user_access() bypasses permission checks for user 1, leading to the possibility of contact_attach adding its code to the form when no permitted roles for the active user (user 1) can be found. This means 0 attachment fields, which will throw an exception during the validation stage because $_FILES is not populated.

Change minimum attachments returned by _contact_attach_return_max_attachments() to 1 so that all users succeeding the user_access() check will have at least 1 attachment field. This way $_FILES will always exist.

Comments

Tor Arne Thune’s picture

Tor Arne Thune commented
Status: Active » Fixed

Committed and pushed: 6dca580.

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.