/ - Diff - projekt kivitendo - wissen

« Zurück | Weiter »

Revision b5157f97

Keine direkt vom Browser stammenden Strings bei open() verwenden.

     sub print_spool {
       $main::lxdebug->enter_sub();
       my ($self, $myconfig, $form, $spool) = @_;
       my ($self, $myconfig, $form, $spool, $output) = @_;
       # connect to database
       my $dbh = $form->dbconnect($myconfig);
-...
       foreach my $i (1 .. $form->{rowcount}) {
         if ($form->{"checked_$i"}) {
           open(OUT, $form->{OUT}) or $form->error("$form->{OUT} : $!");
           # $output is safe ( = does not come directly from the browser).
           open(OUT, $output) or $form->error("$output : $!");
           $form->{"spoolfile_$i"} =~ s|.*/||;
           $spoolfile = qq|$spool/$form->{"spoolfile_$i"}|;
           # send file to printer

       for $i (1 .. $form->{rowcount}) {
         if ($form->{"checked_$i"}) {
           $form->{OUT} = "| $selected_printer";
           $form->info($locale->text('Printing ... '));
           if (BP->print_spool(\%myconfig, \%$form, $spool)) {
           if (BP->print_spool(\%myconfig, \%$form, $spool, "| $selected_printer")) {
             print $locale->text('done');
             $form->redirect($locale->text('Marked entries printed!'));
+          }

Auch abrufbar als: Unified diff