diff options
| -rw-r--r-- | Bugzilla/Constants.pm | 2 | ||||
| -rw-r--r-- | docs/en/xml/Bugzilla-Guide.xml | 6 | ||||
| -rw-r--r-- | skins/standard/attachment.css | 5 | ||||
| -rw-r--r-- | template/en/default/attachment/show-multiple.html.tmpl | 20 |
4 files changed, 25 insertions, 8 deletions
diff --git a/Bugzilla/Constants.pm b/Bugzilla/Constants.pm index 5f5489aea..d50c8c83c 100644 --- a/Bugzilla/Constants.pm +++ b/Bugzilla/Constants.pm @@ -202,7 +202,7 @@ use Memoize; # CONSTANTS # # Bugzilla version -use constant BUGZILLA_VERSION => "4.2rc1+"; +use constant BUGZILLA_VERSION => "4.2rc2+"; # Location of the remote and local XML files to track new releases. use constant REMOTE_FILE => 'http://updates.bugzilla.org/bugzilla-update.xml'; diff --git a/docs/en/xml/Bugzilla-Guide.xml b/docs/en/xml/Bugzilla-Guide.xml index 8ac3389f7..741a09c2f 100644 --- a/docs/en/xml/Bugzilla-Guide.xml +++ b/docs/en/xml/Bugzilla-Guide.xml @@ -32,10 +32,10 @@ For a devel release, simple bump bz-ver and bz-date --> -<!ENTITY bz-ver "4.2rc1"> +<!ENTITY bz-ver "4.2rc2"> <!ENTITY bz-nextver "4.2"> -<!ENTITY bz-date "2011-12-28"> -<!ENTITY current-year "2011"> +<!ENTITY bz-date "2012-01-31"> +<!ENTITY current-year "2012"> <!ENTITY landfillbase "http://landfill.bugzilla.org/bugzilla-tip/"> <!ENTITY bz "http://www.bugzilla.org/"> diff --git a/skins/standard/attachment.css b/skins/standard/attachment.css index 287160331..55e62f2b0 100644 --- a/skins/standard/attachment.css +++ b/skins/standard/attachment.css @@ -221,6 +221,11 @@ div#update_container { margin-left: 2%; } +.viewall_frame { + width: 75%; + height: 350px; +} + .details span.bz_private{ border-left: 1px solid darkred; padding-left: 0.5em; diff --git a/template/en/default/attachment/show-multiple.html.tmpl b/template/en/default/attachment/show-multiple.html.tmpl index e238e5f49..91768c0d3 100644 --- a/template/en/default/attachment/show-multiple.html.tmpl +++ b/template/en/default/attachment/show-multiple.html.tmpl @@ -88,10 +88,22 @@ </table> [% IF a.is_viewable %] - <iframe src="attachment.cgi?id=[% a.id %]" width="75%" height="350"> - <b>You cannot view the attachment on this page because your browser does not support IFRAMEs. - <a href="attachment.cgi?id=[% a.id %]">View the attachment on a separate page</a>.</b> - </iframe> + [% IF a.contenttype == "text/html" %] + [%# For security reasons (clickjacking, embedded scripts), we never + # render HTML pages from here. The source code is displayed instead. %] + [% INCLUDE global/textarea.html.tmpl + minrows = 10 + cols = 80 + defaultcontent = a.data + readonly = 'readonly' + classes = 'viewall_frame' + %] + [% ELSE %] + <iframe src="attachment.cgi?id=[% a.id %]" class="viewall_frame"> + <b>You cannot view the attachment on this page because your browser does not support IFRAMEs. + <a href="attachment.cgi?id=[% a.id %]">View the attachment on a separate page</a>.</b> + </iframe> + [% END %] [% ELSE %] <p><b> Attachment cannot be viewed because its MIME type is not text/*, image/*, or application/vnd.mozilla.*. |