/
message-attachment.php
47 lines (37 loc) · 1.25 KB
/
message-attachment.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
<?php
include('init.php');
auth_redirect();
$message_id = @$_GET['message_id'];
$i = @$_GET['i'];
$download = !empty($_GET['dl']);
if ( !empty($message_id) && isset($i) ) {
$msg = $db->get_row( $db->prepare("SELECT * FROM $db->messages WHERE message_id=%d", $message_id) );
if ( $msg ) {
include_once('includes/mime.php');
$parts = mime_split($msg->content);
$att = $parts[$i];
if ( $att ) {
$content_type = $att->get_type();
$filename = intval($message_id).'-'.intval($i);
if ( preg_match( '/;\s*name="([^"]+)"/', $att->content_type, $m ) )
$filename .= '-'.preg_replace('/[^\w.]/', '', $m[1]);
if ( $content_type == 'application/octet-stream' ) {
// try to use a slightly more helpful content type
$filename_parts = pathinfo($filename);
$ext = preg_replace('/[^\w]/', '', $filename_parts['extension']);
if ( $ext )
$content_type = 'application/' . strtolower( $ext );
}
#var_dump($filename_parts, $content_type);die;
header('Content-type: '. $content_type);
if ( $download )
header('Content-Disposition: attachment; filename="'.$filename.'"');
else
header('Content-Disposition: inline; filename="'.$filename.'"');
die($att->content);
}
}
}
header('Status: 404 Not Found');
die('Not found.');
?>