X-Git-Url: http://wagnertech.de/gitweb/gitweb.cgi/kivitendo-erp.git/blobdiff_plain/b079ee7c4f1c7f9e8252dbab91b068036aa7df23..b2f45e7ebfee8fd1cf79632baccad61d6814fd8c:/SL/BP.pm

diff --git a/SL/BP.pm b/SL/BP.pm
index 94a1e6a2f..9365d2307 100644
--- a/SL/BP.pm
+++ b/SL/BP.pm
@@ -263,7 +263,7 @@ sub delete_spool {
 sub print_spool {
   $main::lxdebug->enter_sub();
 
-  my ($self, $myconfig, $form, $spool) = @_;
+  my ($self, $myconfig, $form, $spool, $output) = @_;
 
   # connect to database
   my $dbh = $form->dbconnect($myconfig);
@@ -275,8 +275,10 @@ sub print_spool {
 
   foreach my $i (1 .. $form->{rowcount}) {
     if ($form->{"checked_$i"}) {
-      open(OUT, $form->{OUT}) or $form->error("$form->{OUT} : $!");
+      # $output is safe ( = does not come directly from the browser).
+      open(OUT, $output) or $form->error("$output : $!");
 
+      $form->{"spoolfile_$i"} =~ s|.*/||;
       $spoolfile = qq|$spool/$form->{"spoolfile_$i"}|;
 
       # send file to printer