| 1 | <?php |
| 2 | |
| 3 | /** |
| 4 | * download.php |
| 5 | * |
| 6 | * Copyright (c) 1999-2002 The SquirrelMail Project Team |
| 7 | * Licensed under the GNU GPL. For full terms see the file COPYING. |
| 8 | * |
| 9 | * Handles attachment downloads to the users computer. |
| 10 | * Also allows displaying of attachments when possible. |
| 11 | * |
| 12 | * $Id$ |
| 13 | */ |
| 14 | |
| 15 | /* Path for SquirrelMail required files. */ |
| 16 | define('SM_PATH','../'); |
| 17 | |
| 18 | /* SquirrelMail required files. */ |
| 19 | require_once(SM_PATH . 'include/validate.php'); |
| 20 | require_once(SM_PATH . 'functions/imap.php'); |
| 21 | require_once(SM_PATH . 'functions/mime.php'); |
| 22 | |
| 23 | header('Pragma: '); |
| 24 | header('Cache-Control: cache'); |
| 25 | |
| 26 | /* globals */ |
| 27 | |
| 28 | $key = $_COOKIE['key']; |
| 29 | $username = $_SESSION['username']; |
| 30 | $onetimepad = $_SESSION['onetimepad']; |
| 31 | $mailbox = $_GET['mailbox']; |
| 32 | $passed_id = $_GET['passed_id']; |
| 33 | $passed_ent_id = $_GET['passed_ent_id']; |
| 34 | $base_uri = $base_uri = $_SESSION['base_uri']; |
| 35 | |
| 36 | if (isset($_GET['startMessage'])) { |
| 37 | $startMessage = $_GET['startMessage']; |
| 38 | } |
| 39 | if(isset($_GET['where'])) { |
| 40 | $where = $_GET['where']; |
| 41 | } |
| 42 | if(isset($_GET['what'])) { |
| 43 | $what = $_GET['what']; |
| 44 | } |
| 45 | if(isset($_GET['showHeaders'])) { |
| 46 | $showHeaders = $_GET['showHeaders']; |
| 47 | } |
| 48 | if(isset($_GET['absolute_dl'])) { |
| 49 | $absolute_dl = $_GET['absolute_dl']; |
| 50 | } |
| 51 | if (isset($_GET['show_more_cc'])) { |
| 52 | $show_more = $_GET['show_more_cc']; |
| 53 | } |
| 54 | if(isset($_GET['show_more_bcc'])) { |
| 55 | $show_more = $_GET['show_more_bcc']; |
| 56 | } |
| 57 | if(isset($_GET['show_more'])) { |
| 58 | $show_more = $_GET['show_more']; |
| 59 | } |
| 60 | if(isset($_GET['sort'])) { |
| 61 | $sort = $_GET['sort']; |
| 62 | } |
| 63 | |
| 64 | /* end globals */ |
| 65 | |
| 66 | function get_extract_to_target_list($imapConnection) { |
| 67 | $boxes = sqimap_mailbox_list($imapConnection); |
| 68 | for ($i = 0; $i < count($boxes); $i++) { |
| 69 | if (!in_array('noselect', $boxes[$i]['flags'])) { |
| 70 | $box = $boxes[$i]['unformatted']; |
| 71 | $box2 = str_replace(' ', ' ', $boxes[$i]['unformatted-disp']); |
| 72 | if ( $box2 == 'INBOX' ) { |
| 73 | $box2 = _("INBOX"); |
| 74 | } |
| 75 | echo "<option value=\"$box\">$box2</option>\n"; |
| 76 | } |
| 77 | } |
| 78 | } |
| 79 | $mailbox = decodeHeader($mailbox); |
| 80 | |
| 81 | global $messages, $uid_support; |
| 82 | |
| 83 | $imapConnection = sqimap_login($username, $key, $imapServerAddress, $imapPort, 0); |
| 84 | $mbx_response = sqimap_mailbox_select($imapConnection, $mailbox); |
| 85 | if (!isset($passed_ent_id)) { |
| 86 | $passed_ent_id = ''; |
| 87 | } |
| 88 | |
| 89 | $message = &$messages[$mbx_response['UIDVALIDITY']]["$passed_id"]; |
| 90 | if (!is_object($message)) { |
| 91 | $message = sqimap_get_message($imapConnection,$passed_id, $mailbox); |
| 92 | } |
| 93 | $subject = $message->rfc822_header->subject; |
| 94 | $message = &$message->getEntity($ent_id); |
| 95 | $header = $message->header; |
| 96 | if ($message->rfc822_header) { |
| 97 | $subject = $message->rfc822_header->subject; |
| 98 | $charset = $header->content_type->properties['charset']; |
| 99 | } else { |
| 100 | $header = $message->header; |
| 101 | $charset = $header->getParameter('charset'); |
| 102 | } |
| 103 | $type0 = $header->type0; |
| 104 | $type1 = $header->type1; |
| 105 | $encoding = strtolower($header->encoding); |
| 106 | |
| 107 | /* |
| 108 | $extracted = false; |
| 109 | if (isset($extract_message) && $extract_message) { |
| 110 | $cmd = "FETCH $passed_id BODY[$passed_ent_id]"; |
| 111 | $read = sqimap_run_command ($imapConnection, $cmd, true, $response, $message, $uid_support); |
| 112 | $cnt = count($read); |
| 113 | $body = ''; |
| 114 | $length = 0; |
| 115 | for ($i=1;$i<$cnt;$i++) { |
| 116 | $length = $length + strlen($read[$i]); |
| 117 | $body .= $read[$i]; |
| 118 | } |
| 119 | if (isset($targetMailbox) && $length>0) { |
| 120 | sqimap_append ($imapConnection, $targetMailbox, $length); |
| 121 | fputs($imapConnection,$body); |
| 122 | sqimap_append_done ($imapConnection); |
| 123 | $extracted = true; |
| 124 | } |
| 125 | } |
| 126 | |
| 127 | |
| 128 | */ |
| 129 | /* |
| 130 | * lets redefine message as this particular entity that we wish to display. |
| 131 | * it should hold only the header for this entity. We need to fetch the body |
| 132 | * yet before we can display anything. |
| 133 | */ |
| 134 | |
| 135 | if (isset($override_type0)) { |
| 136 | $type0 = $override_type0; |
| 137 | } |
| 138 | if (isset($override_type1)) { |
| 139 | $type1 = $override_type1; |
| 140 | } |
| 141 | $filename = ''; |
| 142 | if (is_object($message->header->disposition)) { |
| 143 | $filename = decodeHeader($header->disposition->getProperty('filename')); |
| 144 | if (!$filename) { |
| 145 | $filename = decodeHeader($header->disposition->getProperty('name')); |
| 146 | } |
| 147 | } |
| 148 | if (strlen($filename) < 1) { |
| 149 | if ($type1 == 'plain' && $type0 == 'text') { |
| 150 | $suffix = 'txt'; |
| 151 | $filename = $subject . '.txt'; |
| 152 | } else if ($type1 == 'richtext' && $type0 == 'text') { |
| 153 | $suffix = 'rtf'; |
| 154 | $filename = $subject . '.rtf'; |
| 155 | } else if ($type1 == 'postscript' && $type0 == 'application') { |
| 156 | $suffix = 'ps'; |
| 157 | $filename = $subject . '.ps'; |
| 158 | } else if ($type1 == 'rfc822' && $type0 == 'message') { |
| 159 | $suffix = 'eml'; |
| 160 | $filename = $subject . '.msg'; |
| 161 | } else { |
| 162 | $suffix = $type1; |
| 163 | } |
| 164 | |
| 165 | if (strlen($filename) < 1) { |
| 166 | $filename = "untitled$ent_id.$suffix"; |
| 167 | } else { |
| 168 | $filename = "$filename.$suffix"; |
| 169 | } |
| 170 | } |
| 171 | |
| 172 | /* |
| 173 | * Note: |
| 174 | * The following sections display the attachment in different |
| 175 | * ways depending on how they choose. The first way will download |
| 176 | * under any circumstance. This sets the Content-type to be |
| 177 | * applicatin/octet-stream, which should be interpreted by the |
| 178 | * browser as "download me". |
| 179 | * The second method (view) is used for images or other formats |
| 180 | * that should be able to be handled by the browser. It will |
| 181 | * most likely display the attachment inline inside the browser. |
| 182 | * And finally, the third one will be used by default. If it |
| 183 | * is displayable (text or html), it will load them up in a text |
| 184 | * viewer (built in to squirrelmail). Otherwise, it sets the |
| 185 | * content-type as application/octet-stream |
| 186 | */ |
| 187 | if (isset($absolute_dl) && $absolute_dl == 'true') { |
| 188 | DumpHeaders($type0, $type1, $filename, 1); |
| 189 | } else { |
| 190 | DumpHeaders($type0, $type1, $filename, 0); |
| 191 | } |
| 192 | /* be aware that any warning caused by download.php will corrupt the |
| 193 | * attachment in case of ERROR reporting = E_ALL and the output is the screen */ |
| 194 | mime_print_body_lines ($imapConnection, $passed_id, $ent_id, $encoding); |
| 195 | |
| 196 | /* |
| 197 | * This function is verified to work with Netscape and the *very latest* |
| 198 | * version of IE. I don't know if it works with Opera, but it should now. |
| 199 | */ |
| 200 | function DumpHeaders($type0, $type1, $filename, $force) { |
| 201 | global $_SERVER, $languages, $squirrelmail_language; |
| 202 | $isIE = 0; |
| 203 | |
| 204 | $HTTP_USER_AGENT = $_SERVER['HTTP_USER_AGENT']; |
| 205 | |
| 206 | if (strstr($HTTP_USER_AGENT, 'compatible; MSIE ') !== false && |
| 207 | strstr($HTTP_USER_AGENT, 'Opera') === false) { |
| 208 | $isIE = 1; |
| 209 | } |
| 210 | |
| 211 | if (strstr($HTTP_USER_AGENT, 'compatible; MSIE 6') !== false && |
| 212 | strstr($HTTP_USER_AGENT, 'Opera') === false) { |
| 213 | $isIE6 = 1; |
| 214 | } |
| 215 | |
| 216 | if (isset($languages[$squirrelmail_language]['XTRA_CODE']) && |
| 217 | function_exists($languages[$squirrelmail_language]['XTRA_CODE'])) { |
| 218 | $filename = |
| 219 | $languages[$squirrelmail_language]['XTRA_CODE']('downloadfilename', $filename, $HTTP_USER_AGENT); |
| 220 | } else { |
| 221 | $filename = ereg_replace('[^-a-zA-Z0-9\.]', '_', $filename); |
| 222 | } |
| 223 | |
| 224 | // A Pox on Microsoft and it's Office! |
| 225 | if (! $force) { |
| 226 | // Try to show in browser window |
| 227 | header("Content-Disposition: inline; filename=\"$filename\""); |
| 228 | header("Content-Type: $type0/$type1; name=\"$filename\""); |
| 229 | } else { |
| 230 | // Try to pop up the "save as" box |
| 231 | // IE makes this hard. It pops up 2 save boxes, or none. |
| 232 | // http://support.microsoft.com/support/kb/articles/Q238/5/88.ASP |
| 233 | // But, accordint to Microsoft, it is "RFC compliant but doesn't |
| 234 | // take into account some deviations that allowed within the |
| 235 | // specification." Doesn't that mean RFC non-compliant? |
| 236 | // http://support.microsoft.com/support/kb/articles/Q258/4/52.ASP |
| 237 | // |
| 238 | // The best thing you can do for IE is to upgrade to the latest |
| 239 | // version |
| 240 | if ($isIE && !isset($isIE6)) { |
| 241 | // http://support.microsoft.com/support/kb/articles/Q182/3/15.asp |
| 242 | // Do not have quotes around filename, but that applied to |
| 243 | // "attachment"... does it apply to inline too? |
| 244 | // |
| 245 | // This combination seems to work mostly. IE 5.5 SP 1 has |
| 246 | // known issues (see the Microsoft Knowledge Base) |
| 247 | header("Content-Disposition: inline; filename=$filename"); |
| 248 | |
| 249 | // This works for most types, but doesn't work with Word files |
| 250 | header("Content-Type: application/download; name=\"$filename\""); |
| 251 | |
| 252 | // These are spares, just in case. :-) |
| 253 | //header("Content-Type: $type0/$type1; name=\"$filename\""); |
| 254 | //header("Content-Type: application/x-msdownload; name=\"$filename\""); |
| 255 | //header("Content-Type: application/octet-stream; name=\"$filename\""); |
| 256 | } else { |
| 257 | header("Content-Disposition: attachment; filename=\"$filename\""); |
| 258 | // application/octet-stream forces download for Netscape |
| 259 | header("Content-Type: application/octet-stream; name=\"$filename\""); |
| 260 | } |
| 261 | } |
| 262 | } |
| 263 | ?> |