From 75568c536d66d3cd05cf1d4e36be5c4b557b48ca Mon Sep 17 00:00:00 2001
From: Roland Becker <roland@atrol.de>
Date: Sun, 3 Jun 2012 13:53:41 +0200
Subject: [PATCH] Additional patch to fix #14016

First patch to fix the issue introduced access to undefined variable.
---
 api/soap/mc_issue_attachment_api.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/api/soap/mc_issue_attachment_api.php b/api/soap/mc_issue_attachment_api.php
index feb288374f..58aa4b6d8c 100644
--- a/api/soap/mc_issue_attachment_api.php
+++ b/api/soap/mc_issue_attachment_api.php
@@ -72,7 +72,7 @@ function mc_issue_attachment_delete( $p_username, $p_password, $p_issue_attachme
 	$t_bug_id = file_get_field( $p_issue_attachment_id, 'bug_id' );
 
 	# Perform access control checks
-	$t_attachment_owner = file_get_field( $f_file_id, 'user_id' );
+	$t_attachment_owner = file_get_field( $p_issue_attachment_id, 'user_id' );
 	$t_current_user_is_attachment_owner = $t_attachment_owner == $t_user_id;
 	# Factor in allow_delete_own_attachments=ON|OFF
 	if ( !$t_current_user_is_attachment_owner || ( $t_current_user_is_attachment_owner && !config_get( 'allow_delete_own_attachments' ) ) ) {