From e04aa80fd602ef0969ad15f62133a96f6968ce26 Mon Sep 17 00:00:00 2001
From: Ozzie Isaacs <ozzie.fernandez.isaccs@googlemail.com>
Date: Sat, 8 Feb 2020 14:39:46 +0100
Subject: [PATCH] Fix #1181 and Fix #1182 handle removed "is_xhr" on werkzeug
 version 1.0.0

---
 README.md       |  2 +-
 cps/oauth_bb.py |  2 +-
 cps/shelf.py    | 20 +++++++++++---------
 cps/web.py      |  4 ++--
 4 files changed, 15 insertions(+), 13 deletions(-)

diff --git a/README.md b/README.md
index a3e05cd3..91b3eb16 100644
--- a/README.md
+++ b/README.md
@@ -30,7 +30,7 @@ Calibre-Web is a web app providing a clean interface for browsing, reading and d
 
 ## Quick start
 
-1. Install dependencies by running `pip3 install --target vendor -r requirements.txt`.
+1. Install dependencies by running `pip3 install --target vendor -r requirements.txt` (python3.x) or `pip install --target vendor -r requirements.txt` (python2.7).
 2. Execute the command: `python cps.py` (or `nohup python cps.py` - recommended if you want to exit the terminal window)
 3. Point your browser to `http://localhost:8083` or `http://localhost:8083/opds` for the OPDS catalog
 4. Set `Location of Calibre database` to the path of the folder where your Calibre library (metadata.db) lives, push "submit" button\
diff --git a/cps/oauth_bb.py b/cps/oauth_bb.py
index 092473da..5fdb95d8 100644
--- a/cps/oauth_bb.py
+++ b/cps/oauth_bb.py
@@ -50,7 +50,7 @@ def oauth_required(f):
     def inner(*args, **kwargs):
         if config.config_login_type == constants.LOGIN_OAUTH:
             return f(*args, **kwargs)
-        if request.is_xhr:
+        if request.headers.get('X-Requested-With') == 'XMLHttpRequest':
             data = {'status': 'error', 'message': 'Not Found'}
             response = make_response(json.dumps(data, ensure_ascii=False))
             response.headers["Content-Type"] = "application/json; charset=utf-8"
diff --git a/cps/shelf.py b/cps/shelf.py
index ff58395d..9d52434d 100644
--- a/cps/shelf.py
+++ b/cps/shelf.py
@@ -40,17 +40,18 @@ log = logger.create()
 @shelf.route("/shelf/add/<int:shelf_id>/<int:book_id>")
 @login_required
 def add_to_shelf(shelf_id, book_id):
+    xhr = request.headers.get('X-Requested-With') == 'XMLHttpRequest'
     shelf = ub.session.query(ub.Shelf).filter(ub.Shelf.id == shelf_id).first()
     if shelf is None:
         log.error("Invalid shelf specified: %s", shelf_id)
-        if not request.is_xhr:
+        if not xhr:
             flash(_(u"Invalid shelf specified"), category="error")
             return redirect(url_for('web.index'))
         return "Invalid shelf specified", 400
 
     if not shelf.is_public and not shelf.user_id == int(current_user.id):
         log.error("User %s not allowed to add a book to %s", current_user, shelf)
-        if not request.is_xhr:
+        if not xhr:
             flash(_(u"Sorry you are not allowed to add a book to the the shelf: %(shelfname)s", shelfname=shelf.name),
                   category="error")
             return redirect(url_for('web.index'))
@@ -58,7 +59,7 @@ def add_to_shelf(shelf_id, book_id):
 
     if shelf.is_public and not current_user.role_edit_shelfs():
         log.info("User %s not allowed to edit public shelves", current_user)
-        if not request.is_xhr:
+        if not xhr:
             flash(_(u"You are not allowed to edit public shelves"), category="error")
             return redirect(url_for('web.index'))
         return "User is not allowed to edit public shelves", 403
@@ -67,7 +68,7 @@ def add_to_shelf(shelf_id, book_id):
                                           ub.BookShelf.book_id == book_id).first()
     if book_in_shelf:
         log.error("Book %s is already part of %s", book_id, shelf)
-        if not request.is_xhr:
+        if not xhr:
             flash(_(u"Book is already part of the shelf: %(shelfname)s", shelfname=shelf.name), category="error")
             return redirect(url_for('web.index'))
         return "Book is already part of the shelf: %s" % shelf.name, 400
@@ -81,7 +82,7 @@ def add_to_shelf(shelf_id, book_id):
     ins = ub.BookShelf(shelf=shelf.id, book_id=book_id, order=maxOrder + 1)
     ub.session.add(ins)
     ub.session.commit()
-    if not request.is_xhr:
+    if not xhr:
         flash(_(u"Book has been added to shelf: %(sname)s", sname=shelf.name), category="success")
         if "HTTP_REFERER" in request.environ:
             return redirect(request.environ["HTTP_REFERER"])
@@ -147,10 +148,11 @@ def search_to_shelf(shelf_id):
 @shelf.route("/shelf/remove/<int:shelf_id>/<int:book_id>")
 @login_required
 def remove_from_shelf(shelf_id, book_id):
+    xhr = request.headers.get('X-Requested-With') == 'XMLHttpRequest'
     shelf = ub.session.query(ub.Shelf).filter(ub.Shelf.id == shelf_id).first()
     if shelf is None:
         log.error("Invalid shelf specified: %s", shelf_id)
-        if not request.is_xhr:
+        if not xhr:
             return redirect(url_for('web.index'))
         return "Invalid shelf specified", 400
 
@@ -169,20 +171,20 @@ def remove_from_shelf(shelf_id, book_id):
 
         if book_shelf is None:
             log.error("Book %s already removed from %s", book_id, shelf)
-            if not request.is_xhr:
+            if not xhr:
                 return redirect(url_for('web.index'))
             return "Book already removed from shelf", 410
 
         ub.session.delete(book_shelf)
         ub.session.commit()
 
-        if not request.is_xhr:
+        if not xhr:
             flash(_(u"Book has been removed from shelf: %(sname)s", sname=shelf.name), category="success")
             return redirect(request.environ["HTTP_REFERER"])
         return "", 204
     else:
         log.error("User %s not allowed to remove a book from %s", current_user, shelf)
-        if not request.is_xhr:
+        if not xhr:
             flash(_(u"Sorry you are not allowed to remove a book from this shelf: %(sname)s", sname=shelf.name),
                   category="error")
             return redirect(url_for('web.index'))
diff --git a/cps/web.py b/cps/web.py
index 1a78cc52..ab38f3d4 100644
--- a/cps/web.py
+++ b/cps/web.py
@@ -172,7 +172,7 @@ def remote_login_required(f):
     def inner(*args, **kwargs):
         if config.config_remote_login:
             return f(*args, **kwargs)
-        if request.is_xhr:
+        if request.headers.get('X-Requested-With') == 'XMLHttpRequest':
             data = {'status': 'error', 'message': 'Forbidden'}
             response = make_response(json.dumps(data, ensure_ascii=False))
             response.headers["Content-Type"] = "application/json; charset=utf-8"
@@ -1468,7 +1468,7 @@ def show_book(book_id):
                 audioentries.append(media_format.format.lower())
 
         return render_title_template('detail.html', entry=entries, audioentries=audioentries, cc=cc,
-                                     is_xhr=request.is_xhr, title=entries.title, books_shelfs=book_in_shelfs,
+                                     is_xhr=request.headers.get('X-Requested-With')=='XMLHttpRequest', title=entries.title, books_shelfs=book_in_shelfs,
                                      have_read=have_read, kindle_list=kindle_list, reader_list=reader_list, page="book")
     else:
         log.debug(u"Error opening eBook. File does not exist or file is not accessible:")