summaryrefslogtreecommitdiff
path: root/httemplate/view/cust_statement-pdf.cgi
diff options
context:
space:
mode:
authorivan <ivan>2009-08-20 09:47:05 +0000
committerivan <ivan>2009-08-20 09:47:05 +0000
commit1e34f4a5d142bd58f5918219db0931e81ad0418e (patch)
treebacfc80211078bd21e2ef44c3461b15078bfbd9d /httemplate/view/cust_statement-pdf.cgi
parente042c7a9463af50a08cab6ddfcd62fed2b5f276e (diff)
email statements, RT#4860
Diffstat (limited to 'httemplate/view/cust_statement-pdf.cgi')
-rwxr-xr-xhttemplate/view/cust_statement-pdf.cgi28
1 files changed, 28 insertions, 0 deletions
diff --git a/httemplate/view/cust_statement-pdf.cgi b/httemplate/view/cust_statement-pdf.cgi
new file mode 100755
index 000000000..a1739e04c
--- /dev/null
+++ b/httemplate/view/cust_statement-pdf.cgi
@@ -0,0 +1,28 @@
+<% $pdf %>
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('View invoices');
+
+#untaint statementnum
+my($query) = $cgi->keywords;
+$query =~ /^((.+)-)?(\d+)(.pdf)?$/;
+my $templatename = $2 || 'statement'; #XXX configure... via event?? eh..
+my $statementnum = $3;
+
+my $cust_statement = qsearchs({
+ 'select' => 'cust_statement.*',
+ 'table' => 'cust_statement',
+ 'addl_from' => 'LEFT JOIN cust_main USING ( custnum )',
+ 'hashref' => { 'statementnum' => $statementnum },
+ 'extra_sql' => ' AND '. $FS::CurrentUser::CurrentUser->agentnums_sql,
+});
+die "Statement #$statementnum not found!" unless $cust_statement;
+
+my $pdf = $cust_statement->print_pdf( '', $templatename);
+
+http_header('Content-Type' => 'application/pdf' );
+http_header('Content-Length' => length($pdf) );
+http_header('Cache-control' => 'max-age=60' );
+
+</%init>