pie-ai
diff --git a/‎crossdomain.xml
+42 b/‎crossdomain.xml
+42
diff --git a/‎data/SugarBean.php
+12 b/‎data/SugarBean.php
+12
diff --git a/‎download.php
+19-12 b/‎download.php
+19-12
@@ -0,0 +1,42 @@
+<!--
+/*********************************************************************************
+ * SugarCRM is a customer relationship management program developed by
+ * SugarCRM, Inc. Copyright (C) 2004-2011 SugarCRM Inc.
+ * 
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU Affero General Public License version 3 as published by the
+ * Free Software Foundation with the addition of the following permission added
+ * to Section 15 as permitted in Section 7(a): FOR ANY PART OF THE COVERED WORK
+ * IN WHICH THE COPYRIGHT IS OWNED BY SUGARCRM, SUGARCRM DISCLAIMS THE WARRANTY
+ * OF NON INFRINGEMENT OF THIRD PARTY RIGHTS.
+ * 
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE.  See the GNU Affero General Public License for more
+ * details.
+ * 
+ * You should have received a copy of the GNU Affero General Public License along with
+ * this program; if not, see http://www.gnu.org/licenses or write to the Free
+ * Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301 USA.
+ * 
+ * You can contact SugarCRM, Inc. headquarters at 10050 North Wolfe Road,
+ * SW2-130, Cupertino, CA 95014, USA. or at email address contact@sugarcrm.com.
+ * 
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU Affero General Public License version 3.
+ * 
+ * In accordance with Section 7(b) of the GNU Affero General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "Powered by
+ * SugarCRM" logo. If the display of the logo is not reasonably feasible for
+ * technical reasons, the Appropriate Legal Notices must display the words
+ * "Powered by SugarCRM".
+ ********************************************************************************/
+
+-->
+<?xml version="1.0"?>
+<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
+<cross-domain-policy>
+<site-control permitted-cross-domain-policies="none"/>
+</cross-domain-policy>
@@ -2027,6 +2027,10 @@ function fixUpFormatting()
                 case 'datetime':
                 case 'datetimecombo':
                     if(empty($this->$field)) break;
+                    if ($this->$field == 'NULL') {
+                    	$this->$field = '';
+                    	break;
+                    }
                     if ( ! preg_match('/^[0-9]{4}-[0-9]{2}-[0-9]{2} [0-9]{2}:[0-9]{2}:[0-9]{2}$/',$this->$field) ) {
                         // This appears to be formatted in user date/time
                         $this->$field = $timedate->to_db($this->$field);
@@ -2035,6 +2039,10 @@ function fixUpFormatting()
                     break;
                 case 'date':
                     if(empty($this->$field)) break;
+                    if ($this->$field == 'NULL') {
+                    	$this->$field = '';
+                    	break;
+                    }
                     if ( ! preg_match('/^[0-9]{4}-[0-9]{2}-[0-9]{2}$/',$this->$field) ) {
                         // This date appears to be formatted in the user's format
                         $this->$field = $timedate->to_db_date($this->$field, false);
@@ -2043,6 +2051,10 @@ function fixUpFormatting()
                     break;
                 case 'time':
                     if(empty($this->$field)) break;
+                    if ($this->$field == 'NULL') {
+                    	$this->$field = '';
+                    	break;
+                    }
                     if ( preg_match('/(am|pm)/i',$this->$field) ) {
                         // This time appears to be formatted in the user's format
                         $this->$field = $timedate->to_db_time($timedate->to_display_date(gmdate('Y-m-d')).' '.$this->$field);
 
@@ -72,10 +72,10 @@
 	$local_location = (isset($_REQUEST['isTempFile'])) ? "{$GLOBALS['sugar_config']['cache_dir']}/modules/Emails/{$_REQUEST['ieId']}/attachments/{$_REQUEST['id']}"
 		 : $GLOBALS['sugar_config']['upload_dir']."/".$_REQUEST['id'];
 
-	if(isset($_REQUEST['isTempFile']) && ($_REQUEST['type']=="SugarFieldImage")) {			
-	    $local_location =  $GLOBALS['sugar_config']['upload_dir']."/".$_REQUEST['id'];	    
+	if(isset($_REQUEST['isTempFile']) && ($_REQUEST['type']=="SugarFieldImage")) {
+	    $local_location =  $GLOBALS['sugar_config']['upload_dir']."/".$_REQUEST['id'];
     }
-    
+
 	if(!file_exists( $local_location ) || strpos($local_location, "..")) {
 		die($app_strings['ERR_INVALID_FILE_REFERENCE']);
 	}
@@ -87,7 +87,7 @@
 			$query = "SELECT filename name FROM document_revisions INNER JOIN documents ON documents.id = document_revisions.document_id ";
 			$query .= "WHERE document_revisions.id = '" . $_REQUEST['id'] ."'";
 		} elseif($file_type == 'kbdocuments') {
-				$query="SELECT document_revisions.filename name	FROM document_revisions INNER JOIN kbdocument_revisions ON document_revisions.id = kbdocument_revisions.document_revision_id INNER JOIN kbdocuments ON kbdocument_revisions.kbdocument_id = kbdocuments.id ";	 
+				$query="SELECT document_revisions.filename name	FROM document_revisions INNER JOIN kbdocument_revisions ON document_revisions.id = kbdocument_revisions.document_revision_id INNER JOIN kbdocuments ON kbdocument_revisions.kbdocument_id = kbdocuments.id ";
 			$query .= "WHERE document_revisions.id = '" . $_REQUEST['id'] ."'";
 		}  elseif($file_type == 'notes') {
 			$query = "SELECT filename name FROM notes ";
@@ -117,29 +117,36 @@
 			$download_location = $local_location;
 			$name = $_REQUEST['tempName'];
 		}
-		
+
 		if(isset($_SERVER['HTTP_USER_AGENT']) && preg_match("/MSIE/", $_SERVER['HTTP_USER_AGENT']))
-		{	
+		{
 			$name = urlencode($name);
 			$name = str_replace("+", "_", $name);
 		}
 
 		header("Pragma: public");
 		header("Cache-Control: maxage=1, post-check=0, pre-check=0");
-		if(isset($_REQUEST['isTempFile']) && ($_REQUEST['type']=="SugarFieldImage"))
-			header("Content-type: image");
-		else {
-		    header("Content-type: application/force-download");
-            header("Content-disposition: attachment; filename=\"".$name."\";");
+		if(isset($_REQUEST['isTempFile']) && ($_REQUEST['type']=="SugarFieldImage")) {
+		    $mime = getimagesize($download_location);
+		    if(!empty($mime)) {
+			    header("Content-Type: {$mime['mime']}");
+		    } else {
+		        header("Content-Type: image/png");
+		    }
+		} else {
+		    header("Content-Type: application/force-download");
+            header("Content-Disposition: attachment; filename=\"".$name."\";");
 		}
+		// disable content type sniffing in MSIE
+		header("X-Content-Type-Options: nosniff");
 		header("Content-Length: " . filesize($local_location));
 		header("Expires: 0");
 		set_time_limit(0);
 
 		@ob_end_clean();
 		ob_start();
 
-	        echo file_get_contents($download_location);
+	        readfile($download_location);
 		@ob_flush();
 	}
 }