diff options
| -rw-r--r-- | fietsboek/views/profile.py | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/fietsboek/views/profile.py b/fietsboek/views/profile.py index a08fad7..9f68d2f 100644 --- a/fietsboek/views/profile.py +++ b/fietsboek/views/profile.py @@ -1,6 +1,7 @@ """Endpoints for the user profile pages.""" import datetime import sqlite3 +import urllib.parse from dataclasses import dataclass from typing import Optional @@ -192,7 +193,16 @@ def user_tile(request: Request) -> Response: if path is None: return HTTPNotFound() - connection = sqlite3.connect(path) + # See + # https://docs.python.org/3/library/sqlite3.html#how-to-work-with-sqlite-uris + # https://stackoverflow.com/questions/10205744/opening-sqlite3-database-from-python-in-read-only-mode + # https://stackoverflow.com/questions/17170202/dont-want-to-create-a-new-database-if-it-doesnt-already-exists + sqlite_uri = urllib.parse.urlunparse(("file", "", str(path), "", "mode=ro", "")) + try: + connection = sqlite3.connect(sqlite_uri, uri=True) + except sqlite3.OperationalError: + return HTTPNotFound() + cursor = connection.cursor() result = cursor.execute( "SELECT data FROM tiles WHERE zoom = ? AND x = ? AND y = ?;", |