grommunio /
grommunio-web
| Total Complexity | 116 |
| Total Lines | 1020 |
| Duplicated Lines | 0 % |
| Changes | 0 | ||
Complex classes like DownloadAttachment often do a lot of different things. To break such a class down, we need to identify a cohesive component within that class. A common approach to find such a component is to look for fields/methods that share the same prefixes, or suffixes.
Once you have determined the fields that belong together, you can apply the Extract Class refactoring. If the component makes sense as a sub-class, Extract Subclass is also a candidate, and is often faster.
While breaking up the class, it is a good idea to analyze how other classes use DownloadAttachment, and based on these observations, apply Extract Interface, too.
| 1 | <?php |
||
| 15 | class DownloadAttachment extends DownloadBase { |
||
| 16 | /** |
||
| 17 | * Content disposition type for the attachment that will be sent with header with the attachment data |
||
| 18 | * Possible values are 'inline' and 'attachment'. When content-type is application/octet-stream and |
||
| 19 | * content disposition type is 'attachment' then browser will show dialog to save attachment as instead of |
||
| 20 | * directly displaying content inline. |
||
| 21 | */ |
||
| 22 | private $contentDispositionType; |
||
| 23 | |||
| 24 | /** |
||
| 25 | * Attachment number of the attachment that should be downloaded. For normal attachments this will contain |
||
| 26 | * a single element array with numeric value as sequential attachment number, for attachments that are not saved |
||
| 27 | * in AttachmentTable of MAPIMessage yet (recently uploaded attachments) this will give single element array |
||
| 28 | * having value as a string in form of 'filename randomstring'. When accessing embedded messages this array can contain |
||
| 29 | * multiple elements indicating attachment numbers at each level, So value [0, 1] will indicate we want to download |
||
| 30 | * second attachment of first embedded message. |
||
| 31 | */ |
||
| 32 | private $attachNum; |
||
| 33 | |||
| 34 | /** |
||
| 35 | * Attachment Content Id is used to download inline images of the MAPIMessage, When requesting inline images only |
||
| 36 | * content id is passed but if we are accessing inline image from embedded message then besides content id, |
||
| 37 | * attachment number is also passed to access embedded message. |
||
| 38 | */ |
||
| 39 | private $attachCid; |
||
| 40 | |||
| 41 | /** |
||
| 42 | * A string that will be initialized with grommunio Web-specific and common-for-all file name for ZIP file. |
||
| 43 | */ |
||
| 44 | private $zipFileName; |
||
| 45 | |||
| 46 | /** |
||
| 47 | * A random string that will be generated with every MAPIMessage instance to uniquely identify attachments that |
||
| 48 | * belongs to this MAPIMessage, this is mainly used to get recently uploaded attachments for MAPIMessage. |
||
| 49 | */ |
||
| 50 | private $dialogAttachments; |
||
| 51 | |||
| 52 | /** |
||
| 53 | * A boolean value, set to false by default, to define if the message, of which the attachments are required to be wrapped in ZIP, |
||
| 54 | * is a sub message of other webapp item or not. |
||
| 55 | */ |
||
| 56 | private $isSubMessage; |
||
| 57 | |||
| 58 | /** |
||
| 59 | * Entryid of the MAPIFolder to which the given attachment needs to be imported as webapp item. |
||
| 60 | */ |
||
| 61 | private $destinationFolderId; |
||
| 62 | |||
| 63 | /** |
||
| 64 | * Resource of the MAPIFolder to which the given attachment needs to be imported as webapp item. |
||
| 65 | */ |
||
| 66 | private $destinationFolder; |
||
| 67 | |||
| 68 | /** |
||
| 69 | * A boolean value, set to false by default, to define if the attachment needs to be imported into folder as webapp item. |
||
| 70 | */ |
||
| 71 | private $import; |
||
| 72 | |||
| 73 | /** |
||
| 74 | * A boolean value, set to false by default, to define if the embedded attachment needs to be imported into folder. |
||
| 75 | */ |
||
| 76 | private $isEmbedded; |
||
| 77 | |||
| 78 | /** |
||
| 79 | * Resource of the shared MAPIStore into which attachments needs to be imported. |
||
| 80 | */ |
||
| 81 | private $otherStore; |
||
| 82 | |||
| 83 | private $messageSubject; |
||
| 84 | |||
| 85 | /** |
||
| 86 | * Constructor. |
||
| 87 | */ |
||
| 88 | public function __construct() { |
||
| 89 | $this->contentDispositionType = 'attachment'; |
||
| 90 | $this->attachNum = []; |
||
| 91 | $this->attachCid = false; |
||
| 92 | $this->zipFileName = _('Attachments') . '%s.zip'; |
||
| 93 | $this->messageSubject = ''; |
||
| 94 | $this->isSubMessage = false; |
||
| 95 | $this->destinationFolderId = false; |
||
| 96 | $this->destinationFolder = false; |
||
| 97 | $this->import = false; |
||
| 98 | $this->isEmbedded = false; |
||
| 99 | $this->otherStore = false; |
||
| 100 | |||
| 101 | parent::__construct(); |
||
| 102 | } |
||
| 103 | |||
| 104 | /** |
||
| 105 | * Function will initialize data for this class object. it will also sanitize data |
||
| 106 | * for possible XSS attack because data is received in $_GET. |
||
| 107 | * |
||
| 108 | * @param mixed $data |
||
| 109 | */ |
||
| 110 | #[Override] |
||
| 111 | public function init($data) { |
||
| 112 | if (isset($data['store'])) { |
||
| 113 | $this->store = sanitizeValue($data['store'], '', ID_REGEX); |
||
| 114 | } |
||
| 115 | |||
| 116 | if (isset($data['entryid'])) { |
||
| 117 | $this->entryId = sanitizeValue($data['entryid'], '', ID_REGEX); |
||
| 118 | } |
||
| 119 | |||
| 120 | if (isset($data['contentDispositionType'])) { |
||
| 121 | $this->contentDispositionType = sanitizeValue($data['contentDispositionType'], 'attachment', STRING_REGEX); |
||
| 122 | } |
||
| 123 | |||
| 124 | if (!empty($data['attachNum'])) { |
||
| 125 | /** |
||
| 126 | * if you are opening an already saved attachment then $data["attachNum"] |
||
| 127 | * will contain array of numeric index for that attachment (like 0 or 1 or 2). |
||
| 128 | * |
||
| 129 | * if you are opening a recently uploaded attachment then $data["attachNum"] |
||
| 130 | * will be a one element array and it will contain a string in "filename.randomstring" format |
||
| 131 | * like README.txtu6K6AH |
||
| 132 | */ |
||
| 133 | foreach ($data['attachNum'] as $attachNum) { |
||
| 134 | $num = sanitizeValue($attachNum, false, NUMERIC_REGEX); |
||
| 135 | |||
| 136 | if ($num === false) { |
||
| 137 | // string is passed in attachNum so get it |
||
| 138 | $num = sanitizeValue($attachNum, '', FILENAME_REGEX); |
||
| 139 | |||
| 140 | if (!empty($num)) { |
||
| 141 | array_push($this->attachNum, $num); |
||
| 142 | } |
||
| 143 | } |
||
| 144 | else { |
||
| 145 | array_push($this->attachNum, (int) $num); |
||
| 146 | } |
||
| 147 | } |
||
| 148 | } |
||
| 149 | |||
| 150 | if (isset($data['attachCid'])) { |
||
| 151 | $this->attachCid = rawurldecode($data['attachCid']); |
||
| 152 | } |
||
| 153 | |||
| 154 | if (isset($data['AllAsZip'])) { |
||
| 155 | $this->allAsZip = sanitizeValue($data['AllAsZip'], '', STRING_REGEX); |
||
| 156 | } |
||
| 157 | |||
| 158 | if (isset($data['subject'])) { |
||
| 159 | // Remove characters that we cannot use in a filename |
||
| 160 | $data['subject'] = preg_replace('/[^a-z0-9 ()]/mi', '_', $data['subject']); |
||
| 161 | $this->messageSubject = sanitizeValue($data['subject'], '', FILENAME_REGEX); |
||
| 162 | } |
||
| 163 | |||
| 164 | if ($this->allAsZip && isset($data['isSubMessage'])) { |
||
| 165 | $this->isSubMessage = sanitizeValue($data['isSubMessage'], '', STRING_REGEX); |
||
| 166 | } |
||
| 167 | |||
| 168 | if (isset($data['dialog_attachments'])) { |
||
| 169 | $this->dialogAttachments = sanitizeValue($data['dialog_attachments'], '', STRING_REGEX); |
||
| 170 | } |
||
| 171 | |||
| 172 | if ($this->store && $this->entryId) { |
||
| 173 | $this->store = $GLOBALS['mapisession']->openMessageStore(hex2bin((string) $this->store)); |
||
| 174 | $this->message = mapi_msgstore_openentry($this->store, hex2bin((string) $this->entryId)); |
||
| 175 | |||
| 176 | // Decode smime signed messages on this message |
||
| 177 | parse_smime($this->store, $this->message); |
||
| 178 | } |
||
| 179 | |||
| 180 | if (isset($data['destination_folder'])) { |
||
| 181 | $this->destinationFolderId = sanitizeValue($data['destination_folder'], '', ID_REGEX); |
||
| 182 | |||
| 183 | if ($this->destinationFolder === false) { |
||
| 184 | try { |
||
| 185 | $this->destinationFolder = mapi_msgstore_openentry($this->store, hex2bin((string) $this->destinationFolderId)); |
||
| 186 | } |
||
| 187 | catch (Exception) { |
||
| 188 | // Try to find the folder from shared stores in case if it is not found in current user's store |
||
| 189 | $this->otherStore = $GLOBALS['operations']->getOtherStoreFromEntryid($this->destinationFolderId); |
||
| 190 | if ($this->otherStore !== false) { |
||
| 191 | $this->destinationFolder = mapi_msgstore_openentry($this->otherStore, hex2bin((string) $this->destinationFolderId)); |
||
| 192 | } |
||
| 193 | else { |
||
| 194 | $this->destinationFolder = mapi_msgstore_openentry($GLOBALS["mapisession"]->getPublicMessageStore(), hex2bin((string) $this->destinationFolderId)); |
||
| 195 | if (!$this->destinationFolder) { |
||
| 196 | throw new ZarafaException(_("Destination folder not found.")); |
||
| 197 | } |
||
| 198 | } |
||
| 199 | } |
||
| 200 | } |
||
| 201 | } |
||
| 202 | |||
| 203 | if (isset($data['import'])) { |
||
| 204 | $this->import = sanitizeValue($data['import'], '', STRING_REGEX); |
||
| 205 | } |
||
| 206 | |||
| 207 | if (isset($data['is_embedded'])) { |
||
| 208 | $this->isEmbedded = sanitizeValue($data['is_embedded'], '', STRING_REGEX); |
||
| 209 | } |
||
| 210 | } |
||
| 211 | |||
| 212 | /** |
||
| 213 | * Returns inline image attachment based on specified attachCid, To get inline image attachment |
||
| 214 | * we need to compare passed attachCid with PR_ATTACH_CONTENT_ID, PR_ATTACH_CONTENT_LOCATION or |
||
| 215 | * PR_ATTACH_FILENAME and if that matches then we can get that attachment. |
||
| 216 | * |
||
| 217 | * @param MAPIAttach $attachment (optional) embedded message attachment from where we need to get the inline image |
||
|
|
|||
| 218 | * |
||
| 219 | * @return MAPIAttach attachment that is requested and will be sent to client |
||
| 220 | */ |
||
| 221 | public function getAttachmentByAttachCid($attachment = false) { |
||
| 222 | // If the inline image was in a submessage, we have to open that first |
||
| 223 | if ($attachment !== false) { |
||
| 224 | $this->message = mapi_attach_openobj($attachment); |
||
| 225 | } |
||
| 226 | |||
| 227 | /** |
||
| 228 | * restriction to find inline image attachment with matching cid passed. |
||
| 229 | */ |
||
| 230 | $restriction = [RES_OR, |
||
| 231 | [ |
||
| 232 | [RES_CONTENT, |
||
| 233 | [ |
||
| 234 | FUZZYLEVEL => FL_FULLSTRING | FL_IGNORECASE, |
||
| 235 | ULPROPTAG => PR_ATTACH_CONTENT_ID, |
||
| 236 | VALUE => [PR_ATTACH_CONTENT_ID => $this->attachCid], |
||
| 237 | ], |
||
| 238 | ], |
||
| 239 | [RES_CONTENT, |
||
| 240 | [ |
||
| 241 | FUZZYLEVEL => FL_FULLSTRING | FL_IGNORECASE, |
||
| 242 | ULPROPTAG => PR_ATTACH_CONTENT_LOCATION, |
||
| 243 | VALUE => [PR_ATTACH_CONTENT_LOCATION => $this->attachCid], |
||
| 244 | ], |
||
| 245 | ], |
||
| 246 | [RES_CONTENT, |
||
| 247 | [ |
||
| 248 | FUZZYLEVEL => FL_FULLSTRING | FL_IGNORECASE, |
||
| 249 | ULPROPTAG => PR_ATTACH_FILENAME, |
||
| 250 | VALUE => [PR_ATTACH_FILENAME => $this->attachCid], |
||
| 251 | ], |
||
| 252 | ], |
||
| 253 | ], |
||
| 254 | ]; |
||
| 255 | |||
| 256 | // Get the attachment table |
||
| 257 | $attachTable = mapi_message_getattachmenttable($this->message); |
||
| 258 | mapi_table_restrict($attachTable, $restriction, TBL_BATCH); |
||
| 259 | $attachments = mapi_table_queryallrows($attachTable, [PR_ATTACH_NUM]); |
||
| 260 | |||
| 261 | if (count($attachments) > 0) { |
||
| 262 | // there should be only one attachment |
||
| 263 | $attachment = mapi_message_openattach($this->message, $attachments[0][PR_ATTACH_NUM]); |
||
| 264 | } |
||
| 265 | |||
| 266 | return $attachment; |
||
| 267 | } |
||
| 268 | |||
| 269 | /** |
||
| 270 | * Returns attachment based on specified attachNum, additionally it will also get embedded message |
||
| 271 | * if we want to get the inline image attachment. |
||
| 272 | * |
||
| 273 | * @return MAPIAttach embedded message attachment or attachment that is requested |
||
| 274 | */ |
||
| 275 | public function getAttachmentByAttachNum() { |
||
| 276 | $attachment = false; |
||
| 277 | |||
| 278 | $len = count($this->attachNum); |
||
| 279 | |||
| 280 | // Loop through the attachNums, message in message in message ... |
||
| 281 | for ($index = 0; $index < $len - 1; ++$index) { |
||
| 282 | // Open the attachment |
||
| 283 | $tempattach = mapi_message_openattach($this->message, $this->attachNum[$index]); |
||
| 284 | if ($tempattach) { |
||
| 285 | // Open the object in the attachment |
||
| 286 | $this->message = mapi_attach_openobj($tempattach); |
||
| 287 | } |
||
| 288 | } |
||
| 289 | |||
| 290 | // open the attachment |
||
| 291 | return mapi_message_openattach($this->message, $this->attachNum[$len - 1]); |
||
| 292 | } |
||
| 293 | |||
| 294 | /** |
||
| 295 | * Function will set the first and last bytes of a range, with a range |
||
| 296 | * specified as string and size of the attachment. |
||
| 297 | * |
||
| 298 | * If $first is greater than $last, the request returns 416 (not satisfiable) |
||
| 299 | * If no end of range is specified or larger than the length, $last is set as end |
||
| 300 | * If no beginning of range is specified, get last x bytes of attachment |
||
| 301 | * |
||
| 302 | * @param mixed $range |
||
| 303 | * @param mixed $filesize |
||
| 304 | * @param mixed $first |
||
| 305 | * @param mixed $last |
||
| 306 | */ |
||
| 307 | public function downloadSetRange($range, $filesize, &$first, &$last) { |
||
| 308 | $dash = strpos((string) $range, '-'); |
||
| 309 | $first = trim(substr((string) $range, 0, $dash)); |
||
| 310 | $last = trim(substr((string) $range, $dash + 1)); |
||
| 311 | |||
| 312 | if ($first == '') { |
||
| 313 | // suffix byte range: gets last x bytes |
||
| 314 | $suffix = $last; |
||
| 315 | $last = $filesize - 1; |
||
| 316 | $first = $filesize - $suffix; |
||
| 317 | if ($first < 0) { |
||
| 318 | $first = 0; |
||
| 319 | } |
||
| 320 | } |
||
| 321 | elseif ($last == '' || $last > $filesize - 1) { |
||
| 322 | $last = $filesize - 1; |
||
| 323 | } |
||
| 324 | |||
| 325 | if ($first > $last) { |
||
| 326 | http_response_code(416); |
||
| 327 | header("Status: 416 Requested range not satisfiable"); |
||
| 328 | header("Content-Range: */{$filesize}"); |
||
| 329 | } |
||
| 330 | } |
||
| 331 | |||
| 332 | /** |
||
| 333 | * Function will output $bytes of attachment stream with $buffer_size read ahead. |
||
| 334 | * |
||
| 335 | * @param mixed $stream |
||
| 336 | * @param mixed $bytes |
||
| 337 | * @param mixed $buffer_size |
||
| 338 | */ |
||
| 339 | public function downloadBufferedRead($stream, $bytes, $buffer_size = 1024) { |
||
| 340 | $bytes_left = $bytes; |
||
| 341 | while ($bytes_left > 0) { |
||
| 342 | $bytes_to_read = min($buffer_size, $bytes_left); |
||
| 343 | $bytes_left -= $bytes_to_read; |
||
| 344 | $contents = mapi_stream_read($stream, $bytes_to_read); |
||
| 345 | echo $contents; |
||
| 346 | flush(); |
||
| 347 | } |
||
| 348 | } |
||
| 349 | |||
| 350 | /** |
||
| 351 | * Function will open passed attachment and generate response for that attachment to send it to client. |
||
| 352 | * This should only be used to download attachment that is already saved in MAPIMessage. |
||
| 353 | * |
||
| 354 | * @param MAPIAttach $attachment attachment which will be dumped to client side |
||
| 355 | * @param bool $inline inline attachment or not |
||
| 356 | */ |
||
| 357 | public function downloadSavedAttachment($attachment, $inline = false) { |
||
| 358 | // Check if the attachment is opened |
||
| 359 | if ($attachment) { |
||
| 360 | // Get the props of the attachment |
||
| 361 | $props = mapi_attach_getprops($attachment, [PR_ATTACH_FILENAME, PR_ATTACH_LONG_FILENAME, PR_ATTACH_MIME_TAG, PR_DISPLAY_NAME, PR_ATTACH_METHOD, PR_ATTACH_CONTENT_ID]); |
||
| 362 | // Content Type |
||
| 363 | $contentType = 'application/octet-stream'; |
||
| 364 | // Filename |
||
| 365 | $filename = 'ERROR'; |
||
| 366 | |||
| 367 | // Set filename |
||
| 368 | if ($inline) { |
||
| 369 | /* |
||
| 370 | * Inline attachments are set to "inline.txt" |
||
| 371 | * by e.g. KGWC (but not Gromox), see |
||
| 372 | * inetmapi/VMIMEToMAPI.cpp and search for |
||
| 373 | * inline.txt. KGWC would have to extract the |
||
| 374 | * alt/title tag from the img tag when converting |
||
| 375 | * it to MAPI. Since it does not handle this, |
||
| 376 | * set the filename to CONTENT_ID plus mime tag. |
||
| 377 | */ |
||
| 378 | $tags = explode('/', (string) $props[PR_ATTACH_MIME_TAG]); |
||
| 379 | // IE 11 is weird, when a user renames the file it's not saved as in image, when |
||
| 380 | // the filename is "test.jpeg", but it works when it's "test.jpg". |
||
| 381 | $filename = $props[PR_ATTACH_CONTENT_ID] . '.' . str_replace('jpeg', 'jpg', $tags[1]); |
||
| 382 | } |
||
| 383 | elseif (isset($props[PR_ATTACH_LONG_FILENAME])) { |
||
| 384 | $filename = $props[PR_ATTACH_LONG_FILENAME]; |
||
| 385 | } |
||
| 386 | elseif (isset($props[PR_ATTACH_FILENAME])) { |
||
| 387 | $filename = $props[PR_ATTACH_FILENAME]; |
||
| 388 | } |
||
| 389 | elseif (isset($props[PR_DISPLAY_NAME])) { |
||
| 390 | $filename = $props[PR_DISPLAY_NAME]; |
||
| 391 | } |
||
| 392 | |||
| 393 | // Set content type if available, otherwise it will be default to application/octet-stream |
||
| 394 | if (isset($props[PR_ATTACH_MIME_TAG])) { |
||
| 395 | $contentType = $props[PR_ATTACH_MIME_TAG]; |
||
| 396 | } |
||
| 397 | |||
| 398 | // Set the headers |
||
| 399 | header('Pragma: public'); |
||
| 400 | header('Expires: 0'); // set expiration time |
||
| 401 | header('Cache-Control: must-revalidate, post-check=0, pre-check=0'); |
||
| 402 | header('Content-Disposition: ' . $this->contentDispositionType . '; filename="' . addslashes(browserDependingHTTPHeaderEncode($filename)) . '"'); |
||
| 403 | header('Content-Type: ' . $contentType); |
||
| 404 | header('Content-Transfer-Encoding: binary'); |
||
| 405 | |||
| 406 | // Open a stream to get the attachment data |
||
| 407 | $stream = mapi_openproperty($attachment, PR_ATTACH_DATA_BIN, IID_IStream, 0, 0); |
||
| 408 | $stat = mapi_stream_stat($stream); |
||
| 409 | |||
| 410 | $bodyoffset = 0; |
||
| 411 | $ranges = null; |
||
| 412 | |||
| 413 | $bodysize = $stat['cb']; |
||
| 414 | |||
| 415 | if ($_SERVER['REQUEST_METHOD'] == 'GET' && isset($_SERVER['HTTP_RANGE']) && $range = stristr(trim((string) $_SERVER['HTTP_RANGE']), 'bytes=')) { |
||
| 416 | $range = substr($range, 6); |
||
| 417 | $boundary = bin2hex(random_bytes(48)); |
||
| 418 | $ranges = explode(',', $range); |
||
| 419 | } |
||
| 420 | |||
| 421 | if ($ranges && count($ranges)) { |
||
| 422 | http_response_code(206); |
||
| 423 | header("Accept-Ranges: bytes"); |
||
| 424 | if (count($ranges) > 1) { |
||
| 425 | // More than one range specified |
||
| 426 | $content_length = 0; |
||
| 427 | foreach ($ranges as $range) { |
||
| 428 | $this->downloadSetRange($range, $stat['cb'], $first, $last); |
||
| 429 | $content_length += strlen("\r\n--{$boundary}\r\n"); |
||
| 430 | $content_length += strlen("Content-Type: {$contentType}\r\n"); |
||
| 431 | $content_length += strlen("Content-Range: bytes {$first}-{$last}/{$bodysize}\r\n\r\n"); |
||
| 432 | $content_length += $last - $first + 1; |
||
| 433 | } |
||
| 434 | $content_length += strlen("\r\n--{$boundary}--\r\n"); |
||
| 435 | |||
| 436 | // Header output |
||
| 437 | header("Content-Length: {$content_length}"); |
||
| 438 | header("Content-Type: multipart/x-byteranges; boundary={$boundary}"); |
||
| 439 | |||
| 440 | // Content output |
||
| 441 | foreach ($ranges as $range) { |
||
| 442 | $this->downloadSetRange($range, $stat['cb'], $first, $last); |
||
| 443 | echo "\r\n--{$boundary}\r\n"; |
||
| 444 | echo "Content-Type: {$contentType}\r\n"; |
||
| 445 | echo "Content-Range: bytes {$first}-{$last}/{$bodysize}\r\n\r\n"; |
||
| 446 | mapi_stream_seek($stream, $first + $bodyoffset); |
||
| 447 | $this->downloadBufferedRead($stream, $last - $first + 1); |
||
| 448 | } |
||
| 449 | echo "\r\n--{$boundary}--\r\n"; |
||
| 450 | } |
||
| 451 | else { |
||
| 452 | // Single range specified |
||
| 453 | $range = $ranges[0]; |
||
| 454 | $this->downloadSetRange($range, $bodysize, $first, $last); |
||
| 455 | header("Content-Length: " . ($last - $first + 1)); |
||
| 456 | header("Content-Range: bytes {$first}-{$last}/{$bodysize}"); |
||
| 457 | header("Content-Type: {$contentType}"); |
||
| 458 | mapi_stream_seek($stream, $first + $bodyoffset); |
||
| 459 | $this->downloadBufferedRead($stream, $last - $first + 1); |
||
| 460 | } |
||
| 461 | } |
||
| 462 | else { |
||
| 463 | // File length |
||
| 464 | header('Content-Length: ' . $stat['cb']); |
||
| 465 | |||
| 466 | // Read the attachment content from the stream |
||
| 467 | $body = ''; |
||
| 468 | for ($i = 0; $i < $stat['cb']; $i += BLOCK_SIZE) { |
||
| 469 | $body .= mapi_stream_read($stream, BLOCK_SIZE); |
||
| 470 | } |
||
| 471 | |||
| 472 | echo $body; |
||
| 473 | } |
||
| 474 | } |
||
| 475 | } |
||
| 476 | |||
| 477 | /** |
||
| 478 | * Helper function to configure header information which is required to send response as a ZIP archive |
||
| 479 | * containing all the attachments. |
||
| 480 | * |
||
| 481 | * @param string $randomZipName a random zip archive name |
||
| 482 | */ |
||
| 483 | public function sendZipResponse($randomZipName) { |
||
| 484 | $subject = isset($this->messageSubject) ? ' ' . $this->messageSubject : ''; |
||
| 485 | |||
| 486 | // Set the headers |
||
| 487 | header('Pragma: public'); |
||
| 488 | header('Expires: 0'); // set expiration time |
||
| 489 | header('Cache-Control: must-revalidate, post-check=0, pre-check=0'); |
||
| 490 | header('Content-Disposition: ' . $this->contentDispositionType . '; filename="' . addslashes(browserDependingHTTPHeaderEncode(sprintf($this->zipFileName, $subject))) . '"'); |
||
| 491 | header('Content-Transfer-Encoding: binary'); |
||
| 492 | header('Content-Type: application/zip'); |
||
| 493 | header('Content-Length: ' . filesize($randomZipName)); |
||
| 494 | |||
| 495 | // Send the actual response as ZIP file |
||
| 496 | readfile($randomZipName); |
||
| 497 | |||
| 498 | // Remove the zip file to avoid unnecessary disk-space consumption |
||
| 499 | unlink($randomZipName); |
||
| 500 | } |
||
| 501 | |||
| 502 | /** |
||
| 503 | * Function will open all attachments of message and prepare a ZIP file response for that attachment to send it to client. |
||
| 504 | * This should only be used to download attachment that is already saved in MAPIMessage. |
||
| 505 | * |
||
| 506 | * @param AttachmentState $attachment_state object of AttachmentState class |
||
| 507 | * @param ZipArchive $zip zipArchive object |
||
| 508 | */ |
||
| 509 | public function addAttachmentsToZipArchive($attachment_state, $zip) { |
||
| 544 | } |
||
| 545 | } |
||
| 546 | |||
| 547 | /** |
||
| 548 | * Function will send attachment data to client side. |
||
| 549 | * This should only be used to download attachment that is recently uploaded and not saved in MAPIMessage. |
||
| 550 | */ |
||
| 551 | public function downloadUnsavedAttachment() { |
||
| 552 | // return recently uploaded file |
||
| 553 | $attachment_state = new AttachmentState(); |
||
| 554 | $attachment_state->open(); |
||
| 555 | |||
| 556 | // there will be only one value in attachNum so directly access 0th element of it |
||
| 557 | $tmpname = $attachment_state->getAttachmentPath($this->attachNum[0]); |
||
| 558 | $fileinfo = $attachment_state->getAttachmentFile($this->dialogAttachments, $this->attachNum[0]); |
||
| 559 | |||
| 560 | // Check if the file still exists |
||
| 561 | if (is_file($tmpname)) { |
||
| 562 | // Set the headers |
||
| 563 | header('Pragma: public'); |
||
| 564 | header('Expires: 0'); // set expiration time |
||
| 565 | header('Cache-Control: must-revalidate, post-check=0, pre-check=0'); |
||
| 566 | header('Content-Disposition: ' . $this->contentDispositionType . '; filename="' . addslashes(browserDependingHTTPHeaderEncode($fileinfo['name'])) . '"'); |
||
| 567 | header('Content-Transfer-Encoding: binary'); |
||
| 568 | header('Content-Type: application/octet-stream'); |
||
| 569 | header('Content-Length: ' . filesize($tmpname)); |
||
| 570 | |||
| 571 | // Open the uploaded file and print it |
||
| 572 | $file = fopen($tmpname, 'r'); |
||
| 573 | fpassthru($file); |
||
| 574 | fclose($file); |
||
| 575 | } |
||
| 576 | elseif ($fileinfo['sourcetype'] === 'icsfile') { |
||
| 577 | // When "Send to" option used with calendar item. which create the new mail with |
||
| 578 | // ics file as an attachment and now user try to download the ics attachment before saving |
||
| 579 | // mail at that time this code is used to download the ics file successfully. |
||
| 580 | $messageStore = $GLOBALS['mapisession']->openMessageStore(hex2bin((string) $fileinfo['store_entryid'])); |
||
| 581 | $message = mapi_msgstore_openentry($messageStore, hex2bin((string) $fileinfo['entryid'])); |
||
| 582 | |||
| 583 | // Get address book for current session |
||
| 584 | $addrBook = $GLOBALS['mapisession']->getAddressbook(); |
||
| 585 | |||
| 586 | // get message properties. |
||
| 587 | $messageProps = mapi_getprops($message, [PR_SUBJECT]); |
||
| 588 | |||
| 589 | // Read the appointment as RFC2445-formatted ics stream. |
||
| 590 | $appointmentStream = mapi_mapitoical($GLOBALS['mapisession']->getSession(), $addrBook, $message, []); |
||
| 591 | |||
| 592 | $filename = (!empty($messageProps[PR_SUBJECT])) ? $messageProps[PR_SUBJECT] : _('Untitled'); |
||
| 593 | $filename .= '.ics'; |
||
| 594 | // Set the headers |
||
| 595 | header('Pragma: public'); |
||
| 596 | header('Expires: 0'); // set expiration time |
||
| 597 | header('Cache-Control: must-revalidate, post-check=0, pre-check=0'); |
||
| 598 | header('Content-Transfer-Encoding: binary'); |
||
| 599 | |||
| 600 | // Set Content Disposition header |
||
| 601 | header('Content-Disposition: ' . $this->contentDispositionType . '; filename="' . addslashes(browserDependingHTTPHeaderEncode($filename)) . '"'); |
||
| 602 | // Set content type header |
||
| 603 | header('Content-Type: application/octet-stream'); |
||
| 604 | |||
| 605 | // Set the file length |
||
| 606 | header('Content-Length: ' . strlen($appointmentStream)); |
||
| 607 | |||
| 608 | $split = str_split($appointmentStream, BLOCK_SIZE); |
||
| 609 | foreach ($split as $s) { |
||
| 610 | echo $s; |
||
| 611 | } |
||
| 612 | } |
||
| 613 | $attachment_state->close(); |
||
| 614 | } |
||
| 615 | |||
| 616 | /** |
||
| 617 | * Function will send all the attachments to client side wrapped in a ZIP file. |
||
| 618 | * This should only be used to download all the attachments that are recently uploaded and not saved in MAPIMessage. |
||
| 619 | * |
||
| 620 | * @param AttachmentState $attachment_state object of AttachmentState class |
||
| 621 | * @param ZipArchive $zip zipArchive object |
||
| 622 | */ |
||
| 623 | public function addUnsavedAttachmentsToZipArchive($attachment_state, $zip) { |
||
| 624 | // Get recently uploaded attachment files |
||
| 625 | $attachmentFiles = $attachment_state->getAttachmentFiles($this->dialogAttachments); |
||
| 626 | |||
| 627 | foreach ($attachmentFiles as $fileName => $fileInfo) { |
||
| 628 | $filePath = $attachment_state->getAttachmentPath($fileName); |
||
| 629 | // Avoid including contact photo and embedded messages in ZIP |
||
| 630 | if ($fileInfo['sourcetype'] !== 'embedded' && $fileInfo['sourcetype'] !== 'contactphoto') { |
||
| 631 | $fileDownloadName = $this->handleDuplicateFileNames($fileInfo['name']); |
||
| 632 | $zip->addFile($filePath, $fileDownloadName); |
||
| 633 | } |
||
| 634 | } |
||
| 635 | } |
||
| 636 | |||
| 637 | /** |
||
| 638 | * Function will get the attachment and import it to the given MAPIFolder as webapp item. |
||
| 639 | */ |
||
| 640 | public function importAttachment() { |
||
| 770 | } |
||
| 771 | } |
||
| 772 | |||
| 773 | /** |
||
| 774 | * Function will get the embedded attachment and import it to the given MAPIFolder as webapp item. |
||
| 775 | */ |
||
| 776 | public function importEmbeddedAttachment() { |
||
| 777 | // get message props of sub message |
||
| 778 | $copyFromMessage = $GLOBALS['operations']->openMessage($this->store, hex2bin((string) $this->entryId), $this->attachNum, true); |
||
| 779 | |||
| 780 | if (empty($copyFromMessage)) { |
||
| 781 | throw new ZarafaException(_("Embedded attachment not found.")); |
||
| 782 | } |
||
| 783 | |||
| 784 | $newMessage = mapi_folder_createmessage($this->destinationFolder); |
||
| 785 | |||
| 786 | // Copy the entire message |
||
| 787 | mapi_copyto($copyFromMessage, [], [], $newMessage); |
||
| 788 | mapi_savechanges($newMessage); |
||
| 789 | |||
| 790 | $storeProps = mapi_getprops($this->store, [PR_ENTRYID]); |
||
| 791 | $destinationFolderProps = mapi_getprops($this->destinationFolder, [PR_PARENT_ENTRYID, PR_CONTENT_UNREAD]); |
||
| 792 | $return = [ |
||
| 793 | // 'success' property is needed for Extjs Ext.form.Action.Submit#success handler |
||
| 794 | 'success' => true, |
||
| 795 | 'zarafa' => [ |
||
| 796 | sanitizeGetValue('module', '', STRING_REGEX) => [ |
||
| 797 | sanitizeGetValue('moduleid', '', STRING_REGEX) => [ |
||
| 798 | 'update' => [ |
||
| 799 | 'success' => true, |
||
| 800 | ], |
||
| 801 | ], |
||
| 802 | ], |
||
| 803 | 'hierarchynotifier' => [ |
||
| 804 | 'hierarchynotifier1' => [ |
||
| 805 | 'folders' => [ |
||
| 806 | 'item' => [ |
||
| 807 | 0 => [ |
||
| 808 | 'entryid' => $this->destinationFolderId, |
||
| 809 | 'parent_entryid' => bin2hex((string) $destinationFolderProps[PR_PARENT_ENTRYID]), |
||
| 810 | 'store_entryid' => bin2hex((string) $storeProps[PR_ENTRYID]), |
||
| 811 | 'props' => [ |
||
| 812 | 'content_unread' => $destinationFolderProps[PR_CONTENT_UNREAD] + 1, |
||
| 813 | ], |
||
| 814 | ], |
||
| 815 | ], |
||
| 816 | ], |
||
| 817 | ], |
||
| 818 | ], |
||
| 819 | ], |
||
| 820 | ]; |
||
| 821 | |||
| 822 | echo json_encode($return); |
||
| 823 | } |
||
| 824 | |||
| 825 | /** |
||
| 826 | * Check if the attached eml is corrupted or not. |
||
| 827 | * |
||
| 828 | * @param string $attachment content fetched from PR_ATTACH_DATA_BIN property of an attachment |
||
| 829 | * |
||
| 830 | * @return true if eml is broken, false otherwise |
||
| 831 | */ |
||
| 832 | public function isBroken($attachment) { |
||
| 833 | // Get header part to process further |
||
| 834 | $splittedContent = preg_split("/\r?\n\r?\n/", $attachment); |
||
| 835 | |||
| 836 | // Fetch raw header |
||
| 837 | if (preg_match_all('/([^:]+): ?.*\n/', $splittedContent[0], $matches)) { |
||
| 838 | $rawHeaders = $matches[1]; |
||
| 839 | } |
||
| 840 | |||
| 841 | // Compare if necessary headers are present or not |
||
| 842 | if (isset($rawHeaders) && in_array('From', $rawHeaders) && in_array('Date', $rawHeaders)) { |
||
| 843 | return false; |
||
| 844 | } |
||
| 845 | |||
| 846 | return true; |
||
| 847 | } |
||
| 848 | |||
| 849 | /** |
||
| 850 | * Generic function to check passed data and decide which type of attachment is requested. |
||
| 851 | */ |
||
| 852 | public function download() { |
||
| 853 | $attachment = false; |
||
| 854 | |||
| 855 | // Check if all attachments are requested to be downloaded as ZIP |
||
| 856 | if ($this->allAsZip) { |
||
| 857 | $attachment_state = new AttachmentState(); |
||
| 858 | $attachment_state->open(); |
||
| 859 | |||
| 860 | // Generate random ZIP file name at default temporary path of PHP |
||
| 861 | $randomZipName = tempnam(sys_get_temp_dir(), 'zip'); |
||
| 862 | |||
| 863 | // Create an open zip archive. |
||
| 864 | $zip = new ZipArchive(); |
||
| 865 | $result = $zip->open($randomZipName, ZipArchive::OVERWRITE); |
||
| 866 | |||
| 867 | if ($result === true) { |
||
| 868 | // Check if attachments are of saved message. |
||
| 869 | // Only saved message has the entryid configured. |
||
| 870 | if ($this->entryId) { |
||
| 871 | // Check if the requested attachment(s) are of an embedded message |
||
| 872 | if ($this->isSubMessage) { |
||
| 873 | // Loop through the attachNums, message in message in message ... |
||
| 874 | for ($index = 0, $len = count($this->attachNum); $index < $len - 1; ++$index) { |
||
| 875 | // Open the attachment |
||
| 876 | $tempattach = mapi_message_openattach($this->message, $this->attachNum[$index]); |
||
| 877 | if ($tempattach) { |
||
| 878 | // Open the object in the attachment |
||
| 879 | $this->message = mapi_attach_openobj($tempattach); |
||
| 880 | } |
||
| 881 | } |
||
| 882 | } |
||
| 883 | $this->addAttachmentsToZipArchive($attachment_state, $zip); |
||
| 884 | } |
||
| 885 | else { |
||
| 886 | $this->addUnsavedAttachmentsToZipArchive($attachment_state, $zip); |
||
| 887 | } |
||
| 888 | } |
||
| 889 | else { |
||
| 890 | // Throw exception if ZIP is not created successfully |
||
| 891 | throw new ZarafaException(_("ZIP is not created successfully")); |
||
| 892 | } |
||
| 893 | |||
| 894 | $zip->close(); |
||
| 895 | |||
| 896 | $this->sendZipResponse($randomZipName); |
||
| 897 | $attachment_state->close(); |
||
| 898 | // check if inline image is requested |
||
| 899 | } |
||
| 900 | elseif ($this->attachCid) { |
||
| 901 | // check if the inline image is in a embedded message |
||
| 902 | if (count($this->attachNum) > 0) { |
||
| 903 | // get the embedded message attachment |
||
| 904 | $attachment = $this->getAttachmentByAttachNum(); |
||
| 905 | } |
||
| 906 | |||
| 907 | // now get the actual attachment object that should be sent back to client |
||
| 908 | $attachment = $this->getAttachmentByAttachCid($attachment); |
||
| 909 | |||
| 910 | // no need to return anything here function will echo all the output |
||
| 911 | $this->downloadSavedAttachment($attachment, true); |
||
| 912 | } |
||
| 913 | elseif (count($this->attachNum) > 0) { |
||
| 914 | // check if the attachment needs to be imported |
||
| 915 | if ($this->import) { |
||
| 916 | if ($this->isEmbedded) { |
||
| 917 | $this->importEmbeddedAttachment(); |
||
| 918 | } |
||
| 919 | else { |
||
| 920 | $this->importAttachment(); |
||
| 921 | } |
||
| 922 | |||
| 923 | return; |
||
| 924 | } |
||
| 925 | |||
| 926 | // check if temporary unsaved attachment is requested |
||
| 927 | if (is_string($this->attachNum[0])) { |
||
| 928 | $this->downloadUnsavedAttachment(); |
||
| 929 | } |
||
| 930 | else { |
||
| 931 | // normal saved attachment is requested, so get it |
||
| 932 | $attachment = $this->getAttachmentByAttachNum(); |
||
| 933 | |||
| 934 | if ($attachment === false) { |
||
| 935 | // something terrible happened and we can't continue |
||
| 936 | return; |
||
| 937 | } |
||
| 938 | |||
| 939 | // no need to return anything here function will echo all the output |
||
| 940 | $this->downloadSavedAttachment($attachment); |
||
| 941 | } |
||
| 942 | } |
||
| 943 | else { |
||
| 944 | throw new ZarafaException(_("Attachments can not be downloaded")); |
||
| 945 | } |
||
| 946 | } |
||
| 947 | |||
| 948 | /** |
||
| 949 | * Function will encode all the necessary information about the exception |
||
| 950 | * into JSON format and send the response back to client. |
||
| 951 | * |
||
| 952 | * @param object $exception exception object |
||
| 953 | */ |
||
| 954 | #[Override] |
||
| 1035 | } |
||
| 1036 | } |
||
| 1037 | |||
| 1038 | // create instance of class to download attachment |
||
| 1039 | $attachInstance = new DownloadAttachment(); |
||
| 1040 | |||
| 1041 | try { |
||
| 1042 | // initialize variables |
||
| 1043 | $attachInstance->init($_GET); |
||
| 1044 | |||
| 1045 | // download attachment |
||
| 1051 |
Loading history...
The issue could also be caused by a filter entry in the build configuration. If the path has been excluded in your configuration, e.g.
excluded_paths: ["lib/*"], you can move it to the dependency path list as follows:For further information see https://scrutinizer-ci.com/docs/tools/php/php-scrutinizer/#list-dependency-paths