From d5b215deb52f9f8e4ba8380ac7df29cca7d6025b Mon Sep 17 00:00:00 2001 From: =?utf8?q?Bernd=20Ble=C3=9Fmann?= Date: Tue, 29 Sep 2015 13:47:31 +0200 Subject: [PATCH] Auftrags-Controller: PDF-Download: Dateiname als session_value speichern. MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Damit muss der Dateiname nicht mehr an den Client übertragen werden. --- SL/Controller/Order.pm | 12 ++++++------ templates/webpages/order/form.html | 4 ++-- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/SL/Controller/Order.pm b/SL/Controller/Order.pm index 1878cc7a2..3010b5bb9 100644 --- a/SL/Controller/Order.pm +++ b/SL/Controller/Order.pm @@ -120,21 +120,21 @@ sub action_create_pdf { $sfile->fh->print($pdf); $sfile->fh->close; - # get temporary session filename with stripped path - my (undef, undef, $tmp_filename) = File::Spec->splitpath($sfile->file_name); + my $key = join('_', Time::HiRes::gettimeofday(), int rand 1000000000000); + $::auth->set_session_value("Order::create_pdf-${key}" => $sfile->file_name); + my $pdf_filename = t8('Sales Order') . '_' . $self->order->ordnumber . '.pdf'; $self->js - ->run('download_pdf', $tmp_filename, $pdf_filename) + ->run('download_pdf', $pdf_filename, $key) ->flash('info', t8('The PDF has been created'))->render($self); } sub action_download_pdf { my ($self) = @_; - # given tmp_filename should contain no path, so strip if any - my (undef, undef, $tmp_filename) = File::Spec->splitpath($::form->{tmp_filename}); - my $tmp_filename = File::Spec->catfile(SL::SessionFile->new->get_path, $tmp_filename); + my $key = $::form->{key}; + my $tmp_filename = $::auth->get_session_value("Order::create_pdf-${key}"); return $self->send_file( $tmp_filename, type => 'application/pdf', diff --git a/templates/webpages/order/form.html b/templates/webpages/order/form.html index a1d90e172..31a4dc019 100644 --- a/templates/webpages/order/form.html +++ b/templates/webpages/order/form.html @@ -54,11 +54,11 @@ function create_pdf() { $.post("controller.pl", data, kivi.eval_json_result); } -function download_pdf(tmp_filename, pdf_filename) { +function download_pdf(pdf_filename, key) { var data = 'action=Order/download_pdf'; data += '&type=' + $('#type').val(); - data += '&tmp_filename=' + tmp_filename; data += '&pdf_filename=' + pdf_filename; + data += '&key=' + key; $.download("controller.pl", data); } -- 2.20.1