1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
|
[%# The contents of this file are subject to the Mozilla Public
# License Version 1.1 (the "License"); you may not use this file
# except in compliance with the License. You may obtain a copy of
# the License at http://www.mozilla.org/MPL/
#
# Software distributed under the License is distributed on an "AS
# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
# implied. See the License for the specific language governing
# rights and limitations under the License.
#
# The Original Code is the Bugzilla Bug Tracking System.
#
# The Initial Developer of the Original Code is Netscape Communications
# Corporation. Portions created by Netscape are
# Copyright (C) 1998 Netscape Communications Corporation. All
# Rights Reserved.
#
# Contributor(s): Dave Miller <justdave@bugzilla.org>
# Frédéric Buclin <LpSolit@gmail.com>
#%]
[%
title = "Attachments"
desc = "Set up attachment options"
%]
[% param_descs = {
allow_attachment_display =>
"If this option is on, users will be able to view attachments from"
_ " their browser, if their browser supports the attachment's MIME type."
_ " If this option is off, users are forced to download attachments,"
_ " even if the browser is able to display them."
_ "<p>This is a security restriction for installations where untrusted"
_ " users may upload attachments that could be potentially damaging if"
_ " viewed directly in the browser.</p>"
_ "<p>It is highly recommended that you set the <tt>attachment_base</tt>"
_ " parameter if you turn this parameter on.",
attachment_base =>
"When the <tt>allow_attachment_display</tt> parameter is on, it is "
_ " possible for a malicious attachment to steal your cookies or"
_ " perform an attack on $terms.Bugzilla using your credentials."
_ "<p>If you would like additional security on attachments to avoid"
_ " this, set this parameter to an alternate URL for your $terms.Bugzilla"
_ " that is not the same as <tt>urlbase</tt> or <tt>sslbase</tt>."
_ " That is, a different domain name that resolves to this exact"
_ " same $terms.Bugzilla installation.</p>"
_ "<p>Note that if you have set the"
_ " <a href=\"editparams.cgi?section=advanced#cookiedomain_desc\"><tt>cookiedomain</tt>"
_" parameter</a>, you should set <tt>attachment_base</tt> to use a"
_ " domain that would <em>not</em> be matched by"
_ " <tt>cookiedomain</tt>.</p>"
_ "<p>For added security, you can insert <tt>%bugid%</tt> into the URL,"
_ " which will be replaced with the ID of the current $terms.bug that"
_ " the attachment is on, when you access an attachment. This will limit"
_ " attachments to accessing only other attachments on the same"
_ " ${terms.bug}. Remember, though, that all those possible domain names "
_ " (such as <tt>1234.your.domain.com</tt>) must point to this same"
_ " $terms.Bugzilla instance.",
allow_attachment_deletion =>
"If this option is on, administrators will be able to delete " _
"the content of attachments.",
maxattachmentsize =>
"The maximum size (in kilobytes) of attachments.",
attachment_storage =>
"Where attachment data should be stored. If this value is changed you " _
"must use <tt>scripts/mmigrate-attachments</tt> to migrate existing " _
"attachments.",
}
%]
|