X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=reporting%2Fprn_redirect.php;h=d5fe9cf6f9467881da80053f42b20ebe41028599;hb=268a54dcfd08aff7113bc3afe8b784f36db2d0d4;hp=d827aaa3e6a783e8422edcc8fe4500521ee1ec87;hpb=955e7d5427906ef544912411d1466fe5561d7f16;p=fa-stable.git

diff --git a/reporting/prn_redirect.php b/reporting/prn_redirect.php
index d827aaa3..d5fe9cf6 100644
--- a/reporting/prn_redirect.php
+++ b/reporting/prn_redirect.php
@@ -14,24 +14,25 @@
 	print button in reporting module. 
 */
 $path_to_root = "..";
+global $page_security;
 $page_security = 'SA_OPEN';	// this level is later overriden in rep file
 include_once($path_to_root . "/includes/session.inc");
 
-if (isset($save_report_selections) && $save_report_selections > 0 && isset($_POST['REP_ID'])) {	// save parameters from Report Center
-	for($i=0; $i<10; $i++) { // 2010-10-06 Joe Hunt
+if (user_save_report_selections() > 0 && isset($_POST['REP_ID'])) {	// save parameters from Report Center
+	for($i=0; $i<12; $i++) { // 2013-01-16 Joe Hunt
 		if (isset($_POST['PARAM_'.$i]) && !is_array($_POST['PARAM_'.$i])) {
 			$rep = $_POST['REP_ID'];
-			setcookie("select[$rep][$i]", $_POST['PARAM_'.$i], time()+60*60*24*$save_report_selections); // days from $save_report_selections
+			setcookie("select[$rep][$i]", $_POST['PARAM_'.$i], time()+60*60*24*user_save_report_selections()); // days from user_save_report_selections()
 		}	
 	}
 }	
 
-if (isset($_GET['xls']))
+if (isset($_GET['xls']) || isset($_GET['xml']))
 {
 	$filename = $_GET['filename'];
-	$unique_name = preg_replace('/[^0-9a-z.]/i', '', $_GET['unique']);
+	$unique_name = preg_replace('/[^0-9_a-z.\-]/i', '', $_GET['unique']);
 	$path =  company_path(). '/pdf_files/';
-	header("Content-type: application/vnd.ms-excel");
+	header("Content-type: ". (isset($_GET['xls']) ? "application/vnd.ms-excel" : "text/xml"));
 	header("Content-Disposition: attachment; filename=$filename" );
 	header("Expires: 0");
 	header("Cache-Control: must-revalidate, post-check=0,pre-check=0");
@@ -39,20 +40,7 @@ if (isset($_GET['xls']))
 	echo file_get_contents($path.$unique_name);
 	exit();
 }
-elseif (isset($_GET['xml']))
-{
-	$filename = $_GET['filename'];
-	$unique_name = preg_replace('/[^0-9a-z.]/i', '', $_GET['unique']);
-	$path =  company_path(). '/pdf_files/';
-	header("content-type: text/xml");
-	header("Content-Disposition: attachment; filename=$filename");
-	header("Expires: 0");
-	header("Cache-Control: must-revalidate, post-check=0,pre-check=0");
-	header("Pragma: public");
-	echo file_get_contents($path.$unique_name);
-	exit();
-}
-	
+
 if (!isset($_POST['REP_ID'])) {	// print link clicked
 	$def_pars = array(0, 0, '', '', 0, '', '', 0); //default values
 	$rep = $_POST['REP_ID'] = $_GET['REP_ID'];
@@ -72,4 +60,3 @@ if ($rep_file) {
 	display_error("Cannot find report file '$rep'");
 exit();
 
-?>
\ No newline at end of file