projects / fa-stable.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Fixed Assets, a couple of small bugs more.
[fa-stable.git] / reporting / prn_redirect.php
diff --git a/reporting/prn_redirect.php b/reporting/prn_redirect.php
index 8a64ea397e65dc13c98720d5bd63ae42adfc1cb7..b6f1959f1ae279b57eed269e0d27f4e521461e55 100644 (file)
--- a/reporting/prn_redirect.php
+++ b/reporting/prn_redirect.php
@@ -14,14 +14,15 @@
        print button in reporting module. 
 */
 $path_to_root = "..";
+global $page_security;
 $page_security = 'SA_OPEN';    // this level is later overriden in rep file
 include_once($path_to_root . "/includes/session.inc");
 
-if (isset($save_report_selections) && $save_report_selections > 0 && isset($_POST['REP_ID'])) {        // save parameters from Report Center
-       for($i=0; $i<10; $i++) { // 2010-10-06 Joe Hunt
+if (user_save_report_selections() > 0 && isset($_POST['REP_ID'])) {    // save parameters from Report Center
+       for($i=0; $i<12; $i++) { // 2013-01-16 Joe Hunt
                if (isset($_POST['PARAM_'.$i]) && !is_array($_POST['PARAM_'.$i])) {
                        $rep = $_POST['REP_ID'];
-                       setcookie("select[$rep][$i]", $_POST['PARAM_'.$i], time()+60*60*24*$save_report_selections); // days from $save_report_selections
+                       setcookie("select[$rep][$i]", $_POST['PARAM_'.$i], time()+60*60*24*user_save_report_selections()); // days from user_save_report_selections()
                }       
        }
 }      
@@ -29,7 +30,7 @@ if (isset($save_report_selections) && $save_report_selections > 0 && isset($_POS
 if (isset($_GET['xls']))
 {
        $filename = $_GET['filename'];
-       $unique_name = $_GET['unique'];
+       $unique_name = preg_replace('/[^0-9a-z.]/i', '', $_GET['unique']);
        $path =  company_path(). '/pdf_files/';
        header("Content-type: application/vnd.ms-excel");
        header("Content-Disposition: attachment; filename=$filename" );
@@ -42,7 +43,7 @@ if (isset($_GET['xls']))
 elseif (isset($_GET['xml']))
 {
        $filename = $_GET['filename'];
-       $unique_name = $_GET['unique'];
+       $unique_name = preg_replace('/[^0-9a-z.]/i', '', $_GET['unique']);
        $path =  company_path(). '/pdf_files/';
        header("content-type: text/xml");
        header("Content-Disposition: attachment; filename=$filename");
@@ -61,7 +62,8 @@ if (!isset($_POST['REP_ID'])) {       // print link clicked
                        ? $_GET['PARAM_'.$i] : $def_pars[$i];
        }
 }
-$rep = $_POST['REP_ID'];
+
+$rep = preg_replace('/[^a-z_0-9]/i', '', $_POST['REP_ID']);
 
 $rep_file = find_custom_file("/reporting/rep$rep.php");
 
@@ -71,4 +73,3 @@ if ($rep_file) {
        display_error("Cannot find report file '$rep'");
 exit();
 
-?>
\ No newline at end of file
FrontAccounting stable branch