diff --git a/CHANGELOG b/CHANGELOG
index eae8eb795..d0464ee53 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -6,7 +6,7 @@ Version 1.1.12 work in progress
 - Bug #1072: Fixed the problem with getTableAlias() in defaultScope() (creocoder)
 - Bug #1076: CJavaScript::encode() was not compatible with PHP 5.1 (samdark)
 - Bug #1077: Fixed the problem with alias in CSort (creocoder)
-- Bug #1083: CFileValidator now always sets field value to null when allowEmpty is true and no file was uploaded (samdark)
+- Bug #1083: CFileValidator is now unsafe by default. This will prevent setting attribute when allowEmpty is true and no file was uploaded (samdark)
 - Bug #1087: Reverted changes to CCookieCollection::add() introduced in 1.1.11 as they were triggering E_STRICT on some old PHP-versions(suralc)
 - Bug #1094: CGridView with enabled history used to clear page title in case sorting or paging performed (Opera and Firefox only) (resurtm)
 - Enh #636: CManyManyRelation now parses foreign key for the junction table data internally, and provide public interface to access it (klimov-paul)
diff --git a/framework/validators/CFileValidator.php b/framework/validators/CFileValidator.php
index c766e3a56..6f033e1a4 100644
--- a/framework/validators/CFileValidator.php
+++ b/framework/validators/CFileValidator.php
@@ -130,6 +130,12 @@ class CFileValidator extends CValidator
 	 * limit.
 	 */
 	public $tooMany;
+	/**
+	 * @var boolean whether attributes listed with this validator should be considered safe for massive assignment.
+	 * For this validator it defaults to false.
+	 * @since 1.1.12
+	 */
+	public $safe=false;
 
 	/**
 	 * Set the attribute and then validates using {@link validateFile}.
@@ -244,7 +250,6 @@ class CFileValidator extends CValidator
 	 */
 	protected function emptyAttribute($object, $attribute)
 	{
-		unset($object->{$attribute});
 		if(!$this->allowEmpty)
 		{
 			$message=$this->message!==null?$this->message : Yii::t('yii','{attribute} cannot be blank.');