X-Git-Url: http://wagnertech.de/git?a=blobdiff_plain;f=invoice_view.php;h=fd8424a39104e421b7330bd090c73e1feb50f8b9;hb=3bf66d275fd148785cd2132dd5013c2960e81eac;hp=4a6027a5b86f81bb04c24e59e194fa242ed7fa9a;hpb=926ea063e48ed8a45dcd308b87f92abe2bfed716;p=timetracker.git diff --git a/invoice_view.php b/invoice_view.php index 4a6027a5..fd8424a3 100644 --- a/invoice_view.php +++ b/invoice_view.php @@ -32,20 +32,22 @@ import('ttInvoiceHelper'); import('ttClientHelper'); import('form.Form'); -// Access check. -if (!(ttAccessAllowed('manage_invoices') || ttAccessAllowed('view_own_invoices')) || !$user->isPluginEnabled('iv')) { +// Access checks. +if (!(ttAccessAllowed('manage_invoices') || ttAccessAllowed('view_own_invoices'))) { header('Location: access_denied.php'); exit(); } - -$cl_id = (int)$request->getParameter('id'); -$invoice = ttInvoiceHelper::getInvoice($cl_id); -// Temporary fix for invalid invoice id. TODO: implement properly and review security of other pages, -// where item id is passed (or posted) as parameter. +if (!$user->isPluginEnabled('iv')) { + header('Location: feature_disabled.php'); + exit(); +} +$cl_invoice_id = (int)$request->getParameter('id'); +$invoice = ttInvoiceHelper::getInvoice($cl_invoice_id); if (!$invoice) { header('Location: access_denied.php'); exit(); } +// End of access checks. $invoice_date = new DateAndTime(DB_DATEFORMAT, $invoice['date']); $client = ttClientHelper::getClient($invoice['client_id'], true); @@ -90,12 +92,12 @@ $form = new Form('invoiceForm'); $form->addInput(array('type'=>'hidden','name'=>'id','value'=>$cl_id)); // invoiceForm only contains controls for "Mark paid" block below invoice table. if ($user->isPluginEnabled('ps')) { - $mark_paid_action_options = array('1'=>$i18n->getKey('dropdown.paid'),'2'=>$i18n->getKey('dropdown.not_paid')); + $mark_paid_action_options = array('1'=>$i18n->get('dropdown.paid'),'2'=>$i18n->get('dropdown.not_paid')); $form->addInput(array('type'=>'combobox', 'name'=>'mark_paid_action_options', 'data'=>$mark_paid_action_options, 'value'=>$cl_mark_paid_action_option)); - $form->addInput(array('type'=>'submit','name'=>'btn_mark_paid','value'=>$i18n->getKey('button.submit'))); + $form->addInput(array('type'=>'submit','name'=>'btn_mark_paid','value'=>$i18n->get('button.submit'))); } if ($request->isPost()) { @@ -120,6 +122,6 @@ $smarty->assign('client_name', $client['name']); $smarty->assign('client_address', $client['address']); $smarty->assign('invoice_items', $invoice_items); $smarty->assign('colspan', $colspan); -$smarty->assign('title', $i18n->getKey('title.view_invoice')); +$smarty->assign('title', $i18n->get('title.view_invoice')); $smarty->assign('content_page_name', 'invoice_view.tpl'); $smarty->display('index.tpl');