| 1 | <?php |
| 2 | |
| 3 | /** |
| 4 | * download.php |
| 5 | * |
| 6 | * Copyright (c) 1999-2003 The SquirrelMail Project Team |
| 7 | * Licensed under the GNU GPL. For full terms see the file COPYING. |
| 8 | * |
| 9 | * Handles attachment downloads to the users computer. |
| 10 | * Also allows displaying of attachments when possible. |
| 11 | * |
| 12 | * $Id$ |
| 13 | */ |
| 14 | |
| 15 | /* Path for SquirrelMail required files. */ |
| 16 | define('SM_PATH','../'); |
| 17 | |
| 18 | /* SquirrelMail required files. */ |
| 19 | require_once(SM_PATH . 'include/validate.php'); |
| 20 | require_once(SM_PATH . 'functions/imap.php'); |
| 21 | require_once(SM_PATH . 'functions/mime.php'); |
| 22 | |
| 23 | header('Pragma: '); |
| 24 | header('Cache-Control: cache'); |
| 25 | |
| 26 | /* globals */ |
| 27 | |
| 28 | $key = $_COOKIE['key']; |
| 29 | $username = $_SESSION['username']; |
| 30 | $onetimepad = $_SESSION['onetimepad']; |
| 31 | $mailbox = $_GET['mailbox']; |
| 32 | $passed_id = (int) $_GET['passed_id']; |
| 33 | $ent_id = $_GET['ent_id']; |
| 34 | $messages = $_SESSION['messages']; |
| 35 | |
| 36 | if (isset($_GET['absolute_dl'])) { |
| 37 | $absolute_dl = $_GET['absolute_dl']; |
| 38 | } |
| 39 | |
| 40 | /* end globals */ |
| 41 | $mailbox = decodeHeader($mailbox); |
| 42 | |
| 43 | global $uid_support; |
| 44 | |
| 45 | $imapConnection = sqimap_login($username, $key, $imapServerAddress, $imapPort, 0); |
| 46 | $mbx_response = sqimap_mailbox_select($imapConnection, $mailbox); |
| 47 | |
| 48 | $message = &$messages[$mbx_response['UIDVALIDITY']]["$passed_id"]; |
| 49 | if (!is_object($message)) { |
| 50 | $message = sqimap_get_message($imapConnection,$passed_id, $mailbox); |
| 51 | } |
| 52 | $subject = $message->rfc822_header->subject; |
| 53 | if ($ent_id) { |
| 54 | $message = &$message->getEntity($ent_id); |
| 55 | $header = $message->header; |
| 56 | |
| 57 | if ($message->rfc822_header) { |
| 58 | $subject = $message->rfc822_header->subject; |
| 59 | $charset = $header->content_type->properties['charset']; |
| 60 | } else { |
| 61 | $header = $message->header; |
| 62 | $charset = $header->getParameter('charset'); |
| 63 | } |
| 64 | $type0 = $header->type0; |
| 65 | $type1 = $header->type1; |
| 66 | $encoding = strtolower($header->encoding); |
| 67 | } else { |
| 68 | /* raw message */ |
| 69 | $type0 = 'message'; |
| 70 | $type1 = 'rfc822'; |
| 71 | $encoding = "US-ASCII"; |
| 72 | } |
| 73 | |
| 74 | /* |
| 75 | * lets redefine message as this particular entity that we wish to display. |
| 76 | * it should hold only the header for this entity. We need to fetch the body |
| 77 | * yet before we can display anything. |
| 78 | */ |
| 79 | |
| 80 | if (isset($override_type0)) { |
| 81 | $type0 = $override_type0; |
| 82 | } |
| 83 | if (isset($override_type1)) { |
| 84 | $type1 = $override_type1; |
| 85 | } |
| 86 | $filename = ''; |
| 87 | if (is_object($message->header->disposition)) { |
| 88 | $filename = decodeHeader($header->disposition->getProperty('filename')); |
| 89 | if (!$filename) { |
| 90 | $filename = decodeHeader($header->disposition->getProperty('name')); |
| 91 | } |
| 92 | if (!$filename) { |
| 93 | $filename = decodeHeader($header->getParameter('name')); |
| 94 | } |
| 95 | } |
| 96 | if (strlen($filename) < 1) { |
| 97 | if ($type1 == 'plain' && $type0 == 'text') { |
| 98 | $suffix = 'txt'; |
| 99 | $filename = $subject . '.txt'; |
| 100 | } else if ($type1 == 'richtext' && $type0 == 'text') { |
| 101 | $suffix = 'rtf'; |
| 102 | $filename = $subject . '.rtf'; |
| 103 | } else if ($type1 == 'postscript' && $type0 == 'application') { |
| 104 | $suffix = 'ps'; |
| 105 | $filename = $subject . '.ps'; |
| 106 | } else if ($type1 == 'rfc822' && $type0 == 'message') { |
| 107 | $suffix = 'eml'; |
| 108 | $filename = $subject . '.msg'; |
| 109 | } else { |
| 110 | $suffix = $type1; |
| 111 | } |
| 112 | |
| 113 | if (strlen($filename) < 1) { |
| 114 | $filename = 'untitled'.strip_tags($ent_id).$suffix; |
| 115 | } else { |
| 116 | $filename = "$filename.$suffix"; |
| 117 | } |
| 118 | } |
| 119 | |
| 120 | /* |
| 121 | * Note: |
| 122 | * The following sections display the attachment in different |
| 123 | * ways depending on how they choose. The first way will download |
| 124 | * under any circumstance. This sets the Content-type to be |
| 125 | * applicatin/octet-stream, which should be interpreted by the |
| 126 | * browser as "download me". |
| 127 | * The second method (view) is used for images or other formats |
| 128 | * that should be able to be handled by the browser. It will |
| 129 | * most likely display the attachment inline inside the browser. |
| 130 | * And finally, the third one will be used by default. If it |
| 131 | * is displayable (text or html), it will load them up in a text |
| 132 | * viewer (built in to squirrelmail). Otherwise, it sets the |
| 133 | * content-type as application/octet-stream |
| 134 | */ |
| 135 | if (isset($absolute_dl) && $absolute_dl) { |
| 136 | DumpHeaders($type0, $type1, $filename, 1); |
| 137 | } else { |
| 138 | DumpHeaders($type0, $type1, $filename, 0); |
| 139 | } |
| 140 | /* be aware that any warning caused by download.php will corrupt the |
| 141 | * attachment in case of ERROR reporting = E_ALL and the output is the screen */ |
| 142 | mime_print_body_lines ($imapConnection, $passed_id, $ent_id, $encoding); |
| 143 | |
| 144 | /* |
| 145 | * This function is verified to work with Netscape and the *very latest* |
| 146 | * version of IE. I don't know if it works with Opera, but it should now. |
| 147 | */ |
| 148 | function DumpHeaders($type0, $type1, $filename, $force) { |
| 149 | global $_SERVER, $languages, $squirrelmail_language; |
| 150 | $isIE = $isIE6 = 0; |
| 151 | |
| 152 | $HTTP_USER_AGENT = $_SERVER['HTTP_USER_AGENT']; |
| 153 | |
| 154 | if (strstr($HTTP_USER_AGENT, 'compatible; MSIE ') !== false && |
| 155 | strstr($HTTP_USER_AGENT, 'Opera') === false) { |
| 156 | $isIE = 1; |
| 157 | } |
| 158 | |
| 159 | if (strstr($HTTP_USER_AGENT, 'compatible; MSIE 6') !== false && |
| 160 | strstr($HTTP_USER_AGENT, 'Opera') === false) { |
| 161 | $isIE6 = 1; |
| 162 | } |
| 163 | |
| 164 | if (isset($languages[$squirrelmail_language]['XTRA_CODE']) && |
| 165 | function_exists($languages[$squirrelmail_language]['XTRA_CODE'])) { |
| 166 | $filename = |
| 167 | $languages[$squirrelmail_language]['XTRA_CODE']('downloadfilename', $filename, $HTTP_USER_AGENT); |
| 168 | } else { |
| 169 | $filename = ereg_replace('[^-a-zA-Z0-9\.]', '_', $filename); |
| 170 | } |
| 171 | |
| 172 | // A Pox on Microsoft and it's Office! |
| 173 | if (!$force) { |
| 174 | // Try to show in browser window |
| 175 | header("Content-Disposition: inline; filename=\"$filename\""); |
| 176 | header("Content-Type: $type0/$type1; name=\"$filename\""); |
| 177 | } else { |
| 178 | // Try to pop up the "save as" box |
| 179 | // IE makes this hard. It pops up 2 save boxes, or none. |
| 180 | // http://support.microsoft.com/support/kb/articles/Q238/5/88.ASP |
| 181 | // But, accordint to Microsoft, it is "RFC compliant but doesn't |
| 182 | // take into account some deviations that allowed within the |
| 183 | // specification." Doesn't that mean RFC non-compliant? |
| 184 | // http://support.microsoft.com/support/kb/articles/Q258/4/52.ASP |
| 185 | // |
| 186 | // The best thing you can do for IE is to upgrade to the latest |
| 187 | // version |
| 188 | if ($isIE && !$isIE6) { |
| 189 | // http://support.microsoft.com/support/kb/articles/Q182/3/15.asp |
| 190 | // Do not have quotes around filename, but that applied to |
| 191 | // "attachment"... does it apply to inline too? |
| 192 | // |
| 193 | // This combination seems to work mostly. IE 5.5 SP 1 has |
| 194 | // known issues (see the Microsoft Knowledge Base) |
| 195 | header("Content-Disposition: inline; filename=$filename"); |
| 196 | // This works for most types, but doesn't work with Word files |
| 197 | header("Content-Type: application/download; name=\"$filename\""); |
| 198 | |
| 199 | // These are spares, just in case. :-) |
| 200 | //header("Content-Type: $type0/$type1; name=\"$filename\""); |
| 201 | //header("Content-Type: application/x-msdownload; name=\"$filename\""); |
| 202 | //header("Content-Type: application/octet-stream; name=\"$filename\""); |
| 203 | } else { |
| 204 | header("Content-Disposition: attachment; filename=\"$filename\""); |
| 205 | // application/octet-stream forces download for Netscape |
| 206 | header("Content-Type: application/octet-stream; name=\"$filename\""); |
| 207 | } |
| 208 | } |
| 209 | } |
| 210 | ?> |