// 非ログインユーザーはログイン画面へ if (!is_object($xoopsUser)) { redirect_header(XOOPS_URL . "/user.php", 1, _NOPERM); exit; } define("XOOPS_MODULE_WEBMAIL_LOADED", 1); include "cache/config.php"; include_once "gettype.php"; $userid = $xoopsUser->uid(); $msg = $java_script = ""; if (ini_get('file_uploads') && $attachments && !empty($_FILES)) { // nao-pon if (!empty($_FILES)) { $userfile_name = $_FILES['userfile']['name']; $userfile_name = urldecode($userfile_name); $userfile_name = mb_convert_encoding($userfile_name, _CHARSET, "auto"); if (is_uploaded_file($_FILES['userfile']['tmp_name'])) { @copy($_FILES['userfile']['tmp_name'], $attachmentdir . "/" . $userid . "_" . $userfile_name . "_d_u_m_"); @unlink($userfile); $M_Type = m_get_type($userfile_name); $filename = htmlspecialchars($_FILES['userfile']['name'], ENT_QUOTES); $java_script = "<script>window.opener.attachfiles(\"" . $filename . "\",\"" . $M_Type . "\");</script>"; $msg = str_replace('$1', $filename, _MD_WEBMAIL_ATTACHE_ADDED) . '<br /><br />'; } } if (!$msg && strtolower($_SERVER["REQUEST_METHOD"]) == "post") { $msg = _MD_WEBMAIL_ERR_NOFILE . "<br /><br />"; } } $sitename = htmlspecialchars($xoopsConfig['sitename'], ENT_QUOTES); echo "<html>\n" . "<title>{$sitename}[Web Mailer]: " . _MD_WEBMAIL_ATTACHE_FILE . "</title>\n" . "<body text=\"#63627f\">\n" . $java_script . "\n" . "<form action=\"mailattach.php\" method=\"post\" ENCTYPE=\"multipart/form-data\" name=\"attchform\">\n" . "<center>\n" . $msg . "<b>{$sitename}[Web Mailer]: " . _MD_WEBMAIL_ATTACHE_FILE . "</b><br /><br />\n" . _MD_WEBMAIL_FILE . ": <input type=\"file\" name=\"userfile\" size=\"30\"><br /><input type=\"submit\" value=\"" . _MD_WEBMAIL_ATTACHE_ADD . "\">\n" . "</form>\n" . "<br /><br /><form><input type=\"button\" value=\"" . _MD_WEBMAIL_CLOSE_WINDOW . "\" onClick=\"window.close();\"></form>\n" . "</body>\n" . "</html>";
// $Id$ include "../../mainfile.php"; if (!is_object($xoopsUser)) { exit; } require_once "cache/config.php"; include "gettype.php"; $_GET["fn"] = str_replace("", "", $_GET["fn"]); $_GET["dfn"] = str_replace("", "", $_GET["dfn"]); if (preg_match("#\\.\\./#", $_GET["fn"])) { exit; } $dlfilename = urldecode($_GET["dfn"]); $filename = urldecode($_GET["fn"]); $filetype = m_get_type($dlfilename); $workdir = $download_dir; $size = filesize($workdir . "/" . $filename); if (strstr($HTTP_SERVER_VARS["HTTP_USER_AGENT"], "MSIE")) { // For IE //$dlfilename = WfsConvert::filenameForWin($dlfilename); $dlfilename = mb_convert_encoding($dlfilename, "SJIS", "auto"); header("Content-Type: " . $filetype); header("Content-Length: {$size}"); header("Cache-control: private"); //header("Content-Disposition: inline; filename=$dlfilename"); header("Content-Disposition: attachment; filename=\"{$dlfilename}\""); } else { // For Other browsers header("Content-Type: " . $filetype); header("Content-Length: {$size}");