X-Git-Url: http://wagnertech.de/gitweb/gitweb.cgi/timetracker.git/blobdiff_plain/926ea063e48ed8a45dcd308b87f92abe2bfed716..e304b6c8564a6c3f2a3c6e68a0f5e9c7db817a65:/invoice_view.php

diff --git a/invoice_view.php b/invoice_view.php
index 4a6027a5..fd8424a3 100644
--- a/invoice_view.php
+++ b/invoice_view.php
@@ -32,20 +32,22 @@ import('ttInvoiceHelper');
 import('ttClientHelper');
 import('form.Form');
 
-// Access check.
-if (!(ttAccessAllowed('manage_invoices') || ttAccessAllowed('view_own_invoices')) || !$user->isPluginEnabled('iv')) {
+// Access checks.
+if (!(ttAccessAllowed('manage_invoices') || ttAccessAllowed('view_own_invoices'))) {
   header('Location: access_denied.php');
   exit();
 }
-
-$cl_id = (int)$request->getParameter('id');
-$invoice = ttInvoiceHelper::getInvoice($cl_id);
-// Temporary fix for invalid invoice id. TODO: implement properly and review security of other pages,
-// where item id is passed (or posted) as parameter.
+if (!$user->isPluginEnabled('iv')) {
+  header('Location: feature_disabled.php');
+  exit();
+}
+$cl_invoice_id = (int)$request->getParameter('id');
+$invoice = ttInvoiceHelper::getInvoice($cl_invoice_id);
 if (!$invoice) {
   header('Location: access_denied.php');
   exit();
 }
+// End of access checks.
 
 $invoice_date = new DateAndTime(DB_DATEFORMAT, $invoice['date']);
 $client = ttClientHelper::getClient($invoice['client_id'], true);
@@ -90,12 +92,12 @@ $form = new Form('invoiceForm');
 $form->addInput(array('type'=>'hidden','name'=>'id','value'=>$cl_id));
 // invoiceForm only contains controls for "Mark paid" block below invoice table.
 if ($user->isPluginEnabled('ps')) {
-  $mark_paid_action_options = array('1'=>$i18n->getKey('dropdown.paid'),'2'=>$i18n->getKey('dropdown.not_paid'));
+  $mark_paid_action_options = array('1'=>$i18n->get('dropdown.paid'),'2'=>$i18n->get('dropdown.not_paid'));
   $form->addInput(array('type'=>'combobox',
     'name'=>'mark_paid_action_options',
     'data'=>$mark_paid_action_options,
     'value'=>$cl_mark_paid_action_option));
-  $form->addInput(array('type'=>'submit','name'=>'btn_mark_paid','value'=>$i18n->getKey('button.submit')));
+  $form->addInput(array('type'=>'submit','name'=>'btn_mark_paid','value'=>$i18n->get('button.submit')));
 }
 
 if ($request->isPost()) {
@@ -120,6 +122,6 @@ $smarty->assign('client_name', $client['name']);
 $smarty->assign('client_address', $client['address']);
 $smarty->assign('invoice_items', $invoice_items);
 $smarty->assign('colspan', $colspan);
-$smarty->assign('title', $i18n->getKey('title.view_invoice'));
+$smarty->assign('title', $i18n->get('title.view_invoice'));
 $smarty->assign('content_page_name', 'invoice_view.tpl');
 $smarty->display('index.tpl');