blob: a1739e04c76114f4ccc4ad9b4fc82cb888c2c938 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
|
<% $pdf %>
<%init>
die "access denied"
unless $FS::CurrentUser::CurrentUser->access_right('View invoices');
#untaint statementnum
my($query) = $cgi->keywords;
$query =~ /^((.+)-)?(\d+)(.pdf)?$/;
my $templatename = $2 || 'statement'; #XXX configure... via event?? eh..
my $statementnum = $3;
my $cust_statement = qsearchs({
'select' => 'cust_statement.*',
'table' => 'cust_statement',
'addl_from' => 'LEFT JOIN cust_main USING ( custnum )',
'hashref' => { 'statementnum' => $statementnum },
'extra_sql' => ' AND '. $FS::CurrentUser::CurrentUser->agentnums_sql,
});
die "Statement #$statementnum not found!" unless $cust_statement;
my $pdf = $cust_statement->print_pdf( '', $templatename);
http_header('Content-Type' => 'application/pdf' );
http_header('Content-Length' => length($pdf) );
http_header('Cache-control' => 'max-age=60' );
</%init>
|