1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
|
[%# The contents of this file are subject to the Mozilla Public
# License Version 1.1 (the "License"); you may not use this file
# except in compliance with the License. You may obtain a copy of
# the License at http://www.mozilla.org/MPL/
#
# Software distributed under the License is distributed on an "AS
# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
# implied. See the License for the specific language governing
# rights and limitations under the License.
#
# The Original Code is the Bugzilla Bug Tracking System.
#
# The Initial Developer of the Original Code is Netscape Communications
# Corporation. Portions created by Netscape are
# Copyright (C) 1998 Netscape Communications Corporation. All
# Rights Reserved.
#
# Contributor(s): Dave Miller <justdave@bugzilla.org>
# Frédéric Buclin <LpSolit@gmail.com>
#%]
[%
title = "Attachments"
desc = "Set up attachment options"
%]
[% param_descs = {
attachment_base => "It is possible for a malicious attachment to steal your " _
"cookies or access other attachments to perform an attack " _
"on the user.<p>" _
"If you would like additional security on attachments " _
"to avoid this, set this parameter to an alternate URL " _
"for your $terms.Bugzilla that is not the same as " _
"<tt>urlbase</tt> or <tt>sslbase</tt>. That is, a different " _
"domain name that resolves to this exact same $terms.Bugzilla " _
"installation.<p>" _
"For added security, you can insert <tt>%bugid%</tt> into " _
"the URL, which will be replaced with the ID of the current " _
"$terms.bug that the attachment is on, when you access " _
"an attachment. This will limit attachments to accessing " _
"only other attachments on the same ${terms.bug}. " _
"Remember, though, that all those possible domain names " _
"(such as <tt>1234.your.domain.com</tt>) must point to " _
"this same $terms.Bugzilla instance."
allow_attachment_deletion => "If this option is on, administrators will be able to delete " _
"the content of attachments.",
allow_attach_url => "If this option is on, it will be possible to " _
"specify a URL when creating an attachment and " _
"treat the URL itself as if it were an attachment.",
maxattachmentsize => "The maximum size (in kilobytes) of attachments. " _
"$terms.Bugzilla will not accept attachments greater than this number " _
"of kilobytes in size. To accept attachments of any size " _
"(subject to the limitations of your server software), set this " _
"value to zero.",
maxlocalattachment => "The maximum size (in megabytes) of attachments identified by " _
"the user as 'Big Files' to be stored locally on the webserver. " _
"If set to zero, attachments will never be kept on the local " _
"filesystem.",
convert_uncompressed_images => "If this option is on, attachments with content type image/bmp " _
"will be converted to image/png and compressed before uploading to " _
"the database to conserve disk space." }
%]
|