event refactor, landing on HEAD!

[freeside.git] / httemplate / view / cust_bill-logo.cgi

diff --git a/httemplate/view/cust_bill-logo.cgi b/httemplate/view/cust_bill-logo.cgi
index a1c9ddc..9c1c1d7 100755 (executable)
--- a/httemplate/view/cust_bill-logo.cgi
+++ b/httemplate/view/cust_bill-logo.cgi
@@ -1,12 +1,21 @@
-<%
+<% $conf->config_binary("logo$templatename.png") %>
+<%init>
+
+die "access denied"
+  unless $FS::CurrentUser::CurrentUser->access_right('View invoices')
+      or $FS::CurrentUser::CurrentUser->access_right('Configuration');
+
+my $conf = new FS::Conf;
 
 my($query) = $cgi->keywords;
 $query =~ /^([^\.\/]*)$/;
 my $templatename = $1;
-$templatename = "_$templatename"
-  if $templatename && $conf->exists("${logo}_$templatename.png");
-
-my $conf = new FS::Conf;
+if ( $templatename && $conf->exists("logo_$templatename.png") ) {
+  $templatename = "_$templatename";
+} else {
+  $templatename = '';
+}
 
 http_header('Content-Type' => 'image/png' );
-%><%= $conf->config_binary("logo$templatename.png") %>
+
+</%init>