X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=reporting%2Fprn_redirect.php;h=b6f1959f1ae279b57eed269e0d27f4e521461e55;hb=b0c4c9777f9574e9c2805fddc2a12576d75d94ce;hp=ce525ea1ff788253acabaf994fdb5f8a644013f1;hpb=492a9e795d7e0bb32a50449c60d3f9e40e81c79c;p=fa-stable.git

diff --git a/reporting/prn_redirect.php b/reporting/prn_redirect.php
index ce525ea1..b6f1959f 100644
--- a/reporting/prn_redirect.php
+++ b/reporting/prn_redirect.php
@@ -14,13 +14,23 @@
 	print button in reporting module. 
 */
 $path_to_root = "..";
+global $page_security;
 $page_security = 'SA_OPEN';	// this level is later overriden in rep file
 include_once($path_to_root . "/includes/session.inc");
 
+if (user_save_report_selections() > 0 && isset($_POST['REP_ID'])) {	// save parameters from Report Center
+	for($i=0; $i<12; $i++) { // 2013-01-16 Joe Hunt
+		if (isset($_POST['PARAM_'.$i]) && !is_array($_POST['PARAM_'.$i])) {
+			$rep = $_POST['REP_ID'];
+			setcookie("select[$rep][$i]", $_POST['PARAM_'.$i], time()+60*60*24*user_save_report_selections()); // days from user_save_report_selections()
+		}	
+	}
+}	
+
 if (isset($_GET['xls']))
 {
 	$filename = $_GET['filename'];
-	$unique_name = $_GET['unique'];
+	$unique_name = preg_replace('/[^0-9a-z.]/i', '', $_GET['unique']);
 	$path =  company_path(). '/pdf_files/';
 	header("Content-type: application/vnd.ms-excel");
 	header("Content-Disposition: attachment; filename=$filename" );
@@ -33,7 +43,7 @@ if (isset($_GET['xls']))
 elseif (isset($_GET['xml']))
 {
 	$filename = $_GET['filename'];
-	$unique_name = $_GET['unique'];
+	$unique_name = preg_replace('/[^0-9a-z.]/i', '', $_GET['unique']);
 	$path =  company_path(). '/pdf_files/';
 	header("content-type: text/xml");
 	header("Content-Disposition: attachment; filename=$filename");
@@ -53,7 +63,7 @@ if (!isset($_POST['REP_ID'])) {	// print link clicked
 	}
 }
 
-$rep = $_POST['REP_ID'];
+$rep = preg_replace('/[^a-z_0-9]/i', '', $_POST['REP_ID']);
 
 $rep_file = find_custom_file("/reporting/rep$rep.php");
 
@@ -63,4 +73,3 @@ if ($rep_file) {
 	display_error("Cannot find report file '$rep'");
 exit();
 
-?>
\ No newline at end of file