From 401fb65f2e6f9031cedf47fb6d951236b5c624d3 Mon Sep 17 00:00:00 2001 From: "lpsolit%gmail.com" <> Date: Fri, 23 Oct 2009 21:32:06 +0000 Subject: Bug 365267: attachment.cgi should not be editable when the user is not logged in - Patch by Frédéric Buclin r=pyrzak a=LpSolit MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- template/en/default/attachment/edit.html.tmpl | 164 +++++++++++++++++--------- 1 file changed, 109 insertions(+), 55 deletions(-) (limited to 'template/en/default/attachment/edit.html.tmpl') diff --git a/template/en/default/attachment/edit.html.tmpl b/template/en/default/attachment/edit.html.tmpl index bbdf24866..823131d64 100644 --- a/template/en/default/attachment/edit.html.tmpl +++ b/template/en/default/attachment/edit.html.tmpl @@ -36,11 +36,14 @@ header = header subheader = subheader doc_section = "attachments.html" - javascript_urls = ['js/attachment.js']; + javascript_urls = ['js/attachment.js'] + style_urls = ['skins/standard/create_attachment.css'] %] [%# No need to display the Diff button and iframe if the attachment is not a patch. %] [% use_patchviewer = (feature_enabled('patch_viewer') && attachment.ispatch) %] +[% can_edit = attachment.validate_can_edit %] +[% editable_or_hide = can_edit ? "" : " bz_hidden_option" %]
@@ -54,17 +57,22 @@ - @@ -210,11 +254,24 @@

[% END %] - -
- - :
+ 		+
+ [% INCLUDE global/textarea.html.tmpl id = 'description' name = 'description' minrows = 3 cols = 25 wrap = 'soft' + classes = 'block' _ editable_or_hide defaultcontent = attachment.description - %]
+ %] + [% IF !can_edit %] + [%+ attachment.description FILTER wrap_comment(25) FILTER html %] + [% END %] +
[% IF attachment.isurl %] [% ELSE %] - :
-
- Size: - [% IF attachment.datasize %] - [%+ attachment.datasize FILTER unitconvert %] - [% ELSE %] - deleted - [% END %]
+
+ + + [% IF !can_edit %] + [%+ attachment.filename FILTER truncate(25) FILTER html %] + [% END %] +
- :
- + +
+ value="[% attachment.contenttype FILTER html %]"> + [% IF !can_edit %] + [%+ attachment.contenttype FILTER truncate(25) FILTER html %] + [% END %] + - - +
+ Size: + [% IF attachment.datasize %] + [%+ attachment.datasize FILTER unitconvert %] + [% ELSE %] + deleted + [% END %] +
+ +
+ Creator: + [%+ INCLUDE global/user.html.tmpl who = attachment.attacher %] +
+ +
+ + [% IF can_edit %] + + [% ELSE %] + Is Patch: + [%+ attachment.ispatch ? "yes" : "no" %] + [% END %] +
[% END %] + +
- - [% IF user.is_insider %] -
- - + [% IF can_edit %] + + [% ELSE %] + Is Obsolete: + [%+ attachment.isobsolete ? "yes" : "no" %] [% END %] -
- +
+ + [% IF user.is_insider %] +
+ + [% IF can_edit %] + + [% ELSE %] + Is Private: + [%+ attachment.isprivate ? "yes" : "no" %] + [% END %] +
+ [% END %] [% IF attachment.flag_types.size > 0 %] - [% PROCESS "flag/list.html.tmpl" bug_id = attachment.bug_id - attach_id = attachment.id - flag_types = attachment.flag_types - %]
+
+ [% PROCESS "flag/list.html.tmpl" bug_id = attachment.bug_id + attach_id = attachment.id + flag_types = attachment.flag_types + %] +
[% END %] -
- (on the - [%+ terms.bug %]):
+ [% IF user.id %] +
+ [% INCLUDE global/textarea.html.tmpl id = 'comment' name = 'comment' minrows = 5 cols = 25 wrap = 'soft' - %]
-
+ classes = 'block' + %] +
-

- Actions: - View - [% IF use_patchviewer %] - | Diff - [% END %] - [% IF Param("allow_attachment_deletion") - && user.in_group('admin') - && attachment.datasize > 0 %] - | Delete +

[% END %]
+
+ +
+ Actions: + View + [% IF use_patchviewer %] + | Diff + [% END %] + [% IF Param("allow_attachment_deletion") + && user.in_group('admin') + && attachment.datasize > 0 %] + | Delete + [% END %] +
+
Attachments on [% "$terms.bug ${attachment.bug_id}" FILTER bug_link(attachment.bug_id) FILTER none %]: [% FOREACH a = attachments %] [% IF a == attachment.id %] @@ -224,9 +281,6 @@ [% END %] [% " |" UNLESS loop.last() %] [% END %] - - - -
+
[% PROCESS global/footer.html.tmpl %] -- cgit v1.2.3-24-g4f1b