diff --git a/lib/moodlelib.php b/lib/moodlelib.php
index ed054b0..fc3664d 100644
--- a/lib/moodlelib.php
+++ b/lib/moodlelib.php
@@ -5103,13 +5103,20 @@ function email_to_user($user, $from, $subject, $messagetext, $messagehtml='', $a
     }
 
     if ($attachment && $attachname) {
-        if (preg_match( "~\\.\\.~" ,$attachment )) {    // Security check for ".." in dir path
-            $temprecipients[] = array($supportuser->email, fullname($supportuser, true));
-            $mail->AddStringAttachment('Error in attachment.  User attempted to attach a filename with a unsafe name.', 'error.txt', '8bit', 'text/plain');
-        } else {
-            require_once($CFG->libdir.'/filelib.php');
-            $mimetype = mimeinfo('type', $attachname);
-            $mail->AddAttachment($CFG->dataroot .'/'. $attachment, $attachname, 'base64', $mimetype);
+        $attachment = is_string($attachment) ? array($attachment) : $attachment;
+        $attachname = is_string($attachname) ? array($attachname) : $attachname;
+
+        require_once($CFG->libdir.'/filelib.php');
+
+        foreach ($attachment as $index => $attach) {
+            if (preg_match( "~\\.\\.~" ,$attach) or !isset($attachname[$index])) {    // Security check for ".." in dir path
+                $temprecipients[] = array($supportuser->email, fullname($supportuser, true));
+                $mail->AddStringAttachment('Error in attachment.  User attempted to attach a filename with a unsafe name.', 'error.txt', '8bit', 'text/plain');
+            } else {
+                $filename = $attachname[$index];
+                $mimetype = mimeinfo('type', $filename);
+                $mail->AddAttachment($CFG->dataroot .'/'. $attach, $filename, 'base64', $mimetype);
+            }
         }
     }