|
@@ -89,6 +89,16 @@ def upload(site):
|
|
|
|
|
|
|
|
|
@app.route("/listen/<fname>")
|
|
|
+def play(fname):
|
|
|
+ # prevent path traversal or any other trick
|
|
|
+ if "/" in fname or not re.match(r"^[a-z0-9]*.(ogg|wav)", fname):
|
|
|
+ abort(400)
|
|
|
+ fpath = os.path.join(UPLOAD_DIR, fname)
|
|
|
+ if not os.path.exists(fpath):
|
|
|
+ abort(404)
|
|
|
+ return render_template('player.html', fname=fname)
|
|
|
+
|
|
|
+@app.route("/download/<fname>")
|
|
|
def dl(fname):
|
|
|
# prevent path traversal or any other trick
|
|
|
if "/" in fname or not re.match(r"^[a-z0-9]*.(ogg|wav)", fname):
|