<%
-##untaint invnum
-#my($query) = $cgi->keywords;
-#$query =~ /^((.+)-)?(\d+)$/;
-#my $templatename = $2;
-#my $invnum = $3;
-
-my $templatename = '';
-
my $conf = new FS::Conf;
-http_header('Content-Type' => 'image/png' );
+
+my($query) = $cgi->keywords;
+$query =~ /^([^\.\/]*)$/;
+my $templatename = $1;
+if ( $templatename && $conf->exists("logo_$templatename.png") ) {
+ $templatename = "_$templatename";
+} else {
+ $templatename = '';
+}
http_header('Content-Type' => 'image/png' );
%><%= $conf->config_binary("logo$templatename.png") %>
projects / freeside.git / blobdiff