diff options
Diffstat (limited to 'httemplate/view/cust_statement-pdf.cgi')
-rwxr-xr-x | httemplate/view/cust_statement-pdf.cgi | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/httemplate/view/cust_statement-pdf.cgi b/httemplate/view/cust_statement-pdf.cgi new file mode 100755 index 0000000..a1739e0 --- /dev/null +++ b/httemplate/view/cust_statement-pdf.cgi @@ -0,0 +1,28 @@ +<% $pdf %> +<%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('View invoices'); + +#untaint statementnum +my($query) = $cgi->keywords; +$query =~ /^((.+)-)?(\d+)(.pdf)?$/; +my $templatename = $2 || 'statement'; #XXX configure... via event?? eh.. +my $statementnum = $3; + +my $cust_statement = qsearchs({ + 'select' => 'cust_statement.*', + 'table' => 'cust_statement', + 'addl_from' => 'LEFT JOIN cust_main USING ( custnum )', + 'hashref' => { 'statementnum' => $statementnum }, + 'extra_sql' => ' AND '. $FS::CurrentUser::CurrentUser->agentnums_sql, +}); +die "Statement #$statementnum not found!" unless $cust_statement; + +my $pdf = $cust_statement->print_pdf( '', $templatename); + +http_header('Content-Type' => 'application/pdf' ); +http_header('Content-Length' => length($pdf) ); +http_header('Cache-control' => 'max-age=60' ); + +</%init> |