diff --git a/includes/file.inc b/includes/file.inc
index 15d5b376f07502979dd80930a1b834d33746edd7..60d17689201290b8d860ade55007434251608572 100644
--- a/includes/file.inc
+++ b/includes/file.inc
@@ -565,27 +565,28 @@ function file_transfer($source, $headers) {
 
 /**
  * Call modules that implement hook_file_download() to find out if a file is
- * accessible for a given user. If a module returns an array of headers, the
- * download will start. If a module denies it, drupal_access_denied() will be
- * called. If no module responds then drupal_not_found() will be called.
+ * accessible and what headers it should be transferred with. If a module
+ * returns -1 drupal_access_denied() will be returned. If one or more modules
+ * returned headers the download will start with the returned headers. If no
+ * modules respond drupal_not_found() will be returned.
  */
+
 function file_download() {
-  $file = $_GET['file'];
-  if (file_exists(file_create_path($file))) {
-    $list = module_list();
-    foreach ($list as $module) {
-      $headers = module_invoke($module, 'file_download', $file);
-      if (is_array($headers)) {
-        file_transfer($file, $headers);
-      }
-      elseif ($headers == -1) {
-        drupal_access_denied();
-      }
+  $filepath = $_GET['file'];
+
+  if (file_exists(file_create_path($filepath))) {
+    $headers = module_invoke_all('file_download', $filepath);
+    if (in_array(-1, $headers)) {
+        return drupal_access_denied();
+    }
+    if (count($headers)) {
+        file_transfer($filepath, $headers);
     }
   }
-  drupal_not_found();
+  return drupal_not_found();
 }
 
+
 /**
  * Finds all files that match a given mask in a given
  * directory.
diff --git a/modules/upload.module b/modules/upload.module
index 5961add2354b0ae9c44400ba5a1ec3f72d3f934e..6e481657a06d6335e6a1b3b90dacd3cee7c95dc6 100644
--- a/modules/upload.module
+++ b/modules/upload.module
@@ -143,8 +143,14 @@ function upload_file_download($file) {
                      'Content-Length: '. $file->filesize,
                      'Content-Disposition: '. $disposition .'; filename='. $name);
       }
+      else {
+        return -1;
+      }
     }
   }
+  else {
+    return -1;
+  }
 }
 
 function upload_form_alter($form_id, &$form) {
diff --git a/modules/upload/upload.module b/modules/upload/upload.module
index 5961add2354b0ae9c44400ba5a1ec3f72d3f934e..6e481657a06d6335e6a1b3b90dacd3cee7c95dc6 100644
--- a/modules/upload/upload.module
+++ b/modules/upload/upload.module
@@ -143,8 +143,14 @@ function upload_file_download($file) {
                      'Content-Length: '. $file->filesize,
                      'Content-Disposition: '. $disposition .'; filename='. $name);
       }
+      else {
+        return -1;
+      }
     }
   }
+  else {
+    return -1;
+  }
 }
 
 function upload_form_alter($form_id, &$form) {