[Vue sommaire] [Imprimer] [Vue textuelle]

   1  <?php
   2  if(!defined('sugarEntry') || !sugarEntry) die('Not A Valid Entry Point');
   3  /*********************************************************************************
   4   * SugarCRM is a customer relationship management program developed by
   5   * SugarCRM, Inc. Copyright (C) 2004 - 2009 SugarCRM Inc.
   6   * 
   7   * This program is free software; you can redistribute it and/or modify it under
   8   * the terms of the GNU General Public License version 3 as published by the
   9   * Free Software Foundation with the addition of the following permission added
  10   * to Section 15 as permitted in Section 7(a): FOR ANY PART OF THE COVERED WORK
  11   * IN WHICH THE COPYRIGHT IS OWNED BY SUGARCRM, SUGARCRM DISCLAIMS THE WARRANTY
  12   * OF NON INFRINGEMENT OF THIRD PARTY RIGHTS.
  13   * 
  14   * This program is distributed in the hope that it will be useful, but WITHOUT
  15   * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
  16   * FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
  17   * details.
  18   * 
  19   * You should have received a copy of the GNU General Public License along with
  20   * this program; if not, see http://www.gnu.org/licenses or write to the Free
  21   * Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
  22   * 02110-1301 USA.
  23   * 
  24   * You can contact SugarCRM, Inc. headquarters at 10050 North Wolfe Road,
  25   * SW2-130, Cupertino, CA 95014, USA. or at email address contact@sugarcrm.com.
  26   * 
  27   * The interactive user interfaces in modified source and object code versions
  28   * of this program must display Appropriate Legal Notices, as required under
  29   * Section 5 of the GNU General Public License version 3.
  30   * 
  31   * In accordance with Section 7(b) of the GNU General Public License version 3,
  32   * these Appropriate Legal Notices must retain the display of the "Powered by
  33   * SugarCRM" logo. If the display of the logo is not reasonably feasible for
  34   * technical reasons, the Appropriate Legal Notices must display the words
  35   * "Powered by SugarCRM".
  36   ********************************************************************************/
  37  
  38  if(empty($_REQUEST['id']) || empty($_REQUEST['type']) || !isset($_SESSION['authenticated_user_id'])) {
  39      die("Not a Valid Entry Point");
  40  }
  41  else {
  42      ini_set('zlib.output_compression','Off');//bug 27089, if use gzip here, the Content-Length in hearder may be incorrect.
  43      // cn: bug 8753: current_user's preferred export charset not being honored
  44      $GLOBALS['current_user']->retrieve($_SESSION['authenticated_user_id']);
  45      $GLOBALS['current_language'] = $_SESSION['authenticated_user_language'];
  46      $app_strings = return_application_language($GLOBALS['current_language']);
  47      $mod_strings = return_module_language($GLOBALS['current_language'], 'ACL');
  48      if(!isset($_REQUEST['isTempFile'])) {
  49          //Custom modules may have capilizations anywhere in thier names. We should check the passed in format first.
  50          require ('include/modules.php');
  51          $module = $_REQUEST['type'];
  52          $file_type = strtolower($_REQUEST['type']);
  53          if(empty($beanList[$module])) {
  54              //start guessing at a module name
  55              $module = ucfirst($file_type);
  56              if(empty($beanList[$module])) {
  57                     die($app_strings['ERROR_TYPE_NOT_VALID']);
  58              }
  59          }
  60          $bean_name = $beanList[$module];
  61          if(!file_exists('modules/' . $module . '/' . $bean_name . '.php')) {
  62               die($app_strings['ERROR_TYPE_NOT_VALID']);
  63          }
  64          require_once('modules/' . $module . '/' . $bean_name . '.php');
  65          $focus = new $bean_name();
  66          $focus->retrieve($_REQUEST['id']);
  67          if(!$focus->ACLAccess('view')){
  68              die($mod_strings['LBL_NO_ACCESS']);
  69          } // if
  70      } // if
  71      $local_location = (isset($_REQUEST['isTempFile'])) ? "{$GLOBALS['sugar_config']['cache_dir']}/modules/Emails/{$_REQUEST['ieId']}/attachments/{$_REQUEST['id']}"
  72           : $GLOBALS['sugar_config']['upload_dir']."/".$_REQUEST['id'];
  73  
  74      if(!file_exists( $local_location ) || strpos($local_location, "..")) {
  75          die($app_strings['ERR_INVALID_FILE_REFERENCE']);
  76      }
  77      else {
  78          $doQuery = true;
  79  
  80          if($file_type == 'documents') {
  81              // cn: bug 9674 document_revisions table has no 'name' column.
  82              $query = "SELECT filename name FROM document_revisions INNER JOIN documents ON documents.id = document_revisions.document_id ";
  83  
  84  
  85  
  86  
  87  
  88  
  89              $query .= "WHERE document_revisions.id = '" . $_REQUEST['id'] ."'";
  90          } elseif($file_type == 'kbdocuments') {
  91                  $query="SELECT document_revisions.filename name    FROM document_revisions INNER JOIN kbdocument_revisions ON document_revisions.id = kbdocument_revisions.document_revision_id INNER JOIN kbdocuments ON kbdocument_revisions.kbdocument_id = kbdocuments.id ";     
  92  
  93  
  94  
  95  
  96  
  97              $query .= "WHERE document_revisions.id = '" . $_REQUEST['id'] ."'";
  98          }  elseif($file_type == 'notes') {
  99              $query = "SELECT filename name FROM notes ";
 100  
 101  
 102  
 103  
 104  
 105              $query .= "WHERE notes.id = '" . $_REQUEST['id'] ."'";
 106          } elseif( !isset($_REQUEST['isTempFile']) && !isset($_REQUEST['tempName'] ) && isset($_REQUEST['type']) && $file_type!='temp' ){ //make sure not email temp file.
 107              $query = "SELECT filename name FROM ". $file_type ." ";
 108  
 109  
 110  
 111  
 112  
 113              $query .= "WHERE ". $file_type .".id= '".$_REQUEST['id']."'";
 114          }elseif( $file_type == 'temp'){
 115              $doQuery = false;
 116          }
 117  
 118          if($doQuery && isset($query)) {
 119              $rs = $GLOBALS['db']->query($query);
 120              $row = $GLOBALS['db']->fetchByAssoc($rs);
 121  
 122              if(empty($row)){
 123                  die($app_strings['ERROR_NO_RECORD']);
 124              }
 125              $name = $row['name'];
 126              $download_location = $GLOBALS['sugar_config']['upload_dir']."/".$_REQUEST['id'];
 127          } else if(isset(  $_REQUEST['tempName'] ) && isset($_REQUEST['isTempFile']) ){
 128              // downloading a temp file (email 2.0)
 129              $download_location = $local_location;
 130              $name = $_REQUEST['tempName'];
 131          }
 132          if(isset($_SERVER['HTTP_USER_AGENT']) && preg_match("/MSIE/", $_SERVER['HTTP_USER_AGENT']))
 133          {    
 134              $name = urlencode($name);
 135              $name = str_replace("+", "_", $name);
 136          }
 137  
 138          header("Pragma: public");
 139          header("Cache-Control: maxage=1, post-check=0, pre-check=0");
 140          header("Content-type: application/force-download");
 141          header("Content-Length: " . filesize($local_location));
 142          header("Content-disposition: attachment; filename=\"".$name."\";");
 143          header("Expires: 0");
 144          set_time_limit(0);
 145  
 146          @ob_end_clean();
 147          ob_start();
 148  
 149  
 150  
 151  
 152  
 153  
 154  
 155              echo file_get_contents($download_location);
 156  
 157  
 158  
 159          @ob_flush();
 160      }
 161  }
 162  ?>