Merge pull request #1438 from jloguercio/1.11.x

Added validation to clean up the attachment files in announcement and comments

main/inc/lib/AnnouncementManager.php

@@ -1105,6 +1105,8 @@ class AnnouncementManager
             } else {
                 $new_file_name = uniqid('');
                 $new_path = $updir . '/' . $new_file_name;
+		
+                // This file is copy here but its cleaned in api_mail_html in api.lib.php    
                 copy($file['tmp_name'], $new_path);
 
                 $params = [

main/inc/lib/api.lib.php

@@ -8025,6 +8025,10 @@ function api_mail_html(
 
     // Clear all the addresses.
     $mail->ClearAddresses();
+    
+    // Clear all attachments
+    $mail->ClearAttachments();
+    
     return 1;
 }
 

main/inc/lib/system_announcements.lib.php

@@ -739,6 +739,14 @@ class SystemAnnouncementManager
             $message_sent = true;
 		}
 	    
+	    	// Minor validation to clean up the attachment files in the announcement
+		if (!empty($_FILES)) {
+		    $attachments = $_FILES;
+		    foreach ($attachments as $attachment) {
+			unlink($attachment['tmp_name']);
+		    }
+		}
+
 		return $message_sent; //true if at least one e-mail was sent
 	}