retrieve($_SESSION['authenticated_user_id']); $GLOBALS['current_language'] = $_SESSION['authenticated_user_language']; $app_strings = return_application_language($GLOBALS['current_language']); $mod_strings = return_module_language($GLOBALS['current_language'], 'ACL'); if(!isset($_REQUEST['isTempFile'])) { //Custom modules may have capilizations anywhere in thier names. We should check the passed in format first. require('include/modules.php'); $module = $db->quote($_REQUEST['type']); $file_type = strtolower($_REQUEST['type']); if(empty($beanList[$module])) { //start guessing at a module name $module = ucfirst($file_type); if(empty($beanList[$module])) { die($app_strings['ERROR_TYPE_NOT_VALID']); } } $bean_name = $beanList[$module]; if(!file_exists('modules/' . $module . '/' . $bean_name . '.php')) { die($app_strings['ERROR_TYPE_NOT_VALID']); } require_once('modules/' . $module . '/' . $bean_name . '.php'); $focus = new $bean_name(); $focus->retrieve($_REQUEST['id']); if(!$focus->ACLAccess('view')){ die($mod_strings['LBL_NO_ACCESS']); } // if // Pull up the document revision, if it's of type Document if ( isset($focus->object_name) && $focus->object_name == 'Document' ) { // It's a document, get the revision that really stores this file $focusRevision = new DocumentRevision(); $focusRevision->retrieve($_REQUEST['id']); if ( empty($focusRevision->id) ) { // This wasn't a document revision id, it's probably actually a document id, we need to grab that, get the latest revision and use that $focusDocument = new Document(); $focusDocument->retrieve($_REQUEST['id']); $focusRevision->retrieve($focusDocument->document_revision_id); if ( !empty($focusRevision->id) ) { $_REQUEST['id'] = $focusRevision->id; } } } // See if it is a remote file, if so, send them that direction if ( isset($focus->doc_url) && !empty($focus->doc_url) ) { header('Location: '.$focus->doc_url); sugar_die(); } if ( isset($focusRevision) && isset($focusRevision->doc_url) && !empty($focusRevision->doc_url) ) { header('Location: '.$focusRevision->doc_url); sugar_die(); } } // if $local_location = (isset($_REQUEST['isTempFile'])) ? "{$GLOBALS['sugar_config']['cache_dir']}/modules/Emails/{$_REQUEST['ieId']}/attachments/{$_REQUEST['id']}" : $GLOBALS['sugar_config']['upload_dir']."/".$_REQUEST['id']; if(isset($_REQUEST['isTempFile']) && ($_REQUEST['type']=="SugarFieldImage")) { $local_location = $GLOBALS['sugar_config']['upload_dir']."/".$_REQUEST['id']; } if(!file_exists( $local_location ) || strpos($local_location, "..")) { die($app_strings['ERR_INVALID_FILE_REFERENCE']); } else { $doQuery = true; if($file_type == 'documents') { // cn: bug 9674 document_revisions table has no 'name' column. $query = "SELECT filename name FROM document_revisions INNER JOIN documents ON documents.id = document_revisions.document_id "; $query .= "WHERE document_revisions.id = '".$db->quote($_REQUEST['id'])."' "; } elseif($file_type == 'kbdocuments') { $query="SELECT document_revisions.filename name FROM document_revisions INNER JOIN kbdocument_revisions ON document_revisions.id = kbdocument_revisions.document_revision_id INNER JOIN kbdocuments ON kbdocument_revisions.kbdocument_id = kbdocuments.id "; $query .= "WHERE document_revisions.id = '" . $db->quote($_REQUEST['id']) ."'"; } elseif($file_type == 'notes') { $query = "SELECT filename name FROM notes "; $query .= "WHERE notes.id = '" . $db->quote($_REQUEST['id']) ."'"; } elseif( !isset($_REQUEST['isTempFile']) && !isset($_REQUEST['tempName'] ) && isset($_REQUEST['type']) && $file_type!='temp' ){ //make sure not email temp file. $query = "SELECT filename name FROM ". $file_type ." "; $query .= "WHERE ". $file_type .".id= '".$db->quote($_REQUEST['id'])."'"; }elseif( $file_type == 'temp'){ $doQuery = false; } if($doQuery && isset($query)) { $rs = $GLOBALS['db']->query($query); $row = $GLOBALS['db']->fetchByAssoc($rs); if(empty($row)){ die($app_strings['ERROR_NO_RECORD']); } $name = $row['name']; $download_location = $GLOBALS['sugar_config']['upload_dir']."/".$_REQUEST['id']; } else if(isset( $_REQUEST['tempName'] ) && isset($_REQUEST['isTempFile']) ){ // downloading a temp file (email 2.0) $download_location = $local_location; $name = $_REQUEST['tempName']; } else if(isset($_REQUEST['isTempFile']) && ($_REQUEST['type']=="SugarFieldImage")) { $download_location = $local_location; $name = $_REQUEST['tempName']; } if(isset($_SERVER['HTTP_USER_AGENT']) && preg_match("/MSIE/", $_SERVER['HTTP_USER_AGENT'])) { $name = urlencode($name); $name = str_replace("+", "_", $name); } header("Pragma: public"); header("Cache-Control: maxage=1, post-check=0, pre-check=0"); if(isset($_REQUEST['isTempFile']) && ($_REQUEST['type']=="SugarFieldImage")) { $mime = getimagesize($download_location); if(!empty($mime)) { header("Content-Type: {$mime['mime']}"); } else { header("Content-Type: image/png"); } } else { header("Content-Type: application/force-download"); header("Content-Disposition: attachment; filename=\"".$name."\";"); } // disable content type sniffing in MSIE header("X-Content-Type-Options: nosniff"); header("Content-Length: " . filesize($local_location)); header("Expires: 0"); set_time_limit(0); @ob_end_clean(); ob_start(); readfile($download_location); @ob_flush(); } } ?>