$tplFilename = $_REQUEST['ivform_file']; if (strpos($tplFilename, '/') !== false) { // prevent directory traversal header("HTTP/1.0 400 Bad Request"); die; } // --------------------------------------------------------------------------- // totally unneccessary unset($customer['password']); unset($customer['passwordResetHash']); $model = new Kimai_Invoice_PrintModel(); $model->setEntries($invoiceArray); $model->setAmount($total); $model->setVatRate($vat_rate); $model->setTotal($gtotal); $model->setVat($vat); $model->setCustomer($customer); $model->setProjects($projectObjects); $model->setInvoiceId($invoiceID); $model->setBeginDate($beginDate); $model->setEndDate($endDate); $model->setInvoiceDate(time()); $model->setDateFormat($kga['conf']['date_format_2']); $model->setCurrencySign($kga['conf']['currency_sign']); $model->setCurrencyName($kga['conf']['currency_name']); $model->setDueDate(mktime(0, 0, 0, date("m") + 1, date("d"), date("Y"))); // --------------------------------------------------------------------------- $renderers = array('odt' => new Kimai_Invoice_OdtRenderer(), 'html' => new Kimai_Invoice_HtmlRenderer(), 'pdf' => new Kimai_Invoice_HtmlToPdfRenderer()); /* @var $renderer Kimai_Invoice_AbstractRenderer */ foreach ($renderers as $rendererType => $renderer) { $renderer->setTemplateDir($baseFolder);