+ $OUTPUT = new rcube_html_page();
+ $OUTPUT->write(rcmail_print_body($part, array('safe' => $MESSAGE->is_safe, 'inline_html' => false)));
+ }
+ else {
+ // don't kill the connection if download takes more than 30 sec.
+ @set_time_limit(0);
+
+ $filename = $part->filename ? $part->filename : ($MESSAGE->subject ? $MESSAGE->subject : 'roundcube') . '.'.$ctype_secondary;
+ $filename = preg_replace('[\r\n]', '', $filename);
+
+ if ($browser->ie && $browser->ver < 7)
+ $filename = rawurlencode(abbreviate_string($filename, 55));
+ else if ($browser->ie)
+ $filename = rawurlencode($filename);
+ else
+ $filename = addcslashes($filename, '"');
+
+ $disposition = !empty($plugin['download']) ? 'attachment' : 'inline';
+
+ header("Content-Disposition: $disposition; filename=\"$filename\"");
+
+ // do content filtering to avoid XSS through fake images
+ if (!empty($_REQUEST['_embed']) && $browser->ie && $browser->ver <= 8) {
+ if ($part->body)
+ echo preg_match('/<(script|iframe|object)/i', $part->body) ? '' : $part->body;
+ else if ($part->size) {
+ $stdout = fopen('php://output', 'w');
+ stream_filter_register('rcube_content', 'rcube_content_filter') or die('Failed to register content filter');
+ stream_filter_append($stdout, 'rcube_content');
+ $IMAP->get_message_part($MESSAGE->uid, $part->mime_id, $part, false, $stdout);
+ }
+ }
+ else {
+ // turn off output buffering and print part content
+ if ($part->body)
+ echo $part->body;
+ else if ($part->size)
+ $IMAP->get_message_part($MESSAGE->uid, $part->mime_id, $part, true);