X-Git-Url: http://git.freeside.biz/gitweb/?a=blobdiff_plain;f=httemplate%2Fview%2Fcust_bill-logo.cgi;h=ad2ff5430937d586e041e487e2c3ebbb7e5d5caa;hb=dcbcdb1ed71883f8a88eda28f89d8835c38c514e;hp=3e9c67fccbfcd8b91616d3cc4009687e594d98c8;hpb=df185d34f354c5788e8c4693182b7689a3333839;p=freeside.git

diff --git a/httemplate/view/cust_bill-logo.cgi b/httemplate/view/cust_bill-logo.cgi
index 3e9c67fcc..ad2ff5430 100755
--- a/httemplate/view/cust_bill-logo.cgi
+++ b/httemplate/view/cust_bill-logo.cgi
@@ -1,15 +1,31 @@
-<%
+<% $conf->config_binary("logo$templatename.png", $agentnum) %>
+<%init>
 
-##untaint invnum
-#my($query) = $cgi->keywords;
-#$query =~ /^((.+)-)?(\d+)$/;
-#my $templatename = $2;
-#my $invnum = $3;
-
-my $templatename = '';
+die "access denied"
+  unless $FS::CurrentUser::CurrentUser->access_right('View invoices')
+      or $FS::CurrentUser::CurrentUser->access_right('Configuration');
 
 my $conf = new FS::Conf;
-http_header('Content-Type' => 'image/png' );
+
+my $templatename;
+my $agentnum = '';
+if ( $cgi->param('invnum') ) {
+  $templatename = $cgi->param('template') || $cgi->param('templatename');
+  my $cust_bill = qsearchs('cust_bill', { 'invnum' => $cgi->param('invnum') } )
+    or die 'unknown invnum';
+  $agentnum = $cust_bill->cust_main->agentnum;
+} else {
+  my($query) = $cgi->keywords;
+  $query =~ /^([^\.\/]*)$/ or die 'illegal query';
+  $templatename = $1;
+}
+
+if ( $templatename && $conf->exists("logo_$templatename.png") ) {
+  $templatename = "_$templatename";
+} else {
+  $templatename = '';
+}
 
 http_header('Content-Type' => 'image/png' );
-%><%= $conf->config_binary("logo$templatename.png") %>
+
+</%init>