/**
* download.php
*
- * Copyright (c) 1999-2002 The SquirrelMail Project Team
+ * Copyright (c) 1999-2003 The SquirrelMail Project Team
* Licensed under the GNU GPL. For full terms see the file COPYING.
*
* Handles attachment downloads to the users computer.
$username = $_SESSION['username'];
$onetimepad = $_SESSION['onetimepad'];
$mailbox = $_GET['mailbox'];
-$passed_id = $_GET['passed_id'];
+$passed_id = (int) $_GET['passed_id'];
$ent_id = $_GET['ent_id'];
$messages = $_SESSION['messages'];
-if (isset($_GET['passed_ent_id'])) {
- $passed_ent_id = $_GET['passed_ent_id'];
-} else {
- $passed_ent_id = '';
-}
if (isset($_GET['absolute_dl'])) {
$absolute_dl = $_GET['absolute_dl'];
$message = sqimap_get_message($imapConnection,$passed_id, $mailbox);
}
$subject = $message->rfc822_header->subject;
-$message = &$message->getEntity($ent_id);
-$header = $message->header;
-if ($message->rfc822_header) {
- $subject = $message->rfc822_header->subject;
- $charset = $header->content_type->properties['charset'];
+if ($ent_id) {
+ $message = &$message->getEntity($ent_id);
+ $header = $message->header;
+
+ if ($message->rfc822_header) {
+ $subject = $message->rfc822_header->subject;
+ $charset = $header->content_type->properties['charset'];
+ } else {
+ $header = $message->header;
+ $charset = $header->getParameter('charset');
+ }
+ $type0 = $header->type0;
+ $type1 = $header->type1;
+ $encoding = strtolower($header->encoding);
} else {
- $header = $message->header;
- $charset = $header->getParameter('charset');
+ /* raw message */
+ $type0 = 'message';
+ $type1 = 'rfc822';
+ $encoding = "US-ASCII";
}
-$type0 = $header->type0;
-$type1 = $header->type1;
-$encoding = strtolower($header->encoding);
/*
* lets redefine message as this particular entity that we wish to display.
if (!$filename) {
$filename = decodeHeader($header->disposition->getProperty('name'));
}
+ if (!$filename) {
+ $filename = decodeHeader($header->getParameter('name'));
+ }
}
if (strlen($filename) < 1) {
if ($type1 == 'plain' && $type0 == 'text') {
}
if (strlen($filename) < 1) {
- $filename = "untitled$ent_id.$suffix";
+ $filename = 'untitled'.strip_tags($ent_id).$suffix;
} else {
$filename = "$filename.$suffix";
}