Index: openacs-4/packages/acs-templating/tcl/file-procs.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/acs-templating/tcl/file-procs.tcl,v
diff -u -r1.12.2.5 -r1.12.2.6
--- openacs-4/packages/acs-templating/tcl/file-procs.tcl	23 Aug 2022 15:39:43 -0000	1.12.2.5
+++ openacs-4/packages/acs-templating/tcl/file-procs.tcl	24 Aug 2022 08:58:59 -0000	1.12.2.6
@@ -27,25 +27,10 @@
 } {
     if { [ns_queryget $element_id.tmpfile] eq "" } {
         #
-        # When the widget value was already converted before, we won't
-        # find a tempfile. The values will all come from the main
-        # query parameter.
+        # Ignore files when no tmpfiles are sent in the request: we
+        # can only trust tmpfiles generated by the server.
         #
-        # This may happen, for instance, during the 'preview' action of a form.
-        #
-        # However, we cannot just trust these values, they will need
-        # to go through the sanitization again.
-        #
-        set filenames [list]
-        set tmpfiles  [list]
-        set types     [list]
-        foreach f [ns_querygetall $element_id] {
-            if {[::string is list $f]} {
-                lappend filenames [lindex $f 0]
-                lappend tmpfiles  [lindex $f 1]
-                lappend types     [lindex $f 2]
-            }
-        }
+        return [list]
     } elseif {[ns_info name] eq "NaviServer"} {
         #
         # NaviServer