summaryrefslogtreecommitdiffstats
path: root/template/en/default/setup
diff options
context:
space:
mode:
authorDylan William Hardison <dylan@hardison.net>2017-12-16 20:17:05 +0100
committerGitHub <noreply@github.com>2017-12-16 20:17:05 +0100
commit334bead74bc9c5e819f14946726eaad40986d636 (patch)
treee7ecf8d4eba2e6a046da8a9dc8828f35b75c7428 /template/en/default/setup
parent49e0df0d4e1b2f25be4ab36660dac5e47768c9a1 (diff)
downloadbugzilla-334bead74bc9c5e819f14946726eaad40986d636.tar.gz
bugzilla-334bead74bc9c5e819f14946726eaad40986d636.tar.xz
Bug 1403777 - Migrate urlbase from params to localconfig
Diffstat (limited to 'template/en/default/setup')
-rw-r--r--template/en/default/setup/strings.txt.pl23
1 files changed, 22 insertions, 1 deletions
diff --git a/template/en/default/setup/strings.txt.pl b/template/en/default/setup/strings.txt.pl
index 9a8e3b9d1..35a771ff3 100644
--- a/template/en/default/setup/strings.txt.pl
+++ b/template/en/default/setup/strings.txt.pl
@@ -106,6 +106,24 @@ END
The following variables are no longer used in ##localconfig##, and
have been moved to ##old_file##: ##vars##
END
+ localconfig_attachment_base => <<'END',
+When the runtime allow_attachment_display parameter is on, it is
+possible for a malicious attachment to steal your cookies or
+perform an attack using your credentials.
+
+If you would like additional security on attachments to avoid
+this, set this parameter to an alternate URL for your $terms.Bugzilla
+that is not the same as urlbase.
+That is, a different domain name that resolves to this exact
+same installation.
+
+For added security, you can insert %bugid% into the URL,
+which will be replaced with the ID of the current bug that
+the attachment is on, when you access an attachment. This will limit
+attachments to accessing only other attachments on the same
+bug. Remember, though, that all those possible domain names
+ must point to this same instance.
+END
localconfig_create_htaccess => <<'END',
If you are using Apache as your web server, Bugzilla can create .htaccess
files for you, which will keep this file (localconfig) and other
@@ -180,7 +198,7 @@ here.
END
localconfig_memcached_servers => <<'END',
If this option is set, Bugzilla will integrate with Memcached.
-Specify one or more servers, separated by spaces, using hostname:port
+Specify one or more servers, separated by spaces, using hostname:port
notation (for example: 127.0.0.1:11211).
END
localconfig_memcached_namespace => <<'END',
@@ -198,6 +216,9 @@ This hash is used by BMO to override select data/params values on a per-webhead
basis. Keys set to undef will default to the value in data/params.
Only the keys listed below can be overridden.
END
+ localconfig_urlbase => <<'END',
+The URL that is the common initial leading part of all URLs.
+END
localconfig_use_suexec => <<'END',
Set this to 1 if Bugzilla runs in an Apache SuexecUserGroup environment.