From 9c49307f5c2f5a67ab5b3b1270cc83b30efa8637 Mon Sep 17 00:00:00 2001
From: "lpsolit%gmail.com" <>
Date: Mon, 2 Feb 2009 19:10:32 +0000
Subject: Bug 472206: [SECURITY] Bugzilla should optionally not allow the user
 to view possibly harmful attachments - Patch by Frédéric Buclin
 <LpSolit@gmail.com> r=mkanat r=justdave a=LpSolit
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 template/en/default/attachment/list.html.tmpl | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

(limited to 'template/en/default/attachment/list.html.tmpl')

diff --git a/template/en/default/attachment/list.html.tmpl b/template/en/default/attachment/list.html.tmpl
index c93ea5808..08c575dbf 100644
--- a/template/en/default/attachment/list.html.tmpl
+++ b/template/en/default/attachment/list.html.tmpl
@@ -131,9 +131,11 @@
       [% IF attachments.size %]
         <span class="bz_attach_view_hide">
           [% IF obsolete_attachments %]
-            <a href="#a0" onClick="return toggle_display(this);">Hide Obsolete</a> ([% obsolete_attachments %]) |
+            <a href="#a0" onClick="return toggle_display(this);">Hide Obsolete</a> ([% obsolete_attachments %])
+          [% END %]
+          [% IF Param("allow_attachment_display") %]
+            <a href="attachment.cgi?bugid=[% bugid %]&amp;action=viewall">View All</a>
           [% END %]
-          <a href="attachment.cgi?bugid=[% bugid %]&amp;action=viewall">View All</a>
         </span>
       [% END %]
       <a href="attachment.cgi?bugid=[% bugid %]&amp;action=enter">Add an attachment</a>
-- 
cgit v1.2.3-24-g4f1b