158 lines
6.8 KiB
PHP
158 lines
6.8 KiB
PHP
<?php
|
|
if(!defined('sugarEntry') || !sugarEntry) die('Not A Valid Entry Point');
|
|
/*********************************************************************************
|
|
* SugarCRM is a customer relationship management program developed by
|
|
* SugarCRM, Inc. Copyright (C) 2004-2010 SugarCRM Inc.
|
|
*
|
|
* This program is free software; you can redistribute it and/or modify it under
|
|
* the terms of the GNU Affero General Public License version 3 as published by the
|
|
* Free Software Foundation with the addition of the following permission added
|
|
* to Section 15 as permitted in Section 7(a): FOR ANY PART OF THE COVERED WORK
|
|
* IN WHICH THE COPYRIGHT IS OWNED BY SUGARCRM, SUGARCRM DISCLAIMS THE WARRANTY
|
|
* OF NON INFRINGEMENT OF THIRD PARTY RIGHTS.
|
|
*
|
|
* This program is distributed in the hope that it will be useful, but WITHOUT
|
|
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
|
|
* FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
|
|
* details.
|
|
*
|
|
* You should have received a copy of the GNU Affero General Public License along with
|
|
* this program; if not, see http://www.gnu.org/licenses or write to the Free
|
|
* Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
|
|
* 02110-1301 USA.
|
|
*
|
|
* You can contact SugarCRM, Inc. headquarters at 10050 North Wolfe Road,
|
|
* SW2-130, Cupertino, CA 95014, USA. or at email address contact@sugarcrm.com.
|
|
*
|
|
* The interactive user interfaces in modified source and object code versions
|
|
* of this program must display Appropriate Legal Notices, as required under
|
|
* Section 5 of the GNU Affero General Public License version 3.
|
|
*
|
|
* In accordance with Section 7(b) of the GNU Affero General Public License version 3,
|
|
* these Appropriate Legal Notices must retain the display of the "Powered by
|
|
* SugarCRM" logo. If the display of the logo is not reasonably feasible for
|
|
* technical reasons, the Appropriate Legal Notices must display the words
|
|
* "Powered by SugarCRM".
|
|
********************************************************************************/
|
|
if(empty($_REQUEST['id']) || empty($_REQUEST['type']) || !isset($_SESSION['authenticated_user_id'])) {
|
|
die("Not a Valid Entry Point");
|
|
}
|
|
else {
|
|
ini_set('zlib.output_compression','Off');//bug 27089, if use gzip here, the Content-Length in hearder may be incorrect.
|
|
// cn: bug 8753: current_user's preferred export charset not being honored
|
|
$GLOBALS['current_user']->retrieve($_SESSION['authenticated_user_id']);
|
|
$GLOBALS['current_language'] = $_SESSION['authenticated_user_language'];
|
|
$app_strings = return_application_language($GLOBALS['current_language']);
|
|
$mod_strings = return_module_language($GLOBALS['current_language'], 'ACL');
|
|
if(!isset($_REQUEST['isTempFile'])) {
|
|
//Custom modules may have capilizations anywhere in thier names. We should check the passed in format first.
|
|
require('include/modules.php');
|
|
$module = $_REQUEST['type'];
|
|
$file_type = strtolower($_REQUEST['type']);
|
|
if(empty($beanList[$module])) {
|
|
//start guessing at a module name
|
|
$module = ucfirst($file_type);
|
|
if(empty($beanList[$module])) {
|
|
die($app_strings['ERROR_TYPE_NOT_VALID']);
|
|
}
|
|
}
|
|
$bean_name = $beanList[$module];
|
|
if(!file_exists('modules/' . $module . '/' . $bean_name . '.php')) {
|
|
die($app_strings['ERROR_TYPE_NOT_VALID']);
|
|
}
|
|
require_once('modules/' . $module . '/' . $bean_name . '.php');
|
|
$focus = new $bean_name();
|
|
$focus->retrieve($_REQUEST['id']);
|
|
if(!$focus->ACLAccess('view')){
|
|
die($mod_strings['LBL_NO_ACCESS']);
|
|
} // if
|
|
} // if
|
|
$local_location = (isset($_REQUEST['isTempFile'])) ? "{$GLOBALS['sugar_config']['cache_dir']}/modules/Emails/{$_REQUEST['ieId']}/attachments/{$_REQUEST['id']}"
|
|
: $GLOBALS['sugar_config']['upload_dir']."/".$_REQUEST['id'];
|
|
|
|
if(isset($_REQUEST['isTempFile']) && ($_REQUEST['type']=="SugarFieldImage")) {
|
|
$local_location = $GLOBALS['sugar_config']['upload_dir']."/".$_REQUEST['id'];
|
|
}
|
|
|
|
echo $local_location;
|
|
if(!file_exists( $local_location ) || strpos($local_location, "..")) {
|
|
die($app_strings['ERR_INVALID_FILE_REFERENCE']);
|
|
}
|
|
else {
|
|
$doQuery = true;
|
|
|
|
if($file_type == 'documents') {
|
|
// cn: bug 9674 document_revisions table has no 'name' column.
|
|
$query = "SELECT filename name FROM document_revisions INNER JOIN documents ON documents.id = document_revisions.document_id ";
|
|
$query .= "WHERE document_revisions.id = '" . $_REQUEST['id'] ."'";
|
|
} elseif($file_type == 'kbdocuments') {
|
|
$query="SELECT document_revisions.filename name FROM document_revisions INNER JOIN kbdocument_revisions ON document_revisions.id = kbdocument_revisions.document_revision_id INNER JOIN kbdocuments ON kbdocument_revisions.kbdocument_id = kbdocuments.id ";
|
|
$query .= "WHERE document_revisions.id = '" . $_REQUEST['id'] ."'";
|
|
} elseif($file_type == 'notes') {
|
|
$query = "SELECT filename name FROM notes ";
|
|
$query .= "WHERE notes.id = '" . $_REQUEST['id'] ."'";
|
|
} elseif( !isset($_REQUEST['isTempFile']) && !isset($_REQUEST['tempName'] ) && isset($_REQUEST['type']) && $file_type!='temp' ){ //make sure not email temp file.
|
|
$query = "SELECT filename name FROM ". $file_type ." ";
|
|
$query .= "WHERE ". $file_type .".id= '".$_REQUEST['id']."'";
|
|
}elseif( $file_type == 'temp'){
|
|
$doQuery = false;
|
|
}
|
|
|
|
if($doQuery && isset($query)) {
|
|
$rs = $GLOBALS['db']->query($query);
|
|
$row = $GLOBALS['db']->fetchByAssoc($rs);
|
|
|
|
if(empty($row)){
|
|
die($app_strings['ERROR_NO_RECORD']);
|
|
}
|
|
$name = $row['name'];
|
|
if ($file_type=='documents')
|
|
$seperator = "";
|
|
else
|
|
$seperator = "/";
|
|
$download_location = $GLOBALS['sugar_config']['upload_dir'].$seperator.$_REQUEST['id'];
|
|
echo $download_location;
|
|
} else if(isset( $_REQUEST['tempName'] ) && isset($_REQUEST['isTempFile']) ){
|
|
// downloading a temp file (email 2.0)
|
|
$download_location = $local_location;
|
|
$name = $_REQUEST['tempName'];
|
|
}
|
|
else if(isset($_REQUEST['isTempFile']) && ($_REQUEST['type']=="SugarFieldImage")) {
|
|
$download_location = $local_location;
|
|
$name = $_REQUEST['tempName'];
|
|
}
|
|
|
|
if(isset($_SERVER['HTTP_USER_AGENT']) && preg_match("/MSIE/", $_SERVER['HTTP_USER_AGENT']))
|
|
{
|
|
$name = urlencode($name);
|
|
$name = str_replace("+", "_", $name);
|
|
}
|
|
|
|
header("Pragma: public");
|
|
header("Cache-Control: maxage=1, post-check=0, pre-check=0");
|
|
if(isset($_REQUEST['isTempFile']) && ($_REQUEST['type']=="SugarFieldImage")) {
|
|
$mime = getimagesize($download_location);
|
|
if(!empty($mime)) {
|
|
header("Content-Type: {$mime['mime']}");
|
|
} else {
|
|
header("Content-Type: image/png");
|
|
}
|
|
} else {
|
|
header("Content-Type: application/force-download");
|
|
header("Content-Disposition: attachment; filename=\"".$name."\";");
|
|
}
|
|
// disable content type sniffing in MSIE
|
|
header("X-Content-Type-Options: nosniff");
|
|
header("Content-Length: " . filesize($local_location));
|
|
header("Expires: 0");
|
|
set_time_limit(0);
|
|
|
|
@ob_end_clean();
|
|
ob_start();
|
|
|
|
readfile($download_location);
|
|
@ob_flush();
|
|
}
|
|
}
|
|
?>
|