diff --git a/webui/controller/message/pdf.php b/webui/controller/message/pdf.php
index e1acf871..d54eb8c8 100644
--- a/webui/controller/message/pdf.php
+++ b/webui/controller/message/pdf.php
@@ -22,20 +22,25 @@ class ControllerMessagePDF extends Controller {
 
       $this->data['id'] = @$this->request->get['id'];
 
-      $this->data['search'] = "";
 
-      // FIXME!!!
-      $message = $this->model_search_message->get_message_array($this->data['id'], $this->data['search']);
+      if(!$this->model_search_search->check_your_permission_by_id($this->data['id'])) {
+         AUDIT(ACTION_UNAUTHORIZED_VIEW_MESSAGE, '', '', $this->data['id'], '');
+         die("no permission for " . $this->data['id']);
+      }
 
-      $images = $this->model_message_attachment->write_image_attachments_to_tmp($message['attachments'], $this->data['id']);
+      $this->data['piler_id'] = $this->model_search_message->get_piler_id_by_id($this->data['id']);
+      $this->data['attachments'] = $this->model_search_message->get_attachment_list($this->data['piler_id']);
+      $this->data['message'] = $this->model_search_message->extract_message($this->data['piler_id']);
+
+      $images = $this->model_message_attachment->write_image_attachments_to_tmp($this->data['attachments'], $this->data['id']);
 
 
-      $tmpname = $message['piler_id'] . "-tmp-" . microtime(true) . ".html";
+      $tmpname = $this->data['piler_id'] . "-tmp-" . microtime(true) . ".html";
 
       $fp = fopen(DIR_BASE . 'tmp/' . $tmpname, "w+");
       if($fp) {
          fwrite($fp, "<html><head><meta http-equiv=\"content-type\" content=\"text/html; charset=utf-8\" /></head><body>");
-         fwrite($fp, $message['message']['message']);
+         fwrite($fp, $this->data['message']['message']);
 
          foreach($images as $img) {
             fwrite($fp, "<p><img src=" . SITE_URL . "/tmp/" . $img['name'] . " alt=\"\" /></p>\n");
@@ -50,7 +55,7 @@ class ControllerMessagePDF extends Controller {
       header("Cache-Control: public, must-revalidate");
       header("Pragma: no-cache");
       header("Content-Type: application/pdf");
-      header("Content-Disposition: attachment; filename=" . $message['piler_id'] . ".pdf");
+      header("Content-Disposition: attachment; filename=" . $this->data['piler_id'] . ".pdf");
       header("Content-Transfer-Encoding: binary\n");
 
       print(system(WKHTMLTOPDF_COMMAND . " " . SITE_URL . "tmp/$tmpname -"));
diff --git a/webui/model/message/attachment.php b/webui/model/message/attachment.php
index a3aecaa5..60ab597c 100644
--- a/webui/model/message/attachment.php
+++ b/webui/model/message/attachment.php
@@ -27,7 +27,7 @@ class ModelMessageAttachment extends Model {
 
       if($piler_id == '' || $attachment_id == '' || !preg_match("/^([0-9a-f]+)$/", $piler_id) || !preg_match("/^([0-9m]+)$/", $attachment_id)) { return $data; }
 
-      $cmd = DECRYPT_ATTACHMENT_BINARY . " -i $piler_id -a $attachment_id";
+      $cmd = DECRYPT_ATTACHMENT_BINARY . " $piler_id $attachment_id";
 
       if(LOG_LEVEL >= DEBUG) { syslog(LOG_INFO, "attachment cmd: $cmd"); }
 
diff --git a/webui/model/search/message.php b/webui/model/search/message.php
index eb214d68..0cc526bc 100644
--- a/webui/model/search/message.php
+++ b/webui/model/search/message.php
@@ -324,14 +324,6 @@ class ModelSearchMessage extends Model {
    }
 
 
-   public function NiceSize($size) {
-      if($size < 1000) return "1k";
-      if($size < 100000) return round($size/1000) . "k";
-
-      return sprintf("%.1f", $size/1000000) . "M";
-   }
-
-
    public function get_piler_id_by_id($id = 0) {
       $query = $this->db->query("SELECT `piler_id` FROM `" . TABLE_META . "` WHERE id=?", array($id));
       if(isset($query->row['piler_id'])) { return $query->row['piler_id']; }