summaryrefslogtreecommitdiffstats
path: root/template/en/default
diff options
context:
space:
mode:
authorDylan William Hardison <dylan@hardison.net>2017-12-16 20:17:05 +0100
committerGitHub <noreply@github.com>2017-12-16 20:17:05 +0100
commit334bead74bc9c5e819f14946726eaad40986d636 (patch)
treee7ecf8d4eba2e6a046da8a9dc8828f35b75c7428 /template/en/default
parent49e0df0d4e1b2f25be4ab36660dac5e47768c9a1 (diff)
downloadbugzilla-334bead74bc9c5e819f14946726eaad40986d636.tar.gz
bugzilla-334bead74bc9c5e819f14946726eaad40986d636.tar.xz
Bug 1403777 - Migrate urlbase from params to localconfig
Diffstat (limited to 'template/en/default')
-rw-r--r--template/en/default/admin/params/advanced.html.tmpl13
-rw-r--r--template/en/default/admin/params/attachment.html.tmpl22
-rw-r--r--template/en/default/admin/params/core.html.tmpl48
-rw-r--r--template/en/default/global/header.html.tmpl1
-rw-r--r--template/en/default/robots.txt.tmpl2
-rw-r--r--template/en/default/setup/strings.txt.pl23
-rw-r--r--template/en/default/welcome-admin.html.tmpl8
7 files changed, 26 insertions, 91 deletions
diff --git a/template/en/default/admin/params/advanced.html.tmpl b/template/en/default/admin/params/advanced.html.tmpl
index a23c602ae..75885b3f4 100644
--- a/template/en/default/admin/params/advanced.html.tmpl
+++ b/template/en/default/admin/params/advanced.html.tmpl
@@ -19,7 +19,7 @@
# Frédéric Buclin <LpSolit@gmail.com>
#%]
-[%
+[%
title = "Advanced"
desc = "Settings for advanced configurations."
%]
@@ -29,7 +29,7 @@
<a href="https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security">Strict-Transport-Security</a>
header along with HTTP responses on SSL connections. This adds greater
security to your SSL connections by forcing the browser to always
- access your domain over SSL and never accept an invalid certificate.
+ access your domain over SSL and never accept an invalid certificate.
However, it should only be used if you have the <code>ssl_redirect</code>
parameter turned on, [% terms.Bugzilla %] is the only thing running
on its domain (i.e., your <code>urlbase</code> is something like
@@ -54,13 +54,6 @@
[% END %]
[% param_descs = {
- cookiedomain =>
- "If your website is at 'www.foo.com', setting this to"
- _ " '.foo.com' will also allow 'bar.foo.com' to access"
- _ " $terms.Bugzilla cookies. This is useful if you have more than"
- _ " one hostname pointing at the same web server, and you"
- _ " want them to share the $terms.Bugzilla cookie.",
-
inbound_proxies =>
"When inbound traffic to $terms.Bugzilla goes through a proxy,"
_ " $terms.Bugzilla thinks that the IP address of every single"
@@ -71,7 +64,7 @@
_ " If set to a *, $terms.Bugzilla will trust the first value in the "
_ " X-Forwarded-For header.",
- proxy_url =>
+ proxy_url =>
"$terms.Bugzilla may have to access the web to get notifications about"
_ " new releases (see the <tt>upgrade_notification</tt> parameter)."
_ " If your $terms.Bugzilla server is behind a proxy, it may be"
diff --git a/template/en/default/admin/params/attachment.html.tmpl b/template/en/default/admin/params/attachment.html.tmpl
index bdd20c676..0858a1044 100644
--- a/template/en/default/admin/params/attachment.html.tmpl
+++ b/template/en/default/admin/params/attachment.html.tmpl
@@ -35,28 +35,6 @@
_ "<p>It is highly recommended that you set the <tt>attachment_base</tt>"
_ " parameter if you turn this parameter on.",
- attachment_base =>
- "When the <tt>allow_attachment_display</tt> parameter is on, it is "
- _ " possible for a malicious attachment to steal your cookies or"
- _ " perform an attack on $terms.Bugzilla using your credentials."
- _ "<p>If you would like additional security on attachments to avoid"
- _ " this, set this parameter to an alternate URL for your $terms.Bugzilla"
- _ " that is not the same as <tt>urlbase</tt> or <tt>sslbase</tt>."
- _ " That is, a different domain name that resolves to this exact"
- _ " same $terms.Bugzilla installation.</p>"
- _ "<p>Note that if you have set the"
- _ " <a href=\"editparams.cgi?section=advanced#cookiedomain_desc\"><tt>cookiedomain</tt>"
- _" parameter</a>, you should set <tt>attachment_base</tt> to use a"
- _ " domain that would <em>not</em> be matched by"
- _ " <tt>cookiedomain</tt>.</p>"
- _ "<p>For added security, you can insert <tt>%bugid%</tt> into the URL,"
- _ " which will be replaced with the ID of the current $terms.bug that"
- _ " the attachment is on, when you access an attachment. This will limit"
- _ " attachments to accessing only other attachments on the same"
- _ " ${terms.bug}. Remember, though, that all those possible domain names "
- _ " (such as <tt>1234.your.domain.com</tt>) must point to this same"
- _ " $terms.Bugzilla instance.",
-
allow_attachment_deletion =>
"If this option is on, administrators will be able to delete " _
"the content of attachments.",
diff --git a/template/en/default/admin/params/core.html.tmpl b/template/en/default/admin/params/core.html.tmpl
deleted file mode 100644
index b1578f422..000000000
--- a/template/en/default/admin/params/core.html.tmpl
+++ /dev/null
@@ -1,48 +0,0 @@
-[%# The contents of this file are subject to the Mozilla Public
- # License Version 1.1 (the "License"); you may not use this file
- # except in compliance with the License. You may obtain a copy of
- # the License at http://www.mozilla.org/MPL/
- #
- # Software distributed under the License is distributed on an "AS
- # IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- # implied. See the License for the specific language governing
- # rights and limitations under the License.
- #
- # The Original Code is the Bugzilla Bug Tracking System.
- #
- # The Initial Developer of the Original Code is Netscape Communications
- # Corporation. Portions created by Netscape are
- # Copyright (C) 1998 Netscape Communications Corporation. All
- # Rights Reserved.
- #
- # Contributor(s): Dave Miller <justdave@bugzilla.org>
- # Frédéric Buclin <LpSolit@gmail.com>
- #%]
-
-[%
- title = "Required Settings"
- desc = "Settings that are required for proper operation of $terms.Bugzilla"
-%]
-
-[% param_descs = {
- urlbase => "The URL that is the common initial leading part of all $terms.Bugzilla " _
- "URLs.",
-
- sslbase => "The URL that is the common initial leading part of all HTTPS " _
- "(SSL) $terms.Bugzilla URLs.",
-
- ssl_redirect =>
- "When this is enabled, $terms.Bugzilla will ensure that every page is"
- _ " accessed over SSL, by redirecting any plain HTTP requests to HTTPS"
- _ " using the <tt>sslbase</tt> parameter. Also, when this is enabled,"
- _ " $terms.Bugzilla will send out links using <tt>sslbase</tt> in emails"
- _ " instead of <tt>urlbase</tt>.",
-
- cookiepath => "Path, relative to your web document root, to which to restrict " _
- "$terms.Bugzilla cookies. Normally this is the URI portion of your URL " _
- "base. Begin with a / (single slash mark). For instance, if " _
- "$terms.Bugzilla serves from 'http://www.somedomain.com/bugzilla/', set " _
- "this parameter to /bugzilla/. Setting it to / will allow " _
- "all sites served by this web server or virtual host to read " _
- "$terms.Bugzilla cookies.",
-} %]
diff --git a/template/en/default/global/header.html.tmpl b/template/en/default/global/header.html.tmpl
index a7aed895e..9baecbb53 100644
--- a/template/en/default/global/header.html.tmpl
+++ b/template/en/default/global/header.html.tmpl
@@ -96,7 +96,6 @@
<head>
[%- js_BUGZILLA = {
param => {
- cookiepath => Param('cookiepath'),
maxusermatches => Param('maxusermatches'),
},
constant => {
diff --git a/template/en/default/robots.txt.tmpl b/template/en/default/robots.txt.tmpl
index c4948efe5..7ef83c0f1 100644
--- a/template/en/default/robots.txt.tmpl
+++ b/template/en/default/robots.txt.tmpl
@@ -2,7 +2,7 @@ User-agent: *
Disallow: /
Crawl-delay: 30
-[% IF NOT urlbase.matches("bugzilla-dev") %]
+[% IF NOT Bugzilla.localconfig.urlbase.matches("bugzilla-dev") %]
Allow: /$
Allow: /index.cgi
diff --git a/template/en/default/setup/strings.txt.pl b/template/en/default/setup/strings.txt.pl
index 9a8e3b9d1..35a771ff3 100644
--- a/template/en/default/setup/strings.txt.pl
+++ b/template/en/default/setup/strings.txt.pl
@@ -106,6 +106,24 @@ END
The following variables are no longer used in ##localconfig##, and
have been moved to ##old_file##: ##vars##
END
+ localconfig_attachment_base => <<'END',
+When the runtime allow_attachment_display parameter is on, it is
+possible for a malicious attachment to steal your cookies or
+perform an attack using your credentials.
+
+If you would like additional security on attachments to avoid
+this, set this parameter to an alternate URL for your $terms.Bugzilla
+that is not the same as urlbase.
+That is, a different domain name that resolves to this exact
+same installation.
+
+For added security, you can insert %bugid% into the URL,
+which will be replaced with the ID of the current bug that
+the attachment is on, when you access an attachment. This will limit
+attachments to accessing only other attachments on the same
+bug. Remember, though, that all those possible domain names
+ must point to this same instance.
+END
localconfig_create_htaccess => <<'END',
If you are using Apache as your web server, Bugzilla can create .htaccess
files for you, which will keep this file (localconfig) and other
@@ -180,7 +198,7 @@ here.
END
localconfig_memcached_servers => <<'END',
If this option is set, Bugzilla will integrate with Memcached.
-Specify one or more servers, separated by spaces, using hostname:port
+Specify one or more servers, separated by spaces, using hostname:port
notation (for example: 127.0.0.1:11211).
END
localconfig_memcached_namespace => <<'END',
@@ -198,6 +216,9 @@ This hash is used by BMO to override select data/params values on a per-webhead
basis. Keys set to undef will default to the value in data/params.
Only the keys listed below can be overridden.
END
+ localconfig_urlbase => <<'END',
+The URL that is the common initial leading part of all URLs.
+END
localconfig_use_suexec => <<'END',
Set this to 1 if Bugzilla runs in an Apache SuexecUserGroup environment.
diff --git a/template/en/default/welcome-admin.html.tmpl b/template/en/default/welcome-admin.html.tmpl
index e37008fc7..11d70a6ea 100644
--- a/template/en/default/welcome-admin.html.tmpl
+++ b/template/en/default/welcome-admin.html.tmpl
@@ -40,14 +40,6 @@
parameters for this installation; among others:</p>
<ul>
- <li><a href="editparams.cgi?section=core#urlbase_desc">urlbase</a>, which is the URL
- pointing to this installation and which will be used in emails (which is also the
- reason you see this page: as long as this parameter is not set, you will see this
- page again and again).</li>
-
- <li><a href="editparams.cgi?section=core#cookiepath_desc">cookiepath</a> is important
- for your browser to manage your cookies correctly.</li>
-
<li><a href="editparams.cgi?section=general#maintainer_desc">maintainer</a>,
the person responsible for this installation if something is
running wrongly.</li>