diff options
Diffstat (limited to 'template/en')
| -rw-r--r-- | template/en/default/admin/params/attachment.html.tmpl | 18 | ||||
| -rw-r--r-- | template/en/default/attachment/edit.html.tmpl | 35 |
2 files changed, 23 insertions, 30 deletions
diff --git a/template/en/default/admin/params/attachment.html.tmpl b/template/en/default/admin/params/attachment.html.tmpl index ef3363bbb..7c0b52472 100644 --- a/template/en/default/admin/params/attachment.html.tmpl +++ b/template/en/default/admin/params/attachment.html.tmpl @@ -24,6 +24,24 @@ %] [% param_descs = { + attachment_base => "It is possible for a malicious attachment to steal your " _ + "cookies or access other attachments to perform an attack " _ + "on the user.<p>" _ + "If you would like additional security on attachments " _ + "to avoid this, set this parameter to an alternate URL " _ + "for your $terms.Bugzilla that is not the same as " _ + "<tt>urlbase</tt> or <tt>sslbase</tt>. That is, a different " _ + "domain name that resolves to this exact same $terms.Bugzilla " _ + "installation.<p>" _ + "For added security, you can insert <tt>%bugid%</tt> into " _ + "the URL, which will be replaced with the ID of the current " _ + "$terms.bug that the attachment is on, when you access " _ + "an attachment. This will limit attachments to accessing " _ + "only other attachments on the same ${terms.bug}. " _ + "Remember, though, that all those possible domain names " _ + "(such as <tt>1234.your.domain.com</tt>) must point to " _ + "this same $terms.Bugzilla instance." + allow_attachment_deletion => "If this option is on, administrators will be able to delete " _ "the content of attachments.", diff --git a/template/en/default/attachment/edit.html.tmpl b/template/en/default/attachment/edit.html.tmpl index 2550d4f46..48137e76a 100644 --- a/template/en/default/attachment/edit.html.tmpl +++ b/template/en/default/attachment/edit.html.tmpl @@ -39,6 +39,9 @@ doc_section = "attachments.html" %] +[%# No need to display the Diff button and iframe if the attachment is not a patch. %] +[% patchviewerinstalled = (patchviewerinstalled && attachment.ispatch) %] + <script type="text/javascript"> <!-- var prev_mode = 'raw'; @@ -47,37 +50,7 @@ var has_viewed_as_diff = 0; function editAsComment() { - // Get the content of the document as a string. - var viewFrame = document.getElementById('viewFrame'); - var aSerializer = new XMLSerializer(); - var contentDocument = viewFrame.contentDocument; - var theContent = aSerializer.serializeToString(contentDocument); - - // If this is a plaintext document, remove cruft that Mozilla adds - // because it treats it as an HTML document with a big PRE section. - // http://bugzilla.mozilla.org/show_bug.cgi?id=86012 - var contentType = '[% attachment.contenttype FILTER js %]'; - if ( contentType == 'text/plain' ) - { - theContent = theContent.replace( /^<html><head\/?><body><pre>/i , "" ); - theContent = theContent.replace( /<\/pre><\/body><\/html>$/i , "" ); - theContent = theContent.replace( /</gi , "<" ); - theContent = theContent.replace( />/gi , ">" ); - theContent = theContent.replace( /&/gi , "&" ); - } - - // Add mail-style quote indicators (>) to the beginning of each line. - // ".*\n" matches lines that end with a newline, while ".+" matches - // the rare situation in which the last line of a file does not end - // with a newline. - theContent = theContent.replace( /(.*\n|.+)/g , ">$1" ); - switchToMode('edit'); - - // Copy the contents of the diff into the textarea - var editFrame = document.getElementById('editFrame'); - editFrame.value = theContent + "\n\n"; - has_edited = 1; } function undoEditAsComment() @@ -306,6 +279,8 @@ minrows = 10 cols = 80 wrap = 'soft' + defaultcontent = (attachment.contenttype.match('^text\/')) ? + attachment.data.replace('(.*\n|.+)', '>$1') : undef %] <iframe id="viewFrame" src="attachment.cgi?id=[% attachment.id %]" style="height: 400px; width: 100%;"> <b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. |