forms: Fix attachment security merge conflict

Somehow the attachment security checks got duplicated and messed up. Perhaps it was a bad merge?

forms: Fix attachment security merge conflict
9bce9860 · Jared Hancock · c2e81b8f · 9bce9860
Commit 9bce9860 authored 9 years ago by Jared Hancock
--- a/include/class.forms.php
+++ b/include/class.forms.php
@@ -3675,8 +3675,9 @@ class FileUploadWidget extends Widget {
        // Add in newly added files not yet saved (if redisplaying after an
        // error)
        if ($new) {
-            $F = array_merge($F, AttachmentFile::objects()->filter(array(
-                'id__in' => array_keys($new)))->all());
+            $F = array_merge($F, AttachmentFile::objects()
+                ->filter(array('id__in' => array_keys($new)))
+                ->all());
        }
        foreach ($F as $file) {
            $files[] = array(
@@ -3730,33 +3731,18 @@ class FileUploadWidget extends Widget {
            return $ids;
        }

+        // Files uploaded here MUST have been uploaded by this user and
+        // identified in the session
+        //
        // If no value was sent, assume an empty list
        if (!($files = parent::getValue()))
            return array();

-        // Files uploaded here MUST have been uploaded by this user and
-        // identified in the session
-        if ($files = parent::getValue()) {
-            $allowed = array();
-            // Files already attached to the field are allowed
-            foreach ($this->field->getFiles() as $F) {
-                // FIXME: This will need special porting in v1.10
-                $allowed[$F->id] = 1;
-            }
-            // New files uploaded in this session are allowed
-            if (isset($_SESSION[':uploadedFiles'])) {
-                $allowed += $_SESSION[':uploadedFiles'];
-            }
-
-            // Canned attachments initiated by this session
-            if (isset($_SESSION[':cannedFiles']))
-               $allowed += $_SESSION[':cannedFiles'];
-
-            foreach ($files as $i=>$F) {
-                if (!isset($allowed[$F])) {
-                    unset($files[$i]);
-                }
-            }
+        $allowed = array();
+        // Files already attached to the field are allowed
+        foreach ($this->field->getFiles() as $F) {
+            // FIXME: This will need special porting in v1.10
+            $allowed[$F->id] = 1;
        }

        // New files uploaded in this session are allowed