$note was being checked (with isset()) but never fetched from $_GET. Fixed.

[squirrelmail.git] / src / download.php

diff --git a/src/download.php b/src/download.php
index 0ca78cf0ceeb0c4e0204c600364b699c90c094c8..1be2b9ebf91a91538c9f97b90802554b136a4ae3 100644 (file)
--- a/src/download.php
+++ b/src/download.php
@@ -3,7 +3,7 @@
 /**
  * download.php
  *
- * Copyright (c) 1999-2002 The SquirrelMail Project Team
+ * Copyright (c) 1999-2003 The SquirrelMail Project Team
  * Licensed under the GNU GPL. For full terms see the file COPYING.
  *
  * Handles attachment downloads to the users computer.
@@ -29,14 +29,9 @@ $key = $_COOKIE['key'];
 $username = $_SESSION['username'];
 $onetimepad = $_SESSION['onetimepad'];
 $mailbox = $_GET['mailbox'];
-$passed_id = $_GET['passed_id'];
+$passed_id = (int) $_GET['passed_id'];
 $ent_id = $_GET['ent_id'];
 $messages = $_SESSION['messages'];
-if (isset($_GET['passed_ent_id'])) {
-   $passed_ent_id = $_GET['passed_ent_id'];
-} else {
-   $passed_ent_id = '';
-}
 
 if (isset($_GET['absolute_dl'])) {
    $absolute_dl = $_GET['absolute_dl'];
@@ -55,18 +50,26 @@ if (!is_object($message)) {
     $message = sqimap_get_message($imapConnection,$passed_id, $mailbox);
 }
 $subject = $message->rfc822_header->subject;
-$message = &$message->getEntity($ent_id);
-$header = $message->header;
-if ($message->rfc822_header) {
-   $subject = $message->rfc822_header->subject;
-   $charset = $header->content_type->properties['charset'];
+if ($ent_id) {
+    $message = &$message->getEntity($ent_id);
+    $header = $message->header;
+    
+    if ($message->rfc822_header) {
+       $subject = $message->rfc822_header->subject;
+       $charset = $header->content_type->properties['charset'];
+    } else {
+       $header = $message->header;
+       $charset = $header->getParameter('charset');
+    }
+    $type0 = $header->type0;
+    $type1 = $header->type1;
+    $encoding = strtolower($header->encoding);
 } else {
-   $header = $message->header;
-   $charset = $header->getParameter('charset');
+    /* raw message */
+    $type0 = 'message';
+    $type1 = 'rfc822';
+    $encoding = "US-ASCII";
 }
-$type0 = $header->type0;
-$type1 = $header->type1;
-$encoding = strtolower($header->encoding);
 
 /*
  * lets redefine message as this particular entity that we wish to display.
@@ -86,6 +89,9 @@ if (is_object($message->header->disposition)) {
     if (!$filename) {
        $filename = decodeHeader($header->disposition->getProperty('name'));
     }
+    if (!$filename) {
+        $filename = decodeHeader($header->getParameter('name'));
+    }    
 }
 if (strlen($filename) < 1) {
     if ($type1 == 'plain' && $type0 == 'text') {
@@ -105,7 +111,7 @@ if (strlen($filename) < 1) {
     }
 
     if (strlen($filename) < 1) {
-       $filename = "untitled$ent_id.$suffix";
+       $filename = 'untitled'.strip_tags($ent_id).$suffix;
     } else {
        $filename = "$filename.$suffix";
     }