--- wp-app.php    (revision 11705)
+++ wp-app.php    (working copy)
@@ -785,15 +785,20 @@
         if(!isset($location) || 'attachment' != $entry['post_type'] || empty($filetype['ext']))
             $this->internal_error(__('Error ocurred while accessing post metadata for file location.'));
 
-        status_header('200');
-        header('Content-Type: ' . $entry['post_mime_type']);
-        header('Connection: close');
+        $location = get_option ('upload_path') . '/' . $location;
+        if ($fp = fopen($location, "rb")) {
+            status_header('200');
+            header('Content-Type: ' . $entry['post_mime_type']);
+            header('Connection: close');
 
-        $fp = fopen($location, "rb");
-        while(!feof($fp)) {
-            echo fread($fp, 4096);
-        }
-        fclose($fp);
+            while(!feof($fp)) {
+                echo fread($fp, 4096);
+            }
+            fclose($fp);
+        }
+        else {
+            status_header ('404');
+        }
 
         log_app('function',"get_file($postID)");
         exit;