1 files changed, 10 insertions, 5 deletions

diff --git a/modules/file/file.module b/modules/file/file.module
index fbf8b81ec..9e091af03 100644
--- a/modules/file/file.module
+++ b/modules/file/file.module
@@ -529,14 +529,19 @@ function file_managed_file_value(&$element, $input = FALSE, $form_state = NULL)
         // publicly accessible, with no download restrictions; for security
         // reasons all other schemes must go through the file_download_access()
         // check.
-        if (in_array(file_uri_scheme($file->uri), variable_get('file_public_schema', array('public'))) || file_download_access($file->uri)) {
-          $fid = $file->fid;
+        if (!in_array(file_uri_scheme($file->uri), variable_get('file_public_schema', array('public'))) && !file_download_access($file->uri)) {
+          $force_default = TRUE;
         }
-        // If the current user doesn't have access, don't let the file be
-        // changed.
-        else {
+        // Temporary files that belong to other users should never be allowed.
+        // Since file ownership can't be determined for anonymous users, they
+        // are not allowed to reuse temporary files at all.
+        elseif ($file->status != FILE_STATUS_PERMANENT && (!$GLOBALS['user']->uid || $file->uid != $GLOBALS['user']->uid)) {
           $force_default = TRUE;
         }
+        // If all checks pass, allow the file to be changed.
+        else {
+          $fid = $file->fid;
+        }
       }
     }
   }