diff options
author | Dylan William Hardison <dylan@hardison.net> | 2017-12-16 20:17:05 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2017-12-16 20:17:05 +0100 |
commit | 334bead74bc9c5e819f14946726eaad40986d636 (patch) | |
tree | e7ecf8d4eba2e6a046da8a9dc8828f35b75c7428 /template/en/default/admin/params/attachment.html.tmpl | |
parent | 49e0df0d4e1b2f25be4ab36660dac5e47768c9a1 (diff) | |
download | bugzilla-334bead74bc9c5e819f14946726eaad40986d636.tar.gz bugzilla-334bead74bc9c5e819f14946726eaad40986d636.tar.xz |
Bug 1403777 - Migrate urlbase from params to localconfig
Diffstat (limited to 'template/en/default/admin/params/attachment.html.tmpl')
-rw-r--r-- | template/en/default/admin/params/attachment.html.tmpl | 22 |
1 files changed, 0 insertions, 22 deletions
diff --git a/template/en/default/admin/params/attachment.html.tmpl b/template/en/default/admin/params/attachment.html.tmpl index bdd20c676..0858a1044 100644 --- a/template/en/default/admin/params/attachment.html.tmpl +++ b/template/en/default/admin/params/attachment.html.tmpl @@ -35,28 +35,6 @@ _ "<p>It is highly recommended that you set the <tt>attachment_base</tt>" _ " parameter if you turn this parameter on.", - attachment_base => - "When the <tt>allow_attachment_display</tt> parameter is on, it is " - _ " possible for a malicious attachment to steal your cookies or" - _ " perform an attack on $terms.Bugzilla using your credentials." - _ "<p>If you would like additional security on attachments to avoid" - _ " this, set this parameter to an alternate URL for your $terms.Bugzilla" - _ " that is not the same as <tt>urlbase</tt> or <tt>sslbase</tt>." - _ " That is, a different domain name that resolves to this exact" - _ " same $terms.Bugzilla installation.</p>" - _ "<p>Note that if you have set the" - _ " <a href=\"editparams.cgi?section=advanced#cookiedomain_desc\"><tt>cookiedomain</tt>" - _" parameter</a>, you should set <tt>attachment_base</tt> to use a" - _ " domain that would <em>not</em> be matched by" - _ " <tt>cookiedomain</tt>.</p>" - _ "<p>For added security, you can insert <tt>%bugid%</tt> into the URL," - _ " which will be replaced with the ID of the current $terms.bug that" - _ " the attachment is on, when you access an attachment. This will limit" - _ " attachments to accessing only other attachments on the same" - _ " ${terms.bug}. Remember, though, that all those possible domain names " - _ " (such as <tt>1234.your.domain.com</tt>) must point to this same" - _ " $terms.Bugzilla instance.", - allow_attachment_deletion => "If this option is on, administrators will be able to delete " _ "the content of attachments.", |