diff --git a/app/voicemails/resources/classes/voicemail.php b/app/voicemails/resources/classes/voicemail.php index 8390206ee0..460d038545 100644 --- a/app/voicemails/resources/classes/voicemail.php +++ b/app/voicemails/resources/classes/voicemail.php @@ -724,106 +724,109 @@ public function message_download() { //check if for valid input - if (!is_numeric($this->voicemail_id) - || !is_uuid($this->voicemail_uuid) - || !is_uuid($this->domain_uuid) - || !is_uuid($this->voicemail_message_uuid) - ) { - return false; - } + if (!is_numeric($this->voicemail_id) + || !is_uuid($this->voicemail_uuid) + || !is_uuid($this->domain_uuid) + || !is_uuid($this->voicemail_message_uuid) + ) { + return false; + } //change the message status - $this->message_saved(); + $this->message_saved(); //set source folder path - $path = $_SESSION['switch']['voicemail']['dir'].'/default/'.$_SESSION['domain_name'].'/'.$this->voicemail_id; + $path = $_SESSION['switch']['voicemail']['dir'].'/default/'.$_SESSION['domain_name'].'/'.$this->voicemail_id; //prepare base64 content from db, if enabled - if ($_SESSION['voicemail']['storage_type']['text'] == 'base64') { - $sql = "select message_base64 "; - $sql .= "from "; - $sql .= "v_voicemail_messages as m, "; - $sql .= "v_voicemails as v "; - $sql .= "where "; - $sql .= "m.voicemail_uuid = v.voicemail_uuid "; - $sql .= "and v.voicemail_id = :voicemail_id "; - $sql .= "and m.voicemail_uuid = :voicemail_uuid "; - $sql .= "and m.domain_uuid = :domain_uuid "; - $sql .= "and m.voicemail_message_uuid = :voicemail_message_uuid "; - $parameters['voicemail_id'] = $this->voicemail_id; - $parameters['voicemail_uuid'] = $this->voicemail_uuid; - $parameters['domain_uuid'] = $this->domain_uuid; - $parameters['voicemail_message_uuid'] = $this->voicemail_message_uuid; - $database = new database; - $message_base64 = $database->select($sql, $parameters, 'column'); - if ($message_base64 != '') { - $message_decoded = base64_decode($message_base64); - file_put_contents($path.'/msg_'.$this->voicemail_message_uuid.'.ext', $message_decoded); - $finfo = finfo_open(FILEINFO_MIME_TYPE); //determine mime type (requires PHP >= 5.3.0, must be manually enabled on Windows) - $file_mime = finfo_file($finfo, $path.'/msg_'.$this->voicemail_message_uuid.'.ext'); - finfo_close($finfo); - switch ($file_mime) { - case 'audio/x-wav': - case 'audio/wav': - $file_ext = 'wav'; - break; - case 'audio/mpeg': - case 'audio/mp3': - $file_ext = 'mp3'; - break; - } - rename($path.'/msg_'.$this->voicemail_message_uuid.'.ext', $path.'/msg_'.$this->voicemail_message_uuid.'.'.$file_ext); + if ($_SESSION['voicemail']['storage_type']['text'] == 'base64') { + $sql = "select message_base64 "; + $sql .= "from "; + $sql .= "v_voicemail_messages as m, "; + $sql .= "v_voicemails as v "; + $sql .= "where "; + $sql .= "m.voicemail_uuid = v.voicemail_uuid "; + $sql .= "and v.voicemail_id = :voicemail_id "; + $sql .= "and m.voicemail_uuid = :voicemail_uuid "; + $sql .= "and m.domain_uuid = :domain_uuid "; + $sql .= "and m.voicemail_message_uuid = :voicemail_message_uuid "; + $parameters['voicemail_id'] = $this->voicemail_id; + $parameters['voicemail_uuid'] = $this->voicemail_uuid; + $parameters['domain_uuid'] = $this->domain_uuid; + $parameters['voicemail_message_uuid'] = $this->voicemail_message_uuid; + $database = new database; + $message_base64 = $database->select($sql, $parameters, 'column'); + if ($message_base64 != '') { + $message_decoded = base64_decode($message_base64); + file_put_contents($path.'/msg_'.$this->voicemail_message_uuid.'.ext', $message_decoded); + $finfo = finfo_open(FILEINFO_MIME_TYPE); //determine mime type (requires PHP >= 5.3.0, must be manually enabled on Windows) + $file_mime = finfo_file($finfo, $path.'/msg_'.$this->voicemail_message_uuid.'.ext'); + finfo_close($finfo); + switch ($file_mime) { + case 'audio/x-wav': + case 'audio/wav': + $file_ext = 'wav'; + break; + case 'audio/mpeg': + case 'audio/mp3': + $file_ext = 'mp3'; + break; } - unset($sql, $parameters, $message_base64, $message_decoded); + rename($path.'/msg_'.$this->voicemail_message_uuid.'.ext', $path.'/msg_'.$this->voicemail_message_uuid.'.'.$file_ext); } + unset($sql, $parameters, $message_base64, $message_decoded); + } //prepare and stream the file - if (file_exists($path.'/msg_'.$this->voicemail_message_uuid.'.wav')) { - $file_path = $path.'/msg_'.$this->voicemail_message_uuid.'.wav'; - } - if (file_exists($path.'/msg_'.$this->voicemail_message_uuid.'.mp3')) { - $file_path = $path.'/msg_'.$this->voicemail_message_uuid.'.mp3'; - } - if ($file_path != '') { - //content-range - if (isset($_SERVER['HTTP_RANGE']) && $this->type != 'bin') { - $this->range_download($file_path); - } + if (file_exists($path.'/msg_'.$this->voicemail_message_uuid.'.wav')) { + $file_path = $path.'/msg_'.$this->voicemail_message_uuid.'.wav'; + } else if (file_exists($path.'/msg_'.$this->voicemail_message_uuid.'.mp3')) { + $file_path = $path.'/msg_'.$this->voicemail_message_uuid.'.mp3'; + } else { + return false; + } - $fd = fopen($file_path, "rb"); - if ($this->type == 'bin') { - header("Content-Type: application/force-download"); - header("Content-Type: application/octet-stream"); - header("Content-Type: application/download"); - header("Content-Description: File Transfer"); - $file_ext = pathinfo($file_path, PATHINFO_EXTENSION); - switch ($file_ext) { - case "wav" : header('Content-Disposition: attachment; filename="msg_'.$this->voicemail_message_uuid.'.wav"'); break; - case "mp3" : header('Content-Disposition: attachment; filename="msg_'.$this->voicemail_message_uuid.'.mp3"'); break; - case "ogg" : header('Content-Disposition: attachment; filename="msg_'.$this->voicemail_message_uuid.'.ogg"'); break; - } - } - else { - $file_ext = pathinfo($file_path, PATHINFO_EXTENSION); - switch ($file_ext) { - case "wav" : header("Content-Type: audio/x-wav"); break; - case "mp3" : header("Content-Type: audio/mpeg"); break; - case "ogg" : header("Content-Type: audio/ogg"); break; - } - } - header("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1 - header("Expires: Sat, 26 Jul 1997 05:00:00 GMT"); // date in the past - if ($this->type == 'bin') { - header("Content-Length: ".filesize($file_path)); - } - ob_end_clean(); - fpassthru($fd); + if ($file_path == '') { + return false; + } + + //content-range + if (isset($_SERVER['HTTP_RANGE']) && $this->type != 'bin') { + $this->range_download($file_path); + } + + $fd = fopen($file_path, "rb"); + if ($this->type == 'bin') { + header("Content-Type: application/force-download"); + header("Content-Type: application/octet-stream"); + header("Content-Type: application/download"); + header("Content-Description: File Transfer"); + $file_ext = pathinfo($file_path, PATHINFO_EXTENSION); + switch ($file_ext) { + case "wav" : header('Content-Disposition: attachment; filename="msg_'.$this->voicemail_message_uuid.'.wav"'); break; + case "mp3" : header('Content-Disposition: attachment; filename="msg_'.$this->voicemail_message_uuid.'.mp3"'); break; + case "ogg" : header('Content-Disposition: attachment; filename="msg_'.$this->voicemail_message_uuid.'.ogg"'); break; } + } else { + $file_ext = pathinfo($file_path, PATHINFO_EXTENSION); + switch ($file_ext) { + case "wav" : header("Content-Type: audio/x-wav"); break; + case "mp3" : header("Content-Type: audio/mpeg"); break; + case "ogg" : header("Content-Type: audio/ogg"); break; + } + } + header("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1 + header("Expires: Sat, 26 Jul 1997 05:00:00 GMT"); // date in the past + if ($this->type == 'bin') { + header("Content-Length: ".filesize($file_path)); + } + ob_end_clean(); + fpassthru($fd); //if base64, remove temp file - if ($_SESSION['voicemail']['storage_type']['text'] == 'base64') { - @unlink($path.'/msg_'.$this->voicemail_message_uuid.'.'.$file_ext); - } + if ($_SESSION['voicemail']['storage_type']['text'] == 'base64') { + @unlink($path.'/msg_'.$this->voicemail_message_uuid.'.'.$file_ext); + } } @@ -956,4 +959,4 @@ foreach ($_SESSION['user']['extension'] as $value) { } */ -?> \ No newline at end of file +?> diff --git a/app/voicemails/voicemail_messages.php b/app/voicemails/voicemail_messages.php index f2a9e7b972..92b7635a59 100644 --- a/app/voicemails/voicemail_messages.php +++ b/app/voicemails/voicemail_messages.php @@ -45,7 +45,9 @@ $voicemail->voicemail_id = $_REQUEST['id']; $voicemail->voicemail_uuid = $_REQUEST['voicemail_uuid']; $voicemail->voicemail_message_uuid = $_REQUEST['uuid']; - $result = $voicemail->message_download(); + if(!$voicemail->message_download()) { + echo "unable to download voicemail"; + } unset($voicemail); exit; } @@ -378,4 +380,4 @@ //include the footer require_once "resources/footer.php"; -?> \ No newline at end of file +?> diff --git a/app/xml_cdr/resources/classes/xml_cdr.php b/app/xml_cdr/resources/classes/xml_cdr.php index 89fa2ea6aa..335db778f4 100644 --- a/app/xml_cdr/resources/classes/xml_cdr.php +++ b/app/xml_cdr/resources/classes/xml_cdr.php @@ -1286,60 +1286,72 @@ if (!class_exists('xml_cdr')) { * download the recordings */ public function download($uuid) { - if (permission_exists('xml_cdr_view')) { - - //get call recording from database - if (is_uuid($uuid)) { - $sql = "select record_name, record_path from v_xml_cdr "; - $sql .= "where xml_cdr_uuid = :xml_cdr_uuid "; - //$sql .= "and domain_uuid = '".$domain_uuid."' \n"; - $parameters['xml_cdr_uuid'] = $uuid; - //$parameters['domain_uuid'] = $domain_uuid; - $database = new database; - $row = $database->select($sql, $parameters, 'row'); - if (is_array($row)) { - $record_name = $row['record_name']; - $record_path = $row['record_path']; - } - unset ($sql, $parameters, $row); - } - - //build full path - $record_file = $record_path.'/'.$record_name; - - //download the file - if (file_exists($record_file)) { - //content-range - if (isset($_SERVER['HTTP_RANGE']) && $_GET['t'] != "bin") { - $this->range_download($record_file); - } - ob_clean(); - $fd = fopen($record_file, "rb"); - if ($_GET['t'] == "bin") { - header("Content-Type: application/force-download"); - header("Content-Type: application/octet-stream"); - header("Content-Type: application/download"); - header("Content-Description: File Transfer"); - } - else { - $file_ext = pathinfo($record_name, PATHINFO_EXTENSION); - switch ($file_ext) { - case "wav" : header("Content-Type: audio/x-wav"); break; - case "mp3" : header("Content-Type: audio/mpeg"); break; - case "ogg" : header("Content-Type: audio/ogg"); break; - } - } - $record_name = preg_replace('#[^a-zA-Z0-9_\-\.]#', '', $record_name); - header('Content-Disposition: attachment; filename="'.$record_name.'"'); - header("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1 - header("Expires: Sat, 26 Jul 1997 05:00:00 GMT"); // Date in the past - if ($_GET['t'] == "bin") { - header("Content-Length: ".filesize($record_file)); - } - ob_clean(); - fpassthru($fd); - } + if (!permission_exists('xml_cdr_view')) { + echo "permission denied"; + return; } + + //get call recording from database + if (!is_uuid($uuid)) { + echo "invalid uuid"; + return; + } + + $sql = "select record_name, record_path from v_xml_cdr "; + $sql .= "where xml_cdr_uuid = :xml_cdr_uuid "; + //$sql .= "and domain_uuid = '".$domain_uuid."' \n"; + $parameters['xml_cdr_uuid'] = $uuid; + //$parameters['domain_uuid'] = $domain_uuid; + $database = new database; + $row = $database->select($sql, $parameters, 'row'); + if (is_array($row)) { + $record_name = $row['record_name']; + $record_path = $row['record_path']; + } else { + echo "recording not found"; + return; + } + unset ($sql, $parameters, $row); + + //build full path + $record_file = $record_path.'/'.$record_name; + + //download the file + if (!file_exists($record_file)) { + echo "recording not found"; + return; + } + + //content-range + if (isset($_SERVER['HTTP_RANGE']) && $_GET['t'] != "bin") { + $this->range_download($record_file); + } + + ob_clean(); + $fd = fopen($record_file, "rb"); + if ($_GET['t'] == "bin") { + header("Content-Type: application/force-download"); + header("Content-Type: application/octet-stream"); + header("Content-Type: application/download"); + header("Content-Description: File Transfer"); + } else { + $file_ext = pathinfo($record_name, PATHINFO_EXTENSION); + switch ($file_ext) { + case "wav" : header("Content-Type: audio/x-wav"); break; + case "mp3" : header("Content-Type: audio/mpeg"); break; + case "ogg" : header("Content-Type: audio/ogg"); break; + } + } + $record_name = preg_replace('#[^a-zA-Z0-9_\-\.]#', '', $record_name); + header('Content-Disposition: attachment; filename="'.$record_name.'"'); + header("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1 + header("Expires: Sat, 26 Jul 1997 05:00:00 GMT"); // Date in the past + if ($_GET['t'] == "bin") { + header("Content-Length: ".filesize($record_file)); + } + ob_clean(); + fpassthru($fd); + } //end download method /*