diff options
author | Dylan William Hardison <dylan@hardison.net> | 2017-12-16 20:17:05 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2017-12-16 20:17:05 +0100 |
commit | 334bead74bc9c5e819f14946726eaad40986d636 (patch) | |
tree | e7ecf8d4eba2e6a046da8a9dc8828f35b75c7428 /template/en/default/setup | |
parent | 49e0df0d4e1b2f25be4ab36660dac5e47768c9a1 (diff) | |
download | bugzilla-334bead74bc9c5e819f14946726eaad40986d636.tar.gz bugzilla-334bead74bc9c5e819f14946726eaad40986d636.tar.xz |
Bug 1403777 - Migrate urlbase from params to localconfig
Diffstat (limited to 'template/en/default/setup')
-rw-r--r-- | template/en/default/setup/strings.txt.pl | 23 |
1 files changed, 22 insertions, 1 deletions
diff --git a/template/en/default/setup/strings.txt.pl b/template/en/default/setup/strings.txt.pl index 9a8e3b9d1..35a771ff3 100644 --- a/template/en/default/setup/strings.txt.pl +++ b/template/en/default/setup/strings.txt.pl @@ -106,6 +106,24 @@ END The following variables are no longer used in ##localconfig##, and have been moved to ##old_file##: ##vars## END + localconfig_attachment_base => <<'END', +When the runtime allow_attachment_display parameter is on, it is +possible for a malicious attachment to steal your cookies or +perform an attack using your credentials. + +If you would like additional security on attachments to avoid +this, set this parameter to an alternate URL for your $terms.Bugzilla +that is not the same as urlbase. +That is, a different domain name that resolves to this exact +same installation. + +For added security, you can insert %bugid% into the URL, +which will be replaced with the ID of the current bug that +the attachment is on, when you access an attachment. This will limit +attachments to accessing only other attachments on the same +bug. Remember, though, that all those possible domain names + must point to this same instance. +END localconfig_create_htaccess => <<'END', If you are using Apache as your web server, Bugzilla can create .htaccess files for you, which will keep this file (localconfig) and other @@ -180,7 +198,7 @@ here. END localconfig_memcached_servers => <<'END', If this option is set, Bugzilla will integrate with Memcached. -Specify one or more servers, separated by spaces, using hostname:port +Specify one or more servers, separated by spaces, using hostname:port notation (for example: 127.0.0.1:11211). END localconfig_memcached_namespace => <<'END', @@ -198,6 +216,9 @@ This hash is used by BMO to override select data/params values on a per-webhead basis. Keys set to undef will default to the value in data/params. Only the keys listed below can be overridden. END + localconfig_urlbase => <<'END', +The URL that is the common initial leading part of all URLs. +END localconfig_use_suexec => <<'END', Set this to 1 if Bugzilla runs in an Apache SuexecUserGroup environment. |