forked from zedzedtop/mailzu
-
Notifications
You must be signed in to change notification settings - Fork 6
/
Copy pathget_attachment.php
62 lines (50 loc) · 1.89 KB
/
get_attachment.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
<?php
/**
* This file is the 'get attachment' functionality. Logged in users can:
* - download an attachment
*
* @author Gergely Nagy <[email protected]>
* @version 2021-11-08
* @package mailzu-ng
*
* Copyright (C) 2021 mailzu-ng
* License: GPL, see LICENSE
*/
/**
* Include autoloader
*/
include_once('lib/autoload.php');
if (!Auth::is_logged_in()) {
Auth::print_login_msg(); // Check if user is logged in
}
$mail_id = CmnFns::get_mail_id();
$content_type = CmnFns::getGlobalVar('ctype', GET);
$recip_email = CmnFns::getGlobalVar('recip_email', GET);
$query_string = CmnFns::querystring_exclude_vars(array('mail_id', 'recip_email'));
if (!Auth::isMailAdmin() && !in_array($recip_email, $_SESSION['sessionMail'])) {
CmnFns::do_error_box(translate('Access Denied'));
} else {
$m = new MailEngine($mail_id, $recip_email);
if (!$m->msg_found) {
CmnFns::do_error_box(translate('Message Unavailable'));
} else {
MailMime::MsgParseBody($m->struct, true);
if (isset($fileContent[$_GET['fileid']])) {
if (isset($_GET['d_inline'])) {
header('Content-Type: '.$fileContent[$_GET['fileid']]['ctype']);
header("Content-Transfer-Encoding: Binary");
echo $fileContent[$_GET['fileid']]['body'];
exit;
} else if (isset($_GET['virustotal'])) {
header('Location: https://www.virustotal.com/#/file/' . hash('sha256', $fileContent[$_GET['fileid']]) . '/detection');
exit;
} else {
header('Content-Type: application/octet-stream');
header("Content-Transfer-Encoding: Binary");
header("Content-disposition: attachment; filename=\"" . basename($filelist[$_GET['fileid']]) . "\"");
echo $fileContent[$_GET['fileid']];
}
} else
echo "Error: Attachment not found";
}
}