diff --git a/webui/controller/message/pdf.php b/webui/controller/message/pdf.php index e1acf871..d54eb8c8 100644 --- a/webui/controller/message/pdf.php +++ b/webui/controller/message/pdf.php @@ -22,20 +22,25 @@ class ControllerMessagePDF extends Controller { $this->data['id'] = @$this->request->get['id']; - $this->data['search'] = ""; - // FIXME!!! - $message = $this->model_search_message->get_message_array($this->data['id'], $this->data['search']); + if(!$this->model_search_search->check_your_permission_by_id($this->data['id'])) { + AUDIT(ACTION_UNAUTHORIZED_VIEW_MESSAGE, '', '', $this->data['id'], ''); + die("no permission for " . $this->data['id']); + } - $images = $this->model_message_attachment->write_image_attachments_to_tmp($message['attachments'], $this->data['id']); + $this->data['piler_id'] = $this->model_search_message->get_piler_id_by_id($this->data['id']); + $this->data['attachments'] = $this->model_search_message->get_attachment_list($this->data['piler_id']); + $this->data['message'] = $this->model_search_message->extract_message($this->data['piler_id']); + + $images = $this->model_message_attachment->write_image_attachments_to_tmp($this->data['attachments'], $this->data['id']); - $tmpname = $message['piler_id'] . "-tmp-" . microtime(true) . ".html"; + $tmpname = $this->data['piler_id'] . "-tmp-" . microtime(true) . ".html"; $fp = fopen(DIR_BASE . 'tmp/' . $tmpname, "w+"); if($fp) { fwrite($fp, ""); - fwrite($fp, $message['message']['message']); + fwrite($fp, $this->data['message']['message']); foreach($images as $img) { fwrite($fp, "

\"\"

\n"); @@ -50,7 +55,7 @@ class ControllerMessagePDF extends Controller { header("Cache-Control: public, must-revalidate"); header("Pragma: no-cache"); header("Content-Type: application/pdf"); - header("Content-Disposition: attachment; filename=" . $message['piler_id'] . ".pdf"); + header("Content-Disposition: attachment; filename=" . $this->data['piler_id'] . ".pdf"); header("Content-Transfer-Encoding: binary\n"); print(system(WKHTMLTOPDF_COMMAND . " " . SITE_URL . "tmp/$tmpname -")); diff --git a/webui/model/message/attachment.php b/webui/model/message/attachment.php index a3aecaa5..60ab597c 100644 --- a/webui/model/message/attachment.php +++ b/webui/model/message/attachment.php @@ -27,7 +27,7 @@ class ModelMessageAttachment extends Model { if($piler_id == '' || $attachment_id == '' || !preg_match("/^([0-9a-f]+)$/", $piler_id) || !preg_match("/^([0-9m]+)$/", $attachment_id)) { return $data; } - $cmd = DECRYPT_ATTACHMENT_BINARY . " -i $piler_id -a $attachment_id"; + $cmd = DECRYPT_ATTACHMENT_BINARY . " $piler_id $attachment_id"; if(LOG_LEVEL >= DEBUG) { syslog(LOG_INFO, "attachment cmd: $cmd"); } diff --git a/webui/model/search/message.php b/webui/model/search/message.php index eb214d68..0cc526bc 100644 --- a/webui/model/search/message.php +++ b/webui/model/search/message.php @@ -324,14 +324,6 @@ class ModelSearchMessage extends Model { } - public function NiceSize($size) { - if($size < 1000) return "1k"; - if($size < 100000) return round($size/1000) . "k"; - - return sprintf("%.1f", $size/1000000) . "M"; - } - - public function get_piler_id_by_id($id = 0) { $query = $this->db->query("SELECT `piler_id` FROM `" . TABLE_META . "` WHERE id=?", array($id)); if(isset($query->row['piler_id'])) { return $query->row['piler_id']; }