|
|
|
@ -55,7 +55,7 @@ def query(filter, query):
|
|
|
|
|
|
|
|
|
|
@app.route('/parts/getfile/<filename>')
|
|
|
|
|
def getfile(filename):
|
|
|
|
|
if(re.match('^[\w-_]+\.pdf$', filename) == None):
|
|
|
|
|
if(re.match('^[\w\-_]+\.pdf$', filename) == None):
|
|
|
|
|
return 'No injections pls.'
|
|
|
|
|
|
|
|
|
|
return send_from_directory('/srv/datasheets/', 'filename')
|
|
|
|
@ -72,7 +72,7 @@ def alter(partID):
|
|
|
|
|
if len(request.files) != 0:
|
|
|
|
|
datasheet_file = request.files['datasheet-file']
|
|
|
|
|
datasheet_filename = secure_filename(datasheet_file.filename)
|
|
|
|
|
datasheet_file.save('/srv/datasheets/' + filename)
|
|
|
|
|
datasheet_file.save('/srv/datasheets/' + datasheet_filename)
|
|
|
|
|
else:
|
|
|
|
|
datasheet_filename = ''
|
|
|
|
|
r = db_engine.execute(s, block=request.form['block'],
|
|
|
|
@ -96,7 +96,7 @@ def alter(partID):
|
|
|
|
|
if len(request.files) != 0:
|
|
|
|
|
datasheet_file = request.files['datasheet-file']
|
|
|
|
|
datasheet_filename = secure_filename(datasheet_file.filename)
|
|
|
|
|
datasheet_file.save('/srv/datasheets/' + filename)
|
|
|
|
|
datasheet_file.save('/srv/datasheets/' + datasheet_filename)
|
|
|
|
|
# TODO: Remove old datasheet
|
|
|
|
|
else:
|
|
|
|
|
datasheet_filename = l[0]['datasheet']
|
|
|
|
|