diff --git a/server.py b/server.py index b7316ec..ebec14a 100644 --- a/server.py +++ b/server.py @@ -55,7 +55,7 @@ def query(filter, query): @app.route('/parts/getfile/') def getfile(filename): - if(re.match('^[\w-_]+\.pdf$', filename) == None): + if(re.match('^[\w\-_]+\.pdf$', filename) == None): return 'No injections pls.' return send_from_directory('/srv/datasheets/', 'filename') @@ -72,7 +72,7 @@ def alter(partID): if len(request.files) != 0: datasheet_file = request.files['datasheet-file'] datasheet_filename = secure_filename(datasheet_file.filename) - datasheet_file.save('/srv/datasheets/' + filename) + datasheet_file.save('/srv/datasheets/' + datasheet_filename) else: datasheet_filename = '' r = db_engine.execute(s, block=request.form['block'], @@ -96,7 +96,7 @@ def alter(partID): if len(request.files) != 0: datasheet_file = request.files['datasheet-file'] datasheet_filename = secure_filename(datasheet_file.filename) - datasheet_file.save('/srv/datasheets/' + filename) + datasheet_file.save('/srv/datasheets/' + datasheet_filename) # TODO: Remove old datasheet else: datasheet_filename = l[0]['datasheet'] diff --git a/static/script.js b/static/script.js index ca75f3c..6268b0e 100644 --- a/static/script.js +++ b/static/script.js @@ -189,6 +189,7 @@ function show_part_info(partID) { } $(document).ready(function() { + $.ajaxSetup({ cache: false }); $('.search-bar').on('keyup', function() { var query = $('.search-bar').val(); var filter = 0; @@ -227,7 +228,7 @@ $(document).ready(function() { newResults += ''; newResults += '
'; - if (data[i].notes != null) + if (data[i].notes != null && notes.length > 0) newResults += '
' + data[i].notes + '
'; //newResults += data[i].notes; newResults += '
';