From 5e307c4eefa1c4275d5da7b36674e908d2ad1bd7 Mon Sep 17 00:00:00 2001
From: assar <davidebo@kth.se>
Date: Sat, 10 Jun 2017 15:34:03 +0200
Subject: [PATCH] Added some datasheet filename sanitizing

---
 static/script.js | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/static/script.js b/static/script.js
index 7c18832..cbd7525 100644
--- a/static/script.js
+++ b/static/script.js
@@ -122,6 +122,10 @@ function save(partID) {
 	var data = new FormData();
 
 	if (datasheet.length == 1)
+		if(! datasheet[0]['name'].match(/^[\w\-]+\.pdf$/g)) {
+			alert('Invalid filename. Please match /^[\w\-]+\.pdf$/g');
+			return;
+		}
 		data.append('datasheet-file', datasheet[0]);
 	data.append('block', block_v);
 	data.append('type', type_v);