{
mkdir($filename);
}
- $filename .= "/".$_FILES['pic']['name'];
+ $filename .= "/".clean_file_name($_FILES['pic']['name']);
//But check for the worst
- if (!in_array((substr(trim($_FILES['pic']['name']),-3)),
- array('jpg','JPG','png','PNG')))
+ if (!in_array( substr($filename,-3), array('jpg','JPG','png','PNG')))
{
display_error(_('Only jpg and png files are supported - a file extension of .jpg or .png is expected'));
$input_error = 1;
if ($input_error != 1)
{
$result = move_uploaded_file($_FILES['pic']['tmp_name'], $filename);
- $_POST['coy_logo'] = $_FILES['pic']['name'];
+ $_POST['coy_logo'] = clean_file_name($_FILES['pic']['name']);
if(!$result)
display_error(_('Error uploading logo file'));
}
}
if (check_value('del_coy_logo'))
{
- $filename = company_path()."/images/".$_POST['coy_logo'];
+ $filename = company_path()."/images/".clean_file_name($_POST['coy_logo']);
if (file_exists($filename))
{
$result = unlink($filename);
display_error(_('The existing image could not be removed'));
$input_error = 1;
}
- else
- $_POST['coy_logo'] = "";
}
+ $_POST['coy_logo'] = "";
}
if ($_POST['add_pct'] == "")
$_POST['add_pct'] = -1;
'use_dimension', 'curr_default', 'f_year',
'no_item_list' => 0, 'no_customer_list' => 0,
'no_supplier_list' =>0, 'base_sales',
- 'time_zone' => 0, 'add_pct', 'round_to', 'login_tout', 'auto_curr_reval'))
+ 'time_zone' => 0, 'add_pct', 'round_to', 'login_tout', 'auto_curr_reval',
+ 'bcc_email'))
);
$_SESSION['wa_current_user']->timeout = $_POST['login_tout'];
} /* end of if submit */
//---------------------------------------------------------------------------------------------
-
+if (get_company_pref('bcc_email') === null) { // available from 2.3.14, can be not defined on pre-2.4 installations
+ set_company_pref('bcc_email', 'setup.company', 'varchar', 100, '');
+ refresh_sys_prefs();
+}
start_form(true);
$myrow = get_company_prefs();
$_POST['round_to'] = $myrow['round_to'];
$_POST['auto_curr_reval'] = $myrow['auto_curr_reval'];
$_POST['del_coy_logo'] = 0;
+$_POST['bcc_email'] = $myrow["bcc_email"];
start_outer_table(TABLESTYLE2);
text_row_ex(_("Fax Number:"), 'fax', 25);
email_row_ex(_("Email Address:"), 'email', 25, 55);
+email_row_ex(_("BCC Address for all outgoing mails:"), 'bcc_email', 25, 55);
+
text_row_ex(_("Official Company Number:"), 'coy_no', 25);
text_row_ex(_("GSTNo:"), 'gst_no', 25);
text_row_ex(_("Add Price from Std Cost:"), 'add_pct', 10, 10, '', null, null, "%");
$curr = get_currency($_POST['curr_default']);
text_row_ex(_("Round to nearest:"), 'round_to', 10, 10, '', null, null, $curr['hundreds_name']);
+label_row("", " ");
check_row(_("Search Item List"), 'no_item_list', null);
check_row(_("Search Customer List"), 'no_customer_list', null);
projects / fa-stable.git / blobdiff