Fix #11326: Don't show form security token error for oversized uploads

When a user attempts to upload a file that is too large (via
bug_file_add.php) the form POST values are not available to PHP.
Therefore the forum token security check will always fail first,
resulting in the wrong error message being shown to the user. Instead,
the check for blank POST form values should be performed first and a
"maximum file size exceeded" message shown to the user. If the file size
looks OK (from this initial check) then we can proceed to check the form
security token, knowing that any error message generated now will be
relevant.

bug_file_add.php

@@ -29,8 +29,6 @@
 
 	require_once( 'file_api.php' );
 
-	form_security_validate( 'bug_file_add' );
-
 	$f_bug_id	= gpc_get_int( 'bug_id', -1 );
 	$f_file		= gpc_get_file( 'file', -1 );
 
@@ -39,6 +37,8 @@
 		trigger_error( ERROR_FILE_TOO_BIG, ERROR );
 	}
 
+	form_security_validate( 'bug_file_add' );
+
 	$t_bug = bug_get( $f_bug_id, true );
 	if( $t_bug->project_id != helper_get_current_project() ) {
 		# in case the current project is not the same project of the bug we are viewing...