From da2415c1957ede557ea8f15bdd45c4b9ae52f858 Mon Sep 17 00:00:00 2001
From: braverock <braverock@7612ce4b-ef26-0410-bec9-ea0150e637f0>
Date: Tue, 28 Oct 2003 17:16:48 +0000
Subject: [PATCH] - moved DumpHeaders fn from src/download.php to mime.php -
 renamed DumpHeaders fn to SendDownloadHeaders - added phpdoc DocBlock to fn

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@6034 7612ce4b-ef26-0410-bec9-ea0150e637f0
---
 functions/mime.php | 152 +++++++++++++++++++++++++++++++++------------
 src/download.php   |  81 +++---------------------
 2 files changed, 121 insertions(+), 112 deletions(-)

diff --git a/functions/mime.php b/functions/mime.php
index 9f7692b0..0d6ff091 100644
--- a/functions/mime.php
+++ b/functions/mime.php
@@ -93,7 +93,7 @@ function mime_structure ($bodystructure, $flags=array()) {
  */
 
 function mime_fetch_body($imap_stream, $id, $ent_id=1, $fetch_size=0) {
-    global $uid_support; 
+    global $uid_support;
     /* Do a bit of error correction.  If we couldn't find the entity id, just guess
      * that it is the first one.  That is usually the case anyway.
      */
@@ -105,7 +105,7 @@ function mime_fetch_body($imap_stream, $id, $ent_id=1, $fetch_size=0) {
     }
 
     if ($fetch_size!=0) $cmd .= "<0.$fetch_size>";
-    
+
     $data = sqimap_run_command ($imap_stream, $cmd, true, $response, $message, $uid_support);
     do {
         $topline = trim(array_shift($data));
@@ -179,17 +179,17 @@ function mime_print_body_lines ($imap_stream, $id, $ent_id=1, $encoding) {
        echo decodeBody($body, $encoding);
     }
 
-    /* 
+    /*
        TODO, use the same method for quoted printable.
        However, I assume that quoted printable attachments aren't that large
        so the performancegain / memory usage drop will be minimal.
        If we decide to add that then we need to adapt sqimap_fread because
-       we need to split te result on \n and fread doesn't stop at \n. That 
+       we need to split te result on \n and fread doesn't stop at \n. That
        means we also should provide $results from sqimap_fread (by ref) to
        te function and set $no_return to false. The $filter function for
-       quoted printable should handle unsetting of $results. 
+       quoted printable should handle unsetting of $results.
     */
-    /* 
+    /*
        TODO 2: find out how we write to the output stream php://stdout. fwrite
        doesn't work because 'php://stdout isn't a stream.
     */
@@ -391,7 +391,7 @@ function formatBody($imap_stream, $message, $color, $wrap_at, $ent_num, $id, $ma
         }
         $link = 'read_body.php?passed_id=' . $id . '&amp;ent_id='.$ent_num.
                 '&amp;mailbox=' . $urlmailbox .'&amp;sort=' . $sort .
-                '&amp;startMessage=' . $startMessage . '&amp;show_more=0'; 
+                '&amp;startMessage=' . $startMessage . '&amp;show_more=0';
         if (isset($passed_ent_id)) {
             $link .= '&amp;passed_ent_id='.$passed_ent_id;
         }
@@ -587,7 +587,7 @@ function decodeHeader ($string, $utfencode=true,$htmlsave=true) {
     if (is_array($string)) {
         $string = implode("\n", $string);
     }
-    
+
     if (isset($languages[$squirrelmail_language]['XTRA_CODE']) &&
         function_exists($languages[$squirrelmail_language]['XTRA_CODE'])) {
         $string = $languages[$squirrelmail_language]['XTRA_CODE']('decodeheader', $string);
@@ -610,7 +610,7 @@ function decodeHeader ($string, $utfencode=true,$htmlsave=true) {
         $encoded = false;
         /* if encoded words are not separated by a linear-space-white we still catch them */
         $j = $i-1;
-//	if ($chunk{0} === '=') { /* performance, saves an unnessecarry preg call */
+//  if ($chunk{0} === '=') { /* performance, saves an unnessecarry preg call */
         while ($match = preg_match('/^(.*)=\?([^?]*)\?(Q|B)\?([^?]*)\?=(.*)$/Ui',$chunk,$res)) {
             /* if the last chunk isn't an encoded string then put back the space, otherwise don't */
             if ($iLastMatch !== $j) {
@@ -632,7 +632,7 @@ function decodeHeader ($string, $utfencode=true,$htmlsave=true) {
                 break;
             case 'Q':
                 $replace = str_replace('_', ' ', $res[4]);
-                $replace = preg_replace('/=([0-9a-f]{2})/ie', 'chr(hexdec("\1"))', 
+                $replace = preg_replace('/=([0-9a-f]{2})/ie', 'chr(hexdec("\1"))',
                                     $replace);
                 /* Only encode into entities by default. Some places
                  * don't need the encoding, like the compose form.
@@ -652,13 +652,13 @@ function decodeHeader ($string, $utfencode=true,$htmlsave=true) {
             $chunk = $res[5];
             $encoded = true;
         }
-//	}
+//  }
         if (!$encoded) {
             if ($htmlsave) {
                 $ret .= '&nbsp;';
             } else {
                 $ret .= ' ';
-            }        
+            }
         }
 
         if (!$encoded && $htmlsave) {
@@ -676,7 +676,7 @@ function decodeHeader ($string, $utfencode=true,$htmlsave=true) {
             $ret = substr($ret,1);
         }
     }
-    
+
     return $ret;
 }
 
@@ -761,7 +761,7 @@ function encodeHeader ($string) {
                     // do not start encoding in the middle of a string, also take the rest of the word.
                     $sLeadString = substr($string,0,$i);
                     $aLeadString = explode(' ',$sLeadString);
-                    $sToBeEncoded = array_pop($aLeadString);                  
+                    $sToBeEncoded = array_pop($aLeadString);
                     $iEncStart = $i - strlen($sToBeEncoded);
                     $ret .= $sToBeEncoded;
                     $cur_l += strlen($sToBeEncoded);
@@ -818,7 +818,7 @@ function find_ent_id($id, $message) {
             if (strcasecmp($message->entities[$i]->header->id, $id) == 0) {
 //                if (sq_check_save_extension($message->entities[$i])) {
                     return $message->entities[$i]->entity_id;
-//                } 
+//                }
             }
         }
     }
@@ -860,7 +860,7 @@ function sq_unbackslash($attvalue){
  * Kill any tabs, newlines, or carriage returns. Our friends the
  * makers of the browser with 95% market value decided that it'd
  * be funny to make "java[tab]script" be just as good as "javascript".
- * 
+ *
  * @param  attvalue  The attribute value before extraneous spaces removed.
  * @return attvalue  The attribute value after extraneous spaces removed.
  */
@@ -874,7 +874,7 @@ function sq_unspace($attvalue){
 
 /**
  * This function returns the final tag out of the tag name, an array
- * of attributes, and the type of the tag. This function is called by 
+ * of attributes, and the type of the tag. This function is called by
  * sq_sanitize internally.
  *
  * @param  $tagname  the name of the tag.
@@ -918,7 +918,7 @@ function sq_casenormalize(&$val){
 /**
  * This function skips any whitespace from the current position within
  * a string and to the next non-whitespace value.
- * 
+ *
  * @param  $body   the string
  * @param  $offset the offset within the string where we should start
  *                 looking for the next non-whitespace character.
@@ -1073,7 +1073,7 @@ function sq_getnxtag($body, $offset){
      * '>'  indicating the end of the tag entirely.
      * '\s' indicating the end of the tag name.
      * '/'  indicating that this is type-3 xhtml tag.
-     * 
+     *
      * Whatever else we find there indicates an invalid tag.
      */
     switch ($match){
@@ -1311,7 +1311,7 @@ function sq_deent($attvalue){
         for ($asc=1; $asc<256; $asc++){
             if (!in_array($asc, $omit)){
                 $chr = chr($asc);
-                $attvalue = preg_replace("/\&#0*$asc;*(\D)/si", "$chr\\1", 
+                $attvalue = preg_replace("/\&#0*$asc;*(\D)/si", "$chr\\1",
                                          $attvalue);
                 $attvalue = preg_replace("/\&#x0*".dechex($asc).";*(\W)/si",
                                          "$chr\\1", $attvalue);
@@ -1333,8 +1333,8 @@ function sq_deent($attvalue){
  * @param  $id              message id
  * @return                  Array with modified attributes.
  */
-function sq_fixatts($tagname, 
-                    $attary, 
+function sq_fixatts($tagname,
+                    $attary,
                     $rm_attnames,
                     $bad_attvals,
                     $add_attr_to_tag,
@@ -1380,7 +1380,7 @@ function sq_fixatts($tagname,
                          * Second one is replacements
                          */
                         list($valmatch, $valrepl) = $valary;
-                        $newvalue = 
+                        $newvalue =
                             preg_replace($valmatch, $valrepl, $attvalue);
                         if ($newvalue != $attvalue){
                             $attary{$attname} = $newvalue;
@@ -1410,7 +1410,7 @@ function sq_fixatts($tagname,
 /**
  * This function edits the style definition to make them friendly and
  * usable in squirrelmail.
- * 
+ *
  * @param  $message  the message object
  * @param  $id       the message id
  * @param  $content  a string with whatever is between <style> and </style>
@@ -1446,11 +1446,11 @@ function sq_fixstyle($body, $pos, $message, $id){
         $content = preg_replace("|url\s*\(\s*([\'\"])\s*https*:.*?([\'\"])\s*\)|si",
                                 "url(\\1$secremoveimg\\2)", $content);
     }
-   
+
     /**
      * Fix urls that refer to cid:
      */
-    while (preg_match("|url\s*\(\s*([\'\"]\s*cid:.*?[\'\"])\s*\)|si", 
+    while (preg_match("|url\s*\(\s*([\'\"]\s*cid:.*?[\'\"])\s*\)|si",
                       $content, $matches)){
         $cidurl = $matches{1};
         $httpurl = sq_cid2http($message, $id, $cidurl);
@@ -1526,7 +1526,7 @@ function sq_body2div($attary, $mailbox, $message, $id){
             $attvalue = str_replace($quotchar, "", $attvalue);
             switch ($attname){
                 case 'background':
-                    $attvalue = sq_cid2http($message, $id, 
+                    $attvalue = sq_cid2http($message, $id,
                                             $attvalue, $mailbox);
                     $styledef .= "background-image: url('$attvalue'); ";
                     break;
@@ -1572,8 +1572,8 @@ function sq_body2div($attary, $mailbox, $message, $id){
  * @param $id                   message id
  * @return                      sanitized html safe to show on your pages.
  */
-function sq_sanitize($body, 
-                     $tag_list, 
+function sq_sanitize($body,
+                     $tag_list,
                      $rm_tags_with_content,
                      $self_closing_tags,
                      $force_tag_closing,
@@ -1614,7 +1614,7 @@ function sq_sanitize($body,
          * Take care of <style>
          */
         if ($tagname == "style" && $tagtype == 1){
-            list($free_content, $curpos) = 
+            list($free_content, $curpos) =
                 sq_fixstyle($body, $gt+1, $message, $id);
             if ($free_content != FALSE){
                 $trusted .= sq_tagprint($tagname, $attary, $tagtype);
@@ -1639,7 +1639,7 @@ function sq_sanitize($body,
                         if ($tagname == "body"){
                             $tagname = "div";
                         }
-                        if (isset($open_tags{$tagname}) && 
+                        if (isset($open_tags{$tagname}) &&
                             $open_tags{$tagname} > 0){
                             $open_tags{$tagname}--;
                         } else {
@@ -1668,7 +1668,7 @@ function sq_sanitize($body,
                         in_array($tagname, $rm_tags_with_content)){
                         $skip_content = $tagname;
                     } else {
-                        if (($rm_tags == false 
+                        if (($rm_tags == false
                              && in_array($tagname, $tag_list)) ||
                             ($rm_tags == true &&
                              !in_array($tagname, $tag_list))){
@@ -1679,7 +1679,7 @@ function sq_sanitize($body,
                              */
                             if ($tagname == "body"){
                                 $tagname = "div";
-                                $attary = sq_body2div($attary, $mailbox, 
+                                $attary = sq_body2div($attary, $mailbox,
                                                       $message, $id);
                             }
                             if ($tagtype == 1){
@@ -1859,13 +1859,13 @@ function magicHTML($body, $id, $message, $mailbox = 'INBOX') {
     }
 
     $add_attr_to_tag = Array(
-        "/^a$/i" => 
+        "/^a$/i" =>
             Array('target'=>'"_new"',
                   'title'=>'"'._("This external link will open in a new window").'"'
             )
     );
-    $trusted = sq_sanitize($body, 
-                           $tag_list, 
+    $trusted = sq_sanitize($body,
+                           $tag_list,
                            $rm_tags_with_content,
                            $self_closing_tags,
                            $force_tag_closing,
@@ -1878,8 +1878,84 @@ function magicHTML($body, $id, $message, $mailbox = 'INBOX') {
                            );
     if (preg_match("|$secremoveimg|i", $trusted)){
         $has_unsafe_images = true;
-    } 
+    }
     return $trusted;
 }
 
-?>
+/**
+ * function SendDownloadHeaders - send file to the browser
+ *
+ * Original Source: SM core src/download.php
+ * moved here to make it available to other code, and separate
+ * front end from back end functionality.
+ *
+ * @param string $type0 first half of mime type
+ * @param string $type1 second half of mime type
+ * @param string $filename filename to tell the browser for downloaded file
+ * @param boolean $force whether to force the download dialog to pop
+ * @return void
+ */
+ function SendDownloadHeaders($type0, $type1, $filename, $force) {
+     global $languages, $squirrelmail_language;
+     $isIE = $isIE6 = 0;
+
+     sqgetGlobalVar('HTTP_USER_AGENT', $HTTP_USER_AGENT, SQ_SERVER);
+
+     if (strstr($HTTP_USER_AGENT, 'compatible; MSIE ') !== false &&
+         strstr($HTTP_USER_AGENT, 'Opera') === false) {
+         $isIE = 1;
+     }
+
+     if (strstr($HTTP_USER_AGENT, 'compatible; MSIE 6') !== false &&
+         strstr($HTTP_USER_AGENT, 'Opera') === false) {
+         $isIE6 = 1;
+     }
+
+     if (isset($languages[$squirrelmail_language]['XTRA_CODE']) &&
+         function_exists($languages[$squirrelmail_language]['XTRA_CODE'])) {
+         $filename =
+             $languages[$squirrelmail_language]['XTRA_CODE']('downloadfilename', $filename, $HTTP_USER_AGENT);
+     } else {
+        $filename = ereg_replace('[\\/:\*\?"<>\|;]', '_', str_replace('&nbsp;', ' ', $filename));
+     }
+
+     // A Pox on Microsoft and it's Office!
+     if (!$force) {
+         // Try to show in browser window
+         header("Content-Disposition: inline; filename=\"$filename\"");
+         header("Content-Type: $type0/$type1; name=\"$filename\"");
+     } else {
+         // Try to pop up the "save as" box
+         // IE makes this hard.  It pops up 2 save boxes, or none.
+         // http://support.microsoft.com/support/kb/articles/Q238/5/88.ASP
+         // But, accordint to Microsoft, it is "RFC compliant but doesn't
+         // take into account some deviations that allowed within the
+         // specification."  Doesn't that mean RFC non-compliant?
+         // http://support.microsoft.com/support/kb/articles/Q258/4/52.ASP
+         //
+         // The best thing you can do for IE is to upgrade to the latest
+         // version
+         if ($isIE && !$isIE6) {
+             // http://support.microsoft.com/support/kb/articles/Q182/3/15.asp
+             // Do not have quotes around filename, but that applied to
+             // "attachment"... does it apply to inline too?
+             //
+             // This combination seems to work mostly.  IE 5.5 SP 1 has
+             // known issues (see the Microsoft Knowledge Base)
+             header("Content-Disposition: inline; filename=$filename");
+             // This works for most types, but doesn't work with Word files
+             header("Content-Type: application/download; name=\"$filename\"");
+
+             // These are spares, just in case.  :-)
+             //header("Content-Type: $type0/$type1; name=\"$filename\"");
+             //header("Content-Type: application/x-msdownload; name=\"$filename\"");
+             //header("Content-Type: application/octet-stream; name=\"$filename\"");
+         } else {
+             header("Content-Disposition: attachment; filename=\"$filename\"");
+             // application/octet-stream forces download for Netscape
+             header("Content-Type: application/octet-stream; name=\"$filename\"");
+         }
+     }
+ }
+
+?>
\ No newline at end of file
diff --git a/src/download.php b/src/download.php
index a021558a..b4f3dc1d 100644
--- a/src/download.php
+++ b/src/download.php
@@ -33,7 +33,7 @@ sqgetGlobalVar('ent_id',     $ent_id,       SQ_GET);
 sqgetGlobalVar('absolute_dl',$absolute_dl,  SQ_GET);
 if ( sqgetGlobalVar('passed_id', $temp, SQ_GET) ) {
   $passed_id = (int) $temp;
-}  
+}
 
 /* end globals */
 
@@ -50,7 +50,7 @@ $subject = $message->rfc822_header->subject;
 if ($ent_id) {
     $message = &$message->getEntity($ent_id);
     $header = $message->header;
-    
+
     if ($message->rfc822_header) {
        $subject = $message->rfc822_header->subject;
     } else {
@@ -87,12 +87,12 @@ if (is_object($message->header->disposition)) {
     }
     if (!$filename) {
         $filename = $header->getParameter('name');
-    }    
+    }
 } else {
     $filename = $header->getParameter('name');
 }
 
-$filename = decodeHeader($filename, true, false);	//Don't want html output
+$filename = decodeHeader($filename, true, false);   //Don't want html output
 if (strlen($filename) < 1) {
     if ($type1 == 'plain' && $type0 == 'text') {
         $suffix = 'txt';
@@ -133,79 +133,12 @@ if (strlen($filename) < 1) {
  *    content-type as application/octet-stream
  */
 if (isset($absolute_dl) && $absolute_dl) {
-    DumpHeaders($type0, $type1, $filename, 1);
+    SendDownloadHeaders($type0, $type1, $filename, 1);
 } else {
-    DumpHeaders($type0, $type1, $filename, 0);
+    SendDownloadHeaders($type0, $type1, $filename, 0);
 }
 /* be aware that any warning caused by download.php will corrupt the
  * attachment in case of ERROR reporting = E_ALL and the output is the screen */
 mime_print_body_lines ($imapConnection, $passed_id, $ent_id, $encoding);
 
-/*
- * This function is verified to work with Netscape and the *very latest*
- * version of IE.  I don't know if it works with Opera, but it should now.
- */
-function DumpHeaders($type0, $type1, $filename, $force) {
-    global $languages, $squirrelmail_language;
-    $isIE = $isIE6 = 0;
-
-    sqgetGlobalVar('HTTP_USER_AGENT', $HTTP_USER_AGENT, SQ_SERVER);
-
-    if (strstr($HTTP_USER_AGENT, 'compatible; MSIE ') !== false &&
-        strstr($HTTP_USER_AGENT, 'Opera') === false) {
-        $isIE = 1;
-    }
-
-    if (strstr($HTTP_USER_AGENT, 'compatible; MSIE 6') !== false &&
-        strstr($HTTP_USER_AGENT, 'Opera') === false) {
-        $isIE6 = 1;
-    }
-
-    if (isset($languages[$squirrelmail_language]['XTRA_CODE']) &&
-        function_exists($languages[$squirrelmail_language]['XTRA_CODE'])) {
-        $filename = 
-            $languages[$squirrelmail_language]['XTRA_CODE']('downloadfilename', $filename, $HTTP_USER_AGENT);
-    } else {
-//     $filename = ereg_replace('[^-a-zA-Z0-9\.]', '_', $filename);
-       $filename = ereg_replace('[\\/:\*\?"<>\|;]', '_', $filename);
-    }
-    // We don't need to care about " since they have been replaced by _
-    // A Pox on Microsoft and it's Office!
-    if (!$force) {
-        // Try to show in browser window
-        header("Content-Disposition: inline; filename=\"$filename\"");
-        header("Content-Type: $type0/$type1; name=\"$filename\"");
-    } else {
-        // Try to pop up the "save as" box
-        // IE makes this hard.  It pops up 2 save boxes, or none.
-        // http://support.microsoft.com/support/kb/articles/Q238/5/88.ASP
-        // But, accordint to Microsoft, it is "RFC compliant but doesn't
-        // take into account some deviations that allowed within the
-        // specification."  Doesn't that mean RFC non-compliant?
-        // http://support.microsoft.com/support/kb/articles/Q258/4/52.ASP
-        //
-        // The best thing you can do for IE is to upgrade to the latest
-        // version
-        if ($isIE && !$isIE6) {
-            // http://support.microsoft.com/support/kb/articles/Q182/3/15.asp
-            // Do not have quotes around filename, but that applied to
-            // "attachment"... does it apply to inline too?
-            //
-            // This combination seems to work mostly.  IE 5.5 SP 1 has
-            // known issues (see the Microsoft Knowledge Base)
-            header("Content-Disposition: inline; filename=$filename");
-            // This works for most types, but doesn't work with Word files
-            header("Content-Type: application/download; name=\"$filename\"");
-
-            // These are spares, just in case.  :-)
-            //header("Content-Type: $type0/$type1; name=\"$filename\"");
-            //header("Content-Type: application/x-msdownload; name=\"$filename\"");
-            //header("Content-Type: application/octet-stream; name=\"$filename\"");
-        } else {
-            header("Content-Disposition: attachment; filename=\"$filename\"");
-            // application/octet-stream forces download for Netscape
-            header("Content-Type: application/octet-stream; name=\"$filename\"");
-        }
-    }
-}
-?>
+?>
\ No newline at end of file
-- 
2.25.1