Generating orderslips(pdf) by date via URL automatically in PS 1.7

[tcladin]

Hello

in PS 1.6 I used for this task this URL

https://shop.cz/admin/index.php?controller=AdminSlip&submitAddorder_slip=1&date_from=2023-12-01&date_to=2023-12-31

please can you help me get URL in PS 1.7?

i got URL by browser console, but its include some token and without it pdf don wont be generated

 

https://shop.eu/admin/index.php/sell/orders/credit-slips/pdf-by-date?generate_pdf_by_date[from]=2023-12-01&generate_pdf_by_date[to]=2023-12-31&generate_pdf_by_date[_token]=JDA8RP94oQaDXA55ufG0vcyovwVrousU8-80pQu2ILI

 

Edited January 7 by tcladin (see edit history)

[Nickz]

I don't think every shop get the same URL.

 

[tcladin]

this trick fill form with date and after i can get pdf by button,

this is not usable for WGET

https://shop.eu/admin/index.php/sell/orders/credit-slips/?credit_slip[filters][date_issued][from]=2023-12-01&credit_slip[filters][date_issued][to]=2023-12-31&generate_pdf_by_date[from]=2023-12-01&generate_pdf_by_date[to]=2023-12-31

 

[dnk.hack]

Hello. Yes exactly. You can't generate without the security TOKEN. 

When you use WGET or cURL you haven't access to admin controllers since you have not logged in.

I don't know how you can use that in PS1.6 cause admin controllers need TOKEN too. I guess you have a modification in PS core AdminSlipController.php or a vulnerability.
Also in 1.7 Credit slip controller is based on Symfony.

I don't know the way same to that you provided for PS 1.6 but can be made a module
case 1) bad way. Override Symfony credit slip core controller.
case 2) Make a simple module with a Front controller which generates the necessary PDF
You can ask to build this module for your in Job Offers the forum thread.

Have a good one.