} else { $group = false; } if (isset($_GET['article'])) { $article = (int) $_GET['article']; } else { error("No article specified"); } if (isset($_GET['part'])) { $part = $_GET['part']; } else { error("No part specified"); } try { $nntpClient = new \Web\News\Nntp(NNTP_HOST); $message = $nntpClient->readArticle($article, $group); if ($message === null) { error('No article found'); } $mail = fMailbox::parseMessage($message); } catch (Exception $e) { error($e->getMessage()); } if (!empty($mail['attachment'][$part])) { $attachment = $mail['attachment'][$part]; /* Do not rely on user-provided content-deposition header, generate own one to */ /* make the content downloadable, do NOT use inline, we can't trust the attachment*/ /* Downside of this approach: images should be downloaded before use */ /* this is safer though, and prevents doing evil things on php.net domain */ $contentdisposition = 'attachment'; if (!empty($attachment['filename'])) {