New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support wkhtmltopdf v0.12.x #6489
Comments
MaDada have patched the https://gitlab.com/madada-team/dada-core/-/issues/49 |
Just to move this conversation closer to the specific issue at hand…
I certainly think we should make conscious decisions about this kind of thing. How could this be used as an attack vector though? How would someone inject some JS into contents that get converted to PDF via this command on Alaveteli? I don't have the answers to these without giving it more thought, but that's what we should understand to make a confident decision here. Here's the upstream issue that introduced the change wkhtmltopdf/wkhtmltopdf#4536. It looks like we could minimise the access by using the |
Have finally got wkhtmltopdf installed working correctly on simple HTML files. After applying the patch, when downloading requests as Zip the conversion hangs, when I
Running the command outside of Rails I see:
I hangs on 11% without timing out |
Another issue, the patch assumes we're using In fact in the specs we stub the command to be Nor can we currently set Now, does anyone use a different html to pdf convertor? I have no idea. I think we could announce in #6347 we are depreciating Once removed, |
Applying the French patch successfully generates the correspondence PDF on the Debian Bullseye VM.
Yeah, let's definitely do this! One minor change I'd make to this suggestion is to introduce the deprecation notice in #6347 and then remove it in The gotcha here is how we support the different arguments required as we migrate OSs'. Might need to make this configurable at theme level to ease migration # THEME
# Old versions
InfoRequest::PdfConverter.command = %w(/usr/local/bin/wkhtmltopdf)
# New versions
InfoRequest::PdfConverter.command = %w(/usr/local/bin/wkhtmltopdf --enable-local-file-access --load-media-error-handling etc)
# IN USE
# I know there's a better way of doing this but YSWIM…
command = InfoRequest::PdfConverter.command.first.dup
cmd = command.first
command.delete_at(0)
args = command
AlaveteliExternalCommand.run(cmd, args, tmp_input.path, tmp_output.path)
On WhatDoTheyKnow we still generate a PDF, but that appears to be because we use a custom binary. Not sure what the deal is here, but it's likely that this is borked in all other supported OSs. This is a significant regression. These are incredibly useful for sending a human-readable form of the request to regulators, especially for Pro users where the request is private, and for exporting requests to share with others (though, perhaps slightly less necessary with #5608?). In any case, we've decided to press ahead with getting #6615 merged, even with this issue. With the deprecation, we'll at least have a bit more freedom around fixing this. |
As with other external commands we need are only going to support one option (`wkhtmltopdf`). Doing so will make it easier to pass command specific arguments to the tool in order to support later versions. See: #6489
Some changes will be required to support the latest version of
wkhtmltopdf
it errors out and the alaveteli fallbacks back to the txt version.See: #6435
The text was updated successfully, but these errors were encountered: