diff options
author | Luke Shumaker <lukeshu@sbcglobal.net> | 2015-02-25 23:38:25 -0500 |
---|---|---|
committer | Luke Shumaker <lukeshu@sbcglobal.net> | 2015-02-25 23:38:25 -0500 |
commit | b0e5922cdadff2b394100dc8977bc2d526c04595 (patch) | |
tree | f1c19b1aaf0988cdef72f978b9f16c5d631d3727 /includes/DefaultSettings.php | |
parent | ad2b9dc3e492af9d550532817f34f865a97a8f63 (diff) | |
parent | b88ab0086858470dd1f644e64cb4e4f62bb2be9b (diff) |
Merge commit 'b88ab'
Diffstat (limited to 'includes/DefaultSettings.php')
-rw-r--r-- | includes/DefaultSettings.php | 23 |
1 files changed, 22 insertions, 1 deletions
diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php index 4eb979ac..78568107 100644 --- a/includes/DefaultSettings.php +++ b/includes/DefaultSettings.php @@ -63,7 +63,7 @@ $wgConf = new SiteConfiguration; * MediaWiki version number * @since 1.2 */ -$wgVersion = '1.22.8'; +$wgVersion = '1.22.15'; /** * Name of the site. It must be changed in LocalSettings.php @@ -3322,6 +3322,27 @@ $wgResourceLoaderLESSImportPaths = array( "$IP/resources/mediawiki.less/", ); +/** + * Whether to allow site-wide CSS (MediaWiki:Common.css and friends) on + * restricted pages like Special:UserLogin or Special:Preferences where + * JavaScript is disabled for security reasons. As it is possible to + * execute JavaScript through CSS, setting this to true opens up a + * potential security hole. Some sites may "skin" their wiki by using + * site-wide CSS, causing restricted pages to look unstyled and different + * from the rest of the site. + * + * @since 1.25 + */ +$wgAllowSiteCSSOnRestrictedPages = false; + +/** + * When OutputHandler is used, mangle any output that contains + * <cross-domain-policy>. Without this, an attacker can send their own + * cross-domain policy unless it is prevented by the crossdomain.xml file at + * the domain root. + */ +$wgMangleFlashPolicy = true; + /** @} */ # End of resource loader settings } /*************************************************************************//** |