diff --git a/classes/Validate.php b/classes/Validate.php index 01ee11fd1..a3083572d 100644 --- a/classes/Validate.php +++ b/classes/Validate.php @@ -1067,4 +1067,9 @@ class ValidateCore { return (preg_match('/^[0-1]\.[0-9]{1,2}(\.[0-9]{1,2}){0,2}$/', $version) && ip2long($version)); } + + public static function isOrderInvoiceNumber($id) + { + return (preg_match('/^['.Configuration::get('PS_INVOICE_PREFIX', Context::getContext()->language->id).']*([0-9]+)?/i', $id)); + } } \ No newline at end of file diff --git a/classes/order/OrderInvoice.php b/classes/order/OrderInvoice.php index 97152e37a..8271c9477 100644 --- a/classes/order/OrderInvoice.php +++ b/classes/order/OrderInvoice.php @@ -123,6 +123,28 @@ class OrderInvoiceCore extends ObjectModel AND od.`id_order_invoice` = '.(int)$this->id); } + public static function getInvoiceByNumber($id_invoice) + { + if (is_numeric($id_invoice)) + $id_invoice = (int)($id_invoice); + elseif (is_string($id_invoice)) + { + $matches = array(); + if (preg_match('/^['.Configuration::get('PS_INVOICE_PREFIX', Context::getContext()->language->id).']*([0-9]+)?/i', $id_invoice, $matches) !== FALSE) + $id_invoice = $matches[1]; + } + else + return false; + + $id_order_invoice = Db::getInstance(_PS_USE_SQL_SLAVE_)->getValue(' + SELECT `id_order_invoice` + FROM `'._DB_PREFIX_.'order_invoice` + WHERE number = '.$id_invoice + ); + + return ($id_order_invoice ? new OrderInvoice($id_order_invoice) : false); + } + /** * Get order products * diff --git a/controllers/admin/AdminSearchController.php b/controllers/admin/AdminSearchController.php index 0a400c1d8..7b7bea3c0 100644 --- a/controllers/admin/AdminSearchController.php +++ b/controllers/admin/AdminSearchController.php @@ -124,8 +124,8 @@ class AdminSearchControllerCore extends AdminController /* Invoices */ if ($searchType == 4) { - if ((int)$this->query && Validate::isUnsignedInt((int)$this->query) && ($invoice = Order::getInvoice((int)$this->query))) - Tools::redirectAdmin($this->context->link->getAdminLink('AdminPdf').'&submitAction=generateInvoicePDF&id_order='.(int)($invoice['id_order'])); + if (Validate::isOrderInvoiceNumber($this->query) && ($invoice = OrderInvoice::getInvoiceByNumber($this->query))) + Tools::redirectAdmin($this->context->link->getAdminLink('AdminPdf').'&submitAction=generateInvoicePDF&id_order='.(int)($invoice->id_order)); $this->errors[] = Tools::displayError('No invoice was found with this ID:').' '.Tools::htmlentitiesUTF8($this->query); }