diff options
author | lpsolit%gmail.com <> | 2009-02-02 19:21:33 +0100 |
---|---|---|
committer | lpsolit%gmail.com <> | 2009-02-02 19:21:33 +0100 |
commit | 8d70890dc0b7c24b25a344808ac4e63e6a5dd74e (patch) | |
tree | cc80d283ac39c08f00620b66a6fc991c5c3ad857 /template/en/default/attachment | |
parent | b23648ca247167be26f1b51bd592b29309ebbc63 (diff) | |
download | bugzilla-8d70890dc0b7c24b25a344808ac4e63e6a5dd74e.tar.gz bugzilla-8d70890dc0b7c24b25a344808ac4e63e6a5dd74e.tar.xz |
Bug 38862: [SECURITY] attachments should be at a different hostname - Patch by Byron Jones <bugzilla@glob.com.au> and Frédéric Buclin <LpSolit@gmail.com> r=mkanat a=LpSolit
Diffstat (limited to 'template/en/default/attachment')
-rw-r--r-- | template/en/default/attachment/edit.html.tmpl | 35 |
1 files changed, 5 insertions, 30 deletions
diff --git a/template/en/default/attachment/edit.html.tmpl b/template/en/default/attachment/edit.html.tmpl index 2550d4f46..48137e76a 100644 --- a/template/en/default/attachment/edit.html.tmpl +++ b/template/en/default/attachment/edit.html.tmpl @@ -39,6 +39,9 @@ doc_section = "attachments.html" %] +[%# No need to display the Diff button and iframe if the attachment is not a patch. %] +[% patchviewerinstalled = (patchviewerinstalled && attachment.ispatch) %] + <script type="text/javascript"> <!-- var prev_mode = 'raw'; @@ -47,37 +50,7 @@ var has_viewed_as_diff = 0; function editAsComment() { - // Get the content of the document as a string. - var viewFrame = document.getElementById('viewFrame'); - var aSerializer = new XMLSerializer(); - var contentDocument = viewFrame.contentDocument; - var theContent = aSerializer.serializeToString(contentDocument); - - // If this is a plaintext document, remove cruft that Mozilla adds - // because it treats it as an HTML document with a big PRE section. - // http://bugzilla.mozilla.org/show_bug.cgi?id=86012 - var contentType = '[% attachment.contenttype FILTER js %]'; - if ( contentType == 'text/plain' ) - { - theContent = theContent.replace( /^<html><head\/?><body><pre>/i , "" ); - theContent = theContent.replace( /<\/pre><\/body><\/html>$/i , "" ); - theContent = theContent.replace( /</gi , "<" ); - theContent = theContent.replace( />/gi , ">" ); - theContent = theContent.replace( /&/gi , "&" ); - } - - // Add mail-style quote indicators (>) to the beginning of each line. - // ".*\n" matches lines that end with a newline, while ".+" matches - // the rare situation in which the last line of a file does not end - // with a newline. - theContent = theContent.replace( /(.*\n|.+)/g , ">$1" ); - switchToMode('edit'); - - // Copy the contents of the diff into the textarea - var editFrame = document.getElementById('editFrame'); - editFrame.value = theContent + "\n\n"; - has_edited = 1; } function undoEditAsComment() @@ -306,6 +279,8 @@ minrows = 10 cols = 80 wrap = 'soft' + defaultcontent = (attachment.contenttype.match('^text\/')) ? + attachment.data.replace('(.*\n|.+)', '>$1') : undef %] <iframe id="viewFrame" src="attachment.cgi?id=[% attachment.id %]" style="height: 400px; width: 100%;"> <b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. |