2 if(!defined('sugarEntry') || !sugarEntry) die('Not A Valid Entry Point');
3 /*********************************************************************************
4 * SugarCRM Community Edition is a customer relationship management program developed by
5 * SugarCRM, Inc. Copyright (C) 2004-2011 SugarCRM Inc.
7 * This program is free software; you can redistribute it and/or modify it under
8 * the terms of the GNU Affero General Public License version 3 as published by the
9 * Free Software Foundation with the addition of the following permission added
10 * to Section 15 as permitted in Section 7(a): FOR ANY PART OF THE COVERED WORK
11 * IN WHICH THE COPYRIGHT IS OWNED BY SUGARCRM, SUGARCRM DISCLAIMS THE WARRANTY
12 * OF NON INFRINGEMENT OF THIRD PARTY RIGHTS.
14 * This program is distributed in the hope that it will be useful, but WITHOUT
15 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
16 * FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
19 * You should have received a copy of the GNU Affero General Public License along with
20 * this program; if not, see http://www.gnu.org/licenses or write to the Free
21 * Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
24 * You can contact SugarCRM, Inc. headquarters at 10050 North Wolfe Road,
25 * SW2-130, Cupertino, CA 95014, USA. or at email address contact@sugarcrm.com.
27 * The interactive user interfaces in modified source and object code versions
28 * of this program must display Appropriate Legal Notices, as required under
29 * Section 5 of the GNU Affero General Public License version 3.
31 * In accordance with Section 7(b) of the GNU Affero General Public License version 3,
32 * these Appropriate Legal Notices must retain the display of the "Powered by
33 * SugarCRM" logo. If the display of the logo is not reasonably feasible for
34 * technical reasons, the Appropriate Legal Notices must display the words
35 * "Powered by SugarCRM".
36 ********************************************************************************/
41 if(empty($_REQUEST['id']) || empty($_REQUEST['type']) || !isset($_SESSION['authenticated_user_id'])) {
42 die("Not a Valid Entry Point");
45 $file_type=''; // bug 45896
46 ini_set('zlib.output_compression','Off');//bug 27089, if use gzip here, the Content-Length in hearder may be incorrect.
47 // cn: bug 8753: current_user's preferred export charset not being honored
48 $GLOBALS['current_user']->retrieve($_SESSION['authenticated_user_id']);
49 $GLOBALS['current_language'] = $_SESSION['authenticated_user_language'];
50 $app_strings = return_application_language($GLOBALS['current_language']);
51 $mod_strings = return_module_language($GLOBALS['current_language'], 'ACL');
52 if(!isset($_REQUEST['isTempFile'])) {
53 //Custom modules may have capilizations anywhere in thier names. We should check the passed in format first.
54 require('include/modules.php');
55 $module = $db->quote($_REQUEST['type']);
56 $file_type = strtolower($_REQUEST['type']);
57 if(empty($beanList[$module])) {
58 //start guessing at a module name
59 $module = ucfirst($file_type);
60 if(empty($beanList[$module])) {
61 die($app_strings['ERROR_TYPE_NOT_VALID']);
64 $bean_name = $beanList[$module];
65 if(!file_exists('modules/' . $module . '/' . $bean_name . '.php')) {
66 die($app_strings['ERROR_TYPE_NOT_VALID']);
68 require_once('modules/' . $module . '/' . $bean_name . '.php');
69 $focus = new $bean_name();
70 $focus->retrieve($_REQUEST['id']);
71 if(!$focus->ACLAccess('view')){
72 die($mod_strings['LBL_NO_ACCESS']);
75 // Pull up the document revision, if it's of type Document
76 if ( isset($focus->object_name) && $focus->object_name == 'Document' ) {
77 // It's a document, get the revision that really stores this file
78 $focusRevision = new DocumentRevision();
79 $focusRevision->retrieve($_REQUEST['id']);
81 if ( empty($focusRevision->id) ) {
82 // This wasn't a document revision id, it's probably actually a document id, we need to grab that, get the latest revision and use that
83 $focusDocument = new Document();
84 $focusDocument->retrieve($_REQUEST['id']);
86 $focusRevision->retrieve($focusDocument->document_revision_id);
88 if ( !empty($focusRevision->id) ) {
89 $_REQUEST['id'] = $focusRevision->id;
94 // See if it is a remote file, if so, send them that direction
95 if ( isset($focus->doc_url) && !empty($focus->doc_url) ) {
96 header('Location: '.$focus->doc_url);
100 if ( isset($focusRevision) && isset($focusRevision->doc_url) && !empty($focusRevision->doc_url) ) {
101 header('Location: '.$focusRevision->doc_url);
107 $local_location = $GLOBALS['sugar_config']['upload_dir']."/".$_REQUEST['id'];
108 if (isset($_REQUEST['isTempFile']))
110 $local_location = $GLOBALS['sugar_config']['cache_dir'].'/modules/Emails/';
111 if (isset($_REQUEST['ieId'])) {
112 $local_location .= $_REQUEST['ieId'].'/';
114 $local_location .= 'attachments/'.$_REQUEST['id'];
117 if(isset($_REQUEST['isTempFile']) && ($_REQUEST['type']=="SugarFieldImage")) {
118 $local_location = $GLOBALS['sugar_config']['upload_dir']."/".$_REQUEST['id'];
121 if(!file_exists( $local_location ) || strpos($local_location, "..")) {
122 die($app_strings['ERR_INVALID_FILE_REFERENCE']);
127 if($file_type == 'documents') {
128 // cn: bug 9674 document_revisions table has no 'name' column.
129 $query = "SELECT filename name FROM document_revisions INNER JOIN documents ON documents.id = document_revisions.document_id ";
130 $query .= "WHERE document_revisions.id = '".$db->quote($_REQUEST['id'])."' ";
131 } elseif($file_type == 'kbdocuments') {
132 $query="SELECT document_revisions.filename name FROM document_revisions INNER JOIN kbdocument_revisions ON document_revisions.id = kbdocument_revisions.document_revision_id INNER JOIN kbdocuments ON kbdocument_revisions.kbdocument_id = kbdocuments.id ";
133 $query .= "WHERE document_revisions.id = '" . $db->quote($_REQUEST['id']) ."'";
134 } elseif($file_type == 'notes') {
135 $query = "SELECT filename name FROM notes ";
136 $query .= "WHERE notes.id = '" . $db->quote($_REQUEST['id']) ."'";
137 } elseif( !isset($_REQUEST['isTempFile']) && !isset($_REQUEST['tempName'] ) && isset($_REQUEST['type']) && $file_type!='temp' ){ //make sure not email temp file.
138 $query = "SELECT filename name FROM ". $file_type ." ";
139 $query .= "WHERE ". $file_type .".id= '".$db->quote($_REQUEST['id'])."'";
140 }elseif( $file_type == 'temp'){
144 if($doQuery && isset($query)) {
145 $rs = $GLOBALS['db']->query($query);
146 $row = $GLOBALS['db']->fetchByAssoc($rs);
149 die($app_strings['ERROR_NO_RECORD']);
151 $name = $row['name'];
152 $download_location = $GLOBALS['sugar_config']['upload_dir']."/".$_REQUEST['id'];
153 } else if(isset( $_REQUEST['tempName'] ) && isset($_REQUEST['isTempFile']) ){
154 // downloading a temp file (email 2.0)
155 $download_location = $local_location;
156 $name = $_REQUEST['tempName'];
158 else if(isset($_REQUEST['isTempFile']) && ($_REQUEST['type']=="SugarFieldImage")) {
159 $download_location = $local_location;
161 if (isset($_REQUEST['tempName']))
163 $name = $_REQUEST['tempName'];
167 if(isset($_SERVER['HTTP_USER_AGENT']) && preg_match("/MSIE/", $_SERVER['HTTP_USER_AGENT']))
169 $name = urlencode($name);
170 $name = str_replace("+", "_", $name);
173 header("Pragma: public");
174 header("Cache-Control: maxage=1, post-check=0, pre-check=0");
175 if(isset($_REQUEST['isTempFile']) && ($_REQUEST['type']=="SugarFieldImage")) {
176 $mime = getimagesize($download_location);
178 header("Content-Type: {$mime['mime']}");
180 header("Content-Type: image/png");
183 header("Content-Type: application/force-download");
184 header("Content-type: application/octet-stream");
185 header("Content-Disposition: attachment; filename=\"".$name."\";");
187 // disable content type sniffing in MSIE
188 header("X-Content-Type-Options: nosniff");
189 header("Content-Length: " . filesize($local_location));
190 header("Expires: 0");
196 readfile($download_location);