diff options
author | Frédéric Buclin <LpSolit@gmail.com> | 2015-05-14 15:05:09 +0200 |
---|---|---|
committer | Frédéric Buclin <LpSolit@gmail.com> | 2015-05-14 15:05:09 +0200 |
commit | bd4bfe35ac0c3c7808bedf99a9f6c68b16ec215b (patch) | |
tree | d888a5f6593fb0e6b32515a064b37b6b59ced0ff | |
parent | 8ff02d6ac19a2a0bc99e2d5c5a0d0cb101c52f45 (diff) | |
download | bugzilla-bd4bfe35ac0c3c7808bedf99a9f6c68b16ec215b.tar.gz bugzilla-bd4bfe35ac0c3c7808bedf99a9f6c68b16ec215b.tar.xz |
Bug 1160809: Validate the MIME type before uploading attachments
r=dkl a=glob
-rw-r--r-- | template/en/default/attachment/createformcontents.html.tmpl | 3 | ||||
-rw-r--r-- | template/en/default/attachment/edit.html.tmpl | 7 |
2 files changed, 8 insertions, 2 deletions
diff --git a/template/en/default/attachment/createformcontents.html.tmpl b/template/en/default/attachment/createformcontents.html.tmpl index 48e4f4af0..293fc3d92 100644 --- a/template/en/default/attachment/createformcontents.html.tmpl +++ b/template/en/default/attachment/createformcontents.html.tmpl @@ -68,6 +68,9 @@ <label for="manual">enter manually</label>: <input type="text" name="contenttypeentry" id="contenttypeentry" size="30" maxlength="200" + pattern="([% constants.LEGAL_CONTENT_TYPES.join('|') FILTER html %])/.+" + title="The content type must be of the form 'type/subtype', where 'type' + is one of: [% constants.LEGAL_CONTENT_TYPES.join(', ') FILTER html %]" onchange="if (this.value) this.form.contenttypemethod[2].checked = true;"> </td> </tr> diff --git a/template/en/default/attachment/edit.html.tmpl b/template/en/default/attachment/edit.html.tmpl index b6f612f3f..092f3e76a 100644 --- a/template/en/default/attachment/edit.html.tmpl +++ b/template/en/default/attachment/edit.html.tmpl @@ -94,9 +94,12 @@ <label for="contenttypeentry">MIME Type:</label> <input type="text" size="20" class="text block[% editable_or_hide %]" id="contenttypeentry" name="contenttypeentry" - value="[% attachment.contenttype FILTER html %]"> + pattern="([% constants.LEGAL_CONTENT_TYPES.join('|') FILTER html %])/.+" + title="The content type must be of the form 'type/subtype', where 'type' + is one of: [% constants.LEGAL_CONTENT_TYPES.join(', ') FILTER html %]" + value="[% attachment.contenttype FILTER html %]"> </div> - + <div id="attachment_creator"> <span class="label">Creator:</span> [%+ INCLUDE global/user.html.tmpl who = attachment.attacher %] |