From 401fb65f2e6f9031cedf47fb6d951236b5c624d3 Mon Sep 17 00:00:00 2001 From: "lpsolit%gmail.com" <> Date: Fri, 23 Oct 2009 21:32:06 +0000 Subject: Bug 365267: attachment.cgi should not be editable when the user is not logged in - Patch by Frédéric Buclin r=pyrzak a=LpSolit MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- template/en/default/attachment/edit.html.tmpl | 164 ++++++++++++++------- .../en/default/attachment/show-multiple.html.tmpl | 1 + template/en/default/filterexceptions.pl | 3 +- template/en/default/flag/list.html.tmpl | 5 + template/en/default/global/textarea.html.tmpl | 2 + 5 files changed, 119 insertions(+), 56 deletions(-) (limited to 'template/en/default') diff --git a/template/en/default/attachment/edit.html.tmpl b/template/en/default/attachment/edit.html.tmpl index bbdf24866..823131d64 100644 --- a/template/en/default/attachment/edit.html.tmpl +++ b/template/en/default/attachment/edit.html.tmpl @@ -36,11 +36,14 @@ header = header subheader = subheader doc_section = "attachments.html" - javascript_urls = ['js/attachment.js']; + javascript_urls = ['js/attachment.js'] + style_urls = ['skins/standard/create_attachment.css'] %] [%# No need to display the Diff button and iframe if the attachment is not a patch. %] [% use_patchviewer = (feature_enabled('patch_viewer') && attachment.ispatch) %] +[% can_edit = attachment.validate_can_edit %] +[% editable_or_hide = can_edit ? "" : " bz_hidden_option" %]
@@ -54,17 +57,22 @@ - @@ -210,11 +254,24 @@

[% END %] - -
- - :
+
+
+ [% INCLUDE global/textarea.html.tmpl id = 'description' name = 'description' minrows = 3 cols = 25 wrap = 'soft' + classes = 'block' _ editable_or_hide defaultcontent = attachment.description - %]
+ %] + [% IF !can_edit %] + [%+ attachment.description FILTER wrap_comment(25) FILTER html %] + [% END %] +
[% IF attachment.isurl %] [% ELSE %] - :
-
- Size: - [% IF attachment.datasize %] - [%+ attachment.datasize FILTER unitconvert %] - [% ELSE %] - deleted - [% END %]
+
+ + + [% IF !can_edit %] + [%+ attachment.filename FILTER truncate(25) FILTER html %] + [% END %] +
- :
- + +
+ value="[% attachment.contenttype FILTER html %]"> + [% IF !can_edit %] + [%+ attachment.contenttype FILTER truncate(25) FILTER html %] + [% END %] + - - +
+ Size: + [% IF attachment.datasize %] + [%+ attachment.datasize FILTER unitconvert %] + [% ELSE %] + deleted + [% END %] +
+ +
+ Creator: + [%+ INCLUDE global/user.html.tmpl who = attachment.attacher %] +
+ +
+ + [% IF can_edit %] + + [% ELSE %] + Is Patch: + [%+ attachment.ispatch ? "yes" : "no" %] + [% END %] +
[% END %] + +
- - [% IF user.is_insider %] -
- - + [% IF can_edit %] + + [% ELSE %] + Is Obsolete: + [%+ attachment.isobsolete ? "yes" : "no" %] [% END %] -
- +
+ + [% IF user.is_insider %] +
+ + [% IF can_edit %] + + [% ELSE %] + Is Private: + [%+ attachment.isprivate ? "yes" : "no" %] + [% END %] +
+ [% END %] [% IF attachment.flag_types.size > 0 %] - [% PROCESS "flag/list.html.tmpl" bug_id = attachment.bug_id - attach_id = attachment.id - flag_types = attachment.flag_types - %]
+
+ [% PROCESS "flag/list.html.tmpl" bug_id = attachment.bug_id + attach_id = attachment.id + flag_types = attachment.flag_types + %] +
[% END %] -
- (on the - [%+ terms.bug %]):
+ [% IF user.id %] +
+ [% INCLUDE global/textarea.html.tmpl id = 'comment' name = 'comment' minrows = 5 cols = 25 wrap = 'soft' - %]
-
+ classes = 'block' + %] +
-

- Actions: - View - [% IF use_patchviewer %] - | Diff - [% END %] - [% IF Param("allow_attachment_deletion") - && user.in_group('admin') - && attachment.datasize > 0 %] - | Delete +

[% END %]
+
+ +
+ Actions: + View + [% IF use_patchviewer %] + | Diff + [% END %] + [% IF Param("allow_attachment_deletion") + && user.in_group('admin') + && attachment.datasize > 0 %] + | Delete + [% END %] +
+
Attachments on [% "$terms.bug ${attachment.bug_id}" FILTER bug_link(attachment.bug_id) FILTER none %]: [% FOREACH a = attachments %] [% IF a == attachment.id %] @@ -224,9 +281,6 @@ [% END %] [% " |" UNLESS loop.last() %] [% END %] - - - -
+
[% PROCESS global/footer.html.tmpl %] diff --git a/template/en/default/attachment/show-multiple.html.tmpl b/template/en/default/attachment/show-multiple.html.tmpl index 1f8cab88a..bcc297713 100644 --- a/template/en/default/attachment/show-multiple.html.tmpl +++ b/template/en/default/attachment/show-multiple.html.tmpl @@ -31,6 +31,7 @@ title = title header = header subheader = filtered_summary + style_urls = ['skins/standard/create_attachment.css'] %]
diff --git a/template/en/default/filterexceptions.pl b/template/en/default/filterexceptions.pl index 7e0d99c36..9e04b8ef0 100644 --- a/template/en/default/filterexceptions.pl +++ b/template/en/default/filterexceptions.pl @@ -380,7 +380,8 @@ 'attachment/edit.html.tmpl' => [ 'attachment.id', 'attachment.bug_id', - 'a', + 'a', + 'editable_or_hide', ], 'attachment/list.html.tmpl' => [ diff --git a/template/en/default/flag/list.html.tmpl b/template/en/default/flag/list.html.tmpl index 2568e7b4b..5c810480f 100644 --- a/template/en/default/flag/list.html.tmpl +++ b/template/en/default/flag/list.html.tmpl @@ -192,8 +192,13 @@ [% ELSE %] [%# The user is logged out. Display flags as read-only. %] + [% header_displayed = 0 %] [% FOREACH type = flag_types %] [% FOREACH flag = type.flags %] + [% IF !flag_no_header AND !header_displayed %] +

Flags:

+ [% header_displayed = 1 %] + [% END %] [% flag.setter.nick FILTER html %]: [%+ type.name FILTER html FILTER no_break %][% flag.status %] [% IF flag.requestee %] diff --git a/template/en/default/global/textarea.html.tmpl b/template/en/default/global/textarea.html.tmpl index 006158b45..b762f1c4f 100644 --- a/template/en/default/global/textarea.html.tmpl +++ b/template/en/default/global/textarea.html.tmpl @@ -19,6 +19,7 @@ # name: (optional) The "name"-attribute of the textarea. # accesskey: (optional) The "accesskey"-attribute of the textarea. # style: (optional) The "style"-attribute of the textarea. + # classes: (optional) The "class"-attribute of the textarea. # wrap: (deprecated; optional) The "wrap"-attribute of the textarea. # minrows: (required) Number of rows the textarea shall have initially # and when not having focus. @@ -36,6 +37,7 @@ [% IF id %] id="[% id FILTER html %]"[% END %] [% IF accesskey %] accesskey="[% accesskey FILTER html %]"[% END %] [% IF style %] style="[% style FILTER html %]"[% END %] + [% IF classes %]class="[% classes FILTER html %]"[% END %] [% IF wrap %] wrap="[% wrap FILTER html %]"[% END %] [% IF defaultrows && user.settings.zoom_textareas.value == 'off' %] rows="[% defaultrows FILTER html %]" -- cgit v1.2.3-24-g4f1b