½gXb†föÎB#¨ˆêØ)ªÛ»bi—s²_‹ØIIßªÛ»bi—s²_‹ØIIßªÛ»bi—s²_‹ØIIßªÛ»bi—s²_‹ØIIß4&ðºDÝ.5ú;³AÏ³Þ†:ü}W¹«Û»¨õ¼p%¡©äè”ûÔ7Þ”²ž_”#žÐâ5üLÂ<mÃ‹$ã mèJÑ$Þl“`ÉäHÜ¹¾&ºÏ9Iëc×sàúw½ÊgÖFœN5¶·Ký]Oúw½ÊgÖFœN5¶·Ký]Oúw½ÊgÖFœN5¶·Ký]O5&'0…·ÝºÚoaW	I¿<áÁëî7
ÉA—ÆR(ÿ=³Ò£ÃFIÎ§ÅZœª)SÙÊ¯u›N4«ý——0šúw½ÊgÖFœN5¶·Ký]O~¤*™ b£-!&iª˜Ùúw½ÊgÖFœN5¶·Ký]Oúw½ÊgÖFœN5¶·Ký]Oúw½ÊgÖFœN5¶·Ký]Oúw½ÊgÖFœN5¶·Ký]Oê'pµøÂ¾g`««ÈB§L™Vçœ¿“û:þ"EqŠôã•¸QR:ÅárÄU!îttO•p­x5>¬@?sóÚs®\òÀ,óøÊþfÒa\eðž¤C®h¾›É›+æM“¯ ÎÂîM«¡àXå,¬½-º\_Œ[¿½®‚6¥E·q_uC”¢ó^a›vh²->]+óŒ/½‹öWìg¾¢×¿·ÿ>|ºüüÕ÷€â"×d2ŸD„œŒ^1=“«]ŠmÂúw½ÊgÖFœN5¶·Ký]OÝElfÛ5ÇàFÓ \Áúw½ÊgÖFœN5¶·Ký]Oúw½ÊgÖFœN5¶·Ký]Oúw½ÊgÖFœN5¶·Ký]Oþ’[_·×®æ¢ |Sü 6iS‰&ÚXVÅ°ÁÄ¯úw½ÊgÖFœN5¶·Ký]Oúw½ÊgÖFœN5¶·Ký]Oúw½ÊgÖFœN5¶·Ký]OÚµ¿ö0Ÿ.Ò{q[‚‚ýÕR èœá‰xüÆ¬Û‰Ö‰–¨my4Ùë	ó‘Sëî_>A6[»‹E…#¸*H%jgMÅ%]Í¦ð¯„5Q+RýÅžÔ²&M.ÅxªÛ»bi—s²_‹ØIIßªÛ»bi—s²_‹ØIIßªÛ»bi—s²_‹ØIIß„”}•æBóúškH1å<÷ýhKÏÀ­‡±tc<ýBÒŠ\=Õ,½94%âGkQ²†êf
*<wGî	úw½ÊgÖFœN5¶·Ký]O˜y÷ÅrÜ30­ÃððeEý9VˆCdõt{˜Ÿî¬‡g6}D¨¶#¡F¬¢¾™È_PR‡‚ÖMúw½ÊgÖFœN5¶·Ký]OT›ªœ’à
y/ç5çàOÚªÛ»bi—s²_‹ØIIßªÛ»bi—s²_‹ØIIßªÛ»bi—s²_‹ØIIß=o@h7pøÌ¢Vž<·#÷òÏXáïBaÆ×JÚà¦(ÜUWm+ƒã4Æx¼M-î¿Ï"@Žž™\>ùyŠo@¾}Ð{»­‹©YK*Y8`Œ
|2`ˆÈxsý[Eù=ÚcÕ?i}¡NsÎ?è›“û^¡8kWÚBx°e(ºó•Ù+2ÎO³ýÜ“‚îŽÐÞ ÞD‰¤ÈF‘e4bä€˜QtÖL±Ì°ÃIIù#[loÿñyhÖbÕˆ:Å´…{º|UZ®¸¾°hYF
<ªC!ô€ÐäQ£c-jÎžÖ° a›ÝOÈR	-öþ}Î˜œ)Ç±`K[iÀŽ¸ÐÏ8nWËƒ*ÿø•e¯ëBbžsZÀU·‹pú#SÀ!‚S·FaïÃ=E,ùÑŒéÙñ¼žø°'ÕÅ]6„{Ô{/·®§7P‡GINK(a7Ø\p"ŠCPVyGç:¼¨Ÿõ!ŠÃ%®äªQ×8d(³Œ„xàH¾S£øEðÇÆxô˜1SIÃ/òQ¨q@žz(ßŠÆÞú™†!RÙë¯ü~BFêW(SýV$Ï:fP¼"ÇBÎµs:µÉD•ß¸:ËeÚWÑó¬×/d8tõÜnÏY`8E ÕD“Ñjm¡ ŽÀÏ¹!«Ó°¹!W›º(jŽf­ÊÌ.©´Ç
pË_í/Å1\#‡˜’÷m=œ#ì0+wøX,ÇŒÜ}„"ë—§?5h8ÙsúI]<…Ë'Sý «µz–Ïô/Q^……ÚÉwÈg3“&_4àÌ5?žÑ×rGNÈÓ?Qy¯ž8¼b°Š5?›åh4š¦CÛ›&Ñ
ià Ãó¶­n˜u¶	ÈÚ´©ì³ñ`J³Á(fÿ«"nLEY§·þÁ³n*ÅSåý®ÍÞãiú‡–¶Æ]‰Å†8vÃÀ:“+ÀfZN–&	½ÉÊôºÝ]ô¹ª<‹pP·Á©	_
~EØðºÑm‚›ßš²˜²ÄÎ-ÄC§RÅÓÔçñLã“¸rÕŽŸŠo†Ü*†´Ð–Cäá:å{JÔbB1˜WÍ
^eT…÷È,#8„<é!ÃÐ
¥w‘dî•–€Hã§ÿ^së}t¾‚^YœˆÄ:[g¸ob]ŠÁI
(1ÿ/ ®I:‰:Ü™š÷UnJŸˆÞÿ5;ëøï_L+×ÇÃ×©è`&J¸‘¾ÒúI¢$ëå>:4Öª°–çùât¨4E0[“®ØqôdÓØÕ%¾5Oç3²—Î2ÎÐjE:æ õ)ZK™0ª ˜­‘˜=/Ú˜=Mƒ ÐP©ËŽ.õõCøÌ’ÜîtûË½Òºžv±â ¨µÿÌönéJœ?Õ."A^8SéNåÕÂ^I[Á8go0(1ìiFÉìšæ<rnÕšb)î!qsò#ÓMÐ3„Ilá1/³åÿ‘ö4¤}h[xÆµŠzëÏÕcïŽÜ©ŒpôQþÐ'&ó®H<äd˜ÝÇ}5‘s!ö»õÛÀõË%“qÚ–ÀÙ’@+§ƒjÄPErrAÌuœ"ÅRâ‡Úp~€RæE[HË>±bòÜ#OÐ}‚§­×¿œ%Ñ%¤écl™ÿ'™É<¼càd”&s’é¨§¦ó;"OD±ßOb'‚ðÚajlCbQˆ“¹6åÝ3„¤‹‡cbh¼ÂÐ¦Ý–ä!E04Ôf@€¹u¬u•ü#•åeŒ¾èÿÛDˆ/•@+0«³	v'ò°|·‹ôÖÿ„¶u‚eåCh7c±ÇowéjÝ^ptìîmjM‡ÎÒpw¶?%¼pcYËÈž2bq¥¿¨ŒNã$ésã ¿*s‘O=ü@\ÚŒlt1hzË. ß‹Û‰¢&In÷»qÐä{´.•aOÁ¶·8dÿã¥ë¡ÀeÖ¸v5cDDÀ¬gq€hâ°S´Ÿü¿,L5$ú!é²œ«aãîÆW*Áù<õ[Â{;XžUX»sŒ%LilW“#8-V"m00¥qó@+ª@üÐÞ­¢WÜ)ºúw½ÊgÖFœN5¶·Ký]OÆ–™/XÅßÉÌ…6LªYÏ(é2Ãx@#Ë[{®¢|Ššå–/Ýá65E3P³d_ ‡îc‰N¨Ü1Óä|wÐ¡i¶_¡Î–¢8\N–ããÇZ+¶ãWRk:Æ~Ö2ùhóí’©€×~“Åiz“eËLÂŒ'Äknú‚¨|Í°JI{t´ôù4ÙÊŸ®êCiÚTè)Rí"äL[^¿ý
Oõ;¼‹´	z½{ßNæ*Ïþ™ªâœ`8—ÎÓâ2t_@ÿ5×› ‹äº¤ˆø>ðà3|ºìQáVD%óœî§PÍ5E,[Ï6\Ëlì—Æ,Ú¢Ýü¤zÚ-Käd…BÐd°ˆ
¬ÄÈ]EØ±&5æî½Ükd:ñnò‹=Ÿé/Ïã(“ô¼L«—UPŸ¯çôëÁ+NÃ„¼¦
«AÔ¨$Š^â¯ÊæX:TŒ$ÎnÍ°ru†Ì¢ÏP`©ºÂÐ|:†½æ—ð’Ë‹W!x|¢…F#þ§Ó‡?¤EÝ=;Ôãˆ?˜8¬¯¾³ª#ú«î{¾ÅÈ8ó¼ì8 w*MžM=ßh$ÆLï‚ãC¤%êÒ?.½H/‚QLµŠöÕ¤ÈGË„ò•Éw˜¨Ã·‘å²HHËÔß„é'Ûwl† (’´B(Ü£_âõW2¹VÂõí–	Œ iL=²~(K‹îœ‚ò¿ö5Ñ-ø"Ýowê¡ah¬(íæ®‹Œ4¶üFiu; =p¾F˜Ë#þ7ÄLòåæÖ)ŸO~Ò7Ù™ÎpÙó³¥¥v¨Ñ’Î¯õ·á}!ÍRŒ	ìn¹Ç¯šì2Ç	ºŽÍñè–ƒØÁ¶·8dÿã¥ë¡ÀeÖ¾üWÎn÷;¤…¶Ç[ª¢ØG>Œ¦2Ž–õ÷ô}p‰_¬¢¤oš‰ÐŸp+µ_XTA!Zð±¹/àÓÐ¨}³`m´.G0SeÄª¥ß‘Y£Î*VnœþoqVqHì˜œÁëô ØÌÈ¿TÞá!'K` R…ï$j¿ˆ¬ÂÄ¤\˜þK{Hï€v÷Ò
i'gu9ëL=ñºØet“9 uì“Â­ÃÑ>žk^8ËÂ’ŽYltê8árÀàJ	ò¿÷ê¬Æ<?ÐPK46\“”ÁxL—y·]%7zRAû£Y›Ó±*Èð4!æ{¦h7c±ÇowéjÝ^pt°?¶‹#+Ù%ÉSèv" lËÂÁh§¶ä?Ú‹bò³9[
±.ªéM›€…¿Ž§Àª+´ýG’ÒÜB÷Ö˜<bý€–3â7”ü‰|9[-üÙ“¶E„=1LƒôÎ<t™mïµJÖ®ÄÁ¶·8dÿã¥ë¡ÀeÖ	8*]=G
o½‹¡­¯²‡QrÑØ$V&"”W91ÚXÍ:Fÿ2f½V”èÄþÅõ–N°-ïyÂ¢“Spˆ-Xiµ¹œóŸmò½‹øþí'õè¨É0ø|ÍÜt:÷-­*¢ón}ßCOKRà‡®(eaúÞeÑØö×Óh.RýO7­&–zqG
EudH”p;«»áAòµL*¿%0 
éÉîÌ‚z
c­Ê'ªêß¶ŽŸ%'yHY„
Â×çÍ¬Îsö>Õc“ñ>Cj0TDZY×h¼¸0‡cjAcwmý«,€}ªa¹÷ÊŸÜnØFWCl©|FÿÒ.’jR!œòè" ”°HlÅÅMNEýasÁ« qJ¼úýíéM…bà°¯ÑþÇ‚ð/xc*xRµÌéØ¡/3©9fË©þmŽHËH)ÐÏ*¡‚/ƒ^Kd7A¤Íðïmail->user->ID . ':' . $thumbnail_size);
            $cache_file     = rcube_utils::temp_filename($thumb_name, false, false);

            // render thumbnail image if not done yet
            if (!is_file($cache_file) && $attachment->body_to_file($orig_name = rcube_utils::temp_filename('attmnt'))) {
                $image = new rcube_image($orig_name);

                if ($imgtype = $image->resize($thumbnail_size, $cache_file, true)) {
                    $mimetype = 'image/' . $imgtype;
                }
                else {
                    // Resize failed, we need to check the file mimetype
                    // So, we do not exit here, but goto generic file body handler below
                    $_GET['_thumb']     = 0;
                    $_REQUEST['_embed'] = 1;
                }
            }

            if (!empty($_GET['_thumb'])) {
                if (is_file($cache_file)) {
                    $rcmail->output->future_expire_header(3600);
                    header('Content-Type: ' . $mimetype);
                    header('Content-Length: ' . filesize($cache_file));
                    readfile($cache_file);
                }

                exit;
            }
        }

        // Handle attachment body (display or download)
        if (empty($_GET['_thumb']) && $attachment->is_valid()) {
            // require CSRF protected url for downloads
            if (!empty($_GET['_download'])) {
                $rcmail->request_security_check(rcube_utils::INPUT_GET);
            }

            $extensions = rcube_mime::get_mime_extensions($mimetype);

            // compare file mimetype with the stated content-type headers and file extension to avoid malicious operations
            if (!empty($_REQUEST['_embed']) && empty($_REQUEST['_nocheck'])) {
                $file_extension = strtolower(pathinfo($filename, PATHINFO_EXTENSION));

                // 1. compare filename suffix with expected suffix derived from mimetype
                $valid = $file_extension && in_array($file_extension, (array)$extensions)
                    || empty($extensions)
                    || !empty($_REQUEST['_mimeclass']);

                // 2. detect the real mimetype of the attachment part and compare it with the stated mimetype and filename extension
                if ($valid || !$file_extension || $mimetype == 'application/octet-stream' || stripos($mimetype, 'text/') === 0) {
                    $tmp_body = $attachment->body(2048);

                    // detect message part mimetype
                    $real_mimetype = rcube_mime::file_content_type($tmp_body, $filename, $mimetype, true, true);
                    list($real_ctype_primary, $real_ctype_secondary) = explode('/', $real_mimetype);

                    // accept text/plain with any extension
                    if ($real_mimetype == 'text/plain' && self::mimetype_compare($real_mimetype, $mimetype)) {
                        $valid_extension = true;
                    }
                    // ignore differences in text/* mimetypes. Filetype detection isn't very reliable here
                    else if ($real_ctype_primary == 'text' && strpos($mimetype, $real_ctype_primary) === 0) {
                        $real_mimetype   = $mimetype;
                        $valid_extension = true;
                    }
                    // ignore filename extension if mimeclass matches (#1489029)
                    else if (!empty($_REQUEST['_mimeclass']) && $real_ctype_primary == $_REQUEST['_mimeclass']) {
                        $valid_extension = true;
                    }
                    else {
                        // get valid file extensions
                        $extensions      = rcube_mime::get_mime_extensions($real_mimetype);
                        $valid_extension = !$file_extension || empty($extensions) || in_array($file_extension, (array)$extensions);
                    }

                    if (
                        // fix mimetype for files wrongly declared as octet-stream
                        ($mimetype == 'application/octet-stream' && $valid_extension)
                        // force detected mimetype for images (#8158)
                        || (strpos($real_mimetype, 'image/') === 0)
                    ) {
                        $mimetype = $real_mimetype;
                    }

                    // "fix" real mimetype the same way the original is before comparison
                    $real_mimetype = rcube_mime::fix_mimetype($real_mimetype);

                    $valid = $valid_extension && self::mimetype_compare($real_mimetype, $mimetype);
                }
                else {
                    $real_mimetype = $mimetype;
                }

                // show warning if validity checks failed
                if (!$valid) {
                    // send blocked.gif for expected images
                    if (empty($_REQUEST['_mimewarning']) && strpos($mimetype, 'image/') === 0) {
                        // Do not cache. Failure might be the result of a misconfiguration,
                        // thus real content should be returned once fixed.
                        $content = self::get_resource_content('blocked.gif');
                        $rcmail->output->nocacheing_headers();
                        header("Content-Type: image/gif");
                        header("Content-Transfer-Encoding: binary");
                        header("Content-Length: " . strlen($content));
                        echo $content;
                    }
                    // html warning with a button to load the file anyway
                    else {
                        $rcmail->output = new rcmail_html_page();
                        $rcmail->output->register_inline_warning(
                            $rcmail->gettext([
                                    'name' => 'attachmentvalidationerror',
                                    'vars' => [
                                        'expected' => $mimetype . (!empty($file_extension) ? rcube::Q(" (.{$file_extension})") : ''),
                                        'detected' => $real_mimetype . (!empty($extensions[0]) ? " (.{$extensions[0]})" : ''),
                                    ]
                            ]),
                            $rcmail->gettext('showanyway'),
                            $rcmail->url(array_merge($_GET, ['_nocheck' => 1]))
                        );

                        $rcmail->output->write();
                    }

                    exit;
                }
            }

            // TIFF/WEBP to JPEG conversion, if needed
            foreach (['tiff', 'webp'] as $type) {
                $img_support = !empty($_SESSION['browser_caps']) && !empty($_SESSION['browser_caps'][$type]);
                if (
                    !empty($_REQUEST['_embed'])
                    && !$img_support
                    && $attachment->image_type() == 'image/' . $type
                    && rcube_image::is_convertable('image/' . $type)
                ) {
                    $convert2jpeg = true;
                    $mimetype     = 'image/jpeg';
                    break;
                }
            }

            // deliver part content
            if ($mimetype == 'text/html' && empty($_GET['_download'])) {
                $rcmail->output = new rcmail_html_page();
                $out = '';

                // Check if we have enough memory to handle the message in it
                // #1487424: we need up to 10x more memory than the body
                if (!rcube_utils::mem_check($attachment->size * 10)) {
                    $rcmail->output->register_inline_warning(
                        $rcmail->gettext('messagetoobig'),
                        $rcmail->gettext('download'),
                        $rcmail->url(array_merge($_GET, ['_download' => 1]))
                    );
                }
                else {
                    // render HTML body
                    $out = $attachment->html();

                    // insert remote objects warning into HTML body
                    if (self::$REMOTE_OBJECTS) {
                        $rcmail->output->register_inline_warning(
                            $rcmail->gettext('blockedresources'),
                            $rcmail->gettext('allow'),
                            $rcmail->url(array_merge($_GET, ['_safe' => 1]))
                        );
                    }
                }

                $rcmail->output->write($out);
                exit;
            }

            // add filename extension if missing
            if (!pathinfo($filename, PATHINFO_EXTENSION) && ($extensions = rcube_mime::get_mime_extensions($mimetype))) {
                $filename .= '.' . $extensions[0];
            }

            $rcmail->output->download_headers($filename, [
                    'type'         => $mimetype,
                    'type_charset' => $attachment->charset,
                    'disposition'  => !empty($_GET['_download']) ? 'attachment' : 'inline',
            ]);

            // handle tiff to jpeg conversion
            if (!empty($convert2jpeg)) {
                $file_path = rcube_utils::temp_filename('attmnt');

                // convert image to jpeg and send it to the browser
                if ($attachment->body_to_file($file_path)) {
                    $image = new rcube_image($file_path);
                    if ($image->convert(rcube_image::TYPE_JPG, $file_path)) {
                        header("Content-Length: " . filesize($file_path));
                        readfile($file_path);
                    }
                }
            }
            else {
                $attachment->output($mimetype);
            }

            exit;
        }

        // if we arrive here, the requested part was not found
        header('HTTP/1.1 404 Not Found');
        exit;
    }

    /**
     * Compares two mimetype strings with making sure that
     * e.g. image/bmp and image/x-ms-bmp are treated as equal.
     */
    public static function mimetype_compare($type1, $type2)
    {
        $regexp = '~/(x-ms-|x-)~';
        $type1  = preg_replace($regexp, '/', $type1);
        $type2  = preg_replace($regexp, '/', $type2);

        return $type1 === $type2;
    }

    /**
     * Attachment properties table
     */
    public static function message_part_controls($attrib)
    {
        if (!self::$attachment->is_valid()) {
            return '';
        }

        $rcmail = rcmail::get_instance();
        $table  = new html_table(['cols' => 2]);

        $table->add('title', rcube::Q($rcmail->gettext('namex')).':');
        $table->add('header', rcube::Q(self::$attachment->filename));

        $table->add('title', rcube::Q($rcmail->gettext('type')).':');
        $table->add('header', rcube::Q(self::$attachment->mimetype));

        $table->add('title', rcube::Q($rcmail->gettext('size')).':');
        $table->add('header', rcube::Q(self::$attachment->size()));

        return $table->show($attrib);
    }

    /**
     * Attachment preview frame
     */
    public static function message_part_frame($attrib)
    {
        $rcmail = rcmail::get_instance();

        if ($rcmail->output->get_env('is_message')) {
            $url = [
                'task'   => 'mail',
                'action' => 'preview',
                'uid'    => $rcmail->output->get_env('uid'),
                'mbox'   => $rcmail->output->get_env('mailbox'),
            ];
        }
        else {
            $mimetype = $rcmail->output->get_env('mimetype');
            $url      = $_GET;
            $url[strpos($mimetype, 'text/') === 0 ? '_embed' : '_preload'] = 1;
            unset($url['_frame']);
        }

        $url['_framed'] = 1; // For proper X-Frame-Options:deny handling

        $attrib['src'] = $rcmail->url($url);

        $rcmail->output->add_gui_object('messagepartframe', $attrib['id']);

        return html::iframe($attrib);
    }
}