From 9377f162bded2a898d8786f67e2a44248c3dfd89 Mon Sep 17 00:00:00 2001
From: Gregory Perry <lotyrin@gmail.com>
Date: Tue, 20 Sep 2011 00:34:58 +0000
Subject: [PATCH] Patch 943924 by mike503, eojthebrave, Merco, lotyrin, eliza411: Allow preview of private image on node add form

---
 modules/file/file.module |   12 ++++++++----
 1 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/modules/file/file.module b/modules/file/file.module
index 4fc9985..9fcdfe0 100644
--- a/modules/file/file.module
+++ b/modules/file/file.module
@@ -142,10 +142,14 @@ function file_file_download($uri, $field_type = 'file') {
   // Find out which (if any) fields of this type contain the file.
   $references = file_get_file_references($file, NULL, FIELD_LOAD_CURRENT, $field_type);
 
-  // If there are no references, stop processing, to avoid returning headers
-  // for files controlled by other modules.
-  if (empty($references)) {
-    return;
+  // Stop processing if there are no references in order to avoid returning
+  // headers for files controlled by other modules. Make an exception for
+  // temporary files where the host entity has not yet been saved (for example,
+  // an image preview on a node/add form) in which case, allow download by the
+  // file's owner.
+
+  if(empty($references) && ($file->status == FILE_STATUS_PERMANENT || $file->uid != $user->uid)) {
+      return;
   }
 
   // Default to allow access.
-- 
1.7.4.1