diff --git a/WHATSNEW.md b/WHATSNEW.md
index 82cade8a935edb2bcef8a53969b8b96c3a7a9f21..bede2a447d4c65afa21eea96b0059288b22832cc 100644
--- a/WHATSNEW.md
+++ b/WHATSNEW.md
@@ -66,6 +66,19 @@ osTicket 1.11.0-rc.1
* Add Custom Forms to Ticket Filter Data
* Fix for LDAP/AD auth plugin (#4198, #3460, #3544, #3549)
+osTicket v1.10.4
+================
+### Enhancements
+* issue: Auto-Assignment Log (#4316)
+* issue: Language Pack Locale Mismatch (#4326)
+* issue: CLI Deploy Missing Bootstrap (#4332)
+* issue: User Import No Email (#4330)
+* issue: Ticket Lock On Disable (#4335)
+
+### Performance and Security
+* security: Fix Multiple XSS Vulnerabilities (#4331)
+* department: Error Feedback (#4331)
+
osTicket v1.10.3
================
### Enhancements
diff --git a/include/class.file.php b/include/class.file.php
index d880840861b09065a34cd275ebb726773d82e105..0fee13a338d052e59b7815bd3ff7e1dca5b06a27 100644
--- a/include/class.file.php
+++ b/include/class.file.php
@@ -636,20 +636,17 @@ class AttachmentFile extends VerySimpleModel {
* canned-response, or faq point to any more.
*/
static function deleteOrphans() {
-
- // XXX: Allow plugins to define filetypes which do not represent
- // files attached to tickets or other things in the attachment
- // table and are not logos
- $files = static::objects()
- ->filter(array(
- 'attachments__object_id__isnull' => true,
- 'ft' => 'T',
- 'created__lt' => SqlFunction::NOW()->minus(SqlInterval::DAY(1)),
- ));
-
- foreach ($files as $f) {
- if (!$f->delete())
- break;
+ $sql = "SELECT `id` FROM ".FILE_TABLE.
+ " A1 WHERE (A1.ft = 'T' AND A1.created < NOW() - INTERVAL 1 DAY)".
+ " AND NOT EXISTS (SELECT id FROM ".ATTACHMENT_TABLE.
+ " A2 WHERE A1.`id` = A2.`file_id`)";
+
+ if (($res=db_query($sql)) && db_num_rows($res)) {
+ while (list($id) = db_fetch_row($res)) {
+ if ($f = static::lookup((int) $id))
+ if (!$f->delete())
+ break;
+ }
}
return true;