Some quick fixes

server.py

@@ -55,7 +55,7 @@ def query(filter, query):
 
 @app.route('/parts/getfile/<filename>')
 def getfile(filename):
-    if(re.match('^[\w-_]+\.pdf$', filename) == None):
+    if(re.match('^[\w\-_]+\.pdf$', filename) == None):
         return 'No injections pls.'
 
     return send_from_directory('/srv/datasheets/', 'filename')
@@ -72,7 +72,7 @@ def alter(partID):
         if len(request.files) != 0:
             datasheet_file = request.files['datasheet-file']
             datasheet_filename = secure_filename(datasheet_file.filename)
-            datasheet_file.save('/srv/datasheets/' + filename)
+            datasheet_file.save('/srv/datasheets/' + datasheet_filename)
         else:
             datasheet_filename = ''
         r = db_engine.execute(s, block=request.form['block'],
@@ -96,7 +96,7 @@ def alter(partID):
         if len(request.files) != 0:
             datasheet_file = request.files['datasheet-file']
             datasheet_filename = secure_filename(datasheet_file.filename)
-            datasheet_file.save('/srv/datasheets/' + filename)
+            datasheet_file.save('/srv/datasheets/' + datasheet_filename)
             # TODO: Remove old datasheet
         else:
             datasheet_filename = l[0]['datasheet']

static/script.js

@@ -189,6 +189,7 @@ function show_part_info(partID) {
 }
 
 $(document).ready(function() {
+    $.ajaxSetup({ cache: false });
     $('.search-bar').on('keyup', function() {
         var query = $('.search-bar').val();
         var filter = 0;
@@ -227,7 +228,7 @@ $(document).ready(function() {
               newResults += '</div>';
 
               newResults += '<div class="results-notes">';
-              if (data[i].notes != null)
+              if (data[i].notes != null && notes.length > 0)
                 newResults += '<div class="tooltip"><i class="fa fa-sicky-note"></i><span class="tooltiptext">' + data[i].notes + '</span></div>';
                 //newResults += data[i].notes;
               newResults += '</div>';