lib/epubmaker/epubv2.rb in review-1.0.0 vs lib/epubmaker/epubv2.rb in review-1.1.0
- old
+ new
@@ -1,17 +1,18 @@
# encoding: utf-8
# = epubv2.rb -- EPUB version 2 producer.
#
-# Copyright (c) 2010 Kenshi Muto and Masayoshi Takahashi
+# Copyright (c) 2010-2012 Kenshi Muto and Masayoshi Takahashi
#
# This program is free software.
# You can distribute or modify this program under the terms of
# the GNU LGPL, Lesser General Public License version 2.1.
# For details of the GNU LGPL, see the file "COPYING".
#
require 'epubmaker/producer'
+require 'cgi'
module EPUBMaker
# EPUBv2 is EPUB version 2 producer.
class EPUBv2
@@ -20,13 +21,11 @@
@producer = producer
end
# Return mimetype content.
def mimetype
- return <<EOT
-application/epub+zip
-EOT
+ return "application/epub+zip"
end
# Return opf file content.
def opf
s = <<EOT
@@ -35,13 +34,13 @@
<metadata xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:opf="http://www.idpf.org/2007/opf">
EOT
%w[title language date type format source description relation coverage subject rights].each do |item|
next if @producer.params[item].nil?
if @producer.params[item].instance_of?(Array)
- s << @producer.params[item].map {|i| %Q[ <dc:#{item}>#{i}</dc:#{item}>\n]}.join
+ s << @producer.params[item].map {|i| %Q[ <dc:#{item}>#{CGI.escapeHTML(i.to_s)}</dc:#{item}>\n]}.join
else
- s << %Q[ <dc:#{item}>#{@producer.params[item]}</dc:#{item}>\n]
+ s << %Q[ <dc:#{item}>#{CGI.escapeHTML(@producer.params[item].to_s)}</dc:#{item}>\n]
end
end
# ID
if @producer.params["isbn"].nil?
@@ -52,18 +51,18 @@
# creator
%w[aut a-adp a-ann a-arr a-art a-asn a-aqt a-aft a-aui a-ant a-bkp a-clb a-cmm a-dsr a-edt a-ill a-lyr a-mdc a-mus a-nrt a-oth a-pht a-prt a-red a-rev a-spn a-ths a-trc a-trl].each do |role|
next if @producer.params[role].nil?
@producer.params[role].each do |v|
- s << %Q[ <dc:creator opf:role="#{role.sub('a-', '')}">#{v}</dc:creator>\n]
+ s << %Q[ <dc:creator opf:role="#{role.sub('a-', '')}">#{CGI.escapeHTML(v)}</dc:creator>\n]
end
end
# contributor
%w[adp ann arr art asn aqt aft aui ant bkp clb cmm dsr edt ill lyr mdc mus nrt oth pht prt red rev spn ths trc trl].each do |role|
next if @producer.params[role].nil?
@producer.params[role].each do |v|
- s << %Q[ <dc:contributor opf:role="#{role}">#{v}</dc:contributor>\n]
+ s << %Q[ <dc:contributor opf:role="#{role}">#{CGI.escapeHTML(v)}</dc:contributor>\n]
if role == "prt"
s << %Q[ <dc:publisher>#{v}</dc:publisher>\n]
end
end
end
@@ -133,19 +132,19 @@
end
s << <<EOT
</head>
<docTitle>
- <text>#{@producer.params["title"]}</text>
+ <text>#{CGI.escapeHTML(@producer.params["title"])}</text>
</docTitle>
<docAuthor>
- <text>#{@producer.params["aut"].nil? ? "" : @producer.params["aut"].join(", ")}</text>
+ <text>#{@producer.params["aut"].nil? ? "" : CGI.escapeHTML(@producer.params["aut"].join(", "))}</text>
</docAuthor>
<navMap>
<navPoint id="top" playOrder="1">
<navLabel>
- <text>#{@producer.params["title"]}</text>
+ <text>#{CGI.escapeHTML(@producer.params["title"])}</text>
</navLabel>
<content src="#{@producer.params["cover"]}"/>
</navPoint>
EOT
@@ -201,17 +200,17 @@
# Return cover content.
def cover
s = common_header
s << <<EOT
- <title>#{@producer.params["title"]}</title>
+ <title>#{CGI.escapeHTML(@producer.params["title"])}</title>
</head>
<body>
EOT
if @producer.params["coverimage"].nil?
s << <<EOT
-<h1 class="cover-title">#{@producer.params["title"]}</h1>
+<h1 class="cover-title">#{CGI.escapeHTML(@producer.params["title"])}</h1>
EOT
else
file = nil
@producer.contents.each do |item|
if item.media =~ /\Aimage/ && item.file =~ /#{@producer.params["coverimage"]}\Z/ # /
@@ -220,11 +219,11 @@
end
end
raise "coverimage #{@producer.params["coverimage"]} not found. Abort." if file.nil?
s << <<EOT
<div id="cover-image" class="cover-image">
- <img src="#{file}" alt="#{@producer.params["title"]}" class="max"/>
+ <img src="#{file}" alt="#{CGI.escapeHTML(@producer.params["title"])}" class="max"/>
</div>
EOT
end
s << <<EOT
@@ -236,23 +235,23 @@
# Return title (copying) content.
def titlepage
s = common_header
s << <<EOT
- <title>#{@producer.params["title"]}</title>
+ <title>#{CGI.escapeHTML(@producer.params["title"])}</title>
</head>
<body>
- <h1 class="tp-title">#{@producer.params["title"]}</h1>
+ <h1 class="tp-title">#{CGI.escapeHTML(@producer.params["title"])}</h1>
EOT
if @producer.params["aut"]
s << <<EOT
<p>
<br />
<br />
</p>
- <h2 class="tp-author">#{@producer.params["aut"]}</h2>
+ <h2 class="tp-author">#{CGI.escapeHTML(@producer.params["aut"])}</h2>
EOT
end
if @producer.params["prt"]
s << <<EOT
@@ -260,11 +259,11 @@
<br />
<br />
<br />
<br />
</p>
- <h3 class="tp-publisher">#{@producer.params["prt"]}</h3>
+ <h3 class="tp-publisher">#{CGI.escapeHTML(@producer.params["prt"])}</h3>
EOT
end
s << <<EOT
</body>
@@ -279,23 +278,23 @@
s << <<EOT
<title>#{@producer.res.v("colophontitle")}</title>
</head>
<body>
<div class="colophon">
- <p class="title">#{@producer.params["title"]}</p>
+ <p class="title">#{CGI.escapeHTML(@producer.params["title"])}</p>
EOT
if @producer.params["pubhistory"]
s << %Q[ <div class="pubhistory">\n <p>#{@producer.params["pubhistory"].gsub(/\n/, "<br />")}</p>\n </div>\n] # FIXME: should be array?
end
s << %Q[ <table class="colophon">\n]
- s << %Q[ <tr><th>#{@producer.res.v("c-aut")}</th><td>#{@producer.params["aut"]}</td></tr>\n] if @producer.params["aut"]
- s << %Q[ <tr><th>#{@producer.res.v("c-dsr")}</th><td>#{@producer.params["dsr"]}</td></tr>\n] if @producer.params["dsr"]
- s << %Q[ <tr><th>#{@producer.res.v("c-ill")}</th><td>#{@producer.params["ill"]}</td></tr>\n] if @producer.params["ill"]
- s << %Q[ <tr><th>#{@producer.res.v("c-edt")}</th><td>#{@producer.params["edt"]}</td></tr>\n] if @producer.params["edt"]
- s << %Q[ <tr><th>#{@producer.res.v("c-prt")}</th><td>#{@producer.params["prt"]}</td></tr>\n] if @producer.params["prt"]
+ s << %Q[ <tr><th>#{@producer.res.v("c-aut")}</th><td>#{CGI.escapeHTML(@producer.params["aut"])}</td></tr>\n] if @producer.params["aut"]
+ s << %Q[ <tr><th>#{@producer.res.v("c-dsr")}</th><td>#{CGI.escapeHTML(@producer.params["dsr"])}</td></tr>\n] if @producer.params["dsr"]
+ s << %Q[ <tr><th>#{@producer.res.v("c-ill")}</th><td>#{CGI.escapeHTML(@producer.params["ill"])}</td></tr>\n] if @producer.params["ill"]
+ s << %Q[ <tr><th>#{@producer.res.v("c-edt")}</th><td>#{CGI.escapeHTML(@producer.params["edt"])}</td></tr>\n] if @producer.params["edt"]
+ s << %Q[ <tr><th>#{@producer.res.v("c-prt")}</th><td>#{CGI.escapeHTML(@producer.params["prt"])}</td></tr>\n] if @producer.params["prt"]
s << <<EOT
</table>
</div>
</body>
</html>
@@ -378,19 +377,19 @@
fname = "#{basedir}/#{item.file}"
raise "#{fname} doesn't exist. Abort." unless File.exist?(fname)
FileUtils.mkdir_p(File.dirname("#{tmpdir}/OEBPS/#{item.file}")) unless File.exist?(File.dirname("#{tmpdir}/OEBPS/#{item.file}"))
FileUtils.cp(fname, "#{tmpdir}/OEBPS/#{item.file}")
end
-
+
fork {
Dir.chdir(tmpdir) {|d|
- exec("zip -0X #{epubfile} mimetype")
+ exec("zip", "-0X", "#{epubfile}", "mimetype")
}
}
Process.waitall
fork {
Dir.chdir(tmpdir) {|d|
- exec("zip -Xr9D #{epubfile} META-INF OEBPS")
+ exec("zip", "-Xr9D", "#{epubfile}", "META-INF", "OEBPS")
}
}
Process.waitall
end