Skip to content

Improved invoice PDF generation flow#16251

Closed
rogyar wants to merge 3 commits intomagento:2.3-developfrom
rogyar:2.3-improved-invoice-pdf-generation
Closed

Improved invoice PDF generation flow#16251
rogyar wants to merge 3 commits intomagento:2.3-developfrom
rogyar:2.3-improved-invoice-pdf-generation

Conversation

@rogyar
Copy link
Copy Markdown
Contributor

@rogyar rogyar commented Jun 19, 2018

Description

Currently, in an attempt to print an invoice from admin panel, the corresponding PDF file is generated directly in var directory of the Magento installation. Very often this approach leads to a mess in the var directory if the invoice printing action takes place frequently during a day.

This PR brings a concept for two improvements:

  • Invoice PDFs are being generated in the var/pdf directory so the var directory root is clean.
  • The generated PDF does not include the timestamp in its name. There's no reason to keep a separate PDF for the same invoice over and over again. So once the "Print" action is performed on the same invoice more than once, the old PDF file is simply overwritten.

Fixed Issues (if relevant)

  1. Print pdf don't delete file in var folder #3535
  2. PDF invoices in /var folder #14517

Manual testing scenarios

  • Open an existing invoice in the admin panel.

  • Click the "Print" button.

  • You should have the invoice downloaded.

  • You should have a copy of the invoice generated in the var/pdf directory instead of var.

  • Click on the "Print" button once again

  • The var/pdf directory should not contain an additional copy of the same invoice

The same issue is fare for shipments and credit memos. I'm going to address those parts in a separate PR or within a scope of this one. I just want to make sure that the proposed concept is fine and we are good to move forward.

Thank you

@magento-engcom-team magento-engcom-team added Partner: Atwix Pull Request is created by partner Atwix partners-contribution Pull Request is created by Magento Partner Component: Framework/App Component: Sales labels Jun 19, 2018
@magento-engcom-team
Copy link
Copy Markdown
Contributor

magento-engcom-team commented Jun 19, 2018

Hi @rogyar. Thank you for your contribution
Here is some useful tips how you can test your changes using Magento test environment.
Add the comment under your pull request to deploy test or vanilla Magento instance:

  • @magento-engcom-team give me test instance - deploy test instance based on Pull Request changes
  • @magento-engcom-team give me new test instance - deploy NEW test instance based on Pull Request changes
  • @magento-engcom-team give me {$VERSION} instance - deploy Vanilla Magento instance for Issue or Pull Request

For more details, please, review the Magento Contributor Assistant documentation

phoenix128
phoenix128 suggested changes Jun 24, 2018
View reviewed changes
Comment thread app/code/Magento/Sales/Controller/Adminhtml/Invoice/AbstractInvoice/PrintAction.php
)->date('Y-m-d_H-i-s');
return $this->_fileFactory->create(
'invoice' . $date . '.pdf',
"invoice_$invoiceId.pdf",
Copy link
Copy Markdown
Contributor

@phoenix128 phoenix128 Jun 24, 2018
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would it better to filter $invoiceId before? I see we are taking it directly from a request.
I am concerned about a potential path traversal attack.
I suppose changing line 51 would be just fine: $invoiceId = (int) $this->getRequest()->getParam('invoice_id');.

Copy link
Copy Markdown
Contributor Author

@rogyar rogyar Jun 24, 2018
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, Riccardo. That's a very good point. I've added the mentioned change

@phoenix128 phoenix128 self-assigned this Jun 24, 2018
@phoenix128
Copy link
Copy Markdown
Contributor

phoenix128 commented Jun 24, 2018

I am wandering if it does worth to move the focus to \Magento\Framework\App\Response\Http\FileFactory::create.
I think the problem is here because there is no way to remove the temporary file after download if this comes from a string.

\Magento\Framework\App\Response\Http\FileFactory::create:99:

            if (!empty($content['rm'])) {
                $dir->delete($file);
            }

@phoenix128
Copy link
Copy Markdown
Contributor

phoenix128 commented Jun 24, 2018

@rogyar , I am putting this onhold while we are deciding which is the best way.

@rogyar
Copy link
Copy Markdown
Contributor Author

rogyar commented Jun 26, 2018

Hi @phoenix128. I'm closing this PR since we have a better solution. I've created another PR for fixing the same issue #16401 .

Thanks a lot for the brainstorm! ;)

@rogyar rogyar closed this Jun 26, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@phoenix128 phoenix128 phoenix128 requested changes

Reviewers whose approvals may not affect merge requirements

Assignees

@phoenix128 phoenix128

Labels

Component: Framework/App Component: Sales improvement Partner: Atwix Pull Request is created by partner Atwix partners-contribution Pull Request is created by Magento Partner Progress: on hold Release Line: 2.3

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@rogyar @magento-engcom-team @phoenix128