summaryrefslogtreecommitdiffstats
path: root/template
diff options
context:
space:
mode:
Diffstat (limited to 'template')
-rw-r--r--template/en/default/attachment/edit.html.tmpl27
1 files changed, 22 insertions, 5 deletions
diff --git a/template/en/default/attachment/edit.html.tmpl b/template/en/default/attachment/edit.html.tmpl
index d1861a7d3..b9e2497fd 100644
--- a/template/en/default/attachment/edit.html.tmpl
+++ b/template/en/default/attachment/edit.html.tmpl
@@ -172,7 +172,7 @@
</b></p>
</div>
[% ELSIF attachment.is_viewable %]
- <div >
+ <div>
[% INCLUDE global/textarea.html.tmpl
id = 'editFrame'
name = 'comment'
@@ -183,10 +183,27 @@
defaultcontent = (attachment.contenttype.match('^text\/')) ?
attachment.data.replace('(.*\n|.+)', '>$1') : undef
%]
- <iframe id="viewFrame" src="attachment.cgi?id=[% attachment.id %]">
- <b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
- <a href="attachment.cgi?id=[% attachment.id %]">View the attachment on a separate page</a>.</b>
- </iframe>
+ [%# The regexp is stolen from quoteUrls(), see Template.pm %]
+ [% safe_protocols = constants.SAFE_PROTOCOLS.join('|') %]
+ [% IF attachment.contenttype == 'text/plain'
+ && attachment.data.match("^($safe_protocols):" _ '[^\s<>\"]+[\w\/]$') %]
+ <p>
+ <a href="[% attachment.data FILTER html %]">
+ [% IF attachment.datasize < 120 %]
+ [% attachment.data FILTER html %]
+ [% ELSE %]
+ [% attachment.data FILTER truncate(80) FILTER html %]
+ ...
+ [% attachment.data.match('.*(.{20})$').0 FILTER html %]
+ [% END %]
+ </a>
+ </p>
+ [% ELSE %]
+ <iframe id="viewFrame" src="attachment.cgi?id=[% attachment.id %]">
+ <b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
+ <a href="attachment.cgi?id=[% attachment.id %]">View the attachment on a separate page</a>.</b>
+ </iframe>
+ [% END %]
<script type="text/javascript">
<!--
var patchviewerinstalled = 0;