ip_address:
     try:
         # try to parse the given ip address with socket

cps/db.py

@@ -620,8 +620,8 @@ def get_book_read_archived(self, book_id, read_column, allow_show_archived=False
                 bd = (self.session.query(Books, read_column.value, ub.ArchivedBook.is_archived).select_from(Books)
                       .join(read_column, read_column.book == book_id,
                       isouter=True))
-            except (KeyError, AttributeError):
-                log.error("Custom Column No.%d is not existing in calibre database", read_column)
+            except (KeyError, AttributeError, IndexError):
+                log.error("Custom Column No.{} is not existing in calibre database".format(read_column))
                 # Skip linking read column and return None instead of read status
                 bd = self.session.query(Books, None, ub.ArchivedBook.is_archived)
         return (bd.filter(Books.id == book_id)
@@ -665,11 +665,11 @@ def common_filters(self, allow_show_archived=False, return_all_languages=False):
                 neg_content_cc_filter = false() if neg_cc_list == [''] else \
                     getattr(Books, 'custom_column_' + str(self.config.config_restricted_column)). \
                     any(cc_classes[self.config.config_restricted_column].value.in_(neg_cc_list))
-            except (KeyError, AttributeError):
+            except (KeyError, AttributeError, IndexError):
                 pos_content_cc_filter = false()
                 neg_content_cc_filter = true()
-                log.error(u"Custom Column No.%d is not existing in calibre database",
-                          self.config.config_restricted_column)
+                log.error("Custom Column No.{} is not existing in calibre database".format(
+                    self.config.config_restricted_column))
                 flash(_("Custom Column No.%(column)d is not existing in calibre database",
                         column=self.config.config_restricted_column),
                       category="error")
@@ -728,8 +728,8 @@ def fill_indexpage_with_archived_books(self, page, database, pagesize, db_filter
                     query = (self.session.query(database, read_column.value, ub.ArchivedBook.is_archived)
                              .select_from(Books)
                              .outerjoin(read_column, read_column.book == Books.id))
-                except (KeyError, AttributeError):
-                    log.error("Custom Column No.%d is not existing in calibre database", read_column)
+                except (KeyError, AttributeError, IndexError):
+                    log.error("Custom Column No.{} is not existing in calibre database".format(read_column))
                     # Skip linking read column and return None instead of read status
                     query = self.session.query(database, None, ub.ArchivedBook.is_archived)
             query = query.outerjoin(ub.ArchivedBook, and_(Books.id == ub.ArchivedBook.book_id,
@@ -840,8 +840,8 @@ def search_query(self, term, config_read_column, *join):
                 read_column = cc_classes[config_read_column]
                 query = (self.session.query(Books, ub.ArchivedBook.is_archived, read_column.value).select_from(Books)
                          .outerjoin(read_column, read_column.book == Books.id))
-            except (KeyError, AttributeError):
-                log.error("Custom Column No.%d is not existing in calibre database", config_read_column)
+            except (KeyError, AttributeError, IndexError):
+                log.error("Custom Column No.{} is not existing in calibre database".format(config_read_column))
                 # Skip linking read column
                 query = self.session.query(Books, ub.ArchivedBook.is_archived, None)
         query = query.outerjoin(ub.ArchivedBook, and_(Books.id == ub.ArchivedBook.book_id,