From 9c49307f5c2f5a67ab5b3b1270cc83b30efa8637 Mon Sep 17 00:00:00 2001
From: "lpsolit%gmail.com" <>
Date: Mon, 2 Feb 2009 19:10:32 +0000
Subject: Bug 472206: [SECURITY] Bugzilla should optionally not allow the user
 to view possibly harmful attachments - Patch by Frédéric Buclin
 <LpSolit@gmail.com> r=mkanat r=justdave a=LpSolit
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 template/en/default/attachment/edit.html.tmpl | 11 +++++++++++
 1 file changed, 11 insertions(+)

(limited to 'template/en/default/attachment/edit.html.tmpl')

diff --git a/template/en/default/attachment/edit.html.tmpl b/template/en/default/attachment/edit.html.tmpl
index 48137e76a..10c615323 100644
--- a/template/en/default/attachment/edit.html.tmpl
+++ b/template/en/default/attachment/edit.html.tmpl
@@ -270,6 +270,17 @@
             [% END %]
           </a>
         </td>
+      [% ELSIF !Param("allow_attachment_display") %]
+        <td id="view_disabled" width="50%">
+          <p><b>
+            The attachment is not viewable in your browser due to security
+            restrictions enabled by [% terms.Bugzilla %].
+          </b></p>
+          <p><b>
+            In order to view the attachment, you first have to
+            <a href="attachment.cgi?id=[% attachment.id %]">download it</a>.
+          </b></p>
+        </td>
       [% ELSIF attachment.is_viewable %]
         <td width="75%">
           [% INCLUDE global/textarea.html.tmpl
-- 
cgit v1.2.3-24-g4f1b