From 7dffd8ed35e93b6dc3e1524f342d56f8a6730118 Mon Sep 17 00:00:00 2001
From: Jared Vititoe <jjvititoe1@gmail.com>
Date: Tue, 20 Jan 2026 16:51:26 -0500
Subject: [PATCH] fix: Remove broken AuditLogModel call in
 upload_attachment.php

The AuditLogModel was being instantiated without required $conn parameter
when logging CSRF failures, causing a 500 error.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---
 api/upload_attachment.php | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/api/upload_attachment.php b/api/upload_attachment.php
index 4c03561..275bc73 100644
--- a/api/upload_attachment.php
+++ b/api/upload_attachment.php
@@ -60,9 +60,6 @@ if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
 // Verify CSRF token
 $csrfToken = $_POST['csrf_token'] ?? $_SERVER['HTTP_X_CSRF_TOKEN'] ?? '';
 if (!CsrfMiddleware::validateToken($csrfToken)) {
-    require_once dirname(__DIR__) . '/models/AuditLogModel.php';
-    $auditLog = new AuditLogModel();
-    $auditLog->logCsrfFailure($_SESSION['user']['user_id'] ?? null, 'upload_attachment');
     ResponseHelper::forbidden('Invalid CSRF token');
 }