1 | <?php
|
---|
2 | if(!defined('sugarEntry') || !sugarEntry) die('Not A Valid Entry Point');
|
---|
3 | /*********************************************************************************
|
---|
4 | * SugarCRM is a customer relationship management program developed by
|
---|
5 | * SugarCRM, Inc. Copyright (C) 2004 - 2009 SugarCRM Inc.
|
---|
6 | *
|
---|
7 | * This program is free software; you can redistribute it and/or modify it under
|
---|
8 | * the terms of the GNU General Public License version 3 as published by the
|
---|
9 | * Free Software Foundation with the addition of the following permission added
|
---|
10 | * to Section 15 as permitted in Section 7(a): FOR ANY PART OF THE COVERED WORK
|
---|
11 | * IN WHICH THE COPYRIGHT IS OWNED BY SUGARCRM, SUGARCRM DISCLAIMS THE WARRANTY
|
---|
12 | * OF NON INFRINGEMENT OF THIRD PARTY RIGHTS.
|
---|
13 | *
|
---|
14 | * This program is distributed in the hope that it will be useful, but WITHOUT
|
---|
15 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
|
---|
16 | * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
|
---|
17 | * details.
|
---|
18 | *
|
---|
19 | * You should have received a copy of the GNU General Public License along with
|
---|
20 | * this program; if not, see http://www.gnu.org/licenses or write to the Free
|
---|
21 | * Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
|
---|
22 | * 02110-1301 USA.
|
---|
23 | *
|
---|
24 | * You can contact SugarCRM, Inc. headquarters at 10050 North Wolfe Road,
|
---|
25 | * SW2-130, Cupertino, CA 95014, USA. or at email address contact@sugarcrm.com.
|
---|
26 | *
|
---|
27 | * The interactive user interfaces in modified source and object code versions
|
---|
28 | * of this program must display Appropriate Legal Notices, as required under
|
---|
29 | * Section 5 of the GNU General Public License version 3.
|
---|
30 | *
|
---|
31 | * In accordance with Section 7(b) of the GNU General Public License version 3,
|
---|
32 | * these Appropriate Legal Notices must retain the display of the "Powered by
|
---|
33 | * SugarCRM" logo. If the display of the logo is not reasonably feasible for
|
---|
34 | * technical reasons, the Appropriate Legal Notices must display the words
|
---|
35 | * "Powered by SugarCRM".
|
---|
36 | ********************************************************************************/
|
---|
37 |
|
---|
38 | if(empty($_REQUEST['id']) || empty($_REQUEST['type']) || !isset($_SESSION['authenticated_user_id'])) {
|
---|
39 | die("Not a Valid Entry Point");
|
---|
40 | }
|
---|
41 | else {
|
---|
42 | ini_set('zlib.output_compression','Off');//bug 27089, if use gzip here, the Content-Length in hearder may be incorrect.
|
---|
43 | // cn: bug 8753: current_user's preferred export charset not being honored
|
---|
44 | $GLOBALS['current_user']->retrieve($_SESSION['authenticated_user_id']);
|
---|
45 | $GLOBALS['current_language'] = $_SESSION['authenticated_user_language'];
|
---|
46 | $app_strings = return_application_language($GLOBALS['current_language']);
|
---|
47 | $mod_strings = return_module_language($GLOBALS['current_language'], 'ACL');
|
---|
48 | if(!isset($_REQUEST['isTempFile'])) {
|
---|
49 | //Custom modules may have capilizations anywhere in thier names. We should check the passed in format first.
|
---|
50 | require('include/modules.php');
|
---|
51 | $module = $_REQUEST['type'];
|
---|
52 | $file_type = strtolower($_REQUEST['type']);
|
---|
53 | if(empty($beanList[$module])) {
|
---|
54 | //start guessing at a module name
|
---|
55 | $module = ucfirst($file_type);
|
---|
56 | if(empty($beanList[$module])) {
|
---|
57 | die($app_strings['ERROR_TYPE_NOT_VALID']);
|
---|
58 | }
|
---|
59 | }
|
---|
60 | $bean_name = $beanList[$module];
|
---|
61 | if(!file_exists('modules/' . $module . '/' . $bean_name . '.php')) {
|
---|
62 | die($app_strings['ERROR_TYPE_NOT_VALID']);
|
---|
63 | }
|
---|
64 | require_once('modules/' . $module . '/' . $bean_name . '.php');
|
---|
65 | $focus = new $bean_name();
|
---|
66 | $focus->retrieve($_REQUEST['id']);
|
---|
67 | if(!$focus->ACLAccess('view')){
|
---|
68 | die($mod_strings['LBL_NO_ACCESS']);
|
---|
69 | } // if
|
---|
70 | } // if
|
---|
71 | $local_location = (isset($_REQUEST['isTempFile'])) ? "{$GLOBALS['sugar_config']['cache_dir']}/modules/Emails/{$_REQUEST['ieId']}/attachments/{$_REQUEST['id']}"
|
---|
72 | : $GLOBALS['sugar_config']['upload_dir']."/".$_REQUEST['id'];
|
---|
73 |
|
---|
74 | if(!file_exists( $local_location ) || strpos($local_location, "..")) {
|
---|
75 | die($app_strings['ERR_INVALID_FILE_REFERENCE']);
|
---|
76 | }
|
---|
77 | else {
|
---|
78 | $doQuery = true;
|
---|
79 |
|
---|
80 | if($file_type == 'documents') {
|
---|
81 | // cn: bug 9674 document_revisions table has no 'name' column.
|
---|
82 | $query = "SELECT filename name FROM document_revisions INNER JOIN documents ON documents.id = document_revisions.document_id ";
|
---|
83 |
|
---|
84 |
|
---|
85 |
|
---|
86 |
|
---|
87 |
|
---|
88 |
|
---|
89 | $query .= "WHERE document_revisions.id = '" . $_REQUEST['id'] ."'";
|
---|
90 | } elseif($file_type == 'kbdocuments') {
|
---|
91 | $query="SELECT document_revisions.filename name FROM document_revisions INNER JOIN kbdocument_revisions ON document_revisions.id = kbdocument_revisions.document_revision_id INNER JOIN kbdocuments ON kbdocument_revisions.kbdocument_id = kbdocuments.id ";
|
---|
92 |
|
---|
93 |
|
---|
94 |
|
---|
95 |
|
---|
96 |
|
---|
97 | $query .= "WHERE document_revisions.id = '" . $_REQUEST['id'] ."'";
|
---|
98 | } elseif($file_type == 'notes') {
|
---|
99 | $query = "SELECT filename name FROM notes ";
|
---|
100 |
|
---|
101 |
|
---|
102 |
|
---|
103 |
|
---|
104 |
|
---|
105 | $query .= "WHERE notes.id = '" . $_REQUEST['id'] ."'";
|
---|
106 | } elseif( !isset($_REQUEST['isTempFile']) && !isset($_REQUEST['tempName'] ) && isset($_REQUEST['type']) && $file_type!='temp' ){ //make sure not email temp file.
|
---|
107 | $query = "SELECT filename name FROM ". $file_type ." ";
|
---|
108 |
|
---|
109 |
|
---|
110 |
|
---|
111 |
|
---|
112 |
|
---|
113 | $query .= "WHERE ". $file_type .".id= '".$_REQUEST['id']."'";
|
---|
114 | }elseif( $file_type == 'temp'){
|
---|
115 | $doQuery = false;
|
---|
116 | }
|
---|
117 |
|
---|
118 | if($doQuery && isset($query)) {
|
---|
119 | $rs = $GLOBALS['db']->query($query);
|
---|
120 | $row = $GLOBALS['db']->fetchByAssoc($rs);
|
---|
121 |
|
---|
122 | if(empty($row)){
|
---|
123 | die($app_strings['ERROR_NO_RECORD']);
|
---|
124 | }
|
---|
125 | $name = $row['name'];
|
---|
126 | $download_location = $GLOBALS['sugar_config']['upload_dir']."/".$_REQUEST['id'];
|
---|
127 | } else if(isset( $_REQUEST['tempName'] ) && isset($_REQUEST['isTempFile']) ){
|
---|
128 | // downloading a temp file (email 2.0)
|
---|
129 | $name = $_REQUEST['tempName'];
|
---|
130 | $download_location = $local_location;
|
---|
131 | if(isset($_SERVER['HTTP_USER_AGENT']) && preg_match("/MSIE/", $_SERVER['HTTP_USER_AGENT'])) {
|
---|
132 | // cn: bug 7870 IE cannot handle MBCS in filenames gracefully. set $name var to filename
|
---|
133 | $name = str_replace("+", "_", $name);
|
---|
134 | $name = $GLOBALS['locale']->translateCharset($name, 'UTF-8', $GLOBALS['locale']->getOutboundEmailCharset());
|
---|
135 | } else {
|
---|
136 | // ff 1.5+
|
---|
137 | $name = mb_encode_mimeheader($name, $GLOBALS['locale']->getOutboundEmailCharset(), 'Q');
|
---|
138 | }
|
---|
139 | }
|
---|
140 | if(isset($_SERVER['HTTP_USER_AGENT']) && preg_match("/MSIE/", $_SERVER['HTTP_USER_AGENT']))
|
---|
141 | {
|
---|
142 | $name = urlencode($name);
|
---|
143 | }
|
---|
144 |
|
---|
145 | header("Pragma: public");
|
---|
146 | header("Cache-Control: maxage=1, post-check=0, pre-check=0");
|
---|
147 | header("Content-type: application/force-download");
|
---|
148 | header("Content-Length: " . filesize($local_location));
|
---|
149 | header("Content-disposition: attachment; filename=\"".$name."\";");
|
---|
150 | header("Expires: 0");
|
---|
151 | set_time_limit(0);
|
---|
152 |
|
---|
153 | @ob_end_clean();
|
---|
154 | ob_start();
|
---|
155 |
|
---|
156 |
|
---|
157 |
|
---|
158 |
|
---|
159 |
|
---|
160 |
|
---|
161 |
|
---|
162 | echo file_get_contents($download_location);
|
---|
163 |
|
---|
164 |
|
---|
165 |
|
---|
166 | @ob_flush();
|
---|
167 | }
|
---|
168 | }
|
---|
169 | ?>
|
---|