PageRenderTime 41ms CodeModel.GetById 13ms RepoModel.GetById 0ms app.codeStats 0ms

/imp-h3-4.3.10/attachment.php

#
PHP | 145 lines | 101 code | 14 blank | 30 comment | 24 complexity | 2fca19293640b3be6a3558776e0210ce MD5 | raw file
Possible License(s): AGPL-1.0 
    

  1. <?php
    2. 

  2. /**
    3. 

  3.  * $Horde: imp/attachment.php,v 2.5.10.23 2010/10/01 07:11:22 slusarz Exp $
    4. 

  4.  *
    5. 

  5.  * Copyright 2004-2007 Andrew Coleman <mercury@appisolutions.net>
    6. 

  6.  *
    7. 

  7.  * See the enclosed file COPYING for license information (GPL). If you
    8. 

  8.  * did not receive this file, see http://www.fsf.org/copyleft/gpl.html.
    9. 

  9.  *
    10. 

  10.  * This file should be the basis for serving hosted attachments.  It
    11. 

  11.  * should fetch the file from the VFS and funnel it to the client
    12. 

  12.  * wishing to download the attachment. This will allow for the
    13. 

  13.  * exchange of massive attachments without causing mail server havoc.
    14. 

  14.  */
    15. 

  15. 

  16. // Set up initial includes.
    17. 

  17. // This does *not* include IMP's base.php because we do not need to be
    18. 

  18. // authenticated to get the file. Most users won't send linked
    19. 

  19. // attachments just to other IMP users.
    20. 

  20. if (!defined('HORDE_BASE')) {
    21. 

  21.     @define('HORDE_BASE', dirname(__FILE__) . '/..');
    22. 

  22. }
    23. 

  23. @define('IMP_BASE', dirname(__FILE__));
    24. 

  24. require_once HORDE_BASE . '/lib/core.php';
    25. 

  25. require_once IMP_BASE . '/lib/Compose.php';
    26. 

  26. require_once 'Horde/MIME/Magic.php';
    27. 

  27. require_once 'VFS.php';
    28. 

  28. $registry = &Registry::singleton();
    29. 

  29. $registry->importConfig('imp');
    30. 

  30. 

  31. $_self_url = Horde::selfUrl(false, true, true);
    32. 

  32. 

  33. // Lets see if we are even able to send the user an attachment.
    34. 

  34. if (!$conf['compose']['link_attachments']) {
    35. 

  35.     Horde::fatal(_("Linked attachments are forbidden."), $_self_url, __LINE__);
    36. 

  36. }
    37. 

  37. 

  38. // Gather required form variables.
    39. 

  39. $mail_user = Util::getFormData('u');
    40. 

  40. $time_stamp = Util::getFormData('t');
    41. 

  41. $file_name = Util::getFormData('f');
    42. 

  42. if (!isset($mail_user) || !isset($time_stamp) || !isset($file_name) ||
    43. 

  43.     $mail_user == '' || $time_stamp == '' || $file_name == '') {
    44. 

  44.     Horde::fatal(_("The attachment was not found."),
    45. 

  45.         $_self_url, __LINE__);
    46. 

  46. }
    47. 

  47. 

  48. // Initialize the VFS.
    49. 

  49. $vfsroot = &VFS::singleton($conf['vfs']['type'], Horde::getDriverConfig('vfs', $conf['vfs']['type']));
    50. 

  50. if (is_a($vfsroot, 'PEAR_Error')) {
    51. 

  51.     Horde::fatal(sprintf(_("Could not create the VFS backend: %s"), $vfsroot->getMessage()), $_self_url, __LINE__);
    52. 

  52. }
    53. 

  53. 

  54. // Check if the file exists.
    55. 

  55. $mail_user = basename($mail_user);
    56. 

  56. $time_stamp = basename($time_stamp);
    57. 

  57. $file_name = escapeshellcmd(basename($file_name));
    58. 

  58. $full_path = sprintf(IMP_VFS_LINK_ATTACH_PATH . '/%s/%d', $mail_user, $time_stamp);
    59. 

  59. if (!$vfsroot->exists($full_path, $file_name)) {
    60. 

  60.     Horde::fatal(_("The specified attachment does not exist. It may have been deleted by the original sender."), $_self_url, __LINE__);
    61. 

  61. }
    62. 

  62. 

  63. // Check to see if we need to send a verification message.
    64. 

  64. if ($conf['compose']['link_attachments_notify']) {
    65. 

  65.     if ($vfsroot->exists($full_path, $file_name . '.notify')) {
    66. 

  66.         $delete_id = Util::getFormData('d');
    67. 

  67.         $read_id = $vfsroot->read($full_path, $file_name . '.notify');
    68. 

  68.         if (is_a($read_id, 'PEAR_Error')) {
    69. 

  69.             Horde::logMessage($read_id, __FILE__, __LINE__, PEAR_LOG_ERR);
    70. 

  70.         } elseif ($delete_id == $read_id) {
    71. 

  71.             $vfsroot->deleteFile($full_path, $file_name);
    72. 

  72.             $vfsroot->deleteFile($full_path, $file_name . '.notify');
    73. 

  73.             printf(_("Attachment %s deleted."), $file_name);
    74. 

  74.             exit;
    75. 

  75.         }
    76. 

  76.     } else {
    77. 

  77.         /* Create a random identifier for this file. */
    78. 

  78.         $id = base_convert($file_name . mt_rand(), 10, 36);
    79. 

  79.         $res = $vfsroot->writeData($full_path, $file_name . '.notify' , $id, true);
    80. 

  80.         if (is_a($res, 'PEAR_Error')) {
    81. 

  81.             Horde::logMessage($res, __FILE__, __LINE__, PEAR_LOG_ERR);
    82. 

  82.         } else {
    83. 

  83.             /* Load $mail_user's preferences so that we can use their
    84. 

  84.              * locale information for the notification message. */
    85. 

  85.             include_once 'Horde/Prefs.php';
    86. 

  86.             $prefs = &Prefs::singleton($conf['prefs']['driver'],
    87. 

  87.                                        'horde', $mail_user);
    88. 

  88.             $prefs->retrieve();
    89. 

  89.             include_once 'Horde/Identity.php';
    90. 

  90.             $mail_identity = &Identity::singleton('none', $mail_user);
    91. 

  91.             $mail_address = $mail_identity->getDefaultFromAddress();
    92. 

  92.             /* Ignore missing addresses, which are returned as <>. */
    93. 

  93.             if (strlen($mail_address) > 2) {
    94. 

  94.                 $mail_address_full = $mail_identity->getDefaultFromAddress(true);
    95. 

  95.                 NLS::setTimeZone();
    96. 

  96.                 NLS::setLang($prefs->getValue('language'));
    97. 

  97.                 NLS::setTextdomain('imp', IMP_BASE . '/locale', NLS::getCharset());
    98. 

  98.                 String::setDefaultCharset(NLS::getCharset());
    99. 

  99. 

  100.                 /* Set up the mail headers and read the log file. */
    101. 

  101.                 include_once 'Horde/MIME/Headers.php';
    102. 

  102.                 $msg_headers = new MIME_Headers();
    103. 

  103.                 $msg_headers->addReceivedHeader();
    104. 

  104.                 $msg_headers->addMessageIdHeader();
    105. 

  105.                 $msg_headers->addAgentHeader();
    106. 

  106.                 $msg_headers->addHeader('Date', date('r'));
    107. 

  107.                 $msg_headers->addHeader('From', $mail_address_full);
    108. 

  108.                 $msg_headers->addHeader('To', $mail_address_full);
    109. 

  109.                 $msg_headers->addHeader('Subject', _("Notification: Linked attachment downloaded"));
    110. 

  110. 

  111.                 include_once 'Horde/MIME/Message.php';
    112. 

  112.                 $msg = new MIME_Message();
    113. 

  113.                 $msg->setType('text/plain');
    114. 

  114.                 $msg->setCharset(NLS::getCharset());
    115. 

  115.                 $msg->setContents(String::wrap(sprintf(_("Your linked attachment has been downloaded by at least one user.\n\nAttachment name: %s\nAttachment date: %s\n\nClick on the following link to permanently delete the attachment:\n%s"), $file_name, date('r', $time_stamp), Util::addParameter(Horde::selfUrl(true, false, true), 'd', $id))));
    116. 

  116. 

  117.                 $msg_headers->addMIMEHeaders($msg);
    118. 

  118. 

  119.                 $msg->send($mail_address, $msg_headers);
    120. 

  120.             }
    121. 

  121.         }
    122. 

  122.     }
    123. 

  123. }
    124. 

  124. 

  125. // Find the file's mime-type.
    126. 

  126. $file_data = $vfsroot->read($full_path, $file_name);
    127. 

  127. if (is_a($file_data, 'PEAR_Error')) {
    128. 

  128.     Horde::logMessage($file_data, __FILE__, __LINE__, PEAR_LOG_ERR);
    129. 

  129.     Horde::fatal(_("The specified file cannot be read."), $_self_url, __LINE__);
    130. 

  130. }
    131. 

  131. $mime_type = MIME_Magic::analyzeData($file_data, isset($conf['mime']['magic_db']) ? $conf['mime']['magic_db'] : null);
    132. 

  132. if ($mime_type === false) {
    133. 

  133.     $mime_type = MIME_Magic::filenameToMIME($file_name, false);
    134. 

  134. }
    135. 

  135. 

  136. // Prevent 'jar:' attacks on Firefox.  See Ticket #5892.
    137. 

  137. if ($browser->isBrowser('mozilla')) {
    138. 

  138.     if (in_array(String::lower($mime_type), array('application/java-archive', 'application/x-jar'))) {
    139. 

  139.         $mime_type = 'application/octet-stream';
    140. 

  140.     }
    141. 

  141. }
    142. 

  142. 

  143. // Send the client the file.
    144. 

  144. $browser->downloadHeaders($file_name, $mime_type, false, strlen($file_data));
    145. 

  145. echo $file_data;
    146. 

  146.