1 files changed, 4 insertions, 3 deletions

diff --git a/attachment.cgi b/attachment.cgi
index 2f48c0805..8792b4aec 100755
--- a/attachment.cgi
+++ b/attachment.cgi
@@ -91,11 +91,13 @@ elsif ($action eq "viewall")
 }
 elsif ($action eq "enter") 
 { 
+  confirm_login();
   ValidateBugID($::FORM{'bugid'});
   enter(); 
 }
 elsif ($action eq "insert")
 {
+  confirm_login();
   ValidateBugID($::FORM{'bugid'});
   validateFilename();
   validateData();
@@ -472,12 +474,11 @@ sub insert
   my $filename = SqlQuote($::FILE{'data'}->{'filename'});
   my $description = SqlQuote($::FORM{'description'});
   my $contenttype = SqlQuote($::FORM{'contenttype'});
-  my $submitterid = DBNameToIdAndCheck($::COOKIE{'Bugzilla_login'});
   my $thedata = SqlQuote($::FORM{'data'});
 
   # Insert the attachment into the database.
   SendSQL("INSERT INTO attachments (bug_id, filename, description, mimetype, ispatch, submitter_id, thedata) 
-           VALUES ($::FORM{'bugid'}, $filename, $description, $contenttype, $::FORM{'ispatch'}, $submitterid, $thedata)");
+           VALUES ($::FORM{'bugid'}, $filename, $description, $contenttype, $::FORM{'ispatch'}, $::userid, $thedata)");
 
   # Retrieve the ID of the newly created attachment record.
   SendSQL("SELECT LAST_INSERT_ID()");
@@ -501,7 +502,7 @@ sub insert
   foreach my $attachid (@{$::MFORM{'obsolete'}}) {
     SendSQL("UPDATE attachments SET isobsolete = 1 WHERE attach_id = $attachid");
     SendSQL("INSERT INTO bugs_activity (bug_id, attach_id, who, bug_when, fieldid, removed, added) 
-             VALUES ($::FORM{'bugid'}, $attachid, $submitterid, NOW(), $fieldid, '0', '1')");
+             VALUES ($::FORM{'bugid'}, $attachid, $::userid, NOW(), $fieldid, '0', '1')");
   }
 
   # Send mail to let people know the attachment has been created.  Uses a