diff options
| author | lpsolit%gmail.com <> | 2006-10-15 06:04:55 +0200 |
|---|---|---|
| committer | lpsolit%gmail.com <> | 2006-10-15 06:04:55 +0200 |
| commit | 79b572263ea0dfcc1638757057825c3e6a2ee38d (patch) | |
| tree | 2d373b78667d1af5e6ba588f28143229dbb2da77 /template/en/default/attachment/show-multiple.html.tmpl | |
| parent | b0ddda44bee03e94f04368dd68e8c0784de4a945 (diff) | |
| download | bugzilla-79b572263ea0dfcc1638757057825c3e6a2ee38d.tar.gz bugzilla-79b572263ea0dfcc1638757057825c3e6a2ee38d.tar.xz | |
Bug 346086: [SECURITY] attachment.cgi lets you view descriptions of private attachments even when you are not in the insidergroup - Patch by Frédéric Buclin <LpSolit@gmail.com> r=myk a=justdave
Diffstat (limited to 'template/en/default/attachment/show-multiple.html.tmpl')
| -rw-r--r-- | template/en/default/attachment/show-multiple.html.tmpl | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/template/en/default/attachment/show-multiple.html.tmpl b/template/en/default/attachment/show-multiple.html.tmpl index ca2690c6e..ad0dfbafd 100644 --- a/template/en/default/attachment/show-multiple.html.tmpl +++ b/template/en/default/attachment/show-multiple.html.tmpl @@ -41,7 +41,7 @@ <table class="attachment_info" cellspacing="0" cellpadding="4" border="1" width="75%"> <tr> <td valign="top" bgcolor="#cccccc" colspan="6"> - <big><b>Attachment #[% a.attachid %]</b></big> + <big><b>Attachment #[% a.id %]</b></big> </td> </tr> <tr> @@ -57,7 +57,7 @@ [% END %] </td> - <td valign="top">[% a.date FILTER time %]</td> + <td valign="top">[% a.attached FILTER time %]</td> <td valign="top">[% a.datasize FILTER unitconvert %]</td> <td valign="top"> @@ -76,20 +76,20 @@ </td> <td valign="top"> - <a href="attachment.cgi?id=[% a.attachid %]&action=edit">Details</a> + <a href="attachment.cgi?id=[% a.id %]&action=edit">Details</a> </td> </tr> </table> [% IF a.isviewable %] - <iframe src="attachment.cgi?id=[% a.attachid %]" width="75%" height="350"> + <iframe src="attachment.cgi?id=[% a.id %]" width="75%" height="350"> <b>You cannot view the attachment on this page because your browser does not support IFRAMEs. - <a href="attachment.cgi?id=[% a.attachid %]">View the attachment on a separate page</a>.</b> + <a href="attachment.cgi?id=[% a.id %]">View the attachment on a separate page</a>.</b> </iframe> [% ELSE %] <p><b> Attachment cannot be viewed because its MIME type is not text/*, image/*, or application/vnd.mozilla.*. - <a href="attachment.cgi?id=[% a.attachid %]">Download the attachment instead</a>. + <a href="attachment.cgi?id=[% a.id %]">Download the attachment instead</a>. </b></p> [% END %] </div> |